Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Mark global val_mgr as deprecated and fix uses of it to use namespaced version

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-07-02 13:08:41 -07:00
parent 3098dd6fbb
commit 86fdf0eaa9
134 changed files with 1579 additions and 1580 deletions
Download patch file Download diff file Expand all files Collapse all files

2
auxil/bifcl

@ -1 +1 @@
Subproject commit 6c3b3c7f0a0df6736f6568bb3503dd03c0733b4d
Subproject commit 66e7e189d3a7d2b62b859e0e7e004f175a7d9563

8
src/CompHash.cc
View file

@ -764,9 +764,9 @@ const char* CompositeHash::RecoverOneVal(
if ( tag == zeek::TYPE_ENUM )
*pval = t->AsEnumType()->GetVal(*kp);
else if ( tag == zeek::TYPE_BOOL )
*pval = val_mgr->Bool(*kp);
*pval = zeek::val_mgr->Bool(*kp);
else if ( tag == zeek::TYPE_INT )
*pval = val_mgr->Int(*kp);
*pval = zeek::val_mgr->Int(*kp);
else
{
reporter->InternalError("bad internal unsigned int in CompositeHash::RecoverOneVal()");
@ -783,11 +783,11 @@ const char* CompositeHash::RecoverOneVal(
switch ( tag ) {
case zeek::TYPE_COUNT:
case zeek::TYPE_COUNTER:
*pval = val_mgr->Count(*kp);
*pval = zeek::val_mgr->Count(*kp);
break;
case zeek::TYPE_PORT:
*pval = val_mgr->Port(*kp);
*pval = zeek::val_mgr->Port(*kp);
break;
default:

36
src/Conn.cc
View file

@ -266,8 +266,8 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig,
EnqueueEvent(e, nullptr,
ConnVal(),
val_mgr->Bool(is_orig),
val_mgr->Count(threshold)
zeek::val_mgr->Bool(is_orig),
zeek::val_mgr->Count(threshold)
);
}
@ -352,14 +352,14 @@ const zeek::RecordValPtr& Connection::ConnVal()
auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(orig_addr));
id_val->Assign(1, val_mgr->Port(ntohs(orig_port), prot_type));
id_val->Assign(1, zeek::val_mgr->Port(ntohs(orig_port), prot_type));
id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(resp_addr));
id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type));
id_val->Assign(3, zeek::val_mgr->Port(ntohs(resp_port), prot_type));
auto orig_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
orig_endp->Assign(0, val_mgr->Count(0));
orig_endp->Assign(1, val_mgr->Count(0));
orig_endp->Assign(4, val_mgr->Count(orig_flow_label));
orig_endp->Assign(0, zeek::val_mgr->Count(0));
orig_endp->Assign(1, zeek::val_mgr->Count(0));
orig_endp->Assign(4, zeek::val_mgr->Count(orig_flow_label));
const int l2_len = sizeof(orig_l2_addr);
char null[l2_len]{};
@ -368,9 +368,9 @@ const zeek::RecordValPtr& Connection::ConnVal()
orig_endp->Assign(5, zeek::make_intrusive<zeek::StringVal>(fmt_mac(orig_l2_addr, l2_len)));
auto resp_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
resp_endp->Assign(0, val_mgr->Count(0));
resp_endp->Assign(1, val_mgr->Count(0));
resp_endp->Assign(4, val_mgr->Count(resp_flow_label));
resp_endp->Assign(0, zeek::val_mgr->Count(0));
resp_endp->Assign(1, zeek::val_mgr->Count(0));
resp_endp->Assign(4, zeek::val_mgr->Count(resp_flow_label));
if ( memcmp(&resp_l2_addr, &null, l2_len) != 0 )
resp_endp->Assign(5, zeek::make_intrusive<zeek::StringVal>(fmt_mac(resp_l2_addr, l2_len)));
@ -380,7 +380,7 @@ const zeek::RecordValPtr& Connection::ConnVal()
conn_val->Assign(2, std::move(resp_endp));
// 3 and 4 are set below.
conn_val->Assign(5, zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set)); // service
conn_val->Assign(6, val_mgr->EmptyString()); // history
conn_val->Assign(6, zeek::val_mgr->EmptyString()); // history
if ( ! uid )
uid.Set(bits_per_uid);
@ -391,10 +391,10 @@ const zeek::RecordValPtr& Connection::ConnVal()
conn_val->Assign(8, encapsulation->ToVal());
if ( vlan != 0 )
conn_val->Assign(9, val_mgr->Int(vlan));
conn_val->Assign(9, zeek::val_mgr->Int(vlan));
if ( inner_vlan != 0 )
conn_val->Assign(10, val_mgr->Int(inner_vlan));
conn_val->Assign(10, zeek::val_mgr->Int(inner_vlan));
}
@ -404,7 +404,7 @@ const zeek::RecordValPtr& Connection::ConnVal()
conn_val->Assign(3, zeek::make_intrusive<zeek::TimeVal>(start_time)); // ###
conn_val->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(last_time - start_time));
conn_val->Assign(6, zeek::make_intrusive<zeek::StringVal>(history.c_str()));
conn_val->Assign(11, val_mgr->Bool(is_successful));
conn_val->Assign(11, zeek::val_mgr->Bool(is_successful));
conn_val->SetOrigin(this);
@ -698,7 +698,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label)
if ( conn_val )
{
zeek::RecordVal* endp = conn_val->GetField(is_orig ? 1 : 2)->AsRecordVal();
endp->Assign(4, val_mgr->Count(flow_label));
endp->Assign(4, zeek::val_mgr->Count(flow_label));
}
if ( connection_flow_label_changed &&
@ -706,9 +706,9 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label)
{
EnqueueEvent(connection_flow_label_changed, nullptr,
ConnVal(),
val_mgr->Bool(is_orig),
val_mgr->Count(my_flow_label),
val_mgr->Count(flow_label)
zeek::val_mgr->Bool(is_orig),
zeek::val_mgr->Count(my_flow_label),
zeek::val_mgr->Count(flow_label)
);
}

2
src/DNS_Mgr.cc
View file

@ -721,7 +721,7 @@ zeek::ValPtr DNS_Mgr::BuildMappingVal(DNS_Mapping* dm)
r->Assign(0, zeek::make_intrusive<zeek::TimeVal>(dm->CreationTime()));
r->Assign(1, zeek::make_intrusive<zeek::StringVal>(dm->ReqHost() ? dm->ReqHost() : ""));
r->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dm->ReqAddr()));
r->Assign(3, val_mgr->Bool(dm->Valid()));
r->Assign(3, zeek::val_mgr->Bool(dm->Valid()));
auto h = dm->Host();
r->Assign(4, h ? std::move(h) : zeek::make_intrusive<zeek::StringVal>("<none>"));

48
src/Expr.cc
View file

@ -683,11 +683,11 @@ ValPtr BinaryExpr::Fold(Val* v1, Val* v2) const
else if ( ret_type->Tag() == zeek::TYPE_DOUBLE )
return zeek::make_intrusive<zeek::DoubleVal>(d3);
else if ( ret_type->InternalType() == zeek::TYPE_INTERNAL_UNSIGNED )
return val_mgr->Count(u3);
return zeek::val_mgr->Count(u3);
else if ( ret_type->Tag() == zeek::TYPE_BOOL )
return val_mgr->Bool(i3);
return zeek::val_mgr->Bool(i3);
else
return val_mgr->Int(i3);
return zeek::val_mgr->Int(i3);
}
ValPtr BinaryExpr::StringFold(Val* v1, Val* v2) const
@ -721,7 +721,7 @@ ValPtr BinaryExpr::StringFold(Val* v1, Val* v2) const
BadTag("BinaryExpr::StringFold", expr_name(tag));
}
return val_mgr->Bool(result);
return zeek::val_mgr->Bool(result);
}
@ -797,7 +797,7 @@ ValPtr BinaryExpr::SetFold(Val* v1, Val* v2) const
return nullptr;
}
return val_mgr->Bool(res);
return zeek::val_mgr->Bool(res);
}
ValPtr BinaryExpr::AddrFold(Val* v1, Val* v2) const
@ -831,7 +831,7 @@ ValPtr BinaryExpr::AddrFold(Val* v1, Val* v2) const
BadTag("BinaryExpr::AddrFold", expr_name(tag));
}
return val_mgr->Bool(result);
return zeek::val_mgr->Bool(result);
}
ValPtr BinaryExpr::SubNetFold(Val* v1, Val* v2) const
@ -844,7 +844,7 @@ ValPtr BinaryExpr::SubNetFold(Val* v1, Val* v2) const
if ( tag == EXPR_NE )
result = ! result;
return val_mgr->Bool(result);
return zeek::val_mgr->Bool(result);
}
void BinaryExpr::SwapOps()
@ -956,9 +956,9 @@ ValPtr IncrExpr::DoSingleEval(Frame* f, Val* v) const
const auto& ret_type = IsVector(GetType()->Tag()) ? GetType()->Yield() : GetType();
if ( ret_type->Tag() == zeek::TYPE_INT )
return val_mgr->Int(k);
return zeek::val_mgr->Int(k);
else
return val_mgr->Count(k);
return zeek::val_mgr->Count(k);
}
@ -1016,7 +1016,7 @@ ComplementExpr::ComplementExpr(ExprPtr arg_op)
ValPtr ComplementExpr::Fold(Val* v) const
{
return val_mgr->Count(~ v->InternalUnsigned());
return zeek::val_mgr->Count(~ v->InternalUnsigned());
}
NotExpr::NotExpr(ExprPtr arg_op)
@ -1035,7 +1035,7 @@ NotExpr::NotExpr(ExprPtr arg_op)
ValPtr NotExpr::Fold(Val* v) const
{
return val_mgr->Bool(! v->InternalInt());
return zeek::val_mgr->Bool(! v->InternalInt());
}
PosExpr::PosExpr(ExprPtr arg_op)
@ -1070,7 +1070,7 @@ ValPtr PosExpr::Fold(Val* v) const
if ( t == zeek::TYPE_DOUBLE || t == zeek::TYPE_INTERVAL || t == zeek::TYPE_INT )
return {zeek::NewRef{}, v};
else
return val_mgr->Int(v->CoerceToInt());
return zeek::val_mgr->Int(v->CoerceToInt());
}
NegExpr::NegExpr(ExprPtr arg_op)
@ -1105,7 +1105,7 @@ ValPtr NegExpr::Fold(Val* v) const
else if ( v->GetType()->Tag() == zeek::TYPE_INTERVAL )
return zeek::make_intrusive<zeek::IntervalVal>(- v->InternalDouble());
else
return val_mgr->Int(- v->CoerceToInt());
return zeek::val_mgr->Int(- v->CoerceToInt());
}
SizeExpr::SizeExpr(ExprPtr arg_op)
@ -1609,7 +1609,7 @@ ValPtr BoolExpr::Eval(Frame* f) const
(! op1->IsZero() && ! op2->IsZero()) :
(! op1->IsZero() || ! op2->IsZero());
result->Assign(i, val_mgr->Bool(local_result));
result->Assign(i, zeek::val_mgr->Bool(local_result));
}
else
result->Assign(i, nullptr);
@ -1762,9 +1762,9 @@ ValPtr EqExpr::Fold(Val* v1, Val* v2) const
RE_Matcher* re = v1->AsPattern();
const BroString* s = v2->AsString();
if ( tag == EXPR_EQ )
return val_mgr->Bool(re->MatchExactly(s));
return zeek::val_mgr->Bool(re->MatchExactly(s));
else
return val_mgr->Bool(! re->MatchExactly(s));
return zeek::val_mgr->Bool(! re->MatchExactly(s));
}
else
@ -2944,7 +2944,7 @@ HasFieldExpr::~HasFieldExpr()
ValPtr HasFieldExpr::Fold(Val* v) const
{
auto rv = v->AsRecordVal();
return val_mgr->Bool(rv->GetField(field) != nullptr);
return zeek::val_mgr->Bool(rv->GetField(field) != nullptr);
}
void HasFieldExpr::ExprDescribe(ODesc* d) const
@ -3459,10 +3459,10 @@ ValPtr ArithCoerceExpr::FoldSingleVal(Val* v, InternalTypeTag t) const
return zeek::make_intrusive<zeek::DoubleVal>(v->CoerceToDouble());
case zeek::TYPE_INTERNAL_INT:
return val_mgr->Int(v->CoerceToInt());
return zeek::val_mgr->Int(v->CoerceToInt());
case zeek::TYPE_INTERNAL_UNSIGNED:
return val_mgr->Count(v->CoerceToUnsigned());
return zeek::val_mgr->Count(v->CoerceToUnsigned());
default:
RuntimeErrorWithCallStack("bad type in CoerceExpr::Fold");
@ -3949,7 +3949,7 @@ ValPtr InExpr::Fold(Val* v1, Val* v2) const
{
RE_Matcher* re = v1->AsPattern();
const BroString* s = v2->AsString();
return val_mgr->Bool(re->MatchAnywhere(s) != 0);
return zeek::val_mgr->Bool(re->MatchAnywhere(s) != 0);
}
if ( v2->GetType()->Tag() == zeek::TYPE_STRING )
@ -3960,12 +3960,12 @@ ValPtr InExpr::Fold(Val* v1, Val* v2) const
// Could do better here e.g. Boyer-Moore if done repeatedly.
auto s = reinterpret_cast<const unsigned char*>(s1->CheckString());
auto res = strstr_n(s2->Len(), s2->Bytes(), s1->Len(), s) != -1;
return val_mgr->Bool(res);
return zeek::val_mgr->Bool(res);
}
if ( v1->GetType()->Tag() == zeek::TYPE_ADDR &&
v2->GetType()->Tag() == zeek::TYPE_SUBNET )
return val_mgr->Bool(v2->AsSubNetVal()->Contains(v1->AsAddr()));
return zeek::val_mgr->Bool(v2->AsSubNetVal()->Contains(v1->AsAddr()));
bool res;
@ -3974,7 +3974,7 @@ ValPtr InExpr::Fold(Val* v1, Val* v2) const
else
res = (bool)v2->AsTableVal()->Find({zeek::NewRef{}, v1});
return val_mgr->Bool(res);
return zeek::val_mgr->Bool(res);
}
CallExpr::CallExpr(ExprPtr arg_func, ListExprPtr arg_args, bool in_hook)
@ -4809,7 +4809,7 @@ ValPtr IsExpr::Fold(Val* v) const
if ( IsError() )
return nullptr;
return val_mgr->Bool(can_cast_value_to_type(v, t.get()));
return zeek::val_mgr->Bool(can_cast_value_to_type(v, t.get()));
}
void IsExpr::ExprDescribe(ODesc* d) const

6
src/Func.cc
View file

@ -345,7 +345,7 @@ zeek::ValPtr BroFunc::Invoke(zeek::Args* args, zeek::detail::Frame* parent) cons
{
// Can only happen for events and hooks.
assert(Flavor() == zeek::FUNC_FLAVOR_EVENT || Flavor() == zeek::FUNC_FLAVOR_HOOK);
return Flavor() == zeek::FUNC_FLAVOR_HOOK ? val_mgr->True() : nullptr;
return Flavor() == zeek::FUNC_FLAVOR_HOOK ? zeek::val_mgr->True() : nullptr;
}
auto f = zeek::make_intrusive<zeek::detail::Frame>(frame_size, this, args);
@ -431,7 +431,7 @@ zeek::ValPtr BroFunc::Invoke(zeek::Args* args, zeek::detail::Frame* parent) cons
if ( flow == FLOW_BREAK )
{
// Short-circuit execution of remaining hook handler bodies.
result = val_mgr->False();
result = zeek::val_mgr->False();
break;
}
}
@ -442,7 +442,7 @@ zeek::ValPtr BroFunc::Invoke(zeek::Args* args, zeek::detail::Frame* parent) cons
if ( Flavor() == zeek::FUNC_FLAVOR_HOOK )
{
if ( ! result )
result = val_mgr->True();
result = zeek::val_mgr->True();
}
// Warn if the function returns something, but we returned from

158
src/IP.cc
View file

@ -22,13 +22,13 @@ static zeek::VectorValPtr BuildOptionsVal(const u_char* data, int len)
static auto ip6_option_type = zeek::id::find_type<zeek::RecordType>("ip6_option");
const struct ip6_opt* opt = (const struct ip6_opt*) data;
auto rv = zeek::make_intrusive<zeek::RecordVal>(ip6_option_type);
rv->Assign(0, val_mgr->Count(opt->ip6o_type));
rv->Assign(0, zeek::val_mgr->Count(opt->ip6o_type));
if ( opt->ip6o_type == 0 )
{
// Pad1 option
rv->Assign(1, val_mgr->Count(0));
rv->Assign(2, val_mgr->EmptyString());
rv->Assign(1, zeek::val_mgr->Count(0));
rv->Assign(2, zeek::val_mgr->EmptyString());
data += sizeof(uint8_t);
len -= sizeof(uint8_t);
}
@ -36,7 +36,7 @@ static zeek::VectorValPtr BuildOptionsVal(const u_char* data, int len)
{
// PadN or other option
uint16_t off = 2 * sizeof(uint8_t);
rv->Assign(1, val_mgr->Count(opt->ip6o_len));
rv->Assign(1, zeek::val_mgr->Count(opt->ip6o_len));
rv->Assign(2, zeek::make_intrusive<zeek::StringVal>(
new zeek::BroString(data + off, opt->ip6o_len, true)));
data += opt->ip6o_len + off;
@ -59,11 +59,11 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
static auto ip6_hdr_type = zeek::id::find_type<zeek::RecordType>("ip6_hdr");
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_hdr_type);
const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data;
rv->Assign(0, val_mgr->Count((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20));
rv->Assign(1, val_mgr->Count(ntohl(ip6->ip6_flow) & 0x000fffff));
rv->Assign(2, val_mgr->Count(ntohs(ip6->ip6_plen)));
rv->Assign(3, val_mgr->Count(ip6->ip6_nxt));
rv->Assign(4, val_mgr->Count(ip6->ip6_hlim));
rv->Assign(0, zeek::val_mgr->Count((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20));
rv->Assign(1, zeek::val_mgr->Count(ntohl(ip6->ip6_flow) & 0x000fffff));
rv->Assign(2, zeek::val_mgr->Count(ntohs(ip6->ip6_plen)));
rv->Assign(3, zeek::val_mgr->Count(ip6->ip6_nxt));
rv->Assign(4, zeek::val_mgr->Count(ip6->ip6_hlim));
rv->Assign(5, zeek::make_intrusive<zeek::AddrVal>(IPAddr(ip6->ip6_src)));
rv->Assign(6, zeek::make_intrusive<zeek::AddrVal>(IPAddr(ip6->ip6_dst)));
if ( ! chain )
@ -78,8 +78,8 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
static auto ip6_hopopts_type = zeek::id::find_type<zeek::RecordType>("ip6_hopopts");
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_hopopts_type);
const struct ip6_hbh* hbh = (const struct ip6_hbh*)data;
rv->Assign(0, val_mgr->Count(hbh->ip6h_nxt));
rv->Assign(1, val_mgr->Count(hbh->ip6h_len));
rv->Assign(0, zeek::val_mgr->Count(hbh->ip6h_nxt));
rv->Assign(1, zeek::val_mgr->Count(hbh->ip6h_len));
uint16_t off = 2 * sizeof(uint8_t);
rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
@ -91,8 +91,8 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
static auto ip6_dstopts_type = zeek::id::find_type<zeek::RecordType>("ip6_dstopts");
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_dstopts_type);
const struct ip6_dest* dst = (const struct ip6_dest*)data;
rv->Assign(0, val_mgr->Count(dst->ip6d_nxt));
rv->Assign(1, val_mgr->Count(dst->ip6d_len));
rv->Assign(0, zeek::val_mgr->Count(dst->ip6d_nxt));
rv->Assign(1, zeek::val_mgr->Count(dst->ip6d_len));
uint16_t off = 2 * sizeof(uint8_t);
rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
}
@ -103,10 +103,10 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
static auto ip6_routing_type = zeek::id::find_type<zeek::RecordType>("ip6_routing");
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_routing_type);
const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data;
rv->Assign(0, val_mgr->Count(rt->ip6r_nxt));
rv->Assign(1, val_mgr->Count(rt->ip6r_len));
rv->Assign(2, val_mgr->Count(rt->ip6r_type));
rv->Assign(3, val_mgr->Count(rt->ip6r_segleft));
rv->Assign(0, zeek::val_mgr->Count(rt->ip6r_nxt));
rv->Assign(1, zeek::val_mgr->Count(rt->ip6r_len));
rv->Assign(2, zeek::val_mgr->Count(rt->ip6r_type));
rv->Assign(3, zeek::val_mgr->Count(rt->ip6r_segleft));
uint16_t off = 4 * sizeof(uint8_t);
rv->Assign(4, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(data + off, Length() - off, true)));
}
@ -117,12 +117,12 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
static auto ip6_fragment_type = zeek::id::find_type<zeek::RecordType>("ip6_fragment");
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_fragment_type);
const struct ip6_frag* frag = (const struct ip6_frag*)data;
rv->Assign(0, val_mgr->Count(frag->ip6f_nxt));
rv->Assign(1, val_mgr->Count(frag->ip6f_reserved));
rv->Assign(2, val_mgr->Count((ntohs(frag->ip6f_offlg) & 0xfff8)>>3));
rv->Assign(3, val_mgr->Count((ntohs(frag->ip6f_offlg) & 0x0006)>>1));
rv->Assign(4, val_mgr->Bool(ntohs(frag->ip6f_offlg) & 0x0001));
rv->Assign(5, val_mgr->Count(ntohl(frag->ip6f_ident)));
rv->Assign(0, zeek::val_mgr->Count(frag->ip6f_nxt));
rv->Assign(1, zeek::val_mgr->Count(frag->ip6f_reserved));
rv->Assign(2, zeek::val_mgr->Count((ntohs(frag->ip6f_offlg) & 0xfff8)>>3));
rv->Assign(3, zeek::val_mgr->Count((ntohs(frag->ip6f_offlg) & 0x0006)>>1));
rv->Assign(4, zeek::val_mgr->Bool(ntohs(frag->ip6f_offlg) & 0x0001));
rv->Assign(5, zeek::val_mgr->Count(ntohl(frag->ip6f_ident)));
}
break;
@ -130,16 +130,16 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
{
static auto ip6_ah_type = zeek::id::find_type<zeek::RecordType>("ip6_ah");
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_ah_type);
rv->Assign(0, val_mgr->Count(((ip6_ext*)data)->ip6e_nxt));
rv->Assign(1, val_mgr->Count(((ip6_ext*)data)->ip6e_len));
rv->Assign(2, val_mgr->Count(ntohs(((uint16_t*)data)[1])));
rv->Assign(3, val_mgr->Count(ntohl(((uint32_t*)data)[1])));
rv->Assign(0, zeek::val_mgr->Count(((ip6_ext*)data)->ip6e_nxt));
rv->Assign(1, zeek::val_mgr->Count(((ip6_ext*)data)->ip6e_len));
rv->Assign(2, zeek::val_mgr->Count(ntohs(((uint16_t*)data)[1])));
rv->Assign(3, zeek::val_mgr->Count(ntohl(((uint32_t*)data)[1])));
if ( Length() >= 12 )
{
// Sequence Number and ICV fields can only be extracted if
// Payload Len was non-zero for this header.
rv->Assign(4, val_mgr->Count(ntohl(((uint32_t*)data)[2])));
rv->Assign(4, zeek::val_mgr->Count(ntohl(((uint32_t*)data)[2])));
uint16_t off = 3 * sizeof(uint32_t);
rv->Assign(5, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(data + off, Length() - off, true)));
}
@ -151,8 +151,8 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
static auto ip6_esp_type = zeek::id::find_type<zeek::RecordType>("ip6_esp");
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_esp_type);
const uint32_t* esp = (const uint32_t*)data;
rv->Assign(0, val_mgr->Count(ntohl(esp[0])));
rv->Assign(1, val_mgr->Count(ntohl(esp[1])));
rv->Assign(0, zeek::val_mgr->Count(ntohl(esp[0])));
rv->Assign(1, zeek::val_mgr->Count(ntohl(esp[1])));
}
break;
@ -162,15 +162,15 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
static auto ip6_mob_type = zeek::id::find_type<zeek::RecordType>("ip6_mobility_hdr");
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_mob_type);
const struct ip6_mobility* mob = (const struct ip6_mobility*) data;
rv->Assign(0, val_mgr->Count(mob->ip6mob_payload));
rv->Assign(1, val_mgr->Count(mob->ip6mob_len));
rv->Assign(2, val_mgr->Count(mob->ip6mob_type));
rv->Assign(3, val_mgr->Count(mob->ip6mob_rsv));
rv->Assign(4, val_mgr->Count(ntohs(mob->ip6mob_chksum)));
rv->Assign(0, zeek::val_mgr->Count(mob->ip6mob_payload));
rv->Assign(1, zeek::val_mgr->Count(mob->ip6mob_len));
rv->Assign(2, zeek::val_mgr->Count(mob->ip6mob_type));
rv->Assign(3, zeek::val_mgr->Count(mob->ip6mob_rsv));
rv->Assign(4, zeek::val_mgr->Count(ntohs(mob->ip6mob_chksum)));
static auto ip6_mob_msg_type = zeek::id::find_type<zeek::RecordType>("ip6_mobility_msg");
auto msg = zeek::make_intrusive<zeek::RecordVal>(ip6_mob_msg_type);
msg->Assign(0, val_mgr->Count(mob->ip6mob_type));
msg->Assign(0, zeek::val_mgr->Count(mob->ip6mob_type));
uint16_t off = sizeof(ip6_mobility);
const u_char* msg_data = data + off;
@ -188,7 +188,7 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
case 0:
{
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mob_brr_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(0, zeek::val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
off += sizeof(uint16_t);
m->Assign(1, BuildOptionsVal(data + off, Length() - off));
msg->Assign(1, std::move(m));
@ -198,8 +198,8 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
case 1:
{
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_hoti_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(0, zeek::val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, zeek::val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
off += sizeof(uint16_t) + sizeof(uint64_t);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(2, std::move(m));
@ -209,8 +209,8 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
case 2:
{
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_coti_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(0, zeek::val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, zeek::val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
off += sizeof(uint16_t) + sizeof(uint64_t);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(3, std::move(m));
@ -220,9 +220,9 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
case 3:
{
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_hot_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
m->Assign(0, zeek::val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, zeek::val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(2, zeek::val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
msg->Assign(4, std::move(m));
@ -232,9 +232,9 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
case 4:
{
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_cot_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
m->Assign(0, zeek::val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, zeek::val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(2, zeek::val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
msg->Assign(5, std::move(m));
@ -244,12 +244,12 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
case 5:
{
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_bu_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000));
m->Assign(2, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000));
m->Assign(3, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000));
m->Assign(4, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000));
m->Assign(5, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))));
m->Assign(0, zeek::val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, zeek::val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000));
m->Assign(2, zeek::val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000));
m->Assign(3, zeek::val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000));
m->Assign(4, zeek::val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000));
m->Assign(5, zeek::val_mgr->Count(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))));
off += 3 * sizeof(uint16_t);
m->Assign(6, BuildOptionsVal(data + off, Length() - off));
msg->Assign(6, std::move(m));
@ -259,10 +259,10 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
case 6:
{
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_back_type);
m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data)));
m->Assign(1, val_mgr->Bool(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
m->Assign(2, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(3, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))));
m->Assign(0, zeek::val_mgr->Count(*((uint8_t*)msg_data)));
m->Assign(1, zeek::val_mgr->Bool(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
m->Assign(2, zeek::val_mgr->Count(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(3, zeek::val_mgr->Count(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))));
off += 3 * sizeof(uint16_t);
m->Assign(4, BuildOptionsVal(data + off, Length() - off));
msg->Assign(7, std::move(m));
@ -272,7 +272,7 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
case 7:
{
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_be_type);
m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data)));
m->Assign(0, zeek::val_mgr->Count(*((uint8_t*)msg_data)));
const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16_t));
m->Assign(1, zeek::make_intrusive<zeek::AddrVal>(IPAddr(*hoa)));
off += sizeof(uint16_t) + sizeof(in6_addr);
@ -334,12 +334,12 @@ zeek::RecordValPtr IP_Hdr::ToIPHdrVal() const
{
static auto ip4_hdr_type = zeek::id::find_type<zeek::RecordType>("ip4_hdr");
rval = zeek::make_intrusive<zeek::RecordVal>(ip4_hdr_type);
rval->Assign(0, val_mgr->Count(ip4->ip_hl * 4));
rval->Assign(1, val_mgr->Count(ip4->ip_tos));
rval->Assign(2, val_mgr->Count(ntohs(ip4->ip_len)));
rval->Assign(3, val_mgr->Count(ntohs(ip4->ip_id)));
rval->Assign(4, val_mgr->Count(ip4->ip_ttl));
rval->Assign(5, val_mgr->Count(ip4->ip_p));
rval->Assign(0, zeek::val_mgr->Count(ip4->ip_hl * 4));
rval->Assign(1, zeek::val_mgr->Count(ip4->ip_tos));
rval->Assign(2, zeek::val_mgr->Count(ntohs(ip4->ip_len)));
rval->Assign(3, zeek::val_mgr->Count(ntohs(ip4->ip_id)));
rval->Assign(4, zeek::val_mgr->Count(ip4->ip_ttl));
rval->Assign(5, zeek::val_mgr->Count(ip4->ip_p));
rval->Assign(6, zeek::make_intrusive<zeek::AddrVal>(ip4->ip_src.s_addr));
rval->Assign(7, zeek::make_intrusive<zeek::AddrVal>(ip4->ip_dst.s_addr));
}
@ -391,15 +391,15 @@ zeek::RecordValPtr IP_Hdr::ToPktHdrVal(zeek::RecordValPtr pkt_hdr, int sindex) c
int tcp_hdr_len = tp->th_off * 4;
int data_len = PayloadLen() - tcp_hdr_len;
tcp_hdr->Assign(0, val_mgr->Port(ntohs(tp->th_sport), TRANSPORT_TCP));
tcp_hdr->Assign(1, val_mgr->Port(ntohs(tp->th_dport), TRANSPORT_TCP));
tcp_hdr->Assign(2, val_mgr->Count(uint32_t(ntohl(tp->th_seq))));
tcp_hdr->Assign(3, val_mgr->Count(uint32_t(ntohl(tp->th_ack))));
tcp_hdr->Assign(4, val_mgr->Count(tcp_hdr_len));
tcp_hdr->Assign(5, val_mgr->Count(data_len));
tcp_hdr->Assign(6, val_mgr->Count(tp->th_x2));
tcp_hdr->Assign(7, val_mgr->Count(tp->th_flags));
tcp_hdr->Assign(8, val_mgr->Count(ntohs(tp->th_win)));
tcp_hdr->Assign(0, zeek::val_mgr->Port(ntohs(tp->th_sport), TRANSPORT_TCP));
tcp_hdr->Assign(1, zeek::val_mgr->Port(ntohs(tp->th_dport), TRANSPORT_TCP));
tcp_hdr->Assign(2, zeek::val_mgr->Count(uint32_t(ntohl(tp->th_seq))));
tcp_hdr->Assign(3, zeek::val_mgr->Count(uint32_t(ntohl(tp->th_ack))));
tcp_hdr->Assign(4, zeek::val_mgr->Count(tcp_hdr_len));
tcp_hdr->Assign(5, zeek::val_mgr->Count(data_len));
tcp_hdr->Assign(6, zeek::val_mgr->Count(tp->th_x2));
tcp_hdr->Assign(7, zeek::val_mgr->Count(tp->th_flags));
tcp_hdr->Assign(8, zeek::val_mgr->Count(ntohs(tp->th_win)));
pkt_hdr->Assign(sindex + 2, std::move(tcp_hdr));
break;
@ -410,9 +410,9 @@ zeek::RecordValPtr IP_Hdr::ToPktHdrVal(zeek::RecordValPtr pkt_hdr, int sindex) c
const struct udphdr* up = (const struct udphdr*) data;
auto udp_hdr = zeek::make_intrusive<zeek::RecordVal>(udp_hdr_type);
udp_hdr->Assign(0, val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP));
udp_hdr->Assign(1, val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP));
udp_hdr->Assign(2, val_mgr->Count(ntohs(up->uh_ulen)));
udp_hdr->Assign(0, zeek::val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP));
udp_hdr->Assign(1, zeek::val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP));
udp_hdr->Assign(2, zeek::val_mgr->Count(ntohs(up->uh_ulen)));
pkt_hdr->Assign(sindex + 3, std::move(udp_hdr));
break;
@ -423,7 +423,7 @@ zeek::RecordValPtr IP_Hdr::ToPktHdrVal(zeek::RecordValPtr pkt_hdr, int sindex) c
const struct icmp* icmpp = (const struct icmp *) data;
auto icmp_hdr = zeek::make_intrusive<zeek::RecordVal>(icmp_hdr_type);
icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp_type));
icmp_hdr->Assign(0, zeek::val_mgr->Count(icmpp->icmp_type));
pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr));
break;
@ -434,7 +434,7 @@ zeek::RecordValPtr IP_Hdr::ToPktHdrVal(zeek::RecordValPtr pkt_hdr, int sindex) c
const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*) data;
auto icmp_hdr = zeek::make_intrusive<zeek::RecordVal>(icmp_hdr_type);
icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp6_type));
icmp_hdr->Assign(0, zeek::val_mgr->Count(icmpp->icmp6_type));
pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr));
break;
@ -693,7 +693,7 @@ zeek::VectorValPtr IPv6_Hdr_Chain::ToVal() const
auto v = chain[i]->ToVal();
auto ext_hdr = zeek::make_intrusive<zeek::RecordVal>(ip6_ext_hdr_type);
uint8_t type = chain[i]->Type();
ext_hdr->Assign(0, val_mgr->Count(type));
ext_hdr->Assign(0, zeek::val_mgr->Count(type));
switch (type) {
case IPPROTO_HOPOPTS:

10
src/OpaqueVal.cc
View file

@ -174,7 +174,7 @@ bool HashVal::Init()
StringValPtr HashVal::Get()
{
if ( ! valid )
return val_mgr->EmptyString();
return zeek::val_mgr->EmptyString();
auto result = DoGet();
valid = false;
@ -205,7 +205,7 @@ bool HashVal::DoFeed(const void*, size_t)
StringValPtr HashVal::DoGet()
{
assert(! "missing implementation of DoGet()");
return val_mgr->EmptyString();
return zeek::val_mgr->EmptyString();
}
HashVal::HashVal(zeek::OpaqueTypePtr t) : OpaqueVal(std::move(t))
@ -280,7 +280,7 @@ bool MD5Val::DoFeed(const void* data, size_t size)
StringValPtr MD5Val::DoGet()
{
if ( ! IsValid() )
return val_mgr->EmptyString();
return zeek::val_mgr->EmptyString();
u_char digest[MD5_DIGEST_LENGTH];
hash_final(ctx, digest);
@ -400,7 +400,7 @@ bool SHA1Val::DoFeed(const void* data, size_t size)
StringValPtr SHA1Val::DoGet()
{
if ( ! IsValid() )
return val_mgr->EmptyString();
return zeek::val_mgr->EmptyString();
u_char digest[SHA_DIGEST_LENGTH];
hash_final(ctx, digest);
@ -523,7 +523,7 @@ bool SHA256Val::DoFeed(const void* data, size_t size)
StringValPtr SHA256Val::DoGet()
{
if ( ! IsValid() )
return val_mgr->EmptyString();
return zeek::val_mgr->EmptyString();
u_char digest[SHA256_DIGEST_LENGTH];
hash_final(ctx, digest);

2
src/RuleAction.cc
View file

@ -24,7 +24,7 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state,
mgr.Enqueue(signature_match,
zeek::IntrusivePtr{zeek::AdoptRef{}, rule_matcher->BuildRuleStateValue(parent, state)},
zeek::make_intrusive<zeek::StringVal>(msg),
data ? zeek::make_intrusive<zeek::StringVal>(len, (const char*)data) : val_mgr->EmptyString()
data ? zeek::make_intrusive<zeek::StringVal>(len, (const char*)data) : zeek::val_mgr->EmptyString()
);
}

2
src/RuleCondition.cc
View file

@ -175,7 +175,7 @@ bool RuleConditionEval::DoMatch(Rule* rule, RuleEndpointState* state,
if ( data )
args.emplace_back(zeek::make_intrusive<zeek::StringVal>(len, (const char*) data));
else
args.emplace_back(val_mgr->EmptyString());
args.emplace_back(zeek::val_mgr->EmptyString());
bool result = false;

4
src/RuleMatcher.cc
View file

@ -85,8 +85,8 @@ zeek::Val* RuleMatcher::BuildRuleStateValue(const Rule* rule,
auto* val = new zeek::RecordVal(signature_state);
val->Assign(0, zeek::make_intrusive<zeek::StringVal>(rule->ID()));
val->Assign(1, state->GetAnalyzer()->ConnVal());
val->Assign(2, val_mgr->Bool(state->is_orig));
val->Assign(3, val_mgr->Count(state->payload_size));
val->Assign(2, zeek::val_mgr->Bool(state->is_orig));
val->Assign(3, zeek::val_mgr->Count(state->payload_size));
return val;
}

4
src/SmithWaterman.cc
View file

@ -82,13 +82,13 @@ zeek::VectorVal* BroSubstring::VecToPolicy(Vec* vec)
auto align_val = zeek::make_intrusive<zeek::RecordVal>(sw_align_type);
align_val->Assign(0, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(*align.string)));
align_val->Assign(1, val_mgr->Count(align.index));
align_val->Assign(1, zeek::val_mgr->Count(align.index));
aligns->Assign(j + 1, std::move(align_val));
}
st_val->Assign(1, std::move(aligns));
st_val->Assign(2, val_mgr->Bool(bst->IsNewAlignment()));
st_val->Assign(2, zeek::val_mgr->Bool(bst->IsNewAlignment()));
result->Assign(i + 1, std::move(st_val));
}
}

4
src/Stats.cc
View file

@ -314,7 +314,7 @@ void ProfileLogger::Log()
{
mgr.Dispatch(new Event(profiling_update, {
zeek::make_intrusive<zeek::Val>(zeek::IntrusivePtr{zeek::NewRef{}, file}),
val_mgr->Bool(expensive),
zeek::val_mgr->Bool(expensive),
}));
}
}
@ -372,7 +372,7 @@ void SampleLogger::SegmentProfile(const char* /* name */,
mgr.Enqueue(load_sample,
zeek::IntrusivePtr{zeek::NewRef{}, load_samples},
zeek::make_intrusive<zeek::IntervalVal>(dtime, Seconds),
val_mgr->Int(dmem)
zeek::val_mgr->Int(dmem)
);
}

2
src/Stmt.cc
View file

@ -1234,7 +1234,7 @@ ValPtr ForStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const
// Set the loop variable to the current index, and make
// another pass over the loop body.
f->SetElement((*loop_vars)[0], val_mgr->Count(i));
f->SetElement((*loop_vars)[0], zeek::val_mgr->Count(i));
flow = FLOW_NEXT;
ret = body->Exec(f, flow);

4
src/TunnelEncapsulation.cc
View file

@ -22,9 +22,9 @@ zeek::RecordValPtr EncapsulatingConn::ToVal() const
auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(ntohs(src_port), proto));
id_val->Assign(1, zeek::val_mgr->Port(ntohs(src_port), proto));
id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(ntohs(dst_port), proto));
id_val->Assign(3, zeek::val_mgr->Port(ntohs(dst_port), proto));
rv->Assign(0, std::move(id_val));
rv->Assign(1, zeek::BifType::Enum::Tunnel::Type->GetVal(type));

2
src/Type.cc
View file

@ -814,7 +814,7 @@ TableValPtr RecordType::GetRecordFieldsVal(const RecordVal* rv) const
string s = container_type_name(ft.get());
nr->Assign(0, zeek::make_intrusive<zeek::StringVal>(s));
nr->Assign(1, val_mgr->Bool(logged));
nr->Assign(1, zeek::val_mgr->Bool(logged));
nr->Assign(2, std::move(fv));
nr->Assign(3, FieldDefault(i));
auto field_name = zeek::make_intrusive<zeek::StringVal>(FieldName(i));

36
src/Val.cc
View file

@ -265,19 +265,19 @@ ValPtr Val::SizeVal() const
// Return abs value. However abs() only works on ints and llabs
// doesn't work on Mac OS X 10.5. So we do it by hand
if ( val.int_val < 0 )
return val_mgr->Count(-val.int_val);
return zeek::val_mgr->Count(-val.int_val);
else
return val_mgr->Count(val.int_val);
return zeek::val_mgr->Count(val.int_val);
case TYPE_INTERNAL_UNSIGNED:
return val_mgr->Count(val.uint_val);
return zeek::val_mgr->Count(val.uint_val);
case TYPE_INTERNAL_DOUBLE:
return make_intrusive<zeek::DoubleVal>(fabs(val.double_val));
case TYPE_INTERNAL_OTHER:
if ( type->Tag() == TYPE_FUNC )
return val_mgr->Count(val.func_val->GetType()->ParamList()->GetTypes().size());
return zeek::val_mgr->Count(val.func_val->GetType()->ParamList()->GetTypes().size());
if ( type->Tag() == TYPE_FILE )
return make_intrusive<zeek::DoubleVal>(val.file_val->Size());
@ -287,7 +287,7 @@ ValPtr Val::SizeVal() const
break;
}
return val_mgr->Count(0);
return zeek::val_mgr->Count(0);
}
unsigned int Val::MemoryAllocation() const
@ -743,7 +743,7 @@ void IntervalVal::ValDescribe(ODesc* d) const
ValPtr PortVal::SizeVal() const
{
return val_mgr->Int(val.uint_val);
return zeek::val_mgr->Int(val.uint_val);
}
uint32_t PortVal::Mask(uint32_t port_num, TransportProto port_type)
@ -862,9 +862,9 @@ unsigned int AddrVal::MemoryAllocation() const
ValPtr AddrVal::SizeVal() const
{
if ( val.addr_val->GetFamily() == IPv4 )
return val_mgr->Count(32);
return zeek::val_mgr->Count(32);
else
return val_mgr->Count(128);
return zeek::val_mgr->Count(128);
}
ValPtr AddrVal::DoClone(CloneState* state)
@ -990,7 +990,7 @@ StringVal::StringVal(const string& s) : StringVal(s.length(), s.data())
ValPtr StringVal::SizeVal() const
{
return val_mgr->Count(val.string_val->Len());
return zeek::val_mgr->Count(val.string_val->Len());
}
int StringVal::Len()
@ -1201,7 +1201,7 @@ ListVal::~ListVal()
ValPtr ListVal::SizeVal() const
{
return val_mgr->Count(vals.size());
return zeek::val_mgr->Count(vals.size());
}
RE_Matcher* ListVal::BuildRE() const
@ -1580,7 +1580,7 @@ bool TableVal::Assign(Val* index, HashKey* k, Val* new_val)
ValPtr TableVal::SizeVal() const
{
return val_mgr->Count(Size());
return zeek::val_mgr->Count(Size());
}
bool TableVal::AddTo(Val* val, bool is_first_init) const
@ -1904,7 +1904,7 @@ const ValPtr& TableVal::Find(const ValPtr& index)
if ( v->GetVal() )
return v->GetVal();
return val_mgr->True();
return zeek::val_mgr->True();
}
return Val::nil;
@ -1928,7 +1928,7 @@ const ValPtr& TableVal::Find(const ValPtr& index)
if ( v->GetVal() )
return v->GetVal();
return val_mgr->True();
return zeek::val_mgr->True();
}
}
}
@ -2752,7 +2752,7 @@ RecordVal::~RecordVal()
ValPtr RecordVal::SizeVal() const
{
return val_mgr->Count(GetType()->AsRecordType()->NumFields());
return zeek::val_mgr->Count(GetType()->AsRecordType()->NumFields());
}
void RecordVal::Assign(int field, ValPtr new_val)
@ -3008,7 +3008,7 @@ unsigned int RecordVal::MemoryAllocation() const
ValPtr EnumVal::SizeVal() const
{
return val_mgr->Int(val.int_val);
return zeek::val_mgr->Int(val.int_val);
}
void EnumVal::ValDescribe(ODesc* d) const
@ -3042,7 +3042,7 @@ VectorVal::~VectorVal()
ValPtr VectorVal::SizeVal() const
{
return val_mgr->Count(uint32_t(val.vector_val->size()));
return zeek::val_mgr->Count(uint32_t(val.vector_val->size()));
}
bool VectorVal::Assign(unsigned int index, ValPtr element)
@ -3258,7 +3258,7 @@ ValPtr check_and_promote(ValPtr v,
return nullptr;
}
else if ( t_tag == TYPE_INT )
promoted_v = val_mgr->Int(v->CoerceToInt());
promoted_v = zeek::val_mgr->Int(v->CoerceToInt());
else // enum
{
reporter->InternalError("bad internal type in check_and_promote()");
@ -3274,7 +3274,7 @@ ValPtr check_and_promote(ValPtr v,
return nullptr;
}
else if ( t_tag == TYPE_COUNT || t_tag == TYPE_COUNTER )
promoted_v = val_mgr->Count(v->CoerceToUnsigned());
promoted_v = zeek::val_mgr->Count(v->CoerceToUnsigned());
else // port
{
reporter->InternalError("bad internal type in check_and_promote()");

18
src/Val.h
View file

@ -426,28 +426,28 @@ public:
ValManager();
[[deprecated("Remove in v4.1. Use val_mgr->True() instead.")]]
[[deprecated("Remove in v4.1. Use zeek::val_mgr->True() instead.")]]
inline Val* GetTrue() const
{ return b_true->Ref(); }
inline const ValPtr& True() const
{ return b_true; }
[[deprecated("Remove in v4.1. Use val_mgr->False() instead.")]]
[[deprecated("Remove in v4.1. Use zeek::val_mgr->False() instead.")]]
inline Val* GetFalse() const
{ return b_false->Ref(); }
inline const ValPtr& False() const
{ return b_false; }
[[deprecated("Remove in v4.1. Use val_mgr->Bool() instead.")]]
[[deprecated("Remove in v4.1. Use zeek::val_mgr->Bool() instead.")]]
inline Val* GetBool(bool b) const
{ return b ? b_true->Ref() : b_false->Ref(); }
inline const ValPtr& Bool(bool b) const
{ return b ? b_true : b_false; }
[[deprecated("Remove in v4.1. Use val_mgr->Int() instead.")]]
[[deprecated("Remove in v4.1. Use zeek::val_mgr->Int() instead.")]]
inline Val* GetInt(int64_t i) const
{
return i < PREALLOCATED_INT_LOWEST || i > PREALLOCATED_INT_HIGHEST ?
@ -460,7 +460,7 @@ public:
Val::MakeInt(i) : ints[i - PREALLOCATED_INT_LOWEST];
}
[[deprecated("Remove in v4.1. Use val_mgr->Count() instead.")]]
[[deprecated("Remove in v4.1. Use zeek::val_mgr->Count() instead.")]]
inline Val* GetCount(uint64_t i) const
{
return i >= PREALLOCATED_COUNTS ? Val::MakeCount(i).release() : counts[i]->Ref();
@ -471,21 +471,21 @@ public:
return i >= PREALLOCATED_COUNTS ? Val::MakeCount(i) : counts[i];
}
[[deprecated("Remove in v4.1. Use val_mgr->EmptyString() instead.")]]
[[deprecated("Remove in v4.1. Use zeek::val_mgr->EmptyString() instead.")]]
StringVal* GetEmptyString() const;
inline const StringValPtr& EmptyString() const
{ return empty_string; }
// Port number given in host order.
[[deprecated("Remove in v4.1. Use val_mgr->Port() instead.")]]
[[deprecated("Remove in v4.1. Use zeek::val_mgr->Port() instead.")]]
PortVal* GetPort(uint32_t port_num, TransportProto port_type) const;
// Port number given in host order.
const PortValPtr& Port(uint32_t port_num, TransportProto port_type) const;
// Host-order port number already masked with port space protocol mask.
[[deprecated("Remove in v4.1. Use val_mgr->Port() instead.")]]
[[deprecated("Remove in v4.1. Use zeek::val_mgr->Port() instead.")]]
PortVal* GetPort(uint32_t port_num) const;
// Host-order port number already masked with port space protocol mask.
@ -1428,4 +1428,4 @@ using IntervalVal [[deprecated("Remove in v4.1. Use zeek::IntervalVal instead.")
using ValManager [[deprecated("Remove in v4.1. Use zeek::ValManager instead.")]] = zeek::ValManager;
// Alias for zeek::val_mgr.
extern zeek::ValManager*& val_mgr;
extern zeek::ValManager*& val_mgr [[deprecated("Remove in v4.1. Use zeek::val_mgr instead.")]];

4
src/analyzer/Analyzer.cc
View file

@ -702,7 +702,7 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag)
return;
const auto& tval = arg_tag ? arg_tag.AsVal() : tag.AsVal();
mgr.Enqueue(protocol_confirmation, ConnVal(), tval, val_mgr->Count(id));
mgr.Enqueue(protocol_confirmation, ConnVal(), tval, zeek::val_mgr->Count(id));
}
void Analyzer::ProtocolViolation(const char* reason, const char* data, int len)
@ -724,7 +724,7 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len)
r = zeek::make_intrusive<zeek::StringVal>(reason);
const auto& tval = tag.AsVal();
mgr.Enqueue(protocol_violation, ConnVal(), tval, val_mgr->Count(id), std::move(r));
mgr.Enqueue(protocol_violation, ConnVal(), tval, zeek::val_mgr->Count(id), std::move(r));
}
void Analyzer::AddTimer(analyzer_timer_func timer, double t,

2
src/analyzer/Manager.cc
View file

@ -440,7 +440,7 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
{
static auto tcp_content_delivery_ports_orig = zeek::id::find_val<zeek::TableVal>("tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp = zeek::id::find_val<zeek::TableVal>("tcp_content_delivery_ports_resp");
const auto& dport = val_mgr->Port(ntohs(conn->RespPort()), TRANSPORT_TCP);
const auto& dport = zeek::val_mgr->Port(ntohs(conn->RespPort()), TRANSPORT_TCP);
if ( ! reass )
reass = (bool)tcp_content_delivery_ports_orig->FindOrDefault(dport);

8
src/analyzer/analyzer.bif
View file

@ -11,13 +11,13 @@ module Analyzer;
function Analyzer::__enable_analyzer%(id: Analyzer::Tag%) : bool
%{
bool result = analyzer_mgr->EnableAnalyzer(id->AsEnumVal());
return val_mgr->Bool(result);
return zeek::val_mgr->Bool(result);
%}
function Analyzer::__disable_analyzer%(id: Analyzer::Tag%) : bool
%{
bool result = analyzer_mgr->DisableAnalyzer(id->AsEnumVal());
return val_mgr->Bool(result);
return zeek::val_mgr->Bool(result);
%}
function Analyzer::__disable_all_analyzers%(%) : any
@ -29,14 +29,14 @@ function Analyzer::__disable_all_analyzers%(%) : any
function Analyzer::__register_for_port%(id: Analyzer::Tag, p: port%) : bool
%{
bool result = analyzer_mgr->RegisterAnalyzerForPort(id->AsEnumVal(), p);
return val_mgr->Bool(result);
return zeek::val_mgr->Bool(result);
%}
function Analyzer::__schedule_analyzer%(orig: addr, resp: addr, resp_p: port,
analyzer: Analyzer::Tag, tout: interval%) : bool
%{
analyzer_mgr->ScheduleAnalyzer(orig->AsAddr(), resp->AsAddr(), resp_p, analyzer->AsEnumVal(), tout);
return val_mgr->True();
return zeek::val_mgr->True();
%}
function __name%(atype: Analyzer::Tag%) : string

10
src/analyzer/protocol/asn1/asn1.pac
View file

@ -113,15 +113,15 @@ zeek::ValPtr asn1_integer_to_val(const ASN1Encoding* i, zeek::TypeTag t)
switch ( t ) {
case zeek::TYPE_BOOL:
return val_mgr->Bool(v);
return zeek::val_mgr->Bool(v);
case zeek::TYPE_INT:
return val_mgr->Int(v);
return zeek::val_mgr->Int(v);
case zeek::TYPE_COUNT:
case zeek::TYPE_COUNTER:
return val_mgr->Count(v);
return zeek::val_mgr->Count(v);
default:
reporter->Error("bad asn1_integer_to_val tag: %s", zeek::type_name(t));
return val_mgr->Count(v);
return zeek::val_mgr->Count(v);
}
}
@ -152,7 +152,7 @@ zeek::StringValPtr asn1_oid_to_val(const ASN1Encoding* oid)
if ( ! subidentifier.empty() || subidentifiers.size() < 1 )
// Underflow.
return val_mgr->EmptyString();
return zeek::val_mgr->EmptyString();
for ( size_t i = 0; i < subidentifiers.size(); ++i )
{

2
src/analyzer/protocol/bittorrent/BitTorrent.cc
View file

@ -121,6 +121,6 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig)
if ( bittorrent_peer_weird )
EnqueueConnEvent(bittorrent_peer_weird,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(msg));
}

10
src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
View file

@ -247,7 +247,7 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig)
if ( bt_tracker_weird )
EnqueueConnEvent(bt_tracker_weird,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(msg)
);
}
@ -403,7 +403,7 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line)
EnqueueConnEvent(
bt_tracker_response_not_ok,
ConnVal(),
val_mgr->Count(res_status),
zeek::val_mgr->Count(res_status),
zeek::IntrusivePtr{zeek::AdoptRef{}, res_val_headers}
);
res_val_headers = nullptr;
@ -480,7 +480,7 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name,
auto peer = zeek::make_intrusive<zeek::RecordVal>(bittorrent_peer);
peer->Assign(0, zeek::make_intrusive<zeek::AddrVal>(ad));
peer->Assign(1, val_mgr->Port(pt, TRANSPORT_TCP));
peer->Assign(1, zeek::val_mgr->Port(pt, TRANSPORT_TCP));
res_val_peers->Assign(std::move(peer), nullptr);
}
}
@ -499,7 +499,7 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name,
auto benc_value = zeek::make_intrusive<zeek::RecordVal>(bittorrent_benc_value);
auto name_ = zeek::make_intrusive<zeek::StringVal>(name_len, name);
benc_value->Assign(type, val_mgr->Int(value));
benc_value->Assign(type, zeek::val_mgr->Int(value));
res_val_benc->Assign(std::move(name_), std::move(benc_value));
}
@ -784,7 +784,7 @@ void BitTorrentTracker_Analyzer::EmitResponse(void)
if ( bt_tracker_response )
EnqueueConnEvent(bt_tracker_response,
ConnVal(),
val_mgr->Count(res_status),
zeek::val_mgr->Count(res_status),
zeek::IntrusivePtr{zeek::AdoptRef{}, res_val_headers},
zeek::IntrusivePtr{zeek::AdoptRef{}, res_val_peers},
zeek::IntrusivePtr{zeek::AdoptRef{}, res_val_benc}

2
src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac
View file

@ -221,7 +221,7 @@ flow BitTorrent_Flow(is_orig: bool) {
connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
is_orig(),
val_mgr->Port(listen_port, TRANSPORT_TCP));
zeek::val_mgr->Port(listen_port, TRANSPORT_TCP));
}
return true;

14
src/analyzer/protocol/conn-size/ConnSize.cc
View file

@ -52,8 +52,8 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64_t threshold, bo
EnqueueConnEvent(f,
ConnVal(),
val_mgr->Count(threshold),
val_mgr->Bool(is_orig)
zeek::val_mgr->Count(threshold),
zeek::val_mgr->Bool(is_orig)
);
}
@ -95,7 +95,7 @@ void ConnSize_Analyzer::CheckThresholds(bool is_orig)
EnqueueConnEvent(conn_duration_threshold_crossed,
ConnVal(),
zeek::make_intrusive<zeek::IntervalVal>(duration_thresh),
val_mgr->Bool(is_orig)
zeek::val_mgr->Bool(is_orig)
);
duration_thresh = 0;
}
@ -183,10 +183,10 @@ void ConnSize_Analyzer::UpdateConnVal(zeek::RecordVal *conn_val)
if ( bytesidx < 0 )
reporter->InternalError("'endpoint' record missing 'num_bytes_ip' field");
orig_endp->Assign(pktidx, val_mgr->Count(orig_pkts));
orig_endp->Assign(bytesidx, val_mgr->Count(orig_bytes));
resp_endp->Assign(pktidx, val_mgr->Count(resp_pkts));
resp_endp->Assign(bytesidx, val_mgr->Count(resp_bytes));
orig_endp->Assign(pktidx, zeek::val_mgr->Count(orig_pkts));
orig_endp->Assign(bytesidx, zeek::val_mgr->Count(orig_bytes));
resp_endp->Assign(pktidx, zeek::val_mgr->Count(resp_pkts));
resp_endp->Assign(bytesidx, zeek::val_mgr->Count(resp_bytes));
Analyzer::UpdateConnVal(conn_val);
}

20
src/analyzer/protocol/conn-size/functions.bif
View file

@ -35,11 +35,11 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or
%{
analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
if ( ! a )
return val_mgr->False();
return zeek::val_mgr->False();
static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, true, is_orig);
return val_mgr->True();
return zeek::val_mgr->True();
%}
## Sets a threshold for connection packets, overwtiting any potential old thresholds.
@ -59,11 +59,11 @@ function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_
%{
analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
if ( ! a )
return val_mgr->False();
return zeek::val_mgr->False();
static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, false, is_orig);
return val_mgr->True();
return zeek::val_mgr->True();
%}
## Sets the current duration threshold for connection, overwriting any potential old
@ -81,11 +81,11 @@ function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval%
%{
analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
if ( ! a )
return val_mgr->False();
return zeek::val_mgr->False();
static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->SetDurationThreshold(threshold);
return val_mgr->True();
return zeek::val_mgr->True();
%}
# Gets the current byte threshold size for a connection.
@ -103,9 +103,9 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count
%{
analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
if ( ! a )
return val_mgr->Count(0);
return zeek::val_mgr->Count(0);
return val_mgr->Count(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(true, is_orig));
return zeek::val_mgr->Count(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(true, is_orig));
%}
## Gets the current packet threshold size for a connection.
@ -122,9 +122,9 @@ function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): coun
%{
analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
if ( ! a )
return val_mgr->Count(0);
return zeek::val_mgr->Count(0);
return val_mgr->Count(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(false, is_orig));
return zeek::val_mgr->Count(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(false, is_orig));
%}
## Gets the current duration threshold size for a connection.

10
src/analyzer/protocol/dhcp/dhcp-analyzer.pac
View file

@ -32,7 +32,7 @@ refine flow DHCP_Flow += {
init_options();
if ( code != 255 )
all_options->Assign(all_options->Size(), val_mgr->Count(code));
all_options->Assign(all_options->Size(), zeek::val_mgr->Count(code));
return true;
%}
@ -54,11 +54,11 @@ refine flow DHCP_Flow += {
double secs = static_cast<double>(${msg.secs});
auto dhcp_msg_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::Msg);
dhcp_msg_val->Assign(0, val_mgr->Count(${msg.op}));
dhcp_msg_val->Assign(1, val_mgr->Count(${msg.type}));
dhcp_msg_val->Assign(2, val_mgr->Count(${msg.xid}));
dhcp_msg_val->Assign(0, zeek::val_mgr->Count(${msg.op}));
dhcp_msg_val->Assign(1, zeek::val_mgr->Count(${msg.type}));
dhcp_msg_val->Assign(2, zeek::val_mgr->Count(${msg.xid}));
dhcp_msg_val->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(secs));
dhcp_msg_val->Assign(4, val_mgr->Count(${msg.flags}));
dhcp_msg_val->Assign(4, zeek::val_mgr->Count(${msg.flags}));
dhcp_msg_val->Assign(5, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.ciaddr})));
dhcp_msg_val->Assign(6, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.yiaddr})));
dhcp_msg_val->Assign(7, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.siaddr})));

20
src/analyzer/protocol/dhcp/dhcp-options.pac
View file

@ -34,7 +34,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_time_offset_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(25, val_mgr->Int(${v.time_offset}));
${context.flow}->options->Assign(25, zeek::val_mgr->Int(${v.time_offset}));
return true;
%}
};
@ -250,7 +250,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_forwarding_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(6, val_mgr->Bool(${v.forwarding} == 0 ? false : true));
${context.flow}->options->Assign(6, zeek::val_mgr->Bool(${v.forwarding} == 0 ? false : true));
return true;
%}
@ -469,7 +469,7 @@ refine flow DHCP_Flow += {
for ( int i = 0; i < num_parms; ++i )
{
uint8 param = (*plist)[i];
params->Assign(i, val_mgr->Count(param));
params->Assign(i, zeek::val_mgr->Count(param));
}
${context.flow}->options->Assign(13, std::move(params));
@ -521,7 +521,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_max_message_size_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(15, val_mgr->Count(${v.max_msg_size}));
${context.flow}->options->Assign(15, zeek::val_mgr->Count(${v.max_msg_size}));
return true;
%}
@ -626,7 +626,7 @@ refine flow DHCP_Flow += {
function process_client_id_option(v: OptionValue): bool
%{
auto client_id = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::ClientID);
client_id->Assign(0, val_mgr->Count(${v.client_id.hwtype}));
client_id->Assign(0, zeek::val_mgr->Count(${v.client_id.hwtype}));
zeek::StringValPtr sv;
if ( ${v.client_id.hwtype} == 0 )
@ -695,9 +695,9 @@ refine flow DHCP_Flow += {
function process_client_fqdn_option(v: OptionValue): bool
%{
auto client_fqdn = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::ClientFQDN);
client_fqdn->Assign(0, val_mgr->Count(${v.client_fqdn.flags}));
client_fqdn->Assign(1, val_mgr->Count(${v.client_fqdn.rcode1}));
client_fqdn->Assign(2, val_mgr->Count(${v.client_fqdn.rcode2}));
client_fqdn->Assign(0, zeek::val_mgr->Count(${v.client_fqdn.flags}));
client_fqdn->Assign(1, zeek::val_mgr->Count(${v.client_fqdn.rcode1}));
client_fqdn->Assign(2, zeek::val_mgr->Count(${v.client_fqdn.rcode2}));
const char* domain_name = reinterpret_cast<const char*>(${v.client_fqdn.domain_name}.begin());
client_fqdn->Assign(3, zeek::make_intrusive<zeek::StringVal>(${v.client_fqdn.domain_name}.length(), domain_name));
@ -760,7 +760,7 @@ refine flow DHCP_Flow += {
ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt )
{
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::SubOpt);
r->Assign(0, val_mgr->Count((*ptrsubopt)->code()));
r->Assign(0, zeek::val_mgr->Count((*ptrsubopt)->code()));
r->Assign(1, to_stringval((*ptrsubopt)->value()));
relay_agent_sub_opt->Assign(i, std::move(r));
@ -790,7 +790,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_auto_config_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(23, val_mgr->Bool(${v.auto_config} == 0 ? false : true));
${context.flow}->options->Assign(23, zeek::val_mgr->Bool(${v.auto_config} == 0 ? false : true));
return true;
%}

122
src/analyzer/protocol/dns/DNS.cc
View file

@ -50,9 +50,9 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
if ( dns_message )
analyzer->EnqueueConnEvent(dns_message,
analyzer->ConnVal(),
val_mgr->Bool(is_query),
zeek::val_mgr->Bool(is_query),
msg.BuildHdrVal(),
val_mgr->Count(len)
zeek::val_mgr->Count(len)
);
// There is a great deal of non-DNS traffic that runs on port 53.
@ -606,7 +606,7 @@ bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg,
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_soa);
r->Assign(0, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(mname, mname_end - mname, true)));
r->Assign(1, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(rname, rname_end - rname, true)));
r->Assign(2, val_mgr->Count(serial));
r->Assign(2, zeek::val_mgr->Count(serial));
r->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(double(refresh), Seconds));
r->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(double(retry), Seconds));
r->Assign(5, zeek::make_intrusive<zeek::IntervalVal>(double(expire), Seconds));
@ -647,7 +647,7 @@ bool DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg,
msg->BuildHdrVal(),
msg->BuildAnswerVal(),
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(name, name_end - name, true)),
val_mgr->Count(preference)
zeek::val_mgr->Count(preference)
);
return true;
@ -688,9 +688,9 @@ bool DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg,
msg->BuildHdrVal(),
msg->BuildAnswerVal(),
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(name, name_end - name, true)),
val_mgr->Count(priority),
val_mgr->Count(weight),
val_mgr->Count(port)
zeek::val_mgr->Count(priority),
zeek::val_mgr->Count(weight),
zeek::val_mgr->Count(port)
);
return true;
@ -1379,7 +1379,7 @@ bool DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg,
analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildAnswerVal(),
val_mgr->Count(flags),
zeek::val_mgr->Count(flags),
zeek::make_intrusive<zeek::StringVal>(tag),
zeek::make_intrusive<zeek::StringVal>(value)
);
@ -1408,8 +1408,8 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg,
analyzer->ConnVal(),
msg->BuildHdrVal(),
zeek::make_intrusive<zeek::StringVal>(question_name),
val_mgr->Count(qtype),
val_mgr->Count(qclass),
zeek::val_mgr->Count(qtype),
zeek::val_mgr->Count(qclass),
zeek::make_intrusive<zeek::StringVal>(original_name)
);
}
@ -1451,19 +1451,19 @@ zeek::RecordValPtr DNS_MsgInfo::BuildHdrVal()
static auto dns_msg = zeek::id::find_type<zeek::RecordType>("dns_msg");
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_msg);
r->Assign(0, val_mgr->Count(id));
r->Assign(1, val_mgr->Count(opcode));
r->Assign(2, val_mgr->Count(rcode));
r->Assign(3, val_mgr->Bool(QR));
r->Assign(4, val_mgr->Bool(AA));
r->Assign(5, val_mgr->Bool(TC));
r->Assign(6, val_mgr->Bool(RD));
r->Assign(7, val_mgr->Bool(RA));
r->Assign(8, val_mgr->Count(Z));
r->Assign(9, val_mgr->Count(qdcount));
r->Assign(10, val_mgr->Count(ancount));
r->Assign(11, val_mgr->Count(nscount));
r->Assign(12, val_mgr->Count(arcount));
r->Assign(0, zeek::val_mgr->Count(id));
r->Assign(1, zeek::val_mgr->Count(opcode));
r->Assign(2, zeek::val_mgr->Count(rcode));
r->Assign(3, zeek::val_mgr->Bool(QR));
r->Assign(4, zeek::val_mgr->Bool(AA));
r->Assign(5, zeek::val_mgr->Bool(TC));
r->Assign(6, zeek::val_mgr->Bool(RD));
r->Assign(7, zeek::val_mgr->Bool(RA));
r->Assign(8, zeek::val_mgr->Count(Z));
r->Assign(9, zeek::val_mgr->Count(qdcount));
r->Assign(10, zeek::val_mgr->Count(ancount));
r->Assign(11, zeek::val_mgr->Count(nscount));
r->Assign(12, zeek::val_mgr->Count(arcount));
return r;
}
@ -1473,10 +1473,10 @@ zeek::RecordValPtr DNS_MsgInfo::BuildAnswerVal()
static auto dns_answer = zeek::id::find_type<zeek::RecordType>("dns_answer");
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_answer);
r->Assign(0, val_mgr->Count(int(answer_type)));
r->Assign(0, zeek::val_mgr->Count(int(answer_type)));
r->Assign(1, query_name);
r->Assign(2, val_mgr->Count(atype));
r->Assign(3, val_mgr->Count(aclass));
r->Assign(2, zeek::val_mgr->Count(atype));
r->Assign(3, zeek::val_mgr->Count(aclass));
r->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(double(ttl), Seconds));
return r;
@ -1489,14 +1489,14 @@ zeek::RecordValPtr DNS_MsgInfo::BuildEDNS_Val()
static auto dns_edns_additional = zeek::id::find_type<zeek::RecordType>("dns_edns_additional");
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_edns_additional);
r->Assign(0, val_mgr->Count(int(answer_type)));
r->Assign(0, zeek::val_mgr->Count(int(answer_type)));
r->Assign(1, query_name);
// type = 0x29 or 41 = EDNS
r->Assign(2, val_mgr->Count(atype));
r->Assign(2, zeek::val_mgr->Count(atype));
// sender's UDP payload size, per RFC 2671 4.3
r->Assign(3, val_mgr->Count(aclass));
r->Assign(3, zeek::val_mgr->Count(aclass));
// Need to break the TTL field into three components:
// initial: [------------- ttl (32) ---------------------]
@ -1509,11 +1509,11 @@ zeek::RecordValPtr DNS_MsgInfo::BuildEDNS_Val()
unsigned int return_error = (ercode << 8) | rcode;
r->Assign(4, val_mgr->Count(return_error));
r->Assign(5, val_mgr->Count(version));
r->Assign(6, val_mgr->Count(z));
r->Assign(4, zeek::val_mgr->Count(return_error));
r->Assign(5, zeek::val_mgr->Count(version));
r->Assign(6, zeek::val_mgr->Count(z));
r->Assign(7, zeek::make_intrusive<zeek::IntervalVal>(double(ttl), Seconds));
r->Assign(8, val_mgr->Count(is_query));
r->Assign(8, zeek::val_mgr->Count(is_query));
return r;
}
@ -1524,16 +1524,16 @@ zeek::RecordValPtr DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_tsig_additional);
double rtime = tsig->time_s + tsig->time_ms / 1000.0;
// r->Assign(0, val_mgr->Count(int(answer_type)));
// r->Assign(0, zeek::val_mgr->Count(int(answer_type)));
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(1, zeek::val_mgr->Count(int(answer_type)));
r->Assign(2, zeek::make_intrusive<zeek::StringVal>(tsig->alg_name));
r->Assign(3, zeek::make_intrusive<zeek::StringVal>(tsig->sig));
r->Assign(4, zeek::make_intrusive<zeek::TimeVal>(rtime));
r->Assign(5, zeek::make_intrusive<zeek::TimeVal>(double(tsig->fudge)));
r->Assign(6, val_mgr->Count(tsig->orig_id));
r->Assign(7, val_mgr->Count(tsig->rr_error));
r->Assign(8, val_mgr->Count(is_query));
r->Assign(6, zeek::val_mgr->Count(tsig->orig_id));
r->Assign(7, zeek::val_mgr->Count(tsig->rr_error));
r->Assign(8, zeek::val_mgr->Count(is_query));
return r;
}
@ -1544,17 +1544,17 @@ zeek::RecordValPtr DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_rrsig_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, val_mgr->Count(rrsig->type_covered));
r->Assign(3, val_mgr->Count(rrsig->algorithm));
r->Assign(4, val_mgr->Count(rrsig->labels));
r->Assign(1, zeek::val_mgr->Count(int(answer_type)));
r->Assign(2, zeek::val_mgr->Count(rrsig->type_covered));
r->Assign(3, zeek::val_mgr->Count(rrsig->algorithm));
r->Assign(4, zeek::val_mgr->Count(rrsig->labels));
r->Assign(5, zeek::make_intrusive<zeek::IntervalVal>(double(rrsig->orig_ttl), Seconds));
r->Assign(6, zeek::make_intrusive<zeek::TimeVal>(double(rrsig->sig_exp)));
r->Assign(7, zeek::make_intrusive<zeek::TimeVal>(double(rrsig->sig_incep)));
r->Assign(8, val_mgr->Count(rrsig->key_tag));
r->Assign(8, zeek::val_mgr->Count(rrsig->key_tag));
r->Assign(9, zeek::make_intrusive<zeek::StringVal>(rrsig->signer_name));
r->Assign(10, zeek::make_intrusive<zeek::StringVal>(rrsig->signature));
r->Assign(11, val_mgr->Count(is_query));
r->Assign(11, zeek::val_mgr->Count(is_query));
return r;
}
@ -1565,12 +1565,12 @@ zeek::RecordValPtr DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_dnskey_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, val_mgr->Count(dnskey->dflags));
r->Assign(3, val_mgr->Count(dnskey->dprotocol));
r->Assign(4, val_mgr->Count(dnskey->dalgorithm));
r->Assign(1, zeek::val_mgr->Count(int(answer_type)));
r->Assign(2, zeek::val_mgr->Count(dnskey->dflags));
r->Assign(3, zeek::val_mgr->Count(dnskey->dprotocol));
r->Assign(4, zeek::val_mgr->Count(dnskey->dalgorithm));
r->Assign(5, zeek::make_intrusive<zeek::StringVal>(dnskey->public_key));
r->Assign(6, val_mgr->Count(is_query));
r->Assign(6, zeek::val_mgr->Count(is_query));
return r;
}
@ -1581,16 +1581,16 @@ zeek::RecordValPtr DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_nsec3_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, val_mgr->Count(nsec3->nsec_flags));
r->Assign(3, val_mgr->Count(nsec3->nsec_hash_algo));
r->Assign(4, val_mgr->Count(nsec3->nsec_iter));
r->Assign(5, val_mgr->Count(nsec3->nsec_salt_len));
r->Assign(1, zeek::val_mgr->Count(int(answer_type)));
r->Assign(2, zeek::val_mgr->Count(nsec3->nsec_flags));
r->Assign(3, zeek::val_mgr->Count(nsec3->nsec_hash_algo));
r->Assign(4, zeek::val_mgr->Count(nsec3->nsec_iter));
r->Assign(5, zeek::val_mgr->Count(nsec3->nsec_salt_len));
r->Assign(6, zeek::make_intrusive<zeek::StringVal>(nsec3->nsec_salt));
r->Assign(7, val_mgr->Count(nsec3->nsec_hlen));
r->Assign(7, zeek::val_mgr->Count(nsec3->nsec_hlen));
r->Assign(8, zeek::make_intrusive<zeek::StringVal>(nsec3->nsec_hash));
r->Assign(9, std::move(nsec3->bitmaps));
r->Assign(10, val_mgr->Count(is_query));
r->Assign(10, zeek::val_mgr->Count(is_query));
return r;
}
@ -1601,12 +1601,12 @@ zeek::RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_ds_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, val_mgr->Count(ds->key_tag));
r->Assign(3, val_mgr->Count(ds->algorithm));
r->Assign(4, val_mgr->Count(ds->digest_type));
r->Assign(1, zeek::val_mgr->Count(int(answer_type)));
r->Assign(2, zeek::val_mgr->Count(ds->key_tag));
r->Assign(3, zeek::val_mgr->Count(ds->algorithm));
r->Assign(4, zeek::val_mgr->Count(ds->digest_type));
r->Assign(5, zeek::make_intrusive<zeek::StringVal>(ds->digest_val));
r->Assign(6, val_mgr->Count(is_query));
r->Assign(6, zeek::val_mgr->Count(is_query));
return r;
}

2
src/analyzer/protocol/finger/Finger.cc
View file

@ -69,7 +69,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig
if ( finger_request )
EnqueueConnEvent(finger_request,
ConnVal(),
val_mgr->Bool(long_cnt),
zeek::val_mgr->Bool(long_cnt),
zeek::make_intrusive<zeek::StringVal>(at - line, line),
zeek::make_intrusive<zeek::StringVal>(end_of_line - host, host)
);

4
src/analyzer/protocol/ftp/FTP.cc
View file

@ -177,9 +177,9 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
vl = {
ConnVal(),
val_mgr->Count(reply_code),
zeek::val_mgr->Count(reply_code),
zeek::make_intrusive<zeek::StringVal>(end_of_line - line, line),
val_mgr->Bool(cont_resp)
zeek::val_mgr->Bool(cont_resp)
};
f = ftp_reply;

14
src/analyzer/protocol/ftp/functions.bif
View file

@ -34,14 +34,14 @@ static zeek::ValPtr parse_port(const char* line)
}
r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(htonl(addr)));
r->Assign(1, val_mgr->Port(port, TRANSPORT_TCP));
r->Assign(2, val_mgr->Bool(good));
r->Assign(1, zeek::val_mgr->Port(port, TRANSPORT_TCP));
r->Assign(2, zeek::val_mgr->Bool(good));
}
else
{
r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(uint32_t(0)));
r->Assign(1, val_mgr->Port(0, TRANSPORT_TCP));
r->Assign(2, val_mgr->False());
r->Assign(1, zeek::val_mgr->Port(0, TRANSPORT_TCP));
r->Assign(2, zeek::val_mgr->False());
}
return r;
@ -110,8 +110,8 @@ static zeek::ValPtr parse_eftp(const char* line)
}
r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(addr));
r->Assign(1, val_mgr->Port(port, TRANSPORT_TCP));
r->Assign(2, val_mgr->Bool(good));
r->Assign(1, zeek::val_mgr->Port(port, TRANSPORT_TCP));
r->Assign(2, zeek::val_mgr->Bool(good));
return r;
}
@ -215,6 +215,6 @@ function fmt_ftp_port%(a: addr, p: port%): string
{
zeek::emit_builtin_error("conversion of non-IPv4 address in fmt_ftp_port",
@ARG@[0]);
return val_mgr->EmptyString();
return zeek::val_mgr->EmptyString();
}
%}

22
src/analyzer/protocol/gnutella/Gnutella.cc
View file

@ -74,8 +74,8 @@ void Gnutella_Analyzer::Done()
EnqueueConnEvent(gnutella_partial_binary_msg,
ConnVal(),
zeek::make_intrusive<zeek::StringVal>(p->msg),
val_mgr->Bool((i == 0)),
val_mgr->Count(p->msg_pos));
zeek::val_mgr->Bool((i == 0)),
zeek::val_mgr->Count(p->msg_pos));
else if ( ! p->msg_sent && p->payload_left )
SendEvents(p, (i == 0));
@ -177,7 +177,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig)
if ( gnutella_text_msg )
EnqueueConnEvent(gnutella_text_msg,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(ms->headers.data()));
ms->headers = "";
@ -214,15 +214,15 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig)
if ( gnutella_binary_msg )
EnqueueConnEvent(gnutella_binary_msg,
ConnVal(),
val_mgr->Bool(is_orig),
val_mgr->Count(p->msg_type),
val_mgr->Count(p->msg_ttl),
val_mgr->Count(p->msg_hops),
val_mgr->Count(p->msg_len),
zeek::val_mgr->Bool(is_orig),
zeek::val_mgr->Count(p->msg_type),
zeek::val_mgr->Count(p->msg_ttl),
zeek::val_mgr->Count(p->msg_hops),
zeek::val_mgr->Count(p->msg_len),
zeek::make_intrusive<zeek::StringVal>(p->payload),
val_mgr->Count(p->payload_len),
val_mgr->Bool((p->payload_len < std::min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD))),
val_mgr->Bool((p->payload_left == 0)));
zeek::val_mgr->Count(p->payload_len),
zeek::val_mgr->Bool((p->payload_len < std::min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD))),
zeek::val_mgr->Bool((p->payload_left == 0)));
}

66
src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
View file

@ -8,21 +8,21 @@ zeek::RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu)
{
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtpv1_hdr);
rv->Assign(0, val_mgr->Count(pdu->version()));
rv->Assign(1, val_mgr->Bool(pdu->pt_flag()));
rv->Assign(2, val_mgr->Bool(pdu->rsv()));
rv->Assign(3, val_mgr->Bool(pdu->e_flag()));
rv->Assign(4, val_mgr->Bool(pdu->s_flag()));
rv->Assign(5, val_mgr->Bool(pdu->pn_flag()));
rv->Assign(6, val_mgr->Count(pdu->msg_type()));
rv->Assign(7, val_mgr->Count(pdu->length()));
rv->Assign(8, val_mgr->Count(pdu->teid()));
rv->Assign(0, zeek::val_mgr->Count(pdu->version()));
rv->Assign(1, zeek::val_mgr->Bool(pdu->pt_flag()));
rv->Assign(2, zeek::val_mgr->Bool(pdu->rsv()));
rv->Assign(3, zeek::val_mgr->Bool(pdu->e_flag()));
rv->Assign(4, zeek::val_mgr->Bool(pdu->s_flag()));
rv->Assign(5, zeek::val_mgr->Bool(pdu->pn_flag()));
rv->Assign(6, zeek::val_mgr->Count(pdu->msg_type()));
rv->Assign(7, zeek::val_mgr->Count(pdu->length()));
rv->Assign(8, zeek::val_mgr->Count(pdu->teid()));
if ( pdu->has_opt() )
{
rv->Assign(9, val_mgr->Count(pdu->opt_hdr()->seq()));
rv->Assign(10, val_mgr->Count(pdu->opt_hdr()->n_pdu()));
rv->Assign(11, val_mgr->Count(pdu->opt_hdr()->next_type()));
rv->Assign(9, zeek::val_mgr->Count(pdu->opt_hdr()->seq()));
rv->Assign(10, zeek::val_mgr->Count(pdu->opt_hdr()->n_pdu()));
rv->Assign(11, zeek::val_mgr->Count(pdu->opt_hdr()->next_type()));
}
return rv;
@ -30,64 +30,64 @@ zeek::RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu)
static zeek::ValPtr BuildIMSI(const InformationElement* ie)
{
return val_mgr->Count(ie->imsi()->value());
return zeek::val_mgr->Count(ie->imsi()->value());
}
static zeek::ValPtr BuildRAI(const InformationElement* ie)
{
auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_rai);
ev->Assign(0, val_mgr->Count(ie->rai()->mcc()));
ev->Assign(1, val_mgr->Count(ie->rai()->mnc()));
ev->Assign(2, val_mgr->Count(ie->rai()->lac()));
ev->Assign(3, val_mgr->Count(ie->rai()->rac()));
ev->Assign(0, zeek::val_mgr->Count(ie->rai()->mcc()));
ev->Assign(1, zeek::val_mgr->Count(ie->rai()->mnc()));
ev->Assign(2, zeek::val_mgr->Count(ie->rai()->lac()));
ev->Assign(3, zeek::val_mgr->Count(ie->rai()->rac()));
return ev;
}
static zeek::ValPtr BuildRecovery(const InformationElement* ie)
{
return val_mgr->Count(ie->recovery()->restart_counter());
return zeek::val_mgr->Count(ie->recovery()->restart_counter());
}
static zeek::ValPtr BuildSelectionMode(const InformationElement* ie)
{
return val_mgr->Count(ie->selection_mode()->mode());
return zeek::val_mgr->Count(ie->selection_mode()->mode());
}
static zeek::ValPtr BuildTEID1(const InformationElement* ie)
{
return val_mgr->Count(ie->teid1()->value());
return zeek::val_mgr->Count(ie->teid1()->value());
}
static zeek::ValPtr BuildTEID_ControlPlane(const InformationElement* ie)
{
return val_mgr->Count(ie->teidcp()->value());
return zeek::val_mgr->Count(ie->teidcp()->value());
}
static zeek::ValPtr BuildNSAPI(const InformationElement* ie)
{
return val_mgr->Count(ie->nsapi()->nsapi());
return zeek::val_mgr->Count(ie->nsapi()->nsapi());
}
static zeek::ValPtr BuildChargingCharacteristics(const InformationElement* ie)
{
return val_mgr->Count(ie->charging_characteristics()->value());
return zeek::val_mgr->Count(ie->charging_characteristics()->value());
}
static zeek::ValPtr BuildTraceReference(const InformationElement* ie)
{
return val_mgr->Count(ie->trace_reference()->value());
return zeek::val_mgr->Count(ie->trace_reference()->value());
}
static zeek::ValPtr BuildTraceType(const InformationElement* ie)
{
return val_mgr->Count(ie->trace_type()->value());
return zeek::val_mgr->Count(ie->trace_type()->value());
}
zeek::ValPtr BuildEndUserAddr(const InformationElement* ie)
{
auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_end_user_addr);
ev->Assign(0, val_mgr->Count(ie->end_user_addr()->pdp_type_org()));
ev->Assign(1, val_mgr->Count(ie->end_user_addr()->pdp_type_num()));
ev->Assign(0, zeek::val_mgr->Count(ie->end_user_addr()->pdp_type_org()));
ev->Assign(1, zeek::val_mgr->Count(ie->end_user_addr()->pdp_type_num()));
int len = ie->end_user_addr()->pdp_addr().length();
@ -161,7 +161,7 @@ zeek::ValPtr BuildQoS_Profile(const InformationElement* ie)
const u_char* d = (const u_char*) ie->qos_profile()->data().data();
int len = ie->qos_profile()->data().length();
ev->Assign(0, val_mgr->Count(ie->qos_profile()->alloc_retention_priority()));
ev->Assign(0, zeek::val_mgr->Count(ie->qos_profile()->alloc_retention_priority()));
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(d, len, false)));
return ev;
@ -195,7 +195,7 @@ zeek::ValPtr BuildPrivateExt(const InformationElement* ie)
const uint8* d = ie->private_ext()->value().data();
int len = ie->private_ext()->value().length();
ev->Assign(0, val_mgr->Count(ie->private_ext()->id()));
ev->Assign(0, zeek::val_mgr->Count(ie->private_ext()->id()));
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString((const u_char*) d, len, false)));
return ev;
@ -203,17 +203,17 @@ zeek::ValPtr BuildPrivateExt(const InformationElement* ie)
static zeek::ValPtr BuildCause(const InformationElement* ie)
{
return val_mgr->Count(ie->cause()->value());
return zeek::val_mgr->Count(ie->cause()->value());
}
static zeek::ValPtr BuildReorderReq(const InformationElement* ie)
{
return val_mgr->Bool(ie->reorder_req()->req());
return zeek::val_mgr->Bool(ie->reorder_req()->req());
}
static zeek::ValPtr BuildChargingID(const InformationElement* ie)
{
return val_mgr->Count(ie->charging_id()->value());;
return zeek::val_mgr->Count(ie->charging_id()->value());;
}
zeek::ValPtr BuildChargingGatewayAddr(const InformationElement* ie)
@ -230,7 +230,7 @@ zeek::ValPtr BuildChargingGatewayAddr(const InformationElement* ie)
static zeek::ValPtr BuildTeardownInd(const InformationElement* ie)
{
return val_mgr->Bool(ie->teardown_ind()->ind());
return zeek::val_mgr->Bool(ie->teardown_ind()->ind());
}
void CreatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)

30
src/analyzer/protocol/http/HTTP.cc
View file

@ -619,11 +619,11 @@ zeek::RecordValPtr HTTP_Message::BuildMessageStat(bool interrupted, const char*
auto stat = zeek::make_intrusive<zeek::RecordVal>(http_message_stat);
int field = 0;
stat->Assign(field++, zeek::make_intrusive<zeek::TimeVal>(start_time));
stat->Assign(field++, val_mgr->Bool(interrupted));
stat->Assign(field++, zeek::val_mgr->Bool(interrupted));
stat->Assign(field++, zeek::make_intrusive<zeek::StringVal>(msg));
stat->Assign(field++, val_mgr->Count(body_length));
stat->Assign(field++, val_mgr->Count(content_gap_length));
stat->Assign(field++, val_mgr->Count(header_length));
stat->Assign(field++, zeek::val_mgr->Count(body_length));
stat->Assign(field++, zeek::val_mgr->Count(content_gap_length));
stat->Assign(field++, zeek::val_mgr->Count(header_length));
return stat;
}
@ -652,7 +652,7 @@ void HTTP_Message::Done(bool interrupted, const char* detail)
if ( http_message_done )
GetAnalyzer()->EnqueueConnEvent(http_message_done,
analyzer->ConnVal(),
val_mgr->Bool(is_orig),
zeek::val_mgr->Bool(is_orig),
BuildMessageStat(interrupted, detail)
);
@ -683,7 +683,7 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity)
if ( http_begin_entity )
analyzer->EnqueueConnEvent(http_begin_entity,
analyzer->ConnVal(),
val_mgr->Bool(is_orig)
zeek::val_mgr->Bool(is_orig)
);
}
@ -698,7 +698,7 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity)
if ( http_end_entity )
analyzer->EnqueueConnEvent(http_end_entity,
analyzer->ConnVal(),
val_mgr->Bool(is_orig)
zeek::val_mgr->Bool(is_orig)
);
current_entity = (HTTP_Entity*) entity->Parent();
@ -737,14 +737,14 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist)
if ( http_all_headers )
analyzer->EnqueueConnEvent(http_all_headers,
analyzer->ConnVal(),
val_mgr->Bool(is_orig),
zeek::val_mgr->Bool(is_orig),
ToHeaderTable(hlist)
);
if ( http_content_type )
analyzer->EnqueueConnEvent(http_content_type,
analyzer->ConnVal(),
val_mgr->Bool(is_orig),
zeek::val_mgr->Bool(is_orig),
current_entity->GetContentType(),
current_entity->GetContentSubType()
);
@ -1154,8 +1154,8 @@ void HTTP_Analyzer::GenStats()
{
static auto http_stats_rec = zeek::id::find_type<zeek::RecordType>("http_stats_rec");
auto r = zeek::make_intrusive<zeek::RecordVal>(http_stats_rec);
r->Assign(0, val_mgr->Count(num_requests));
r->Assign(1, val_mgr->Count(num_replies));
r->Assign(0, zeek::val_mgr->Count(num_requests));
r->Assign(1, zeek::val_mgr->Count(num_replies));
r->Assign(2, zeek::make_intrusive<zeek::DoubleVal>(request_version.ToDouble()));
r->Assign(3, zeek::make_intrusive<zeek::DoubleVal>(reply_version.ToDouble()));
@ -1408,7 +1408,7 @@ void HTTP_Analyzer::HTTP_Reply()
EnqueueConnEvent(http_reply,
ConnVal(),
zeek::make_intrusive<zeek::StringVal>(fmt("%.1f", reply_version.ToDouble())),
val_mgr->Count(reply_code),
zeek::val_mgr->Count(reply_code),
reply_reason_phrase ?
reply_reason_phrase :
zeek::make_intrusive<zeek::StringVal>("<empty>")
@ -1640,7 +1640,7 @@ void HTTP_Analyzer::HTTP_Header(bool is_orig, mime::MIME_Header* h)
EnqueueConnEvent(http_header,
ConnVal(),
val_mgr->Bool(is_orig),
zeek::val_mgr->Bool(is_orig),
mime::to_string_val(h->get_name()),
std::move(upper_hn),
mime::to_string_val(h->get_value())
@ -1653,8 +1653,8 @@ void HTTP_Analyzer::HTTP_EntityData(bool is_orig, zeek::BroString* entity_data)
if ( http_entity_data )
EnqueueConnEvent(http_entity_data,
ConnVal(),
val_mgr->Bool(is_orig),
val_mgr->Count(entity_data->Len()),
zeek::val_mgr->Bool(is_orig),
zeek::val_mgr->Count(entity_data->Len()),
zeek::make_intrusive<zeek::StringVal>(entity_data)
);
else

94
src/analyzer/protocol/icmp/ICMP.cc
View file

@ -229,11 +229,11 @@ zeek::RecordValPtr ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len
icmp_conn_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(Conn()->OrigAddr()));
icmp_conn_val->Assign(1, zeek::make_intrusive<zeek::AddrVal>(Conn()->RespAddr()));
icmp_conn_val->Assign(2, val_mgr->Count(icmpp->icmp_type));
icmp_conn_val->Assign(3, val_mgr->Count(icmpp->icmp_code));
icmp_conn_val->Assign(4, val_mgr->Count(len));
icmp_conn_val->Assign(5, val_mgr->Count(ip_hdr->TTL()));
icmp_conn_val->Assign(6, val_mgr->Bool(icmpv6));
icmp_conn_val->Assign(2, zeek::val_mgr->Count(icmpp->icmp_type));
icmp_conn_val->Assign(3, zeek::val_mgr->Count(icmpp->icmp_code));
icmp_conn_val->Assign(4, zeek::val_mgr->Count(len));
icmp_conn_val->Assign(5, zeek::val_mgr->Count(ip_hdr->TTL()));
icmp_conn_val->Assign(6, zeek::val_mgr->Bool(icmpv6));
}
return icmp_conn_val;
@ -355,18 +355,18 @@ zeek::RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& da
auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(src_port, proto));
id_val->Assign(1, zeek::val_mgr->Port(src_port, proto));
id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(dst_port, proto));
id_val->Assign(3, zeek::val_mgr->Port(dst_port, proto));
iprec->Assign(0, std::move(id_val));
iprec->Assign(1, val_mgr->Count(ip_len));
iprec->Assign(2, val_mgr->Count(proto));
iprec->Assign(3, val_mgr->Count(frag_offset));
iprec->Assign(4, val_mgr->Bool(bad_hdr_len));
iprec->Assign(5, val_mgr->Bool(bad_checksum));
iprec->Assign(6, val_mgr->Bool(MF));
iprec->Assign(7, val_mgr->Bool(DF));
iprec->Assign(1, zeek::val_mgr->Count(ip_len));
iprec->Assign(2, zeek::val_mgr->Count(proto));
iprec->Assign(3, zeek::val_mgr->Count(frag_offset));
iprec->Assign(4, zeek::val_mgr->Bool(bad_hdr_len));
iprec->Assign(5, zeek::val_mgr->Bool(bad_checksum));
iprec->Assign(6, zeek::val_mgr->Bool(MF));
iprec->Assign(7, zeek::val_mgr->Bool(DF));
return iprec;
}
@ -415,19 +415,19 @@ zeek::RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& da
auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(src_port, proto));
id_val->Assign(1, zeek::val_mgr->Port(src_port, proto));
id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(dst_port, proto));
id_val->Assign(3, zeek::val_mgr->Port(dst_port, proto));
iprec->Assign(0, std::move(id_val));
iprec->Assign(1, val_mgr->Count(ip_len));
iprec->Assign(2, val_mgr->Count(proto));
iprec->Assign(3, val_mgr->Count(frag_offset));
iprec->Assign(4, val_mgr->Bool(bad_hdr_len));
iprec->Assign(1, zeek::val_mgr->Count(ip_len));
iprec->Assign(2, zeek::val_mgr->Count(proto));
iprec->Assign(3, zeek::val_mgr->Count(frag_offset));
iprec->Assign(4, zeek::val_mgr->Bool(bad_hdr_len));
// bad_checksum is always false since IPv6 layer doesn't have a checksum.
iprec->Assign(5, val_mgr->False());
iprec->Assign(6, val_mgr->Bool(MF));
iprec->Assign(7, val_mgr->Bool(DF));
iprec->Assign(5, zeek::val_mgr->False());
iprec->Assign(6, zeek::val_mgr->Bool(MF));
iprec->Assign(7, zeek::val_mgr->Bool(DF));
return iprec;
}
@ -477,14 +477,14 @@ void ICMP_Analyzer::UpdateEndpointVal(const zeek::ValPtr& endp_arg, bool is_orig
if ( size < 0 )
{
endp->Assign(0, val_mgr->Count(0));
endp->Assign(1, val_mgr->Count(int(ICMP_INACTIVE)));
endp->Assign(0, zeek::val_mgr->Count(0));
endp->Assign(1, zeek::val_mgr->Count(int(ICMP_INACTIVE)));
}
else
{
endp->Assign(0, val_mgr->Count(size));
endp->Assign(1, val_mgr->Count(int(ICMP_ACTIVE)));
endp->Assign(0, zeek::val_mgr->Count(size));
endp->Assign(1, zeek::val_mgr->Count(int(ICMP_ACTIVE)));
}
}
@ -520,8 +520,8 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len,
EnqueueConnEvent(f,
ConnVal(),
BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr),
val_mgr->Count(iid),
val_mgr->Count(iseq),
zeek::val_mgr->Count(iid),
zeek::val_mgr->Count(iseq),
zeek::make_intrusive<zeek::StringVal>(payload)
);
}
@ -548,13 +548,13 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len,
EnqueueConnEvent(f,
ConnVal(),
BuildICMPVal(icmpp, len, 1, ip_hdr),
val_mgr->Count(icmpp->icmp_num_addrs), // Cur Hop Limit
val_mgr->Bool(icmpp->icmp_wpa & 0x80), // Managed
val_mgr->Bool(icmpp->icmp_wpa & 0x40), // Other
val_mgr->Bool(icmpp->icmp_wpa & 0x20), // Home Agent
val_mgr->Count((icmpp->icmp_wpa & 0x18)>>3), // Pref
val_mgr->Bool(icmpp->icmp_wpa & 0x04), // Proxy
val_mgr->Count(icmpp->icmp_wpa & 0x02), // Reserved
zeek::val_mgr->Count(icmpp->icmp_num_addrs), // Cur Hop Limit
zeek::val_mgr->Bool(icmpp->icmp_wpa & 0x80), // Managed
zeek::val_mgr->Bool(icmpp->icmp_wpa & 0x40), // Other
zeek::val_mgr->Bool(icmpp->icmp_wpa & 0x20), // Home Agent
zeek::val_mgr->Count((icmpp->icmp_wpa & 0x18)>>3), // Pref
zeek::val_mgr->Bool(icmpp->icmp_wpa & 0x04), // Proxy
zeek::val_mgr->Count(icmpp->icmp_wpa & 0x02), // Reserved
zeek::make_intrusive<zeek::IntervalVal>((double)ntohs(icmpp->icmp_lifetime), Seconds),
zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(reachable), Milliseconds),
zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(retrans), Milliseconds),
@ -581,9 +581,9 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len,
EnqueueConnEvent(f,
ConnVal(),
BuildICMPVal(icmpp, len, 1, ip_hdr),
val_mgr->Bool(icmpp->icmp_num_addrs & 0x80), // Router
val_mgr->Bool(icmpp->icmp_num_addrs & 0x40), // Solicited
val_mgr->Bool(icmpp->icmp_num_addrs & 0x20), // Override
zeek::val_mgr->Bool(icmpp->icmp_num_addrs & 0x80), // Router
zeek::val_mgr->Bool(icmpp->icmp_num_addrs & 0x40), // Solicited
zeek::val_mgr->Bool(icmpp->icmp_num_addrs & 0x20), // Override
zeek::make_intrusive<zeek::AddrVal>(tgtaddr),
BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)
);
@ -678,7 +678,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp,
EnqueueConnEvent(f,
ConnVal(),
BuildICMPVal(icmpp, len, 0, ip_hdr),
val_mgr->Count(icmpp->icmp_code),
zeek::val_mgr->Count(icmpp->icmp_code),
ExtractICMP4Context(caplen, data)
);
}
@ -716,7 +716,7 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp,
EnqueueConnEvent(f,
ConnVal(),
BuildICMPVal(icmpp, len, 1, ip_hdr),
val_mgr->Count(icmpp->icmp_code),
zeek::val_mgr->Count(icmpp->icmp_code),
ExtractICMP6Context(caplen, data)
);
}
@ -748,8 +748,8 @@ zeek::VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* da
}
auto rv = zeek::make_intrusive<zeek::RecordVal>(icmp6_nd_option_type);
rv->Assign(0, val_mgr->Count(type));
rv->Assign(1, val_mgr->Count(length));
rv->Assign(0, zeek::val_mgr->Count(type));
rv->Assign(1, zeek::val_mgr->Count(length));
// Adjust length to be in units of bytes, exclude type/length fields.
length = length * 8 - 2;
@ -788,9 +788,9 @@ zeek::VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* da
uint32_t valid_life = *((const uint32_t*)(data + 2));
uint32_t prefer_life = *((const uint32_t*)(data + 6));
in6_addr prefix = *((const in6_addr*)(data + 14));
info->Assign(0, val_mgr->Count(prefix_len));
info->Assign(1, val_mgr->Bool(L_flag));
info->Assign(2, val_mgr->Bool(A_flag));
info->Assign(0, zeek::val_mgr->Count(prefix_len));
info->Assign(1, zeek::val_mgr->Bool(L_flag));
info->Assign(2, zeek::val_mgr->Bool(A_flag));
info->Assign(3, zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(valid_life), Seconds));
info->Assign(4, zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(prefer_life), Seconds));
info->Assign(5, zeek::make_intrusive<zeek::AddrVal>(IPAddr(prefix)));
@ -821,7 +821,7 @@ zeek::VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* da
// MTU option
{
if ( caplen >= 6 )
rv->Assign(5, val_mgr->Count(ntohl(*((const uint32_t*)(data + 2)))));
rv->Assign(5, zeek::val_mgr->Count(ntohl(*((const uint32_t*)(data + 2)))));
else
set_payload_field = true;

12
src/analyzer/protocol/ident/Ident.cc
View file

@ -86,8 +86,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
EnqueueConnEvent(ident_request,
ConnVal(),
val_mgr->Port(local_port, TRANSPORT_TCP),
val_mgr->Port(remote_port, TRANSPORT_TCP)
zeek::val_mgr->Port(local_port, TRANSPORT_TCP),
zeek::val_mgr->Port(remote_port, TRANSPORT_TCP)
);
did_deliver = true;
@ -147,8 +147,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
if ( ident_error )
EnqueueConnEvent(ident_error,
ConnVal(),
val_mgr->Port(local_port, TRANSPORT_TCP),
val_mgr->Port(remote_port, TRANSPORT_TCP),
zeek::val_mgr->Port(local_port, TRANSPORT_TCP),
zeek::val_mgr->Port(remote_port, TRANSPORT_TCP),
zeek::make_intrusive<zeek::StringVal>(end_of_line - line, line)
);
}
@ -180,8 +180,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
EnqueueConnEvent(ident_reply,
ConnVal(),
val_mgr->Port(local_port, TRANSPORT_TCP),
val_mgr->Port(remote_port, TRANSPORT_TCP),
zeek::val_mgr->Port(local_port, TRANSPORT_TCP),
zeek::val_mgr->Port(remote_port, TRANSPORT_TCP),
zeek::make_intrusive<zeek::StringVal>(end_of_line - line, line),
zeek::make_intrusive<zeek::StringVal>(sys_type_s)
);

104
src/analyzer/protocol/irc/IRC.cc
View file

@ -238,10 +238,10 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_network_info,
ConnVal(),
val_mgr->Bool(orig),
val_mgr->Int(users),
val_mgr->Int(services),
val_mgr->Int(servers));
zeek::val_mgr->Bool(orig),
zeek::val_mgr->Int(users),
zeek::val_mgr->Int(services),
zeek::val_mgr->Int(servers));
}
break;
@ -284,7 +284,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_names_info,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(type.c_str()),
zeek::make_intrusive<zeek::StringVal>(channel.c_str()),
std::move(set));
@ -317,10 +317,10 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_server_info,
ConnVal(),
val_mgr->Bool(orig),
val_mgr->Int(users),
val_mgr->Int(services),
val_mgr->Int(servers));
zeek::val_mgr->Bool(orig),
zeek::val_mgr->Int(users),
zeek::val_mgr->Int(services),
zeek::val_mgr->Int(servers));
}
break;
@ -338,8 +338,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_channel_info,
ConnVal(),
val_mgr->Bool(orig),
val_mgr->Int(channels));
zeek::val_mgr->Bool(orig),
zeek::val_mgr->Int(channels));
}
break;
@ -369,7 +369,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_global_users,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(eop - prefix, prefix),
zeek::make_intrusive<zeek::StringVal>(++msg));
break;
@ -394,7 +394,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
zeek::Args vl;
vl.reserve(6);
vl.emplace_back(ConnVal());
vl.emplace_back(val_mgr->Bool(orig));
vl.emplace_back(zeek::val_mgr->Bool(orig));
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(parts[0].c_str()));
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(parts[1].c_str()));
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(parts[2].c_str()));
@ -433,7 +433,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_whois_operator_line,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(parts[0].c_str()));
}
break;
@ -470,7 +470,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_whois_channel_line,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(nick.c_str()),
std::move(set));
}
@ -500,7 +500,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_channel_topic,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(parts[1].c_str()),
zeek::make_intrusive<zeek::StringVal>(t));
}
@ -533,7 +533,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_who_line,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(parts[0].c_str()),
zeek::make_intrusive<zeek::StringVal>(parts[1].c_str()),
zeek::make_intrusive<zeek::StringVal>(parts[2].c_str()),
@ -541,7 +541,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
zeek::make_intrusive<zeek::StringVal>(parts[4].c_str()),
zeek::make_intrusive<zeek::StringVal>(parts[5].c_str()),
zeek::make_intrusive<zeek::StringVal>(parts[6].c_str()),
val_mgr->Int(atoi(parts[7].c_str())),
zeek::val_mgr->Int(atoi(parts[7].c_str())),
zeek::make_intrusive<zeek::StringVal>(parts[8].c_str()));
}
break;
@ -554,7 +554,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
if ( irc_invalid_nick )
EnqueueConnEvent(irc_invalid_nick,
ConnVal(),
val_mgr->Bool(orig));
zeek::val_mgr->Bool(orig));
break;
// Operator responses.
@ -563,8 +563,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
if ( irc_oper_response )
EnqueueConnEvent(irc_oper_response,
ConnVal(),
val_mgr->Bool(orig),
val_mgr->Bool(code == 381));
zeek::val_mgr->Bool(orig),
zeek::val_mgr->Bool(code == 381));
break;
case 670:
@ -577,9 +577,9 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
if ( irc_reply )
EnqueueConnEvent(irc_reply,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
val_mgr->Count(code),
zeek::val_mgr->Count(code),
zeek::make_intrusive<zeek::StringVal>(params.c_str()));
break;
}
@ -647,14 +647,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
if ( irc_dcc_message )
EnqueueConnEvent(irc_dcc_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
zeek::make_intrusive<zeek::StringVal>(target.c_str()),
zeek::make_intrusive<zeek::StringVal>(parts[1].c_str()),
zeek::make_intrusive<zeek::StringVal>(parts[2].c_str()),
zeek::make_intrusive<zeek::AddrVal>(htonl(raw_ip)),
val_mgr->Count(atoi(parts[4].c_str())),
parts.size() >= 6 ? val_mgr->Count(atoi(parts[5].c_str())) : val_mgr->Count(0)
zeek::val_mgr->Count(atoi(parts[4].c_str())),
parts.size() >= 6 ? zeek::val_mgr->Count(atoi(parts[5].c_str())) : zeek::val_mgr->Count(0)
);
}
@ -663,7 +663,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
if ( irc_privmsg_message )
EnqueueConnEvent(irc_privmsg_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
zeek::make_intrusive<zeek::StringVal>(target.c_str()),
zeek::make_intrusive<zeek::StringVal>(message.c_str())
@ -688,7 +688,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_notice_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
zeek::make_intrusive<zeek::StringVal>(target.c_str()),
zeek::make_intrusive<zeek::StringVal>(message.c_str())
@ -712,7 +712,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_squery_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
zeek::make_intrusive<zeek::StringVal>(target.c_str()),
zeek::make_intrusive<zeek::StringVal>(message.c_str())
@ -726,19 +726,19 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
zeek::Args vl;
vl.reserve(6);
vl.emplace_back(ConnVal());
vl.emplace_back(val_mgr->Bool(orig));
vl.emplace_back(zeek::val_mgr->Bool(orig));
if ( parts.size() > 0 )
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(parts[0].c_str()));
else vl.emplace_back(val_mgr->EmptyString());
else vl.emplace_back(zeek::val_mgr->EmptyString());
if ( parts.size() > 1 )
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(parts[1].c_str()));
else vl.emplace_back(val_mgr->EmptyString());
else vl.emplace_back(zeek::val_mgr->EmptyString());
if ( parts.size() > 2 )
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(parts[2].c_str()));
else vl.emplace_back(val_mgr->EmptyString());
else vl.emplace_back(zeek::val_mgr->EmptyString());
string realname;
for ( unsigned int i = 3; i < parts.size(); i++ )
@ -761,7 +761,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
if ( parts.size() == 2 )
EnqueueConnEvent(irc_oper_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(parts[0].c_str()),
zeek::make_intrusive<zeek::StringVal>(parts[1].c_str())
);
@ -783,7 +783,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
zeek::Args vl;
vl.reserve(6);
vl.emplace_back(ConnVal());
vl.emplace_back(val_mgr->Bool(orig));
vl.emplace_back(zeek::val_mgr->Bool(orig));
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(prefix.c_str()));
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(parts[0].c_str()));
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(parts[1].c_str()));
@ -800,7 +800,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(comment.c_str()));
}
else
vl.emplace_back(val_mgr->EmptyString());
vl.emplace_back(zeek::val_mgr->EmptyString());
EnqueueConnEvent(irc_kick_message, std::move(vl));
}
@ -851,7 +851,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_join_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
std::move(list)
);
}
@ -911,7 +911,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_join_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
std::move(list)
);
}
@ -950,7 +950,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_part_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(nick.c_str()),
std::move(set),
zeek::make_intrusive<zeek::StringVal>(message.c_str())
@ -973,7 +973,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_quit_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(nickname.c_str()),
zeek::make_intrusive<zeek::StringVal>(message.c_str())
);
@ -987,7 +987,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_nick_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
zeek::make_intrusive<zeek::StringVal>(nick.c_str())
);
@ -1012,11 +1012,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_who_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
parts.size() > 0 ?
zeek::make_intrusive<zeek::StringVal>(parts[0].c_str()) :
val_mgr->EmptyString(),
val_mgr->Bool(oper)
zeek::val_mgr->EmptyString(),
zeek::val_mgr->Bool(oper)
);
}
@ -1042,7 +1042,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_whois_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(server.c_str()),
zeek::make_intrusive<zeek::StringVal>(users.c_str())
);
@ -1055,7 +1055,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_error_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
zeek::make_intrusive<zeek::StringVal>(params.c_str())
);
@ -1071,7 +1071,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_invite_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
zeek::make_intrusive<zeek::StringVal>(parts[0].c_str()),
zeek::make_intrusive<zeek::StringVal>(parts[1].c_str())
@ -1086,7 +1086,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
if ( params.size() > 0 )
EnqueueConnEvent(irc_mode_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
zeek::make_intrusive<zeek::StringVal>(params.c_str())
);
@ -1099,7 +1099,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
{
EnqueueConnEvent(irc_password_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(params.c_str())
);
}
@ -1121,7 +1121,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
EnqueueConnEvent(irc_squit_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
zeek::make_intrusive<zeek::StringVal>(server.c_str()),
zeek::make_intrusive<zeek::StringVal>(message.c_str())
@ -1135,7 +1135,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
{
EnqueueConnEvent(irc_request,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
zeek::make_intrusive<zeek::StringVal>(command.c_str()),
zeek::make_intrusive<zeek::StringVal>(params.c_str())
@ -1149,7 +1149,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
{
EnqueueConnEvent(irc_message,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(prefix.c_str()),
zeek::make_intrusive<zeek::StringVal>(command.c_str()),
zeek::make_intrusive<zeek::StringVal>(params.c_str())

2
src/analyzer/protocol/krb/KRB_TCP.h
View file

@ -24,7 +24,7 @@ public:
zeek::StringValPtr GetAuthenticationInfo(const zeek::BroString* principal,
const zeek::BroString* ciphertext,
const bro_uint_t enctype)
{ return val_mgr->EmptyString(); }
{ return zeek::val_mgr->EmptyString(); }
static analyzer::Analyzer* Instantiate(Connection* conn)
{ return new KRB_Analyzer(conn); }

30
src/analyzer/protocol/krb/krb-analyzer.pac
View file

@ -10,19 +10,19 @@ zeek::RecordValPtr proc_krb_kdc_options(const KRB_KDC_Options* opts)
{
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::KDC_Options);
rv->Assign(0, val_mgr->Bool(opts->forwardable()));
rv->Assign(1, val_mgr->Bool(opts->forwarded()));
rv->Assign(2, val_mgr->Bool(opts->proxiable()));
rv->Assign(3, val_mgr->Bool(opts->proxy()));
rv->Assign(4, val_mgr->Bool(opts->allow_postdate()));
rv->Assign(5, val_mgr->Bool(opts->postdated()));
rv->Assign(6, val_mgr->Bool(opts->renewable()));
rv->Assign(7, val_mgr->Bool(opts->opt_hardware_auth()));
rv->Assign(8, val_mgr->Bool(opts->disable_transited_check()));
rv->Assign(9, val_mgr->Bool(opts->renewable_ok()));
rv->Assign(10, val_mgr->Bool(opts->enc_tkt_in_skey()));
rv->Assign(11, val_mgr->Bool(opts->renew()));
rv->Assign(12, val_mgr->Bool(opts->validate()));
rv->Assign(0, zeek::val_mgr->Bool(opts->forwardable()));
rv->Assign(1, zeek::val_mgr->Bool(opts->forwarded()));
rv->Assign(2, zeek::val_mgr->Bool(opts->proxiable()));
rv->Assign(3, zeek::val_mgr->Bool(opts->proxy()));
rv->Assign(4, zeek::val_mgr->Bool(opts->allow_postdate()));
rv->Assign(5, zeek::val_mgr->Bool(opts->postdated()));
rv->Assign(6, zeek::val_mgr->Bool(opts->renewable()));
rv->Assign(7, zeek::val_mgr->Bool(opts->opt_hardware_auth()));
rv->Assign(8, zeek::val_mgr->Bool(opts->disable_transited_check()));
rv->Assign(9, zeek::val_mgr->Bool(opts->renewable_ok()));
rv->Assign(10, zeek::val_mgr->Bool(opts->enc_tkt_in_skey()));
rv->Assign(11, zeek::val_mgr->Bool(opts->renew()));
rv->Assign(12, zeek::val_mgr->Bool(opts->validate()));
return rv;
}
@ -259,8 +259,8 @@ refine connection KRB_Conn += {
if ( krb_ap_request )
{
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::AP_Options);
rv->Assign(0, val_mgr->Bool(${msg.ap_options.use_session_key}));
rv->Assign(1, val_mgr->Bool(${msg.ap_options.mutual_required}));
rv->Assign(0, zeek::val_mgr->Bool(${msg.ap_options.use_session_key}));
rv->Assign(1, zeek::val_mgr->Bool(${msg.ap_options.mutual_required}));
auto rvticket = proc_ticket(${msg.ticket});
auto authenticationinfo = bro_analyzer()->GetAuthenticationInfo(rvticket->GetField(2)->AsString(), rvticket->GetField(4)->AsString(), rvticket->GetField(3)->AsCount());

8
src/analyzer/protocol/krb/krb-padata.pac
View file

@ -37,7 +37,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyz
case PA_PW_SALT:
{
auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
type_val->Assign(0, val_mgr->Count(element->data_type()));
type_val->Assign(0, zeek::val_mgr->Count(element->data_type()));
type_val->Assign(1, to_stringval(element->pa_data_element()->pa_pw_salt()->encoding()->content()));
vv->Assign(vv->Size(), std::move(type_val));
break;
@ -45,7 +45,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyz
case PA_ENCTYPE_INFO:
{
auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
type_val->Assign(0, val_mgr->Count(element->data_type()));
type_val->Assign(0, zeek::val_mgr->Count(element->data_type()));
type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info()->salt()));
vv->Assign(vv->Size(), std::move(type_val));
break;
@ -53,7 +53,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyz
case PA_ENCTYPE_INFO2:
{
auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
type_val->Assign(0, val_mgr->Count(element->data_type()));
type_val->Assign(0, zeek::val_mgr->Count(element->data_type()));
type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info2()->salt()));
vv->Assign(vv->Size(), std::move(type_val));
break;
@ -111,7 +111,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyz
if ( ! is_error && element->pa_data_element()->unknown()->meta()->length() > 0 )
{
auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
type_val->Assign(0, val_mgr->Count(element->data_type()));
type_val->Assign(0, zeek::val_mgr->Count(element->data_type()));
type_val->Assign(1, to_stringval(element->pa_data_element()->unknown()->content()));
vv->Assign(vv->Size(), std::move(type_val));
}

4
src/analyzer/protocol/login/Login.cc
View file

@ -432,7 +432,7 @@ void Login_Analyzer::LoginEvent(EventHandlerPtr f, const char* line,
ConnVal(),
zeek::IntrusivePtr{zeek::NewRef{}, username},
client_name ? zeek::IntrusivePtr{zeek::NewRef{}, client_name}
: val_mgr->EmptyString(),
: zeek::val_mgr->EmptyString(),
zeek::IntrusivePtr{zeek::AdoptRef{}, password},
zeek::make_intrusive<zeek::StringVal>(line)
);
@ -602,7 +602,7 @@ zeek::Val* Login_Analyzer::PopUserTextVal()
if ( s )
return new zeek::StringVal(new zeek::BroString(true, zeek::byte_vec(s), strlen(s)));
else
return val_mgr->EmptyString()->Ref();
return zeek::val_mgr->EmptyString()->Ref();
}
bool Login_Analyzer::MatchesTypeahead(const char* line) const

4
src/analyzer/protocol/login/RSH.cc
View file

@ -190,9 +190,9 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
{
if ( contents_orig->RshSaveState() == RSH_SERVER_USER_NAME )
// First input
vl.emplace_back(val_mgr->True());
vl.emplace_back(zeek::val_mgr->True());
else
vl.emplace_back(val_mgr->False());
vl.emplace_back(zeek::val_mgr->False());
EnqueueConnEvent(rsh_request, std::move(vl));
}

12
src/analyzer/protocol/login/functions.bif
View file

@ -28,13 +28,13 @@ function get_login_state%(cid: conn_id%): count
%{
Connection* c = sessions->FindConnection(cid);
if ( ! c )
return val_mgr->False();
return zeek::val_mgr->False();
analyzer::Analyzer* la = c->FindAnalyzer("Login");
if ( ! la )
return val_mgr->False();
return zeek::val_mgr->False();
return val_mgr->Count(int(static_cast<analyzer::login::Login_Analyzer*>(la)->LoginState()));
return zeek::val_mgr->Count(int(static_cast<analyzer::login::Login_Analyzer*>(la)->LoginState()));
%}
## Sets the login state of a connection with a login analyzer.
@ -52,12 +52,12 @@ function set_login_state%(cid: conn_id, new_state: count%): bool
%{
Connection* c = sessions->FindConnection(cid);
if ( ! c )
return val_mgr->False();
return zeek::val_mgr->False();
analyzer::Analyzer* la = c->FindAnalyzer("Login");
if ( ! la )
return val_mgr->False();
return zeek::val_mgr->False();
static_cast<analyzer::login::Login_Analyzer*>(la)->SetLoginState(analyzer::login::login_state(new_state));
return val_mgr->True();
return zeek::val_mgr->True();
%}

10
src/analyzer/protocol/mime/MIME.cc
View file

@ -1323,7 +1323,7 @@ zeek::TableValPtr MIME_Message::ToHeaderTable(MIME_HeaderList& hlist)
for ( unsigned int i = 0; i < hlist.size(); ++i )
{
auto index = val_mgr->Count(i + 1); // index starting from 1
auto index = zeek::val_mgr->Count(i + 1); // index starting from 1
MIME_Header* h = hlist[i];
t->Assign(std::move(index), ToHeaderVal(h));
}
@ -1382,7 +1382,7 @@ void MIME_Mail::Done()
analyzer->EnqueueConnEvent(mime_content_hash,
analyzer->ConnVal(),
val_mgr->Count(content_hash_length),
zeek::val_mgr->Count(content_hash_length),
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(true, digest, 16))
);
}
@ -1422,7 +1422,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */)
analyzer->EnqueueConnEvent(mime_entity_data,
analyzer->ConnVal(),
val_mgr->Count(s->Len()),
zeek::val_mgr->Count(s->Len()),
zeek::make_intrusive<zeek::StringVal>(s)
);
@ -1489,7 +1489,7 @@ void MIME_Mail::SubmitData(int len, const char* buf)
analyzer->EnqueueConnEvent(mime_segment_data,
analyzer->ConnVal(),
val_mgr->Count(data_len),
zeek::val_mgr->Count(data_len),
zeek::make_intrusive<zeek::StringVal>(data_len, data)
);
}
@ -1536,7 +1536,7 @@ void MIME_Mail::SubmitAllData()
analyzer->EnqueueConnEvent(mime_all_data,
analyzer->ConnVal(),
val_mgr->Count(s->Len()),
zeek::val_mgr->Count(s->Len()),
zeek::make_intrusive<zeek::StringVal>(s)
);
}

46
src/analyzer/protocol/modbus/modbus-analyzer.pac
View file

@ -21,7 +21,7 @@
for ( uint i = 0; i < quantity; i++ )
{
char currentCoil = (coils[i/8] >> (i % 8)) % 2;
modbus_coils->Assign(i, val_mgr->Bool(currentCoil));
modbus_coils->Assign(i, zeek::val_mgr->Bool(currentCoil));
}
return modbus_coils;
@ -30,10 +30,10 @@
zeek::RecordValPtr HeaderToVal(ModbusTCP_TransportHeader* header)
{
auto modbus_header = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusHeaders);
modbus_header->Assign(0, val_mgr->Count(header->tid()));
modbus_header->Assign(1, val_mgr->Count(header->pid()));
modbus_header->Assign(2, val_mgr->Count(header->uid()));
modbus_header->Assign(3, val_mgr->Count(header->fc()));
modbus_header->Assign(0, zeek::val_mgr->Count(header->tid()));
modbus_header->Assign(1, zeek::val_mgr->Count(header->pid()));
modbus_header->Assign(2, zeek::val_mgr->Count(header->uid()));
modbus_header->Assign(3, zeek::val_mgr->Count(header->fc()));
return modbus_header;
}
@ -213,7 +213,7 @@ refine flow ModbusTCP_Flow += {
for ( unsigned int i=0; i < ${message.registers}->size(); ++i )
{
auto r = val_mgr->Count(${message.registers[i]});
auto r = zeek::val_mgr->Count(${message.registers[i]});
t->Assign(i, r);
}
@ -257,7 +257,7 @@ refine flow ModbusTCP_Flow += {
for ( unsigned int i=0; i < (${message.registers})->size(); ++i )
{
auto r = val_mgr->Count(${message.registers[i]});
auto r = zeek::val_mgr->Count(${message.registers[i]});
t->Assign(i, r);
}
@ -401,7 +401,7 @@ refine flow ModbusTCP_Flow += {
for ( unsigned int i = 0; i < (${message.registers}->size()); ++i )
{
auto r = val_mgr->Count(${message.registers[i]});
auto r = zeek::val_mgr->Count(${message.registers[i]});
t->Assign(i, r);
}
@ -437,13 +437,13 @@ refine flow ModbusTCP_Flow += {
//auto t = create_vector_of_count();
//for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
// {
// auto r = val_mgr->Count((${message.references[i].ref_type}));
// auto r = zeek::val_mgr->Count((${message.references[i].ref_type}));
// t->Assign(i, r);
//
// auto k = val_mgr->Count((${message.references[i].file_num}));
// auto k = zeek::val_mgr->Count((${message.references[i].file_num}));
// t->Assign(i, k);
//
// auto l = val_mgr->Count((${message.references[i].record_num}));
// auto l = zeek::val_mgr->Count((${message.references[i].record_num}));
// t->Assign(i, l);
// }
@ -464,7 +464,7 @@ refine flow ModbusTCP_Flow += {
//for ( unsigned int i = 0; i < ${message.references}->size(); ++i )
// {
// //TODO: work the reference type in here somewhere
// auto r = val_mgr->Count(${message.references[i].record_data}));
// auto r = zeek::val_mgr->Count(${message.references[i].record_data}));
// t->Assign(i, r);
// }
@ -484,18 +484,18 @@ refine flow ModbusTCP_Flow += {
//auto t = create_vector_of_count();
//for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
// {
// auto r = val_mgr->Count((${message.references[i].ref_type}));
// auto r = zeek::val_mgr->Count((${message.references[i].ref_type}));
// t->Assign(i, r);
//
// auto k = val_mgr->Count((${message.references[i].file_num}));
// auto k = zeek::val_mgr->Count((${message.references[i].file_num}));
// t->Assign(i, k);
//
// auto n = val_mgr->Count((${message.references[i].record_num}));
// auto n = zeek::val_mgr->Count((${message.references[i].record_num}));
// t->Assign(i, n);
//
// for ( unsigned int j = 0; j < (${message.references[i].register_value}->size()); ++j )
// {
// k = val_mgr->Count((${message.references[i].register_value[j]}));
// k = zeek::val_mgr->Count((${message.references[i].register_value[j]}));
// t->Assign(i, k);
// }
// }
@ -517,18 +517,18 @@ refine flow ModbusTCP_Flow += {
//auto t = create_vector_of_count();
//for ( unsigned int i = 0; i < (${messages.references}->size()); ++i )
// {
// auto r = val_mgr->Count((${message.references[i].ref_type}));
// auto r = zeek::val_mgr->Count((${message.references[i].ref_type}));
// t->Assign(i, r);
//
// auto f = val_mgr->Count((${message.references[i].file_num}));
// auto f = zeek::val_mgr->Count((${message.references[i].file_num}));
// t->Assign(i, f);
//
// auto rn = val_mgr->Count((${message.references[i].record_num}));
// auto rn = zeek::val_mgr->Count((${message.references[i].record_num}));
// t->Assign(i, rn);
//
// for ( unsigned int j = 0; j<(${message.references[i].register_value}->size()); ++j )
// {
// auto k = val_mgr->Count((${message.references[i].register_value[j]}));
// auto k = zeek::val_mgr->Count((${message.references[i].register_value[j]}));
// t->Assign(i, k);
// }
@ -586,7 +586,7 @@ refine flow ModbusTCP_Flow += {
for ( unsigned int i = 0; i < ${message.write_register_values}->size(); ++i )
{
auto r = val_mgr->Count(${message.write_register_values[i]});
auto r = zeek::val_mgr->Count(${message.write_register_values[i]});
t->Assign(i, r);
}
@ -618,7 +618,7 @@ refine flow ModbusTCP_Flow += {
for ( unsigned int i = 0; i < ${message.registers}->size(); ++i )
{
auto r = val_mgr->Count(${message.registers[i]});
auto r = zeek::val_mgr->Count(${message.registers[i]});
t->Assign(i, r);
}
@ -662,7 +662,7 @@ refine flow ModbusTCP_Flow += {
for ( unsigned int i = 0; i < (${message.register_data})->size(); ++i )
{
auto r = val_mgr->Count(${message.register_data[i]});
auto r = zeek::val_mgr->Count(${message.register_data[i]});
t->Assign(i, r);
}

4
src/analyzer/protocol/mqtt/commands/connack.pac
View file

@ -16,8 +16,8 @@ refine flow MQTT_Flow += {
if ( mqtt_connack )
{
auto m = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::MQTT::ConnectAckMsg);
m->Assign(0, val_mgr->Count(${msg.return_code}));
m->Assign(1, val_mgr->Bool(${msg.session_present}));
m->Assign(0, zeek::val_mgr->Count(${msg.return_code}));
m->Assign(1, zeek::val_mgr->Bool(${msg.session_present}));
zeek::BifEvent::enqueue_mqtt_connack(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
std::move(m));

8
src/analyzer/protocol/mqtt/commands/connect.pac
View file

@ -47,14 +47,14 @@ refine flow MQTT_Flow += {
auto m = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::MQTT::ConnectMsg);
m->Assign(0, zeek::make_intrusive<zeek::StringVal>(${msg.protocol_name.str}.length(),
reinterpret_cast<const char*>(${msg.protocol_name.str}.begin())));
m->Assign(1, val_mgr->Count(${msg.protocol_version}));
m->Assign(1, zeek::val_mgr->Count(${msg.protocol_version}));
m->Assign(2, zeek::make_intrusive<zeek::StringVal>(${msg.client_id.str}.length(),
reinterpret_cast<const char*>(${msg.client_id.str}.begin())));
m->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(double(${msg.keep_alive}), Seconds));
m->Assign(4, val_mgr->Bool(${msg.clean_session}));
m->Assign(5, val_mgr->Bool(${msg.will_retain}));
m->Assign(6, val_mgr->Count(${msg.will_qos}));
m->Assign(4, zeek::val_mgr->Bool(${msg.clean_session}));
m->Assign(5, zeek::val_mgr->Bool(${msg.will_retain}));
m->Assign(6, zeek::val_mgr->Count(${msg.will_qos}));
if ( ${msg.will_flag} )
{

8
src/analyzer/protocol/mqtt/commands/publish.pac
View file

@ -24,9 +24,9 @@ refine flow MQTT_Flow += {
if ( mqtt_publish )
{
auto m = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::MQTT::PublishMsg);
m->Assign(0, val_mgr->Bool(${msg.dup}));
m->Assign(1, val_mgr->Count(${msg.qos}));
m->Assign(2, val_mgr->Bool(${msg.retain}));
m->Assign(0, zeek::val_mgr->Bool(${msg.dup}));
m->Assign(1, zeek::val_mgr->Count(${msg.qos}));
m->Assign(2, zeek::val_mgr->Bool(${msg.retain}));
m->Assign<zeek::StringVal>(3, ${msg.topic.str}.length(),
reinterpret_cast<const char*>(${msg.topic.str}.begin()));
@ -40,7 +40,7 @@ refine flow MQTT_Flow += {
m->Assign<zeek::StringVal>(4, len,
reinterpret_cast<const char*>(${msg.payload}.begin()));
m->Assign(5, val_mgr->Count(${msg.payload}.length()));
m->Assign(5, zeek::val_mgr->Count(${msg.payload}.length()));
zeek::BifEvent::enqueue_mqtt_publish(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),

2
src/analyzer/protocol/mqtt/commands/subscribe.pac
View file

@ -26,7 +26,7 @@ refine flow MQTT_Flow += {
{
auto subscribe_topic = zeek::make_intrusive<zeek::StringVal>(${topic.name.str}.length(),
reinterpret_cast<const char*>(${topic.name.str}.begin()));
auto qos = val_mgr->Count(${topic.requested_QoS});
auto qos = zeek::val_mgr->Count(${topic.requested_QoS});
topics->Assign(topics->Size(), std::move(subscribe_topic));
qos_levels->Assign(qos_levels->Size(), std::move(qos));
}

16
src/analyzer/protocol/ncp/NCP.cc
View file

@ -64,18 +64,18 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame)
if ( frame->is_orig() )
analyzer->EnqueueConnEvent(f,
analyzer->ConnVal(),
val_mgr->Count(frame->frame_type()),
val_mgr->Count(frame->body_length()),
val_mgr->Count(req_func)
zeek::val_mgr->Count(frame->frame_type()),
zeek::val_mgr->Count(frame->body_length()),
zeek::val_mgr->Count(req_func)
);
else
analyzer->EnqueueConnEvent(f,
analyzer->ConnVal(),
val_mgr->Count(frame->frame_type()),
val_mgr->Count(frame->body_length()),
val_mgr->Count(req_frame_type),
val_mgr->Count(req_func),
val_mgr->Count(frame->reply()->completion_code())
zeek::val_mgr->Count(frame->frame_type()),
zeek::val_mgr->Count(frame->body_length()),
zeek::val_mgr->Count(req_frame_type),
zeek::val_mgr->Count(req_func),
zeek::val_mgr->Count(frame->reply()->completion_code())
);
}
}

8
src/analyzer/protocol/netbios/NetbiosSSN.cc
View file

@ -61,9 +61,9 @@ void NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags,
if ( netbios_session_message )
analyzer->EnqueueConnEvent(netbios_session_message,
analyzer->ConnVal(),
val_mgr->Bool(is_query),
val_mgr->Count(type),
val_mgr->Count(len)
zeek::val_mgr->Bool(is_query),
zeek::val_mgr->Count(type),
zeek::val_mgr->Count(len)
);
switch ( type ) {
@ -323,7 +323,7 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data,
if ( is_orig >= 0 )
analyzer->EnqueueConnEvent(event,
analyzer->ConnVal(),
val_mgr->Bool(is_orig),
zeek::val_mgr->Bool(is_orig),
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(data, len, false)));
else
analyzer->EnqueueConnEvent(event,

2
src/analyzer/protocol/netbios/functions.bif
View file

@ -49,5 +49,5 @@ function decode_netbios_name_type%(name: string%): count
%{
const u_char* s = name->Bytes();
char return_val = ((toupper(s[30]) - 'A') << 4) + (toupper(s[31]) - 'A');
return val_mgr->Count(return_val);
return zeek::val_mgr->Count(return_val);
%}

56
src/analyzer/protocol/ntlm/ntlm-analyzer.pac
View file

@ -20,10 +20,10 @@
zeek::RecordValPtr build_version_record(NTLM_Version* val)
{
auto result = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTLM::Version);
result->Assign(0, val_mgr->Count(${val.major_version}));
result->Assign(1, val_mgr->Count(${val.minor_version}));
result->Assign(2, val_mgr->Count(${val.build_number}));
result->Assign(3, val_mgr->Count(${val.ntlm_revision}));
result->Assign(0, zeek::val_mgr->Count(${val.major_version}));
result->Assign(1, zeek::val_mgr->Count(${val.minor_version}));
result->Assign(2, zeek::val_mgr->Count(${val.build_number}));
result->Assign(3, zeek::val_mgr->Count(${val.ntlm_revision}));
return result;
}
@ -31,28 +31,28 @@
zeek::RecordValPtr build_negotiate_flag_record(NTLM_Negotiate_Flags* val)
{
auto flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTLM::NegotiateFlags);
flags->Assign(0, val_mgr->Bool(${val.negotiate_56}));
flags->Assign(1, val_mgr->Bool(${val.negotiate_key_exch}));
flags->Assign(2, val_mgr->Bool(${val.negotiate_128}));
flags->Assign(3, val_mgr->Bool(${val.negotiate_version}));
flags->Assign(4, val_mgr->Bool(${val.negotiate_target_info}));
flags->Assign(5, val_mgr->Bool(${val.request_non_nt_session_key}));
flags->Assign(6, val_mgr->Bool(${val.negotiate_identify}));
flags->Assign(7, val_mgr->Bool(${val.negotiate_extended_sessionsecurity}));
flags->Assign(8, val_mgr->Bool(${val.target_type_server}));
flags->Assign(9, val_mgr->Bool(${val.target_type_domain}));
flags->Assign(10, val_mgr->Bool(${val.negotiate_always_sign}));
flags->Assign(11, val_mgr->Bool(${val.negotiate_oem_workstation_supplied}));
flags->Assign(12, val_mgr->Bool(${val.negotiate_oem_domain_supplied}));
flags->Assign(13, val_mgr->Bool(${val.negotiate_anonymous_connection}));
flags->Assign(14, val_mgr->Bool(${val.negotiate_ntlm}));
flags->Assign(15, val_mgr->Bool(${val.negotiate_lm_key}));
flags->Assign(16, val_mgr->Bool(${val.negotiate_datagram}));
flags->Assign(17, val_mgr->Bool(${val.negotiate_seal}));
flags->Assign(18, val_mgr->Bool(${val.negotiate_sign}));
flags->Assign(19, val_mgr->Bool(${val.request_target}));
flags->Assign(20, val_mgr->Bool(${val.negotiate_oem}));
flags->Assign(21, val_mgr->Bool(${val.negotiate_unicode}));
flags->Assign(0, zeek::val_mgr->Bool(${val.negotiate_56}));
flags->Assign(1, zeek::val_mgr->Bool(${val.negotiate_key_exch}));
flags->Assign(2, zeek::val_mgr->Bool(${val.negotiate_128}));
flags->Assign(3, zeek::val_mgr->Bool(${val.negotiate_version}));
flags->Assign(4, zeek::val_mgr->Bool(${val.negotiate_target_info}));
flags->Assign(5, zeek::val_mgr->Bool(${val.request_non_nt_session_key}));
flags->Assign(6, zeek::val_mgr->Bool(${val.negotiate_identify}));
flags->Assign(7, zeek::val_mgr->Bool(${val.negotiate_extended_sessionsecurity}));
flags->Assign(8, zeek::val_mgr->Bool(${val.target_type_server}));
flags->Assign(9, zeek::val_mgr->Bool(${val.target_type_domain}));
flags->Assign(10, zeek::val_mgr->Bool(${val.negotiate_always_sign}));
flags->Assign(11, zeek::val_mgr->Bool(${val.negotiate_oem_workstation_supplied}));
flags->Assign(12, zeek::val_mgr->Bool(${val.negotiate_oem_domain_supplied}));
flags->Assign(13, zeek::val_mgr->Bool(${val.negotiate_anonymous_connection}));
flags->Assign(14, zeek::val_mgr->Bool(${val.negotiate_ntlm}));
flags->Assign(15, zeek::val_mgr->Bool(${val.negotiate_lm_key}));
flags->Assign(16, zeek::val_mgr->Bool(${val.negotiate_datagram}));
flags->Assign(17, zeek::val_mgr->Bool(${val.negotiate_seal}));
flags->Assign(18, zeek::val_mgr->Bool(${val.negotiate_sign}));
flags->Assign(19, zeek::val_mgr->Bool(${val.request_target}));
flags->Assign(20, zeek::val_mgr->Bool(${val.negotiate_oem}));
flags->Assign(21, zeek::val_mgr->Bool(${val.negotiate_unicode}));
return flags;
}
@ -96,13 +96,13 @@ refine connection NTLM_Conn += {
result->Assign(4, utf16_to_utf8_val(bro_analyzer()->Conn(), ${val.pairs[i].dns_tree_name.data}));
break;
case 6:
result->Assign(5, val_mgr->Bool(${val.pairs[i].constrained_auth}));
result->Assign(5, zeek::val_mgr->Bool(${val.pairs[i].constrained_auth}));
break;
case 7:
result->Assign(6, filetime2brotime(${val.pairs[i].timestamp}));
break;
case 8:
result->Assign(7, val_mgr->Count(${val.pairs[i].single_host.machine_id}));
result->Assign(7, zeek::val_mgr->Count(${val.pairs[i].single_host.machine_id}));
break;
case 9:
result->Assign(8, utf16_to_utf8_val(bro_analyzer()->Conn(), ${val.pairs[i].target_name.data}));

38
src/analyzer/protocol/ntp/ntp-analyzer.pac
View file

@ -36,7 +36,7 @@
{
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::StandardMessage);
rv->Assign(0, val_mgr->Count(${nsm.stratum}));
rv->Assign(0, zeek::val_mgr->Count(${nsm.stratum}));
rv->Assign(1, zeek::make_intrusive<zeek::IntervalVal>(pow(2, ${nsm.poll})));
rv->Assign(2, zeek::make_intrusive<zeek::IntervalVal>(pow(2, ${nsm.precision})));
rv->Assign(3, proc_ntp_short(${nsm.root_delay}));
@ -66,19 +66,19 @@
if ( ${nsm.mac_len} == 20 )
{
rv->Assign(12, val_mgr->Count(${nsm.mac.key_id}));
rv->Assign(12, zeek::val_mgr->Count(${nsm.mac.key_id}));
rv->Assign(13, to_stringval(${nsm.mac.digest}));
}
else if ( ${nsm.mac_len} == 24 )
{
rv->Assign(12, val_mgr->Count(${nsm.mac_ext.key_id}));
rv->Assign(12, zeek::val_mgr->Count(${nsm.mac_ext.key_id}));
rv->Assign(13, to_stringval(${nsm.mac_ext.digest}));
}
if ( ${nsm.has_exts} )
{
// TODO: add extension fields
rv->Assign(14, val_mgr->Count((uint32) ${nsm.exts}->size()));
rv->Assign(14, zeek::val_mgr->Count((uint32) ${nsm.exts}->size()));
}
return rv;
@ -89,20 +89,20 @@
{
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::ControlMessage);
rv->Assign(0, val_mgr->Count(${ncm.OpCode}));
rv->Assign(1, val_mgr->Bool(${ncm.R}));
rv->Assign(2, val_mgr->Bool(${ncm.E}));
rv->Assign(3, val_mgr->Bool(${ncm.M}));
rv->Assign(4, val_mgr->Count(${ncm.sequence}));
rv->Assign(5, val_mgr->Count(${ncm.status}));
rv->Assign(6, val_mgr->Count(${ncm.association_id}));
rv->Assign(0, zeek::val_mgr->Count(${ncm.OpCode}));
rv->Assign(1, zeek::val_mgr->Bool(${ncm.R}));
rv->Assign(2, zeek::val_mgr->Bool(${ncm.E}));
rv->Assign(3, zeek::val_mgr->Bool(${ncm.M}));
rv->Assign(4, zeek::val_mgr->Count(${ncm.sequence}));
rv->Assign(5, zeek::val_mgr->Count(${ncm.status}));
rv->Assign(6, zeek::val_mgr->Count(${ncm.association_id}));
if ( ${ncm.c} > 0 )
rv->Assign(7, to_stringval(${ncm.data}));
if ( ${ncm.has_control_mac} )
{
rv->Assign(8, val_mgr->Count(${ncm.mac.key_id}));
rv->Assign(8, zeek::val_mgr->Count(${ncm.mac.key_id}));
rv->Assign(9, to_stringval(${ncm.mac.crypto_checksum}));
}
@ -114,11 +114,11 @@
{
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::Mode7Message);
rv->Assign(0, val_mgr->Count(${m7.request_code}));
rv->Assign(1, val_mgr->Bool(${m7.auth_bit}));
rv->Assign(2, val_mgr->Count(${m7.sequence}));
rv->Assign(3, val_mgr->Count(${m7.implementation}));
rv->Assign(4, val_mgr->Count(${m7.error_code}));
rv->Assign(0, zeek::val_mgr->Count(${m7.request_code}));
rv->Assign(1, zeek::val_mgr->Bool(${m7.auth_bit}));
rv->Assign(2, zeek::val_mgr->Count(${m7.sequence}));
rv->Assign(3, zeek::val_mgr->Count(${m7.implementation}));
rv->Assign(4, zeek::val_mgr->Count(${m7.error_code}));
if ( ${m7.data_len} > 0 )
rv->Assign(5, to_stringval(${m7.data}));
@ -139,8 +139,8 @@ refine flow NTP_Flow += {
return false;
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::Message);
rv->Assign(0, val_mgr->Count(${msg.version}));
rv->Assign(1, val_mgr->Count(${msg.mode}));
rv->Assign(0, zeek::val_mgr->Count(${msg.version}));
rv->Assign(1, zeek::val_mgr->Count(${msg.mode}));
// The standard record
if ( ${msg.mode} >=1 && ${msg.mode} <= 5 )

2
src/analyzer/protocol/pop3/POP3.cc
View file

@ -920,7 +920,7 @@ void POP3_Analyzer::POP3Event(EventHandlerPtr event, bool is_orig,
vl.reserve(2 + (bool)arg1 + (bool)arg2);
vl.emplace_back(ConnVal());
vl.emplace_back(val_mgr->Bool(is_orig));
vl.emplace_back(zeek::val_mgr->Bool(is_orig));
if ( arg1 )
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(arg1));

6
src/analyzer/protocol/radius/radius-analyzer.pac
View file

@ -8,8 +8,8 @@ refine flow RADIUS_Flow += {
return false;
auto result = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RADIUS::Message);
result->Assign(0, val_mgr->Count(${msg.code}));
result->Assign(1, val_mgr->Count(${msg.trans_id}));
result->Assign(0, zeek::val_mgr->Count(${msg.code}));
result->Assign(1, zeek::val_mgr->Count(${msg.trans_id}));
result->Assign(2, to_stringval(${msg.authenticator}));
if ( ${msg.attributes}->size() )
@ -18,7 +18,7 @@ refine flow RADIUS_Flow += {
for ( uint i = 0; i < ${msg.attributes}->size(); ++i )
{
auto index = val_mgr->Count(${msg.attributes[i].code});
auto index = zeek::val_mgr->Count(${msg.attributes[i].code});
// Do we already have a vector of attributes for this type?
auto current = attributes->FindOrDefault(index);

90
src/analyzer/protocol/rdp/rdp-analyzer.pac
View file

@ -65,35 +65,35 @@ refine flow RDP_Flow += {
if ( rdp_client_core_data )
{
auto ec_flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::EarlyCapabilityFlags);
ec_flags->Assign(0, val_mgr->Bool(${ccore.SUPPORT_ERRINFO_PDU}));
ec_flags->Assign(1, val_mgr->Bool(${ccore.WANT_32BPP_SESSION}));
ec_flags->Assign(2, val_mgr->Bool(${ccore.SUPPORT_STATUSINFO_PDU}));
ec_flags->Assign(3, val_mgr->Bool(${ccore.STRONG_ASYMMETRIC_KEYS}));
ec_flags->Assign(4, val_mgr->Bool(${ccore.SUPPORT_MONITOR_LAYOUT_PDU}));
ec_flags->Assign(5, val_mgr->Bool(${ccore.SUPPORT_NETCHAR_AUTODETECT}));
ec_flags->Assign(6, val_mgr->Bool(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL}));
ec_flags->Assign(7, val_mgr->Bool(${ccore.SUPPORT_DYNAMIC_TIME_ZONE}));
ec_flags->Assign(8, val_mgr->Bool(${ccore.SUPPORT_HEARTBEAT_PDU}));
ec_flags->Assign(0, zeek::val_mgr->Bool(${ccore.SUPPORT_ERRINFO_PDU}));
ec_flags->Assign(1, zeek::val_mgr->Bool(${ccore.WANT_32BPP_SESSION}));
ec_flags->Assign(2, zeek::val_mgr->Bool(${ccore.SUPPORT_STATUSINFO_PDU}));
ec_flags->Assign(3, zeek::val_mgr->Bool(${ccore.STRONG_ASYMMETRIC_KEYS}));
ec_flags->Assign(4, zeek::val_mgr->Bool(${ccore.SUPPORT_MONITOR_LAYOUT_PDU}));
ec_flags->Assign(5, zeek::val_mgr->Bool(${ccore.SUPPORT_NETCHAR_AUTODETECT}));
ec_flags->Assign(6, zeek::val_mgr->Bool(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL}));
ec_flags->Assign(7, zeek::val_mgr->Bool(${ccore.SUPPORT_DYNAMIC_TIME_ZONE}));
ec_flags->Assign(8, zeek::val_mgr->Bool(${ccore.SUPPORT_HEARTBEAT_PDU}));
auto ccd = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientCoreData);
ccd->Assign(0, val_mgr->Count(${ccore.version_major}));
ccd->Assign(1, val_mgr->Count(${ccore.version_minor}));
ccd->Assign(2, val_mgr->Count(${ccore.desktop_width}));
ccd->Assign(3, val_mgr->Count(${ccore.desktop_height}));
ccd->Assign(4, val_mgr->Count(${ccore.color_depth}));
ccd->Assign(5, val_mgr->Count(${ccore.sas_sequence}));
ccd->Assign(6, val_mgr->Count(${ccore.keyboard_layout}));
ccd->Assign(7, val_mgr->Count(${ccore.client_build}));
ccd->Assign(0, zeek::val_mgr->Count(${ccore.version_major}));
ccd->Assign(1, zeek::val_mgr->Count(${ccore.version_minor}));
ccd->Assign(2, zeek::val_mgr->Count(${ccore.desktop_width}));
ccd->Assign(3, zeek::val_mgr->Count(${ccore.desktop_height}));
ccd->Assign(4, zeek::val_mgr->Count(${ccore.color_depth}));
ccd->Assign(5, zeek::val_mgr->Count(${ccore.sas_sequence}));
ccd->Assign(6, zeek::val_mgr->Count(${ccore.keyboard_layout}));
ccd->Assign(7, zeek::val_mgr->Count(${ccore.client_build}));
ccd->Assign(8, utf16_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.client_name}));
ccd->Assign(9, val_mgr->Count(${ccore.keyboard_type}));
ccd->Assign(10, val_mgr->Count(${ccore.keyboard_sub}));
ccd->Assign(11, val_mgr->Count(${ccore.keyboard_function_key}));
ccd->Assign(9, zeek::val_mgr->Count(${ccore.keyboard_type}));
ccd->Assign(10, zeek::val_mgr->Count(${ccore.keyboard_sub}));
ccd->Assign(11, zeek::val_mgr->Count(${ccore.keyboard_function_key}));
ccd->Assign(12, utf16_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.ime_file_name}));
ccd->Assign(13, val_mgr->Count(${ccore.post_beta2_color_depth}));
ccd->Assign(14, val_mgr->Count(${ccore.client_product_id}));
ccd->Assign(15, val_mgr->Count(${ccore.serial_number}));
ccd->Assign(16, val_mgr->Count(${ccore.high_color_depth}));
ccd->Assign(17, val_mgr->Count(${ccore.supported_color_depths}));
ccd->Assign(13, zeek::val_mgr->Count(${ccore.post_beta2_color_depth}));
ccd->Assign(14, zeek::val_mgr->Count(${ccore.client_product_id}));
ccd->Assign(15, zeek::val_mgr->Count(${ccore.serial_number}));
ccd->Assign(16, zeek::val_mgr->Count(${ccore.high_color_depth}));
ccd->Assign(17, zeek::val_mgr->Count(${ccore.supported_color_depths}));
ccd->Assign(18, std::move(ec_flags));
ccd->Assign(19, utf16_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.dig_product_id}));
@ -111,8 +111,8 @@ refine flow RDP_Flow += {
return false;
auto csd = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientSecurityData);
csd->Assign(0, val_mgr->Count(${csec.encryption_methods}));
csd->Assign(1, val_mgr->Count(${csec.ext_encryption_methods}));
csd->Assign(0, zeek::val_mgr->Count(${csec.encryption_methods}));
csd->Assign(1, zeek::val_mgr->Count(${csec.ext_encryption_methods}));
zeek::BifEvent::enqueue_rdp_client_security_data(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
@ -134,19 +134,19 @@ refine flow RDP_Flow += {
auto channel_def = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientChannelDef);
channel_def->Assign(0, to_stringval(${cnetwork.channel_def_array[i].name}));
channel_def->Assign(1, val_mgr->Count(${cnetwork.channel_def_array[i].options}));
channel_def->Assign(1, zeek::val_mgr->Count(${cnetwork.channel_def_array[i].options}));
channel_def->Assign(2, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED}));
channel_def->Assign(3, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP}));
channel_def->Assign(4, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_SC}));
channel_def->Assign(5, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_CS}));
channel_def->Assign(6, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_HIGH}));
channel_def->Assign(7, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_MED}));
channel_def->Assign(8, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_LOW}));
channel_def->Assign(9, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS_RDP}));
channel_def->Assign(10, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS}));
channel_def->Assign(11, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_SHOW_PROTOCOL}));
channel_def->Assign(12, val_mgr->Bool(${cnetwork.channel_def_array[i].REMOTE_CONTROL_PERSISTENT}));
channel_def->Assign(2, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED}));
channel_def->Assign(3, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP}));
channel_def->Assign(4, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_SC}));
channel_def->Assign(5, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_CS}));
channel_def->Assign(6, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_HIGH}));
channel_def->Assign(7, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_MED}));
channel_def->Assign(8, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_LOW}));
channel_def->Assign(9, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS_RDP}));
channel_def->Assign(10, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS}));
channel_def->Assign(11, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_SHOW_PROTOCOL}));
channel_def->Assign(12, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].REMOTE_CONTROL_PERSISTENT}));
channels->Assign(channels->Size(), std::move(channel_def));
}
@ -165,12 +165,12 @@ refine flow RDP_Flow += {
return false;
auto ccld = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientClusterData);
ccld->Assign(0, val_mgr->Count(${ccluster.flags}));
ccld->Assign(1, val_mgr->Count(${ccluster.redir_session_id}));
ccld->Assign(2, val_mgr->Bool(${ccluster.REDIRECTION_SUPPORTED}));
ccld->Assign(3, val_mgr->Count(${ccluster.SERVER_SESSION_REDIRECTION_VERSION_MASK}));
ccld->Assign(4, val_mgr->Bool(${ccluster.REDIRECTED_SESSIONID_FIELD_VALID}));
ccld->Assign(5, val_mgr->Bool(${ccluster.REDIRECTED_SMARTCARD}));
ccld->Assign(0, zeek::val_mgr->Count(${ccluster.flags}));
ccld->Assign(1, zeek::val_mgr->Count(${ccluster.redir_session_id}));
ccld->Assign(2, zeek::val_mgr->Bool(${ccluster.REDIRECTION_SUPPORTED}));
ccld->Assign(3, zeek::val_mgr->Count(${ccluster.SERVER_SESSION_REDIRECTION_VERSION_MASK}));
ccld->Assign(4, zeek::val_mgr->Bool(${ccluster.REDIRECTED_SESSIONID_FIELD_VALID}));
ccld->Assign(5, zeek::val_mgr->Bool(${ccluster.REDIRECTED_SMARTCARD}));
zeek::BifEvent::enqueue_rdp_client_cluster_data(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),

12
src/analyzer/protocol/rpc/MOUNT.cc
View file

@ -181,7 +181,7 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
for (size_t i = 0; i < c->AuxGIDs().size(); ++i)
{
auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i]));
auxgids->Assign(i, zeek::val_mgr->Count(c->AuxGIDs()[i]));
}
auto info = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::MOUNT3::info_t);
@ -189,13 +189,13 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
info->Assign(1, zeek::BifType::Enum::MOUNT3::status_t->GetVal(mount_status));
info->Assign(2, zeek::make_intrusive<zeek::TimeVal>(c->StartTime()));
info->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(c->LastTime() - c->StartTime()));
info->Assign(4, val_mgr->Count(c->RPCLen()));
info->Assign(4, zeek::val_mgr->Count(c->RPCLen()));
info->Assign(5, zeek::make_intrusive<zeek::TimeVal>(rep_start_time));
info->Assign(6, zeek::make_intrusive<zeek::IntervalVal>(rep_last_time - rep_start_time));
info->Assign(7, val_mgr->Count(reply_len));
info->Assign(8, val_mgr->Count(c->Uid()));
info->Assign(9, val_mgr->Count(c->Gid()));
info->Assign(10, val_mgr->Count(c->Stamp()));
info->Assign(7, zeek::val_mgr->Count(reply_len));
info->Assign(8, zeek::val_mgr->Count(c->Uid()));
info->Assign(9, zeek::val_mgr->Count(c->Gid()));
info->Assign(10, zeek::val_mgr->Count(c->Stamp()));
info->Assign(11, zeek::make_intrusive<zeek::StringVal>(c->MachineName()));
info->Assign(12, std::move(auxgids));

28
src/analyzer/protocol/rpc/NFS.cc
View file

@ -315,20 +315,20 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_
auto auxgids = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
for ( size_t i = 0; i < c->AuxGIDs().size(); ++i )
auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i]));
auxgids->Assign(i, zeek::val_mgr->Count(c->AuxGIDs()[i]));
auto info = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NFS3::info_t);
info->Assign(0, zeek::BifType::Enum::rpc_status->GetVal(rpc_status));
info->Assign(1, zeek::BifType::Enum::NFS3::status_t->GetVal(nfs_status));
info->Assign(2, zeek::make_intrusive<zeek::TimeVal>(c->StartTime()));
info->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(c->LastTime()-c->StartTime()));
info->Assign(4, val_mgr->Count(c->RPCLen()));
info->Assign(4, zeek::val_mgr->Count(c->RPCLen()));
info->Assign(5, zeek::make_intrusive<zeek::TimeVal>(rep_start_time));
info->Assign(6, zeek::make_intrusive<zeek::IntervalVal>(rep_last_time-rep_start_time));
info->Assign(7, val_mgr->Count(reply_len));
info->Assign(8, val_mgr->Count(c->Uid()));
info->Assign(9, val_mgr->Count(c->Gid()));
info->Assign(10, val_mgr->Count(c->Stamp()));
info->Assign(7, zeek::val_mgr->Count(reply_len));
info->Assign(8, zeek::val_mgr->Count(c->Uid()));
info->Assign(9, zeek::val_mgr->Count(c->Gid()));
info->Assign(10, zeek::val_mgr->Count(c->Stamp()));
info->Assign(11, zeek::make_intrusive<zeek::StringVal>(c->MachineName()));
info->Assign(12, std::move(auxgids));
@ -564,7 +564,7 @@ zeek::RecordValPtr NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEn
rep->Assign(0, nfs3_post_op_attr(buf, n));
bytes_read = extract_XDR_uint32(buf, n);
rep->Assign(1, val_mgr->Count(bytes_read));
rep->Assign(1, zeek::val_mgr->Count(bytes_read));
rep->Assign(2, ExtractBool(buf, n));
rep->Assign(3, nfs3_file_data(buf, n, offset, bytes_read));
}
@ -647,9 +647,9 @@ zeek::RecordValPtr NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n)
writeargs->Assign(0, nfs3_fh(buf, n));
offset = extract_XDR_uint64(buf, n);
writeargs->Assign(1, val_mgr->Count(offset)); // offset
writeargs->Assign(1, zeek::val_mgr->Count(offset)); // offset
bytes = extract_XDR_uint32(buf, n);
writeargs->Assign(2, val_mgr->Count(bytes)); // size
writeargs->Assign(2, zeek::val_mgr->Count(bytes)); // size
writeargs->Assign(3, nfs3_stable_how(buf, n));
writeargs->Assign(4, nfs3_file_data(buf, n, offset, bytes));
@ -734,7 +734,7 @@ zeek::RecordValPtr NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf,
{
auto args = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NFS3::readdirargs_t);
args->Assign(0, val_mgr->Bool(isplus));
args->Assign(0, zeek::val_mgr->Bool(isplus));
args->Assign(1, nfs3_fh(buf, n));
args->Assign(2, ExtractUint64(buf,n)); // cookie
args->Assign(3, ExtractUint64(buf,n)); // cookieverf
@ -751,7 +751,7 @@ zeek::RecordValPtr NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& bu
{
auto rep = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NFS3::readdir_reply_t);
rep->Assign(0, val_mgr->Bool(isplus));
rep->Assign(0, zeek::val_mgr->Bool(isplus));
if ( status == BifEnum::NFS3::NFS3ERR_OK )
{
@ -793,12 +793,12 @@ zeek::RecordValPtr NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& bu
zeek::ValPtr NFS_Interp::ExtractUint32(const u_char*& buf, int& n)
{
return val_mgr->Count(extract_XDR_uint32(buf, n));
return zeek::val_mgr->Count(extract_XDR_uint32(buf, n));
}
zeek::ValPtr NFS_Interp::ExtractUint64(const u_char*& buf, int& n)
{
return val_mgr->Count(extract_XDR_uint64(buf, n));
return zeek::val_mgr->Count(extract_XDR_uint64(buf, n));
}
zeek::ValPtr NFS_Interp::ExtractTime(const u_char*& buf, int& n)
@ -813,7 +813,7 @@ zeek::ValPtr NFS_Interp::ExtractInterval(const u_char*& buf, int& n)
zeek::ValPtr NFS_Interp::ExtractBool(const u_char*& buf, int& n)
{
return val_mgr->Bool(extract_XDR_uint32(buf, n));
return zeek::val_mgr->Bool(extract_XDR_uint32(buf, n));
}

32
src/analyzer/protocol/rpc/Portmap.cc
View file

@ -94,7 +94,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
if ( ! buf )
return false;
reply = val_mgr->Bool(status);
reply = zeek::val_mgr->Bool(status);
event = pm_request_set;
}
else
@ -109,7 +109,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
if ( ! buf )
return false;
reply = val_mgr->Bool(status);
reply = zeek::val_mgr->Bool(status);
event = pm_request_unset;
}
else
@ -126,7 +126,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
zeek::RecordVal* rv = c->RequestVal()->AsRecordVal();
const auto& is_tcp = rv->GetField(2);
reply = val_mgr->Port(CheckPort(port), is_tcp->IsOne() ?
reply = zeek::val_mgr->Port(CheckPort(port), is_tcp->IsOne() ?
TRANSPORT_TCP : TRANSPORT_UDP);
event = pm_request_getport;
}
@ -150,7 +150,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
if ( ! m )
break;
auto index = val_mgr->Count(++nmap);
auto index = zeek::val_mgr->Count(++nmap);
mappings->Assign(std::move(index), std::move(m));
}
@ -174,7 +174,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
if ( ! opaque_reply )
return false;
reply = val_mgr->Port(CheckPort(port), TRANSPORT_UDP);
reply = zeek::val_mgr->Port(CheckPort(port), TRANSPORT_UDP);
event = pm_request_callit;
}
else
@ -194,12 +194,12 @@ zeek::ValPtr PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
static auto pm_mapping = zeek::id::find_type<zeek::RecordType>("pm_mapping");
auto mapping = zeek::make_intrusive<zeek::RecordVal>(pm_mapping);
mapping->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
mapping->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
mapping->Assign(0, zeek::val_mgr->Count(extract_XDR_uint32(buf, len)));
mapping->Assign(1, zeek::val_mgr->Count(extract_XDR_uint32(buf, len)));
bool is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP;
uint32_t port = extract_XDR_uint32(buf, len);
mapping->Assign(2, val_mgr->Port(CheckPort(port), is_tcp ? TRANSPORT_TCP : TRANSPORT_UDP));
mapping->Assign(2, zeek::val_mgr->Port(CheckPort(port), is_tcp ? TRANSPORT_TCP : TRANSPORT_UDP));
if ( ! buf )
return nullptr;
@ -212,11 +212,11 @@ zeek::ValPtr PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
static auto pm_port_request = zeek::id::find_type<zeek::RecordType>("pm_port_request");
auto pr = zeek::make_intrusive<zeek::RecordVal>(pm_port_request);
pr->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
pr->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
pr->Assign(0, zeek::val_mgr->Count(extract_XDR_uint32(buf, len)));
pr->Assign(1, zeek::val_mgr->Count(extract_XDR_uint32(buf, len)));
bool is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP;
pr->Assign(2, val_mgr->Bool(is_tcp));
pr->Assign(2, zeek::val_mgr->Bool(is_tcp));
(void) extract_XDR_uint32(buf, len); // consume the bogus port
if ( ! buf )
@ -230,13 +230,13 @@ zeek::ValPtr PortmapperInterp::ExtractCallItRequest(const u_char*& buf, int& len
static auto pm_callit_request = zeek::id::find_type<zeek::RecordType>("pm_callit_request");
auto c = zeek::make_intrusive<zeek::RecordVal>(pm_callit_request);
c->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
c->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
c->Assign(2, val_mgr->Count(extract_XDR_uint32(buf, len)));
c->Assign(0, zeek::val_mgr->Count(extract_XDR_uint32(buf, len)));
c->Assign(1, zeek::val_mgr->Count(extract_XDR_uint32(buf, len)));
c->Assign(2, zeek::val_mgr->Count(extract_XDR_uint32(buf, len)));
int arg_n;
(void) extract_XDR_opaque(buf, len, arg_n);
c->Assign(3, val_mgr->Count(arg_n));
c->Assign(3, zeek::val_mgr->Count(arg_n));
if ( ! buf )
return nullptr;
@ -252,7 +252,7 @@ uint32_t PortmapperInterp::CheckPort(uint32_t port)
{
analyzer->EnqueueConnEvent(pm_bad_port,
analyzer->ConnVal(),
val_mgr->Count(port)
zeek::val_mgr->Count(port)
);
}

24
src/analyzer/protocol/rpc/RPC.cc
View file

@ -338,13 +338,13 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st
if ( rpc_dialogue )
analyzer->EnqueueConnEvent(rpc_dialogue,
analyzer->ConnVal(),
val_mgr->Count(c->Program()),
val_mgr->Count(c->Version()),
val_mgr->Count(c->Proc()),
zeek::val_mgr->Count(c->Program()),
zeek::val_mgr->Count(c->Version()),
zeek::val_mgr->Count(c->Proc()),
zeek::BifType::Enum::rpc_status->GetVal(status),
zeek::make_intrusive<zeek::TimeVal>(c->StartTime()),
val_mgr->Count(c->CallLen()),
val_mgr->Count(reply_len)
zeek::val_mgr->Count(c->CallLen()),
zeek::val_mgr->Count(reply_len)
);
}
@ -353,11 +353,11 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c)
if ( rpc_call )
analyzer->EnqueueConnEvent(rpc_call,
analyzer->ConnVal(),
val_mgr->Count(c->XID()),
val_mgr->Count(c->Program()),
val_mgr->Count(c->Version()),
val_mgr->Count(c->Proc()),
val_mgr->Count(c->CallLen())
zeek::val_mgr->Count(c->XID()),
zeek::val_mgr->Count(c->Program()),
zeek::val_mgr->Count(c->Version()),
zeek::val_mgr->Count(c->Proc()),
zeek::val_mgr->Count(c->CallLen())
);
}
@ -366,9 +366,9 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status,
if ( rpc_reply )
analyzer->EnqueueConnEvent(rpc_reply,
analyzer->ConnVal(),
val_mgr->Count(xid),
zeek::val_mgr->Count(xid),
zeek::BifType::Enum::rpc_status->GetVal(status),
val_mgr->Count(reply_len)
zeek::val_mgr->Count(reply_len)
);
}

4
src/analyzer/protocol/sip/sip-analyzer.pac
View file

@ -72,7 +72,7 @@ refine flow SIP_Flow += {
for ( unsigned int i = 0; i < headers.size(); ++i )
{ // index starting from 1
auto index = val_mgr->Count(i + 1);
auto index = zeek::val_mgr->Count(i + 1);
t->Assign(std::move(index), std::move(headers[i]));
}
@ -114,7 +114,7 @@ refine flow SIP_Flow += {
}
else
{
name_val = val_mgr->EmptyString();
name_val = zeek::val_mgr->EmptyString();
}
header_record->Assign(0, name_val);

80
src/analyzer/protocol/smb/smb1-com-negotiate.pac
View file

@ -42,7 +42,7 @@ refine connection SMB_Conn += {
case 0x01:
{
auto core = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseCore);
core->Assign(0, val_mgr->Count(${val.dialect_index}));
core->Assign(0, zeek::val_mgr->Count(${val.dialect_index}));
response->Assign(0, std::move(core));
}
@ -51,23 +51,23 @@ refine connection SMB_Conn += {
case 0x0d:
{
auto security = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity);
security->Assign(0, val_mgr->Bool(${val.lanman.security_user_level}));
security->Assign(1, val_mgr->Bool(${val.lanman.security_challenge_response}));
security->Assign(0, zeek::val_mgr->Bool(${val.lanman.security_user_level}));
security->Assign(1, zeek::val_mgr->Bool(${val.lanman.security_challenge_response}));
auto raw = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateRawMode);
raw->Assign(0, val_mgr->Bool(${val.lanman.raw_read_supported}));
raw->Assign(1, val_mgr->Bool(${val.lanman.raw_write_supported}));
raw->Assign(0, zeek::val_mgr->Bool(${val.lanman.raw_read_supported}));
raw->Assign(1, zeek::val_mgr->Bool(${val.lanman.raw_write_supported}));
auto lanman = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseLANMAN);
lanman->Assign(0, val_mgr->Count(${val.word_count}));
lanman->Assign(1, val_mgr->Count(${val.dialect_index}));
lanman->Assign(0, zeek::val_mgr->Count(${val.word_count}));
lanman->Assign(1, zeek::val_mgr->Count(${val.dialect_index}));
lanman->Assign(2, std::move(security));
lanman->Assign(3, val_mgr->Count(${val.lanman.max_buffer_size}));
lanman->Assign(4, val_mgr->Count(${val.lanman.max_mpx_count}));
lanman->Assign(3, zeek::val_mgr->Count(${val.lanman.max_buffer_size}));
lanman->Assign(4, zeek::val_mgr->Count(${val.lanman.max_mpx_count}));
lanman->Assign(5, val_mgr->Count(${val.lanman.max_number_vcs}));
lanman->Assign(5, zeek::val_mgr->Count(${val.lanman.max_number_vcs}));
lanman->Assign(6, std::move(raw));
lanman->Assign(7, val_mgr->Count(${val.lanman.session_key}));
lanman->Assign(7, zeek::val_mgr->Count(${val.lanman.session_key}));
lanman->Assign(8, time_from_lanman(${val.lanman.server_time}, ${val.lanman.server_date}, ${val.lanman.server_tz}));
lanman->Assign(9, to_stringval(${val.lanman.encryption_key}));
@ -80,44 +80,44 @@ refine connection SMB_Conn += {
case 0x11:
{
auto security = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity);
security->Assign(0, val_mgr->Bool(${val.ntlm.security_user_level}));
security->Assign(1, val_mgr->Bool(${val.ntlm.security_challenge_response}));
security->Assign(2, val_mgr->Bool(${val.ntlm.security_signatures_enabled}));
security->Assign(3, val_mgr->Bool(${val.ntlm.security_signatures_required}));
security->Assign(0, zeek::val_mgr->Bool(${val.ntlm.security_user_level}));
security->Assign(1, zeek::val_mgr->Bool(${val.ntlm.security_challenge_response}));
security->Assign(2, zeek::val_mgr->Bool(${val.ntlm.security_signatures_enabled}));
security->Assign(3, zeek::val_mgr->Bool(${val.ntlm.security_signatures_required}));
auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateCapabilities);
capabilities->Assign(0, val_mgr->Bool(${val.ntlm.capabilities_raw_mode}));
capabilities->Assign(1, val_mgr->Bool(${val.ntlm.capabilities_mpx_mode}));
capabilities->Assign(2, val_mgr->Bool(${val.ntlm.capabilities_unicode}));
capabilities->Assign(3, val_mgr->Bool(${val.ntlm.capabilities_large_files}));
capabilities->Assign(4, val_mgr->Bool(${val.ntlm.capabilities_nt_smbs}));
capabilities->Assign(0, zeek::val_mgr->Bool(${val.ntlm.capabilities_raw_mode}));
capabilities->Assign(1, zeek::val_mgr->Bool(${val.ntlm.capabilities_mpx_mode}));
capabilities->Assign(2, zeek::val_mgr->Bool(${val.ntlm.capabilities_unicode}));
capabilities->Assign(3, zeek::val_mgr->Bool(${val.ntlm.capabilities_large_files}));
capabilities->Assign(4, zeek::val_mgr->Bool(${val.ntlm.capabilities_nt_smbs}));
capabilities->Assign(5, val_mgr->Bool(${val.ntlm.capabilities_rpc_remote_apis}));
capabilities->Assign(6, val_mgr->Bool(${val.ntlm.capabilities_status32}));
capabilities->Assign(7, val_mgr->Bool(${val.ntlm.capabilities_level_2_oplocks}));
capabilities->Assign(8, val_mgr->Bool(${val.ntlm.capabilities_lock_and_read}));
capabilities->Assign(9, val_mgr->Bool(${val.ntlm.capabilities_nt_find}));
capabilities->Assign(5, zeek::val_mgr->Bool(${val.ntlm.capabilities_rpc_remote_apis}));
capabilities->Assign(6, zeek::val_mgr->Bool(${val.ntlm.capabilities_status32}));
capabilities->Assign(7, zeek::val_mgr->Bool(${val.ntlm.capabilities_level_2_oplocks}));
capabilities->Assign(8, zeek::val_mgr->Bool(${val.ntlm.capabilities_lock_and_read}));
capabilities->Assign(9, zeek::val_mgr->Bool(${val.ntlm.capabilities_nt_find}));
capabilities->Assign(10, val_mgr->Bool(${val.ntlm.capabilities_dfs}));
capabilities->Assign(11, val_mgr->Bool(${val.ntlm.capabilities_infolevel_passthru}));
capabilities->Assign(12, val_mgr->Bool(${val.ntlm.capabilities_large_readx}));
capabilities->Assign(13, val_mgr->Bool(${val.ntlm.capabilities_large_writex}));
capabilities->Assign(14, val_mgr->Bool(${val.ntlm.capabilities_unix}));
capabilities->Assign(10, zeek::val_mgr->Bool(${val.ntlm.capabilities_dfs}));
capabilities->Assign(11, zeek::val_mgr->Bool(${val.ntlm.capabilities_infolevel_passthru}));
capabilities->Assign(12, zeek::val_mgr->Bool(${val.ntlm.capabilities_large_readx}));
capabilities->Assign(13, zeek::val_mgr->Bool(${val.ntlm.capabilities_large_writex}));
capabilities->Assign(14, zeek::val_mgr->Bool(${val.ntlm.capabilities_unix}));
capabilities->Assign(15, val_mgr->Bool(${val.ntlm.capabilities_bulk_transfer}));
capabilities->Assign(16, val_mgr->Bool(${val.ntlm.capabilities_compressed_data}));
capabilities->Assign(17, val_mgr->Bool(${val.ntlm.capabilities_extended_security}));
capabilities->Assign(15, zeek::val_mgr->Bool(${val.ntlm.capabilities_bulk_transfer}));
capabilities->Assign(16, zeek::val_mgr->Bool(${val.ntlm.capabilities_compressed_data}));
capabilities->Assign(17, zeek::val_mgr->Bool(${val.ntlm.capabilities_extended_security}));
auto ntlm = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseNTLM);
ntlm->Assign(0, val_mgr->Count(${val.word_count}));
ntlm->Assign(1, val_mgr->Count(${val.dialect_index}));
ntlm->Assign(0, zeek::val_mgr->Count(${val.word_count}));
ntlm->Assign(1, zeek::val_mgr->Count(${val.dialect_index}));
ntlm->Assign(2, std::move(security));
ntlm->Assign(3, val_mgr->Count(${val.ntlm.max_buffer_size}));
ntlm->Assign(4, val_mgr->Count(${val.ntlm.max_mpx_count}));
ntlm->Assign(3, zeek::val_mgr->Count(${val.ntlm.max_buffer_size}));
ntlm->Assign(4, zeek::val_mgr->Count(${val.ntlm.max_mpx_count}));
ntlm->Assign(5, val_mgr->Count(${val.ntlm.max_number_vcs}));
ntlm->Assign(6, val_mgr->Count(${val.ntlm.max_raw_size}));
ntlm->Assign(7, val_mgr->Count(${val.ntlm.session_key}));
ntlm->Assign(5, zeek::val_mgr->Count(${val.ntlm.max_number_vcs}));
ntlm->Assign(6, zeek::val_mgr->Count(${val.ntlm.max_raw_size}));
ntlm->Assign(7, zeek::val_mgr->Count(${val.ntlm.session_key}));
ntlm->Assign(8, std::move(capabilities));
ntlm->Assign(9, filetime2brotime(${val.ntlm.server_time}));

62
src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac
View file

@ -14,13 +14,13 @@ refine connection SMB_Conn += {
{
auto request = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXRequest);
request->Assign(0, val_mgr->Count(${val.word_count}));
request->Assign(0, zeek::val_mgr->Count(${val.word_count}));
switch ( ${val.word_count} ) {
case 10: // pre NT LM 0.12
request->Assign(1, val_mgr->Count(${val.lanman.max_buffer_size}));
request->Assign(2, val_mgr->Count(${val.lanman.max_mpx_count}));
request->Assign(3, val_mgr->Count(${val.lanman.vc_number}));
request->Assign(4, val_mgr->Count(${val.lanman.session_key}));
request->Assign(1, zeek::val_mgr->Count(${val.lanman.max_buffer_size}));
request->Assign(2, zeek::val_mgr->Count(${val.lanman.max_mpx_count}));
request->Assign(3, zeek::val_mgr->Count(${val.lanman.vc_number}));
request->Assign(4, zeek::val_mgr->Count(${val.lanman.session_key}));
request->Assign(5, smb_string2stringval(${val.lanman.native_os}));
request->Assign(6, smb_string2stringval(${val.lanman.native_lanman}));
@ -32,17 +32,17 @@ refine connection SMB_Conn += {
case 12: // NT LM 0.12 with extended security
{
auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities);
capabilities->Assign(0, val_mgr->Bool(${val.ntlm_extended_security.capabilities.unicode}));
capabilities->Assign(1, val_mgr->Bool(${val.ntlm_extended_security.capabilities.large_files}));
capabilities->Assign(2, val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_smbs}));
capabilities->Assign(3, val_mgr->Bool(${val.ntlm_extended_security.capabilities.status32}));
capabilities->Assign(4, val_mgr->Bool(${val.ntlm_extended_security.capabilities.level_2_oplocks}));
capabilities->Assign(5, val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_find}));
capabilities->Assign(0, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.unicode}));
capabilities->Assign(1, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.large_files}));
capabilities->Assign(2, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_smbs}));
capabilities->Assign(3, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.status32}));
capabilities->Assign(4, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.level_2_oplocks}));
capabilities->Assign(5, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_find}));
request->Assign(1, val_mgr->Count(${val.ntlm_extended_security.max_buffer_size}));
request->Assign(2, val_mgr->Count(${val.ntlm_extended_security.max_mpx_count}));
request->Assign(3, val_mgr->Count(${val.ntlm_extended_security.vc_number}));
request->Assign(4, val_mgr->Count(${val.ntlm_extended_security.session_key}));
request->Assign(1, zeek::val_mgr->Count(${val.ntlm_extended_security.max_buffer_size}));
request->Assign(2, zeek::val_mgr->Count(${val.ntlm_extended_security.max_mpx_count}));
request->Assign(3, zeek::val_mgr->Count(${val.ntlm_extended_security.vc_number}));
request->Assign(4, zeek::val_mgr->Count(${val.ntlm_extended_security.session_key}));
request->Assign(5, smb_string2stringval(${val.ntlm_extended_security.native_os}));
request->Assign(6, smb_string2stringval(${val.ntlm_extended_security.native_lanman}));
@ -54,17 +54,17 @@ refine connection SMB_Conn += {
case 13: // NT LM 0.12 without extended security
{
auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities);
capabilities->Assign(0, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.unicode}));
capabilities->Assign(1, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.large_files}));
capabilities->Assign(2, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_smbs}));
capabilities->Assign(3, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.status32}));
capabilities->Assign(4, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.level_2_oplocks}));
capabilities->Assign(5, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_find}));
capabilities->Assign(0, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.unicode}));
capabilities->Assign(1, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.large_files}));
capabilities->Assign(2, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_smbs}));
capabilities->Assign(3, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.status32}));
capabilities->Assign(4, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.level_2_oplocks}));
capabilities->Assign(5, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_find}));
request->Assign(1, val_mgr->Count(${val.ntlm_nonextended_security.max_buffer_size}));
request->Assign(2, val_mgr->Count(${val.ntlm_nonextended_security.max_mpx_count}));
request->Assign(3, val_mgr->Count(${val.ntlm_nonextended_security.vc_number}));
request->Assign(4, val_mgr->Count(${val.ntlm_nonextended_security.session_key}));
request->Assign(1, zeek::val_mgr->Count(${val.ntlm_nonextended_security.max_buffer_size}));
request->Assign(2, zeek::val_mgr->Count(${val.ntlm_nonextended_security.max_mpx_count}));
request->Assign(3, zeek::val_mgr->Count(${val.ntlm_nonextended_security.vc_number}));
request->Assign(4, zeek::val_mgr->Count(${val.ntlm_nonextended_security.session_key}));
request->Assign(5, smb_string2stringval(${val.ntlm_nonextended_security.native_os}));
request->Assign(6, smb_string2stringval(${val.ntlm_nonextended_security.native_lanman}));
@ -91,18 +91,18 @@ refine connection SMB_Conn += {
if ( smb1_session_setup_andx_response )
{
auto response = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXResponse);
response->Assign(0, val_mgr->Count(${val.word_count}));
response->Assign(0, zeek::val_mgr->Count(${val.word_count}));
switch ( ${val.word_count} )
{
case 3: // pre NT LM 0.12
response->Assign(1, val_mgr->Bool(${val.lanman.is_guest}));
response->Assign(2, ${val.lanman.byte_count} == 0 ? val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_os[0]}));
response->Assign(3, ${val.lanman.byte_count} == 0 ? val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_lanman[0]}));
response->Assign(4, ${val.lanman.byte_count} == 0 ? val_mgr->EmptyString() : smb_string2stringval(${val.lanman.primary_domain[0]}));
response->Assign(1, zeek::val_mgr->Bool(${val.lanman.is_guest}));
response->Assign(2, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_os[0]}));
response->Assign(3, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_lanman[0]}));
response->Assign(4, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.primary_domain[0]}));
break;
case 4: // NT LM 0.12
response->Assign(1, val_mgr->Bool(${val.ntlm.is_guest}));
response->Assign(1, zeek::val_mgr->Bool(${val.ntlm.is_guest}));
response->Assign(2, smb_string2stringval(${val.ntlm.native_os}));
response->Assign(3, smb_string2stringval(${val.ntlm.native_lanman}));
//response->Assign(4, smb_string2stringval(${val.ntlm.primary_domain}));

18
src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac
View file

@ -6,14 +6,14 @@ refine connection SMB_Conn += {
return false;
auto args = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::Trans_Sec_Args);
args->Assign(0, val_mgr->Count(${val.total_param_count}));
args->Assign(1, val_mgr->Count(${val.total_data_count}));
args->Assign(2, val_mgr->Count(${val.param_count}));
args->Assign(3, val_mgr->Count(${val.param_offset}));
args->Assign(4, val_mgr->Count(${val.param_displacement}));
args->Assign(5, val_mgr->Count(${val.data_count}));
args->Assign(6, val_mgr->Count(${val.data_offset}));
args->Assign(7, val_mgr->Count(${val.data_displacement}));
args->Assign(0, zeek::val_mgr->Count(${val.total_param_count}));
args->Assign(1, zeek::val_mgr->Count(${val.total_data_count}));
args->Assign(2, zeek::val_mgr->Count(${val.param_count}));
args->Assign(3, zeek::val_mgr->Count(${val.param_offset}));
args->Assign(4, zeek::val_mgr->Count(${val.param_displacement}));
args->Assign(5, zeek::val_mgr->Count(${val.data_count}));
args->Assign(6, zeek::val_mgr->Count(${val.data_offset}));
args->Assign(7, zeek::val_mgr->Count(${val.data_displacement}));
auto parameters = zeek::make_intrusive<zeek::StringVal>(${val.parameters}.length(),
(const char*)${val.parameters}.data());
@ -42,7 +42,7 @@ refine connection SMB_Conn += {
if ( ! payload_str )
{
payload_str = val_mgr->EmptyString();
payload_str = zeek::val_mgr->EmptyString();
}
zeek::BifEvent::enqueue_smb1_transaction_secondary_request(bro_analyzer(),

6
src/analyzer/protocol/smb/smb1-com-transaction.pac
View file

@ -17,7 +17,7 @@ enum Trans_subcommands {
}
assert(false);
return val_mgr->EmptyString();
return zeek::val_mgr->EmptyString();
}
%}
@ -60,7 +60,7 @@ refine connection SMB_Conn += {
if ( ${val.data_count} > 0 )
payload_str = transaction_data_to_val(${val.data});
else
payload_str = val_mgr->EmptyString();
payload_str = zeek::val_mgr->EmptyString();
zeek::BifEvent::enqueue_smb1_transaction_request(bro_analyzer(),
bro_analyzer()->Conn(),
@ -85,7 +85,7 @@ refine connection SMB_Conn += {
if ( ${val.data_count} > 0 )
payload_str = transaction_data_to_val(${val.data[0]});
else
payload_str = val_mgr->EmptyString();
payload_str = zeek::val_mgr->EmptyString();
zeek::BifEvent::enqueue_smb1_transaction_response(bro_analyzer(),
bro_analyzer()->Conn(),

18
src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac
View file

@ -6,15 +6,15 @@ refine connection SMB_Conn += {
return false;
auto args = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::Trans2_Sec_Args);
args->Assign(0, val_mgr->Count(${val.total_param_count}));
args->Assign(1, val_mgr->Count(${val.total_data_count}));
args->Assign(2, val_mgr->Count(${val.param_count}));
args->Assign(3, val_mgr->Count(${val.param_offset}));
args->Assign(4, val_mgr->Count(${val.param_displacement}));
args->Assign(5, val_mgr->Count(${val.data_count}));
args->Assign(6, val_mgr->Count(${val.data_offset}));
args->Assign(7, val_mgr->Count(${val.data_displacement}));
args->Assign(8, val_mgr->Count(${val.FID}));
args->Assign(0, zeek::val_mgr->Count(${val.total_param_count}));
args->Assign(1, zeek::val_mgr->Count(${val.total_data_count}));
args->Assign(2, zeek::val_mgr->Count(${val.param_count}));
args->Assign(3, zeek::val_mgr->Count(${val.param_offset}));
args->Assign(4, zeek::val_mgr->Count(${val.param_displacement}));
args->Assign(5, zeek::val_mgr->Count(${val.data_count}));
args->Assign(6, zeek::val_mgr->Count(${val.data_offset}));
args->Assign(7, zeek::val_mgr->Count(${val.data_displacement}));
args->Assign(8, zeek::val_mgr->Count(${val.FID}));
auto parameters = zeek::make_intrusive<zeek::StringVal>(${val.parameters}.length(), (const char*)${val.parameters}.data());
auto payload = zeek::make_intrusive<zeek::StringVal>(${val.data}.length(), (const char*)${val.data}.data());

34
src/analyzer/protocol/smb/smb1-com-transaction2.pac
View file

@ -25,18 +25,18 @@ refine connection SMB_Conn += {
if ( smb1_transaction2_request )
{
auto args = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::Trans2_Args);
args->Assign(0, val_mgr->Count(${val.total_param_count}));
args->Assign(1, val_mgr->Count(${val.total_data_count}));
args->Assign(2, val_mgr->Count(${val.max_param_count}));
args->Assign(3, val_mgr->Count(${val.max_data_count}));
args->Assign(4, val_mgr->Count(${val.max_setup_count}));
args->Assign(5, val_mgr->Count(${val.flags}));
args->Assign(6, val_mgr->Count(${val.timeout}));
args->Assign(7, val_mgr->Count(${val.param_count}));
args->Assign(8, val_mgr->Count(${val.param_offset}));
args->Assign(9, val_mgr->Count(${val.data_count}));
args->Assign(10, val_mgr->Count(${val.data_offset}));
args->Assign(11, val_mgr->Count(${val.setup_count}));
args->Assign(0, zeek::val_mgr->Count(${val.total_param_count}));
args->Assign(1, zeek::val_mgr->Count(${val.total_data_count}));
args->Assign(2, zeek::val_mgr->Count(${val.max_param_count}));
args->Assign(3, zeek::val_mgr->Count(${val.max_data_count}));
args->Assign(4, zeek::val_mgr->Count(${val.max_setup_count}));
args->Assign(5, zeek::val_mgr->Count(${val.flags}));
args->Assign(6, zeek::val_mgr->Count(${val.timeout}));
args->Assign(7, zeek::val_mgr->Count(${val.param_count}));
args->Assign(8, zeek::val_mgr->Count(${val.param_offset}));
args->Assign(9, zeek::val_mgr->Count(${val.data_count}));
args->Assign(10, zeek::val_mgr->Count(${val.data_offset}));
args->Assign(11, zeek::val_mgr->Count(${val.setup_count}));
zeek::BifEvent::enqueue_smb1_transaction2_request(bro_analyzer(),
bro_analyzer()->Conn(),
@ -132,11 +132,11 @@ refine connection SMB_Conn += {
if ( smb1_trans2_find_first2_request )
{
auto result = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::Find_First2_Request_Args);
result->Assign(0, val_mgr->Count(${val.search_attrs}));
result->Assign(1, val_mgr->Count(${val.search_count}));
result->Assign(2, val_mgr->Count(${val.flags}));
result->Assign(3, val_mgr->Count(${val.info_level}));
result->Assign(4, val_mgr->Count(${val.search_storage_type}));
result->Assign(0, zeek::val_mgr->Count(${val.search_attrs}));
result->Assign(1, zeek::val_mgr->Count(${val.search_count}));
result->Assign(2, zeek::val_mgr->Count(${val.flags}));
result->Assign(3, zeek::val_mgr->Count(${val.info_level}));
result->Assign(4, zeek::val_mgr->Count(${val.search_storage_type}));
result->Assign(5, smb_string2stringval(${val.file_name}));
zeek::BifEvent::enqueue_smb1_trans2_find_first2_request(bro_analyzer(),
bro_analyzer()->Conn(),

2
src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac
View file

@ -26,7 +26,7 @@ refine connection SMB_Conn += {
std::move(service_string),
${val.byte_count} > ${val.service.a}->size() ?
smb_string2stringval(${val.native_file_system[0]}) :
val_mgr->EmptyString());
zeek::val_mgr->EmptyString());
return true;
%}

16
src/analyzer/protocol/smb/smb1-protocol.pac
View file

@ -25,14 +25,14 @@
// { // do nothing
// }
r->Assign(0, val_mgr->Count(${hdr.command}));
r->Assign(1, val_mgr->Count(${hdr.status}));
r->Assign(2, val_mgr->Count(${hdr.flags}));
r->Assign(3, val_mgr->Count(${hdr.flags2}));
r->Assign(4, val_mgr->Count(${hdr.tid}));
r->Assign(5, val_mgr->Count(${hdr.pid}));
r->Assign(6, val_mgr->Count(${hdr.uid}));
r->Assign(7, val_mgr->Count(${hdr.mid}));
r->Assign(0, zeek::val_mgr->Count(${hdr.command}));
r->Assign(1, zeek::val_mgr->Count(${hdr.status}));
r->Assign(2, zeek::val_mgr->Count(${hdr.flags}));
r->Assign(3, zeek::val_mgr->Count(${hdr.flags2}));
r->Assign(4, zeek::val_mgr->Count(${hdr.tid}));
r->Assign(5, zeek::val_mgr->Count(${hdr.pid}));
r->Assign(6, zeek::val_mgr->Count(${hdr.uid}));
r->Assign(7, zeek::val_mgr->Count(${hdr.mid}));
return r;
}

4
src/analyzer/protocol/smb/smb2-com-close.pac
View file

@ -22,8 +22,8 @@ refine connection SMB_Conn += {
{
auto resp = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::CloseResponse);
resp->Assign(0, val_mgr->Count(${val.alloc_size}));
resp->Assign(1, val_mgr->Count(${val.eof}));
resp->Assign(0, zeek::val_mgr->Count(${val.alloc_size}));
resp->Assign(1, zeek::val_mgr->Count(${val.eof}));
resp->Assign(2, SMB_BuildMACTimes(${val.last_write_time},
${val.last_access_time},
${val.creation_time},

8
src/analyzer/protocol/smb/smb2-com-create.pac
View file

@ -18,8 +18,8 @@ refine connection SMB_Conn += {
{
auto requestinfo = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::CreateRequest);
requestinfo->Assign(0, std::move(filename));
requestinfo->Assign(1, val_mgr->Count(${val.disposition}));
requestinfo->Assign(2, val_mgr->Count(${val.create_options}));
requestinfo->Assign(1, zeek::val_mgr->Count(${val.disposition}));
requestinfo->Assign(2, zeek::val_mgr->Count(${val.create_options}));
zeek::BifEvent::enqueue_smb2_create_request(bro_analyzer(),
bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h),
@ -35,13 +35,13 @@ refine connection SMB_Conn += {
{
auto responseinfo = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::CreateResponse);
responseinfo->Assign(0, BuildSMB2GUID(${val.file_id}));
responseinfo->Assign(1, val_mgr->Count(${val.eof}));
responseinfo->Assign(1, zeek::val_mgr->Count(${val.eof}));
responseinfo->Assign(2, SMB_BuildMACTimes(${val.last_write_time},
${val.last_access_time},
${val.creation_time},
${val.change_time}));
responseinfo->Assign(3, smb2_file_attrs_to_bro(${val.file_attrs}));
responseinfo->Assign(4, val_mgr->Count(${val.create_action}));
responseinfo->Assign(4, zeek::val_mgr->Count(${val.create_action}));
zeek::BifEvent::enqueue_smb2_create_response(bro_analyzer(),
bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h),

8
src/analyzer/protocol/smb/smb2-com-negotiate.pac
View file

@ -25,7 +25,7 @@ refine connection SMB_Conn += {
auto dialects = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i )
dialects->Assign(i, val_mgr->Count((*${val.dialects})[i]));
dialects->Assign(i, zeek::val_mgr->Count((*${val.dialects})[i]));
zeek::BifEvent::enqueue_smb2_negotiate_request(bro_analyzer(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h),
@ -41,12 +41,12 @@ refine connection SMB_Conn += {
{
auto nr = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::NegotiateResponse);
nr->Assign(0, val_mgr->Count(${val.dialect_revision}));
nr->Assign(1, val_mgr->Count(${val.security_mode}));
nr->Assign(0, zeek::val_mgr->Count(${val.dialect_revision}));
nr->Assign(1, zeek::val_mgr->Count(${val.security_mode}));
nr->Assign(2, BuildSMB2GUID(${val.server_guid}));
nr->Assign(3, filetime2brotime(${val.system_time}));
nr->Assign(4, filetime2brotime(${val.server_start_time}));
nr->Assign(5, val_mgr->Count(${val.negotiate_context_count}));
nr->Assign(5, zeek::val_mgr->Count(${val.negotiate_context_count}));
auto cv = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::SMB2::NegotiateContextValues);

8
src/analyzer/protocol/smb/smb2-com-session-setup.pac
View file

@ -5,7 +5,7 @@ refine connection SMB_Conn += {
if ( smb2_session_setup_request )
{
auto req = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::SessionSetupRequest);
req->Assign(0, val_mgr->Count(${val.security_mode}));
req->Assign(0, zeek::val_mgr->Count(${val.security_mode}));
zeek::BifEvent::enqueue_smb2_session_setup_request(bro_analyzer(),
bro_analyzer()->Conn(),
@ -21,9 +21,9 @@ refine connection SMB_Conn += {
if ( smb2_session_setup_response )
{
auto flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::SessionSetupFlags);
flags->Assign(0, val_mgr->Bool(${val.flag_guest}));
flags->Assign(1, val_mgr->Bool(${val.flag_anonymous}));
flags->Assign(2, val_mgr->Bool(${val.flag_encrypt}));
flags->Assign(0, zeek::val_mgr->Bool(${val.flag_guest}));
flags->Assign(1, zeek::val_mgr->Bool(${val.flag_anonymous}));
flags->Assign(2, zeek::val_mgr->Bool(${val.flag_encrypt}));
auto resp = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::SessionSetupResponse);
resp->Assign(0, std::move(flags));

12
src/analyzer/protocol/smb/smb2-com-set-info.pac
View file

@ -193,12 +193,12 @@ refine connection SMB_Conn += {
if ( smb2_file_fscontrol )
{
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::Fscontrol);
r->Assign(0, val_mgr->Int(${val.free_space_start_filtering}));
r->Assign(1, val_mgr->Int(${val.free_space_start_threshold}));
r->Assign(2, val_mgr->Int(${val.free_space_stop_filtering}));
r->Assign(3, val_mgr->Count(${val.default_quota_threshold}));
r->Assign(4, val_mgr->Count(${val.default_quota_limit}));
r->Assign(5, val_mgr->Count(${val.file_system_control_flags}));
r->Assign(0, zeek::val_mgr->Int(${val.free_space_start_filtering}));
r->Assign(1, zeek::val_mgr->Int(${val.free_space_start_threshold}));
r->Assign(2, zeek::val_mgr->Int(${val.free_space_stop_filtering}));
r->Assign(3, zeek::val_mgr->Count(${val.default_quota_threshold}));
r->Assign(4, zeek::val_mgr->Count(${val.default_quota_limit}));
r->Assign(5, zeek::val_mgr->Count(${val.file_system_control_flags}));
zeek::BifEvent::enqueue_smb2_file_fscontrol(bro_analyzer(),
bro_analyzer()->Conn(),

6
src/analyzer/protocol/smb/smb2-com-transform-header.pac
View file

@ -7,9 +7,9 @@ refine connection SMB_Conn += {
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::Transform_header);
r->Assign(0, to_stringval(${hdr.signature}));
r->Assign(1, to_stringval(${hdr.nonce}));
r->Assign(2, val_mgr->Count(${hdr.orig_msg_size}));
r->Assign(3, val_mgr->Count(${hdr.flags}));
r->Assign(4, val_mgr->Count(${hdr.session_id}));
r->Assign(2, zeek::val_mgr->Count(${hdr.orig_msg_size}));
r->Assign(3, zeek::val_mgr->Count(${hdr.flags}));
r->Assign(4, zeek::val_mgr->Count(${hdr.session_id}));
zeek::BifEvent::enqueue_smb2_transform_header(bro_analyzer(),
bro_analyzer()->Conn(),

2
src/analyzer/protocol/smb/smb2-com-tree-connect.pac
View file

@ -19,7 +19,7 @@ refine connection SMB_Conn += {
if ( smb2_tree_connect_response )
{
auto resp = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::TreeConnectResponse);
resp->Assign(0, val_mgr->Count(${val.share_type}));
resp->Assign(0, zeek::val_mgr->Count(${val.share_type}));
zeek::BifEvent::enqueue_smb2_tree_connect_response(bro_analyzer(),
bro_analyzer()->Conn(),

70
src/analyzer/protocol/smb/smb2-protocol.pac
View file

@ -12,15 +12,15 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv);
zeek::RecordValPtr BuildSMB2HeaderVal(SMB2_Header* hdr)
{
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::Header);
r->Assign(0, val_mgr->Count(${hdr.credit_charge}));
r->Assign(1, val_mgr->Count(${hdr.status}));
r->Assign(2, val_mgr->Count(${hdr.command}));
r->Assign(3, val_mgr->Count(${hdr.credits}));
r->Assign(4, val_mgr->Count(${hdr.flags}));
r->Assign(5, val_mgr->Count(${hdr.message_id}));
r->Assign(6, val_mgr->Count(${hdr.process_id}));
r->Assign(7, val_mgr->Count(${hdr.tree_id}));
r->Assign(8, val_mgr->Count(${hdr.session_id}));
r->Assign(0, zeek::val_mgr->Count(${hdr.credit_charge}));
r->Assign(1, zeek::val_mgr->Count(${hdr.status}));
r->Assign(2, zeek::val_mgr->Count(${hdr.command}));
r->Assign(3, zeek::val_mgr->Count(${hdr.credits}));
r->Assign(4, zeek::val_mgr->Count(${hdr.flags}));
r->Assign(5, zeek::val_mgr->Count(${hdr.message_id}));
r->Assign(6, zeek::val_mgr->Count(${hdr.process_id}));
r->Assign(7, zeek::val_mgr->Count(${hdr.tree_id}));
r->Assign(8, zeek::val_mgr->Count(${hdr.session_id}));
r->Assign(9, to_stringval(${hdr.signature}));
return r;
}
@ -28,29 +28,29 @@ zeek::RecordValPtr BuildSMB2HeaderVal(SMB2_Header* hdr)
zeek::RecordValPtr BuildSMB2GUID(SMB2_guid* file_id)
{
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::GUID);
r->Assign(0, val_mgr->Count(${file_id.persistent}));
r->Assign(1, val_mgr->Count(${file_id._volatile}));
r->Assign(0, zeek::val_mgr->Count(${file_id.persistent}));
r->Assign(1, zeek::val_mgr->Count(${file_id._volatile}));
return r;
}
zeek::RecordValPtr smb2_file_attrs_to_bro(SMB2_file_attributes* val)
{
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::FileAttrs);
r->Assign(0, val_mgr->Bool(${val.read_only}));
r->Assign(1, val_mgr->Bool(${val.hidden}));
r->Assign(2, val_mgr->Bool(${val.system}));
r->Assign(3, val_mgr->Bool(${val.directory}));
r->Assign(4, val_mgr->Bool(${val.archive}));
r->Assign(5, val_mgr->Bool(${val.normal}));
r->Assign(6, val_mgr->Bool(${val.temporary}));
r->Assign(7, val_mgr->Bool(${val.sparse_file}));
r->Assign(8, val_mgr->Bool(${val.reparse_point}));
r->Assign(9, val_mgr->Bool(${val.compressed}));
r->Assign(10, val_mgr->Bool(${val.offline}));
r->Assign(11, val_mgr->Bool(${val.not_content_indexed}));
r->Assign(12, val_mgr->Bool(${val.encrypted}));
r->Assign(13, val_mgr->Bool(${val.integrity_stream}));
r->Assign(14, val_mgr->Bool(${val.no_scrub_data}));
r->Assign(0, zeek::val_mgr->Bool(${val.read_only}));
r->Assign(1, zeek::val_mgr->Bool(${val.hidden}));
r->Assign(2, zeek::val_mgr->Bool(${val.system}));
r->Assign(3, zeek::val_mgr->Bool(${val.directory}));
r->Assign(4, zeek::val_mgr->Bool(${val.archive}));
r->Assign(5, zeek::val_mgr->Bool(${val.normal}));
r->Assign(6, zeek::val_mgr->Bool(${val.temporary}));
r->Assign(7, zeek::val_mgr->Bool(${val.sparse_file}));
r->Assign(8, zeek::val_mgr->Bool(${val.reparse_point}));
r->Assign(9, zeek::val_mgr->Bool(${val.compressed}));
r->Assign(10, zeek::val_mgr->Bool(${val.offline}));
r->Assign(11, zeek::val_mgr->Bool(${val.not_content_indexed}));
r->Assign(12, zeek::val_mgr->Bool(${val.encrypted}));
r->Assign(13, zeek::val_mgr->Bool(${val.integrity_stream}));
r->Assign(14, zeek::val_mgr->Bool(${val.no_scrub_data}));
return r;
}
@ -58,22 +58,22 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
{
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::NegotiateContextValue);
r->Assign(0, val_mgr->Count(${ncv.context_type}));
r->Assign(1, val_mgr->Count(${ncv.data_length}));
r->Assign(0, zeek::val_mgr->Count(${ncv.context_type}));
r->Assign(1, zeek::val_mgr->Count(${ncv.data_length}));
switch ( ${ncv.context_type} ) {
case SMB2_PREAUTH_INTEGRITY_CAPABILITIES:
{
auto rpreauth = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::PreAuthIntegrityCapabilities);
rpreauth->Assign(0, val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg_count}));
rpreauth->Assign(1, val_mgr->Count(${ncv.preauth_integrity_capabilities.salt_length}));
rpreauth->Assign(0, zeek::val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg_count}));
rpreauth->Assign(1, zeek::val_mgr->Count(${ncv.preauth_integrity_capabilities.salt_length}));
auto ha = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
for ( int i = 0; i < ${ncv.preauth_integrity_capabilities.hash_alg_count}; ++i )
{
const auto& vec = *${ncv.preauth_integrity_capabilities.hash_alg};
ha->Assign(i, val_mgr->Count(vec[i]));
ha->Assign(i, zeek::val_mgr->Count(vec[i]));
}
rpreauth->Assign(2, std::move(ha));
@ -85,14 +85,14 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
case SMB2_ENCRYPTION_CAPABILITIES:
{
auto rencr = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::EncryptionCapabilities);
rencr->Assign(0, val_mgr->Count(${ncv.encryption_capabilities.cipher_count}));
rencr->Assign(0, zeek::val_mgr->Count(${ncv.encryption_capabilities.cipher_count}));
auto c = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
for ( int i = 0; i < ${ncv.encryption_capabilities.cipher_count}; ++i )
{
const auto& vec = *${ncv.encryption_capabilities.ciphers};
c->Assign(i, val_mgr->Count(vec[i]));
c->Assign(i, zeek::val_mgr->Count(vec[i]));
}
rencr->Assign(1, std::move(c));
@ -103,14 +103,14 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
case SMB2_COMPRESSION_CAPABILITIES:
{
auto rcomp = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::CompressionCapabilities);
rcomp->Assign(0, val_mgr->Count(${ncv.compression_capabilities.alg_count}));
rcomp->Assign(0, zeek::val_mgr->Count(${ncv.compression_capabilities.alg_count}));
auto c = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
for ( int i = 0; i < ${ncv.compression_capabilities.alg_count}; ++i )
{
const auto& vec = *${ncv.compression_capabilities.algs};
c->Assign(i, val_mgr->Count(vec[i]));
c->Assign(i, zeek::val_mgr->Count(vec[i]));
}
rcomp->Assign(1, std::move(c));

12
src/analyzer/protocol/smtp/SMTP.cc
View file

@ -221,7 +221,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
{
EnqueueConnEvent(smtp_data,
ConnVal(),
val_mgr->Bool(orig),
zeek::val_mgr->Bool(orig),
zeek::make_intrusive<zeek::StringVal>(data_len, line)
);
}
@ -351,11 +351,11 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
EnqueueConnEvent(smtp_reply,
ConnVal(),
val_mgr->Bool(orig),
val_mgr->Count(reply_code),
zeek::val_mgr->Bool(orig),
zeek::val_mgr->Count(reply_code),
zeek::make_intrusive<zeek::StringVal>(cmd),
zeek::make_intrusive<zeek::StringVal>(end_of_line - line, line),
val_mgr->Bool((pending_reply > 0))
zeek::val_mgr->Bool((pending_reply > 0))
);
}
}
@ -860,7 +860,7 @@ void SMTP_Analyzer::RequestEvent(int cmd_len, const char* cmd,
EnqueueConnEvent(smtp_request,
ConnVal(),
val_mgr->Bool(orig_is_sender),
zeek::val_mgr->Bool(orig_is_sender),
std::move(cmd_arg),
zeek::make_intrusive<zeek::StringVal>(arg_len, arg)
);
@ -881,7 +881,7 @@ void SMTP_Analyzer::Unexpected(bool is_sender, const char* msg,
EnqueueConnEvent(smtp_unexpected,
ConnVal(),
val_mgr->Bool(is_orig),
zeek::val_mgr->Bool(is_orig),
zeek::make_intrusive<zeek::StringVal>(msg),
zeek::make_intrusive<zeek::StringVal>(detail_len, detail)
);

12
src/analyzer/protocol/snmp/snmp-analyzer.pac
View file

@ -47,7 +47,7 @@ zeek::ValPtr asn1_obj_to_val(const ASN1Encoding* obj)
zeek::RecordValPtr rval = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SNMP::ObjectValue);
uint8 tag = obj->meta()->tag();
rval->Assign(0, val_mgr->Count(tag));
rval->Assign(0, zeek::val_mgr->Count(tag));
switch ( tag ) {
case VARBIND_UNSPECIFIED_TAG:
@ -93,7 +93,7 @@ zeek::ValPtr time_ticks_to_val(const TimeTicks* tt)
zeek::RecordValPtr build_hdr(const Header* header)
{
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SNMP::Header);
rv->Assign(0, val_mgr->Count(header->version()));
rv->Assign(0, zeek::val_mgr->Count(header->version()));
switch ( header->version() ) {
case SNMPV1_TAG:
@ -132,10 +132,10 @@ zeek::RecordValPtr build_hdrV3(const Header* header)
v3->Assign(0, asn1_integer_to_val(global_data->id(), zeek::TYPE_COUNT));
v3->Assign(1, asn1_integer_to_val(global_data->max_size(), zeek::TYPE_COUNT));
v3->Assign(2, val_mgr->Count(flags_byte));
v3->Assign(3, val_mgr->Bool(flags_byte & 0x01));
v3->Assign(4, val_mgr->Bool(flags_byte & 0x02));
v3->Assign(5, val_mgr->Bool(flags_byte & 0x04));
v3->Assign(2, zeek::val_mgr->Count(flags_byte));
v3->Assign(3, zeek::val_mgr->Bool(flags_byte & 0x01));
v3->Assign(4, zeek::val_mgr->Bool(flags_byte & 0x02));
v3->Assign(5, zeek::val_mgr->Bool(flags_byte & 0x04));
v3->Assign(6, asn1_integer_to_val(global_data->security_model(), zeek::TYPE_COUNT));
v3->Assign(7, asn1_octet_string_to_val(v3hdr->security_parameters()));

10
src/analyzer/protocol/socks/socks-analyzer.pac
View file

@ -36,7 +36,7 @@ refine connection SOCKS_Conn += {
4,
${request.command},
std::move(sa),
val_mgr->Port(${request.port}, TRANSPORT_TCP),
zeek::val_mgr->Port(${request.port}, TRANSPORT_TCP),
array_to_string(${request.user}));
}
@ -58,7 +58,7 @@ refine connection SOCKS_Conn += {
4,
${reply.status},
std::move(sa),
val_mgr->Port(${reply.port}, TRANSPORT_TCP));
zeek::val_mgr->Port(${reply.port}, TRANSPORT_TCP));
}
bro_analyzer()->ProtocolConfirmation();
@ -112,8 +112,8 @@ refine connection SOCKS_Conn += {
5,
${request.command},
std::move(sa),
val_mgr->Port(${request.port}, TRANSPORT_TCP),
val_mgr->EmptyString());
zeek::val_mgr->Port(${request.port}, TRANSPORT_TCP),
zeek::val_mgr->EmptyString());
static_cast<analyzer::socks::SOCKS_Analyzer*>(bro_analyzer())->EndpointDone(true);
@ -152,7 +152,7 @@ refine connection SOCKS_Conn += {
5,
${reply.reply},
std::move(sa),
val_mgr->Port(${reply.port}, TRANSPORT_TCP));
zeek::val_mgr->Port(${reply.port}, TRANSPORT_TCP));
bro_analyzer()->ProtocolConfirmation();
static_cast<analyzer::socks::SOCKS_Analyzer*>(bro_analyzer())->EndpointDone(false);

2
src/analyzer/protocol/ssh/ssh-analyzer.pac
View file

@ -101,7 +101,7 @@ refine flow SSH_Flow += {
}
result->Assign(6, val_mgr->Bool(!${msg.is_orig}));
result->Assign(6, zeek::val_mgr->Bool(!${msg.is_orig}));
zeek::BifEvent::enqueue_ssh_capabilities(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), to_stringval(${msg.cookie}),

4
src/analyzer/protocol/ssl/proc-client-hello.pac
View file

@ -27,7 +27,7 @@
for ( unsigned int i = 0; i < cipher_suites.size(); ++i )
{
auto ciph = val_mgr->Count(cipher_suites[i]);
auto ciph = zeek::val_mgr->Count(cipher_suites[i]);
cipher_vec->Assign(i, ciph);
}
@ -37,7 +37,7 @@
{
for ( unsigned int i = 0; i < compression_methods->size(); ++i )
{
auto comp = val_mgr->Count((*compression_methods)[i]);
auto comp = zeek::val_mgr->Count((*compression_methods)[i]);
comp_vec->Assign(i, comp);
}
}

42
src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
View file

@ -80,7 +80,7 @@ refine connection Handshake_Conn += {
if ( point_format_list )
{
for ( unsigned int i = 0; i < point_format_list->size(); ++i )
points->Assign(i, val_mgr->Count((*point_format_list)[i]));
points->Assign(i, zeek::val_mgr->Count((*point_format_list)[i]));
}
zeek::BifEvent::enqueue_ssl_extension_ec_point_formats(bro_analyzer(), bro_analyzer()->Conn(),
@ -99,7 +99,7 @@ refine connection Handshake_Conn += {
if ( list )
{
for ( unsigned int i = 0; i < list->size(); ++i )
curves->Assign(i, val_mgr->Count((*list)[i]));
curves->Assign(i, zeek::val_mgr->Count((*list)[i]));
}
zeek::BifEvent::enqueue_ssl_extension_elliptic_curves(bro_analyzer(), bro_analyzer()->Conn(),
@ -118,7 +118,7 @@ refine connection Handshake_Conn += {
if ( keyshare )
{
for ( unsigned int i = 0; i < keyshare->size(); ++i )
nglist->Assign(i, val_mgr->Count((*keyshare)[i]->namedgroup()));
nglist->Assign(i, zeek::val_mgr->Count((*keyshare)[i]->namedgroup()));
}
zeek::BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
@ -133,7 +133,7 @@ refine connection Handshake_Conn += {
auto nglist = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
nglist->Assign(0u, val_mgr->Count(keyshare->namedgroup()));
nglist->Assign(0u, zeek::val_mgr->Count(keyshare->namedgroup()));
zeek::BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
return true;
%}
@ -145,7 +145,7 @@ refine connection Handshake_Conn += {
auto nglist = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
nglist->Assign(0u, val_mgr->Count(namedgroup));
nglist->Assign(0u, zeek::val_mgr->Count(namedgroup));
zeek::BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
return true;
%}
@ -162,8 +162,8 @@ refine connection Handshake_Conn += {
for ( unsigned int i = 0; i < supported_signature_algorithms->size(); ++i )
{
auto el = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
el->Assign(0, val_mgr->Count((*supported_signature_algorithms)[i]->HashAlgorithm()));
el->Assign(1, val_mgr->Count((*supported_signature_algorithms)[i]->SignatureAlgorithm()));
el->Assign(0, zeek::val_mgr->Count((*supported_signature_algorithms)[i]->HashAlgorithm()));
el->Assign(1, zeek::val_mgr->Count((*supported_signature_algorithms)[i]->SignatureAlgorithm()));
slist->Assign(i, std::move(el));
}
}
@ -231,7 +231,7 @@ refine connection Handshake_Conn += {
if ( versions_list )
{
for ( unsigned int i = 0; i < versions_list->size(); ++i )
versions->Assign(i, val_mgr->Count((*versions_list)[i]));
versions->Assign(i, zeek::val_mgr->Count((*versions_list)[i]));
}
zeek::BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
@ -246,7 +246,7 @@ refine connection Handshake_Conn += {
return true;
auto versions = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
versions->Assign(0u, val_mgr->Count(version));
versions->Assign(0u, zeek::val_mgr->Count(version));
zeek::BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
${rec.is_orig}, std::move(versions));
@ -264,7 +264,7 @@ refine connection Handshake_Conn += {
if ( mode_list )
{
for ( unsigned int i = 0; i < mode_list->size(); ++i )
modes->Assign(i, val_mgr->Count((*mode_list)[i]));
modes->Assign(i, zeek::val_mgr->Count((*mode_list)[i]));
}
zeek::BifEvent::enqueue_ssl_extension_psk_key_exchange_modes(bro_analyzer(), bro_analyzer()->Conn(),
@ -346,14 +346,14 @@ refine connection Handshake_Conn += {
if ( ${kex.signed_params.uses_signature_and_hashalgorithm} )
{
ha->Assign(0, val_mgr->Count(${kex.signed_params.algorithm.HashAlgorithm}));
ha->Assign(1, val_mgr->Count(${kex.signed_params.algorithm.SignatureAlgorithm}));
ha->Assign(0, zeek::val_mgr->Count(${kex.signed_params.algorithm.HashAlgorithm}));
ha->Assign(1, zeek::val_mgr->Count(${kex.signed_params.algorithm.SignatureAlgorithm}));
}
else
{
// set to impossible value
ha->Assign(0, val_mgr->Count(256));
ha->Assign(1, val_mgr->Count(256));
ha->Assign(0, zeek::val_mgr->Count(256));
ha->Assign(1, zeek::val_mgr->Count(256));
}
zeek::BifEvent::enqueue_ssl_server_signature(bro_analyzer(),
@ -415,8 +415,8 @@ refine connection Handshake_Conn += {
return true;
auto ha = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
ha->Assign(0, val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()));
ha->Assign(1, val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()));
ha->Assign(0, zeek::val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()));
ha->Assign(1, zeek::val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()));
zeek::BifEvent::enqueue_ssl_extension_signed_certificate_timestamp(bro_analyzer(),
bro_analyzer()->Conn(), ${rec.is_orig},
@ -446,14 +446,14 @@ refine connection Handshake_Conn += {
if ( ${signed_params.uses_signature_and_hashalgorithm} )
{
ha->Assign(0, val_mgr->Count(${signed_params.algorithm.HashAlgorithm}));
ha->Assign(1, val_mgr->Count(${signed_params.algorithm.SignatureAlgorithm}));
ha->Assign(0, zeek::val_mgr->Count(${signed_params.algorithm.HashAlgorithm}));
ha->Assign(1, zeek::val_mgr->Count(${signed_params.algorithm.SignatureAlgorithm}));
}
else
{
// set to impossible value
ha->Assign(0, val_mgr->Count(256));
ha->Assign(1, val_mgr->Count(256));
ha->Assign(0, zeek::val_mgr->Count(256));
ha->Assign(1, zeek::val_mgr->Count(256));
}
zeek::BifEvent::enqueue_ssl_server_signature(bro_analyzer(),
@ -500,7 +500,7 @@ refine connection Handshake_Conn += {
{
auto el = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SSL::PSKIdentity);
el->Assign(0, zeek::make_intrusive<zeek::StringVal>(identity->identity().length(), (const char*) identity->identity().data()));
el->Assign(1, val_mgr->Count(identity->obfuscated_ticket_age()));
el->Assign(1, zeek::val_mgr->Count(identity->obfuscated_ticket_age()));
slist->Assign(slist->Size(), std::move(el));
}
}

8
src/analyzer/protocol/stepping-stone/SteppingStone.cc
View file

@ -135,9 +135,9 @@ void SteppingStoneEndpoint::Event(EventHandlerPtr f, int id1, int id2)
return;
if ( id2 >= 0 )
endp->TCP()->EnqueueConnEvent(f, val_mgr->Int(id1), val_mgr->Int(id2));
endp->TCP()->EnqueueConnEvent(f, zeek::val_mgr->Int(id1), zeek::val_mgr->Int(id2));
else
endp->TCP()->EnqueueConnEvent(f, val_mgr->Int(id1));
endp->TCP()->EnqueueConnEvent(f, zeek::val_mgr->Int(id1));
}
void SteppingStoneEndpoint::CreateEndpEvent(bool is_orig)
@ -147,8 +147,8 @@ void SteppingStoneEndpoint::CreateEndpEvent(bool is_orig)
endp->TCP()->EnqueueConnEvent(stp_create_endp,
endp->TCP()->ConnVal(),
val_mgr->Int(stp_id),
val_mgr->Bool(is_orig)
zeek::val_mgr->Int(stp_id),
zeek::val_mgr->Bool(is_orig)
);
}

80
src/analyzer/protocol/tcp/TCP.cc
View file

@ -110,14 +110,14 @@ static zeek::RecordVal* build_syn_packet_val(bool is_orig, const IP_Hdr* ip,
static auto SYN_packet = zeek::id::find_type<zeek::RecordType>("SYN_packet");
auto* v = new zeek::RecordVal(SYN_packet);
v->Assign(0, val_mgr->Bool(is_orig));
v->Assign(1, val_mgr->Bool(int(ip->DF())));
v->Assign(2, val_mgr->Count((ip->TTL())));
v->Assign(3, val_mgr->Count((ip->TotalLen())));
v->Assign(4, val_mgr->Count(ntohs(tcp->th_win)));
v->Assign(5, val_mgr->Int(winscale));
v->Assign(6, val_mgr->Count(MSS));
v->Assign(7, val_mgr->Bool(SACK));
v->Assign(0, zeek::val_mgr->Bool(is_orig));
v->Assign(1, zeek::val_mgr->Bool(int(ip->DF())));
v->Assign(2, zeek::val_mgr->Count((ip->TTL())));
v->Assign(3, zeek::val_mgr->Count((ip->TotalLen())));
v->Assign(4, zeek::val_mgr->Count(ntohs(tcp->th_win)));
v->Assign(5, zeek::val_mgr->Int(winscale));
v->Assign(6, zeek::val_mgr->Count(MSS));
v->Assign(7, zeek::val_mgr->Bool(SACK));
return v;
}
@ -788,11 +788,11 @@ void TCP_Analyzer::GeneratePacketEvent(
{
EnqueueConnEvent(tcp_packet,
ConnVal(),
val_mgr->Bool(is_orig),
zeek::val_mgr->Bool(is_orig),
zeek::make_intrusive<zeek::StringVal>(flags.AsString()),
val_mgr->Count(rel_seq),
val_mgr->Count(flags.ACK() ? rel_ack : 0),
val_mgr->Count(len),
zeek::val_mgr->Count(rel_seq),
zeek::val_mgr->Count(flags.ACK() ? rel_ack : 0),
zeek::val_mgr->Count(len),
// We need the min() here because Ethernet padding can lead to
// caplen > len.
zeek::make_intrusive<zeek::StringVal>(std::min(caplen, len), (const char*) data)
@ -1290,10 +1290,10 @@ void TCP_Analyzer::UpdateConnVal(zeek::RecordVal *conn_val)
zeek::RecordVal* orig_endp_val = conn_val->GetField("orig")->AsRecordVal();
zeek::RecordVal* resp_endp_val = conn_val->GetField("resp")->AsRecordVal();
orig_endp_val->Assign(0, val_mgr->Count(orig->Size()));
orig_endp_val->Assign(1, val_mgr->Count(int(orig->state)));
resp_endp_val->Assign(0, val_mgr->Count(resp->Size()));
resp_endp_val->Assign(1, val_mgr->Count(int(resp->state)));
orig_endp_val->Assign(0, zeek::val_mgr->Count(orig->Size()));
orig_endp_val->Assign(1, zeek::val_mgr->Count(int(orig->state)));
resp_endp_val->Assign(0, zeek::val_mgr->Count(resp->Size()));
resp_endp_val->Assign(1, zeek::val_mgr->Count(int(resp->state)));
// Call children's UpdateConnVal
Analyzer::UpdateConnVal(conn_val);
@ -1348,9 +1348,9 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
auto length = kind < 2 ? 1 : o[1];
EnqueueConnEvent(tcp_option,
ConnVal(),
val_mgr->Bool(is_orig),
val_mgr->Count(kind),
val_mgr->Count(length)
zeek::val_mgr->Bool(is_orig),
zeek::val_mgr->Count(kind),
zeek::val_mgr->Count(length)
);
}
@ -1374,8 +1374,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
auto length = kind < 2 ? 1 : o[1];
auto option_record = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::TCP::Option);
option_list->Assign(option_list->Size(), option_record);
option_record->Assign(0, val_mgr->Count(kind));
option_record->Assign(1, val_mgr->Count(length));
option_record->Assign(0, zeek::val_mgr->Count(kind));
option_record->Assign(1, zeek::val_mgr->Count(length));
switch ( kind ) {
case 2:
@ -1383,7 +1383,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
if ( length == 4 )
{
auto mss = ntohs(*reinterpret_cast<const uint16_t*>(o + 2));
option_record->Assign(3, val_mgr->Count(mss));
option_record->Assign(3, zeek::val_mgr->Count(mss));
}
else
{
@ -1397,7 +1397,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
if ( length == 3 )
{
auto scale = o[2];
option_record->Assign(4, val_mgr->Count(scale));
option_record->Assign(4, zeek::val_mgr->Count(scale));
}
else
{
@ -1426,7 +1426,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
auto sack = zeek::make_intrusive<zeek::VectorVal>(std::move(vt));
for ( auto i = 0; i < num_pointers; ++i )
sack->Assign(sack->Size(), val_mgr->Count(ntohl(p[i])));
sack->Assign(sack->Size(), zeek::val_mgr->Count(ntohl(p[i])));
option_record->Assign(5, sack);
}
@ -1443,8 +1443,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
{
auto send = ntohl(*reinterpret_cast<const uint32_t*>(o + 2));
auto echo = ntohl(*reinterpret_cast<const uint32_t*>(o + 6));
option_record->Assign(6, val_mgr->Count(send));
option_record->Assign(7, val_mgr->Count(echo));
option_record->Assign(6, zeek::val_mgr->Count(send));
option_record->Assign(7, zeek::val_mgr->Count(echo));
}
else
{
@ -1461,7 +1461,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
EnqueueConnEvent(tcp_options,
ConnVal(),
val_mgr->Bool(is_orig),
zeek::val_mgr->Bool(is_orig),
std::move(option_list)
);
}
@ -1783,7 +1783,7 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp)
if ( connection_EOF )
EnqueueConnEvent(connection_EOF,
ConnVal(),
val_mgr->Bool(endp->IsOrig())
zeek::val_mgr->Bool(endp->IsOrig())
);
const analyzer_list& children(GetChildren());
@ -2063,11 +2063,11 @@ bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int capl
if ( tcp_rexmit )
endp->TCP()->EnqueueConnEvent(tcp_rexmit,
endp->TCP()->ConnVal(),
val_mgr->Bool(endp->IsOrig()),
val_mgr->Count(seq),
val_mgr->Count(len),
val_mgr->Count(data_in_flight),
val_mgr->Count(endp->peer->window)
zeek::val_mgr->Bool(endp->IsOrig()),
zeek::val_mgr->Count(seq),
zeek::val_mgr->Count(len),
zeek::val_mgr->Count(data_in_flight),
zeek::val_mgr->Count(endp->peer->window)
);
}
else
@ -2081,13 +2081,13 @@ zeek::RecordVal* TCPStats_Endpoint::BuildStats()
static auto endpoint_stats = zeek::id::find_type<zeek::RecordType>("endpoint_stats");
auto* stats = new zeek::RecordVal(endpoint_stats);
stats->Assign(0, val_mgr->Count(num_pkts));
stats->Assign(1, val_mgr->Count(num_rxmit));
stats->Assign(2, val_mgr->Count(num_rxmit_bytes));
stats->Assign(3, val_mgr->Count(num_in_order));
stats->Assign(4, val_mgr->Count(num_OO));
stats->Assign(5, val_mgr->Count(num_repl));
stats->Assign(6, val_mgr->Count(endian_type));
stats->Assign(0, zeek::val_mgr->Count(num_pkts));
stats->Assign(1, zeek::val_mgr->Count(num_rxmit));
stats->Assign(2, zeek::val_mgr->Count(num_rxmit_bytes));
stats->Assign(3, zeek::val_mgr->Count(num_in_order));
stats->Assign(4, zeek::val_mgr->Count(num_OO));
stats->Assign(5, zeek::val_mgr->Count(num_repl));
stats->Assign(6, zeek::val_mgr->Count(endian_type));
return stats;
}

2
src/analyzer/protocol/tcp/TCP_Endpoint.cc
View file

@ -239,7 +239,7 @@ bool TCP_Endpoint::DataSent(double t, uint64_t seq, int len, int caplen,
if ( contents_file_write_failure )
tcp_analyzer->EnqueueConnEvent(contents_file_write_failure,
Conn()->ConnVal(),
val_mgr->Bool(IsOrig()),
zeek::val_mgr->Bool(IsOrig()),
zeek::make_intrusive<zeek::StringVal>(buf)
);
}

16
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -43,7 +43,7 @@ TCP_Reassembler::TCP_Reassembler(analyzer::Analyzer* arg_dst_analyzer,
{
static auto tcp_content_delivery_ports_orig = zeek::id::find_val<zeek::TableVal>("tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp = zeek::id::find_val<zeek::TableVal>("tcp_content_delivery_ports_resp");
const auto& dst_port_val = val_mgr->Port(ntohs(tcp_analyzer->Conn()->RespPort()),
const auto& dst_port_val = zeek::val_mgr->Port(ntohs(tcp_analyzer->Conn()->RespPort()),
TRANSPORT_TCP);
const auto& ports = IsOrig() ?
tcp_content_delivery_ports_orig :
@ -148,9 +148,9 @@ void TCP_Reassembler::Gap(uint64_t seq, uint64_t len)
if ( report_gap(endp, endp->peer) )
dst_analyzer->EnqueueConnEvent(content_gap,
dst_analyzer->ConnVal(),
val_mgr->Bool(IsOrig()),
val_mgr->Count(seq),
val_mgr->Count(len)
zeek::val_mgr->Bool(IsOrig()),
zeek::val_mgr->Count(seq),
zeek::val_mgr->Count(len)
);
if ( type == Direct )
@ -358,7 +358,7 @@ void TCP_Reassembler::RecordBlock(const DataBlock& b, const BroFilePtr& f)
if ( contents_file_write_failure )
tcp_analyzer->EnqueueConnEvent(contents_file_write_failure,
Endpoint()->Conn()->ConnVal(),
val_mgr->Bool(IsOrig()),
zeek::val_mgr->Bool(IsOrig()),
zeek::make_intrusive<zeek::StringVal>("TCP reassembler content write failure")
);
}
@ -373,7 +373,7 @@ void TCP_Reassembler::RecordGap(uint64_t start_seq, uint64_t upper_seq, const Br
if ( contents_file_write_failure )
tcp_analyzer->EnqueueConnEvent(contents_file_write_failure,
Endpoint()->Conn()->ConnVal(),
val_mgr->Bool(IsOrig()),
zeek::val_mgr->Bool(IsOrig()),
zeek::make_intrusive<zeek::StringVal>("TCP reassembler gap write failure")
);
}
@ -609,8 +609,8 @@ void TCP_Reassembler::DeliverBlock(uint64_t seq, int len, const u_char* data)
if ( deliver_tcp_contents )
tcp_analyzer->EnqueueConnEvent(tcp_contents,
tcp_analyzer->ConnVal(),
val_mgr->Bool(IsOrig()),
val_mgr->Count(seq),
zeek::val_mgr->Bool(IsOrig()),
zeek::val_mgr->Count(seq),
zeek::make_intrusive<zeek::StringVal>(len, (const char*) data)
);

20
src/analyzer/protocol/tcp/functions.bif
View file

@ -20,18 +20,18 @@ function get_orig_seq%(cid: conn_id%): count
%{
Connection* c = sessions->FindConnection(cid);
if ( ! c )
return val_mgr->Count(0);
return zeek::val_mgr->Count(0);
if ( c->ConnTransport() != TRANSPORT_TCP )
return val_mgr->Count(0);
return zeek::val_mgr->Count(0);
analyzer::Analyzer* tc = c->FindAnalyzer("TCP");
if ( tc )
return val_mgr->Count(static_cast<analyzer::tcp::TCP_Analyzer*>(tc)->OrigSeq());
return zeek::val_mgr->Count(static_cast<analyzer::tcp::TCP_Analyzer*>(tc)->OrigSeq());
else
{
reporter->Error("connection does not have TCP analyzer");
return val_mgr->Count(0);
return zeek::val_mgr->Count(0);
}
%}
@ -49,18 +49,18 @@ function get_resp_seq%(cid: conn_id%): count
%{
Connection* c = sessions->FindConnection(cid);
if ( ! c )
return val_mgr->Count(0);
return zeek::val_mgr->Count(0);
if ( c->ConnTransport() != TRANSPORT_TCP )
return val_mgr->Count(0);
return zeek::val_mgr->Count(0);
analyzer::Analyzer* tc = c->FindAnalyzer("TCP");
if ( tc )
return val_mgr->Count(static_cast<analyzer::tcp::TCP_Analyzer*>(tc)->RespSeq());
return zeek::val_mgr->Count(static_cast<analyzer::tcp::TCP_Analyzer*>(tc)->RespSeq());
else
{
reporter->Error("connection does not have TCP analyzer");
return val_mgr->Count(0);
return zeek::val_mgr->Count(0);
}
%}
@ -99,10 +99,10 @@ function set_contents_file%(cid: conn_id, direction: count, f: file%): bool
%{
Connection* c = sessions->FindConnection(cid);
if ( ! c )
return val_mgr->False();
return zeek::val_mgr->False();
c->GetRootAnalyzer()->SetContentsFile(direction, {zeek::NewRef{}, f});
return val_mgr->True();
return zeek::val_mgr->True();
%}
## Returns the file handle of the contents file of a connection.

6
src/analyzer/protocol/teredo/Teredo.cc
View file

@ -115,8 +115,8 @@ zeek::RecordValPtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
new zeek::BroString(auth + 4, id_len, true)));
teredo_auth->Assign(1, zeek::make_intrusive<zeek::StringVal>(
new zeek::BroString(auth + 4 + id_len, au_len, true)));
teredo_auth->Assign(2, val_mgr->Count(nonce));
teredo_auth->Assign(3, val_mgr->Count(conf));
teredo_auth->Assign(2, zeek::val_mgr->Count(nonce));
teredo_auth->Assign(3, zeek::val_mgr->Count(conf));
teredo_hdr->Assign(0, std::move(teredo_auth));
}
@ -125,7 +125,7 @@ zeek::RecordValPtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
auto teredo_origin = zeek::make_intrusive<zeek::RecordVal>(teredo_origin_type);
uint16_t port = ntohs(*((uint16_t*)(origin_indication + 2))) ^ 0xFFFF;
uint32_t addr = ntohl(*((uint32_t*)(origin_indication + 4))) ^ 0xFFFFFFFF;
teredo_origin->Assign(0, val_mgr->Port(port, TRANSPORT_UDP));
teredo_origin->Assign(0, zeek::val_mgr->Port(port, TRANSPORT_UDP));
teredo_origin->Assign(1, zeek::make_intrusive<zeek::AddrVal>(htonl(addr)));
teredo_hdr->Assign(1, std::move(teredo_origin));
}

16
src/analyzer/protocol/udp/UDP.cc
View file

@ -138,8 +138,8 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
static auto udp_content_delivery_ports_orig = zeek::id::find_val<zeek::TableVal>("udp_content_delivery_ports_orig");
static auto udp_content_delivery_ports_resp = zeek::id::find_val<zeek::TableVal>("udp_content_delivery_ports_resp");
bool do_udp_contents = false;
const auto& sport_val = val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP);
const auto& dport_val = val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP);
const auto& sport_val = zeek::val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP);
const auto& dport_val = zeek::val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP);
if ( udp_content_ports->FindOrDefault(dport_val) ||
udp_content_ports->FindOrDefault(sport_val) )
@ -148,7 +148,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
{
uint16_t p = udp_content_delivery_ports_use_resp ? Conn()->RespPort()
: up->uh_dport;
const auto& port_val = val_mgr->Port(ntohs(p), TRANSPORT_UDP);
const auto& port_val = zeek::val_mgr->Port(ntohs(p), TRANSPORT_UDP);
if ( is_orig )
{
@ -169,7 +169,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
if ( do_udp_contents )
EnqueueConnEvent(udp_contents,
ConnVal(),
val_mgr->Bool(is_orig),
zeek::val_mgr->Bool(is_orig),
zeek::make_intrusive<zeek::StringVal>(len, (const char*) data));
}
@ -230,14 +230,14 @@ void UDP_Analyzer::UpdateEndpointVal(zeek::RecordVal* endp, bool is_orig)
bro_int_t size = is_orig ? request_len : reply_len;
if ( size < 0 )
{
endp->Assign(0, val_mgr->Count(0));
endp->Assign(1, val_mgr->Count(int(UDP_INACTIVE)));
endp->Assign(0, zeek::val_mgr->Count(0));
endp->Assign(1, zeek::val_mgr->Count(int(UDP_INACTIVE)));
}
else
{
endp->Assign(0, val_mgr->Count(size));
endp->Assign(1, val_mgr->Count(int(UDP_ACTIVE)));
endp->Assign(0, zeek::val_mgr->Count(size));
endp->Assign(1, zeek::val_mgr->Count(int(UDP_ACTIVE)));
}
}

2
src/analyzer/protocol/vxlan/VXLAN.cc
View file

@ -102,7 +102,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
if ( vxlan_packet )
Conn()->EnqueueEvent(vxlan_packet, nullptr, ConnVal(),
inner->ToPktHdrVal(), val_mgr->Count(vni));
inner->ToPktHdrVal(), zeek::val_mgr->Count(vni));
EncapsulatingConn ec(Conn(), BifEnum::Tunnel::VXLAN);
sessions->DoNextInnerPacket(network_time, &pkt, inner, estack, ec);

10
src/broker/Data.cc
View file

@ -85,23 +85,23 @@ struct val_converter {
result_type operator()(bool a)
{
if ( type->Tag() == zeek::TYPE_BOOL )
return val_mgr->Bool(a);
return zeek::val_mgr->Bool(a);
return nullptr;
}
result_type operator()(uint64_t a)
{
if ( type->Tag() == zeek::TYPE_COUNT )
return val_mgr->Count(a);
return zeek::val_mgr->Count(a);
if ( type->Tag() == zeek::TYPE_COUNTER )
return val_mgr->Count(a);
return zeek::val_mgr->Count(a);
return nullptr;
}
result_type operator()(int64_t a)
{
if ( type->Tag() == zeek::TYPE_INT )
return val_mgr->Int(a);
return zeek::val_mgr->Int(a);
return nullptr;
}
@ -156,7 +156,7 @@ struct val_converter {
result_type operator()(broker::port& a)
{
if ( type->Tag() == zeek::TYPE_PORT )
return val_mgr->Port(a.number(), bro_broker::to_bro_port_proto(a.type()));
return zeek::val_mgr->Port(a.number(), bro_broker::to_bro_port_proto(a.type()));
return nullptr;
}

4
src/broker/Manager.cc
View file

@ -1259,14 +1259,14 @@ void Manager::ProcessStatus(broker::status stat)
if ( ctx->network )
{
network_info->Assign(0, zeek::make_intrusive<zeek::StringVal>(ctx->network->address.data()));
network_info->Assign(1, val_mgr->Port(ctx->network->port, TRANSPORT_TCP));
network_info->Assign(1, zeek::val_mgr->Port(ctx->network->port, TRANSPORT_TCP));
}
else
{
// TODO: are there any status messages where the ctx->network
// is not set and actually could be?
network_info->Assign(0, zeek::make_intrusive<zeek::StringVal>("<unknown>"));
network_info->Assign(1, val_mgr->Port(0, TRANSPORT_TCP));
network_info->Assign(1, zeek::val_mgr->Port(0, TRANSPORT_TCP));
}
endpoint_info->Assign(1, std::move(network_info));

16
src/broker/comm.bif
View file

@ -56,11 +56,11 @@ function Broker::__listen%(a: string, p: port%): port
if ( ! p->IsTCP() )
{
zeek::emit_builtin_error("listen port must use tcp");
return val_mgr->Port(0, TRANSPORT_UNKNOWN);
return zeek::val_mgr->Port(0, TRANSPORT_UNKNOWN);
}
auto rval = broker_mgr->Listen(a->Len() ? a->CheckString() : "", p->Port());
return val_mgr->Port(rval, TRANSPORT_TCP);
return zeek::val_mgr->Port(rval, TRANSPORT_TCP);
%}
function Broker::__peer%(a: string, p: port, retry: interval%): bool
@ -70,11 +70,11 @@ function Broker::__peer%(a: string, p: port, retry: interval%): bool
if ( ! p->IsTCP() )
{
zeek::emit_builtin_error("remote connection port must use tcp");
return val_mgr->False();
return zeek::val_mgr->False();
}
broker_mgr->Peer(a->CheckString(), p->Port(), retry);
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__unpeer%(a: string, p: port%): bool
@ -84,11 +84,11 @@ function Broker::__unpeer%(a: string, p: port%): bool
if ( ! p->IsTCP() )
{
zeek::emit_builtin_error("remote connection port must use tcp");
return val_mgr->False();
return zeek::val_mgr->False();
}
broker_mgr->Unpeer(a->CheckString(), p->Port());
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__peers%(%): PeerInfos
@ -110,12 +110,12 @@ function Broker::__peers%(%): PeerInfos
if ( n )
{
network_info->Assign(0, zeek::make_intrusive<zeek::AddrVal>(IPAddr(n->address)));
network_info->Assign(1, val_mgr->Port(n->port, TRANSPORT_TCP));
network_info->Assign(1, zeek::val_mgr->Port(n->port, TRANSPORT_TCP));
}
else
{
network_info->Assign(0, zeek::make_intrusive<zeek::AddrVal>("0.0.0.0"));
network_info->Assign(1, val_mgr->Port(0, TRANSPORT_TCP));
network_info->Assign(1, zeek::val_mgr->Port(0, TRANSPORT_TCP));
}
endpoint_info->Assign(0, zeek::make_intrusive<zeek::StringVal>(to_string(p.peer.node)));

68
src/broker/data.bif
View file

@ -49,7 +49,7 @@ function Broker::__opaque_clone_through_serialization%(d: any%): any
if ( ! x )
{
zeek::emit_builtin_error("cannot serialize object to clone");
return val_mgr->False();
return zeek::val_mgr->False();
}
return OpaqueVal::Unserialize(std::move(*x));
@ -65,14 +65,14 @@ function Broker::__set_clear%(s: Broker::Data%): bool
auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(),
zeek::TYPE_TABLE, frame);
v.clear();
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__set_size%(s: Broker::Data%): count
%{
auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(),
zeek::TYPE_TABLE, frame);
return val_mgr->Count(static_cast<uint64_t>(v.size()));
return zeek::val_mgr->Count(static_cast<uint64_t>(v.size()));
%}
function Broker::__set_contains%(s: Broker::Data, key: any%): bool
@ -84,10 +84,10 @@ function Broker::__set_contains%(s: Broker::Data, key: any%): bool
if ( ! k )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
return val_mgr->Bool(v.find(*k) != v.end());
return zeek::val_mgr->Bool(v.find(*k) != v.end());
%}
function Broker::__set_insert%(s: Broker::Data, key: any%): bool
@ -100,10 +100,10 @@ function Broker::__set_insert%(s: Broker::Data, key: any%): bool
if ( ! k )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
return val_mgr->Bool(v.insert(std::move(*k)).second);
return zeek::val_mgr->Bool(v.insert(std::move(*k)).second);
%}
function Broker::__set_remove%(s: Broker::Data, key: any%): bool
@ -115,10 +115,10 @@ function Broker::__set_remove%(s: Broker::Data, key: any%): bool
if ( ! k )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
return val_mgr->Bool(v.erase(*k) > 0);
return zeek::val_mgr->Bool(v.erase(*k) > 0);
%}
function Broker::__set_iterator%(s: Broker::Data%): opaque of Broker::SetIterator
@ -129,7 +129,7 @@ function Broker::__set_iterator%(s: Broker::Data%): opaque of Broker::SetIterato
function Broker::__set_iterator_last%(it: opaque of Broker::SetIterator%): bool
%{
auto set_it = static_cast<bro_broker::SetIterator*>(it);
return val_mgr->Bool(set_it->it == set_it->dat.end());
return zeek::val_mgr->Bool(set_it->it == set_it->dat.end());
%}
function Broker::__set_iterator_next%(it: opaque of Broker::SetIterator%): bool
@ -137,10 +137,10 @@ function Broker::__set_iterator_next%(it: opaque of Broker::SetIterator%): bool
auto set_it = static_cast<bro_broker::SetIterator*>(it);
if ( set_it->it == set_it->dat.end() )
return val_mgr->False();
return zeek::val_mgr->False();
++set_it->it;
return val_mgr->Bool(set_it->it != set_it->dat.end());
return zeek::val_mgr->Bool(set_it->it != set_it->dat.end());
%}
function Broker::__set_iterator_value%(it: opaque of Broker::SetIterator%): Broker::Data
@ -168,14 +168,14 @@ function Broker::__table_clear%(t: Broker::Data%): bool
auto& v = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
zeek::TYPE_TABLE, frame);
v.clear();
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__table_size%(t: Broker::Data%): count
%{
auto& v = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
zeek::TYPE_TABLE, frame);
return val_mgr->Count(static_cast<uint64_t>(v.size()));
return zeek::val_mgr->Count(static_cast<uint64_t>(v.size()));
%}
function Broker::__table_contains%(t: Broker::Data, key: any%): bool
@ -188,10 +188,10 @@ function Broker::__table_contains%(t: Broker::Data, key: any%): bool
if ( ! k )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
return val_mgr->Bool(v.find(*k) != v.end());
return zeek::val_mgr->Bool(v.find(*k) != v.end());
%}
function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker::Data
@ -283,7 +283,7 @@ function Broker::__table_iterator%(t: Broker::Data%): opaque of Broker::TableIte
function Broker::__table_iterator_last%(it: opaque of Broker::TableIterator%): bool
%{
auto ti = static_cast<bro_broker::TableIterator*>(it);
return val_mgr->Bool(ti->it == ti->dat.end());
return zeek::val_mgr->Bool(ti->it == ti->dat.end());
%}
function Broker::__table_iterator_next%(it: opaque of Broker::TableIterator%): bool
@ -291,10 +291,10 @@ function Broker::__table_iterator_next%(it: opaque of Broker::TableIterator%): b
auto ti = static_cast<bro_broker::TableIterator*>(it);
if ( ti->it == ti->dat.end() )
return val_mgr->False();
return zeek::val_mgr->False();
++ti->it;
return val_mgr->Bool(ti->it != ti->dat.end());
return zeek::val_mgr->Bool(ti->it != ti->dat.end());
%}
function Broker::__table_iterator_value%(it: opaque of Broker::TableIterator%): Broker::TableItem
@ -327,14 +327,14 @@ function Broker::__vector_clear%(v: Broker::Data%): bool
auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
zeek::TYPE_VECTOR, frame);
vec.clear();
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__vector_size%(v: Broker::Data%): count
%{
auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
zeek::TYPE_VECTOR, frame);
return val_mgr->Count(static_cast<uint64_t>(vec.size()));
return zeek::val_mgr->Count(static_cast<uint64_t>(vec.size()));
%}
function Broker::__vector_insert%(v: Broker::Data, idx:count, d: any%): bool
@ -346,12 +346,12 @@ function Broker::__vector_insert%(v: Broker::Data, idx:count, d: any%): bool
if ( ! item )
{
zeek::emit_builtin_error("invalid Broker data conversion for item argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
idx = min(idx, static_cast<uint64_t>(vec.size()));
vec.insert(vec.begin() + idx, std::move(*item));
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__vector_replace%(v: Broker::Data, idx: count, d: any%): Broker::Data
@ -363,7 +363,7 @@ function Broker::__vector_replace%(v: Broker::Data, idx: count, d: any%): Broker
if ( ! item )
{
zeek::emit_builtin_error("invalid Broker data conversion for item argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
if ( idx >= vec.size() )
@ -406,7 +406,7 @@ function Broker::__vector_iterator%(v: Broker::Data%): opaque of Broker::VectorI
function Broker::__vector_iterator_last%(it: opaque of Broker::VectorIterator%): bool
%{
auto vi = static_cast<bro_broker::VectorIterator*>(it);
return val_mgr->Bool(vi->it == vi->dat.end());
return zeek::val_mgr->Bool(vi->it == vi->dat.end());
%}
function Broker::__vector_iterator_next%(it: opaque of Broker::VectorIterator%): bool
@ -414,10 +414,10 @@ function Broker::__vector_iterator_next%(it: opaque of Broker::VectorIterator%):
auto vi = static_cast<bro_broker::VectorIterator*>(it);
if ( vi->it == vi->dat.end() )
return val_mgr->False();
return zeek::val_mgr->False();
++vi->it;
return val_mgr->Bool(vi->it != vi->dat.end());
return zeek::val_mgr->Bool(vi->it != vi->dat.end());
%}
function Broker::__vector_iterator_value%(it: opaque of Broker::VectorIterator%): Broker::Data
@ -444,7 +444,7 @@ function Broker::__record_size%(r: Broker::Data%): count
%{
auto& v = bro_broker::require_data_type<broker::vector>(r->AsRecordVal(),
zeek::TYPE_RECORD, frame);
return val_mgr->Count(static_cast<uint64_t>(v.size()));
return zeek::val_mgr->Count(static_cast<uint64_t>(v.size()));
%}
function Broker::__record_assign%(r: Broker::Data, idx: count, d: any%): bool
@ -452,18 +452,18 @@ function Broker::__record_assign%(r: Broker::Data, idx: count, d: any%): bool
auto& v = bro_broker::require_data_type<broker::vector>(r->AsRecordVal(),
zeek::TYPE_RECORD, frame);
if ( idx >= v.size() )
return val_mgr->False();
return zeek::val_mgr->False();
auto item = bro_broker::val_to_data(d);
if ( ! item )
{
zeek::emit_builtin_error("invalid Broker data conversion for item argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
v[idx] = std::move(*item);
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__record_lookup%(r: Broker::Data, idx: count%): Broker::Data
@ -485,7 +485,7 @@ function Broker::__record_iterator%(r: Broker::Data%): opaque of Broker::RecordI
function Broker::__record_iterator_last%(it: opaque of Broker::RecordIterator%): bool
%{
auto ri = static_cast<bro_broker::RecordIterator*>(it);
return val_mgr->Bool(ri->it == ri->dat.end());
return zeek::val_mgr->Bool(ri->it == ri->dat.end());
%}
function Broker::__record_iterator_next%(it: opaque of Broker::RecordIterator%): bool
@ -493,10 +493,10 @@ function Broker::__record_iterator_next%(it: opaque of Broker::RecordIterator%):
auto ri = static_cast<bro_broker::RecordIterator*>(it);
if ( ri->it == ri->dat.end() )
return val_mgr->False();
return zeek::val_mgr->False();
++ri->it;
return val_mgr->Bool(ri->it != ri->dat.end());
return zeek::val_mgr->Bool(ri->it != ri->dat.end());
%}
function Broker::__record_iterator_value%(it: opaque of Broker::RecordIterator%): Broker::Data

24
src/broker/messaging.bif
View file

@ -110,13 +110,13 @@ function Broker::publish%(topic: string, ...%): bool
args.push_back((*bif_args)[i].get());
auto rval = publish_event_args(args, topic->AsString(), frame);
return val_mgr->Bool(rval);
return zeek::val_mgr->Bool(rval);
%}
function Broker::__flush_logs%(%): count
%{
auto rval = broker_mgr->FlushLogBuffers();
return val_mgr->Count(static_cast<uint64_t>(rval));
return zeek::val_mgr->Count(static_cast<uint64_t>(rval));
%}
function Broker::__publish_id%(topic: string, id: string%): bool
@ -124,42 +124,42 @@ function Broker::__publish_id%(topic: string, id: string%): bool
bro_broker::Manager::ScriptScopeGuard ssg;
auto rval = broker_mgr->PublishIdentifier(topic->CheckString(),
id->CheckString());
return val_mgr->Bool(rval);
return zeek::val_mgr->Bool(rval);
%}
function Broker::__auto_publish%(topic: string, ev: any%): bool
%{
bro_broker::Manager::ScriptScopeGuard ssg;
auto rval = broker_mgr->AutoPublishEvent(topic->CheckString(), ev);
return val_mgr->Bool(rval);
return zeek::val_mgr->Bool(rval);
%}
function Broker::__auto_unpublish%(topic: string, ev: any%): bool
%{
bro_broker::Manager::ScriptScopeGuard ssg;
auto rval = broker_mgr->AutoUnpublishEvent(topic->CheckString(), ev);
return val_mgr->Bool(rval);
return zeek::val_mgr->Bool(rval);
%}
function Broker::__subscribe%(topic_prefix: string%): bool
%{
bro_broker::Manager::ScriptScopeGuard ssg;
auto rval = broker_mgr->Subscribe(topic_prefix->CheckString());
return val_mgr->Bool(rval);
return zeek::val_mgr->Bool(rval);
%}
function Broker::__forward%(topic_prefix: string%): bool
%{
bro_broker::Manager::ScriptScopeGuard ssg;
auto rval = broker_mgr->Forward(topic_prefix->CheckString());
return val_mgr->Bool(rval);
return zeek::val_mgr->Bool(rval);
%}
function Broker::__unsubscribe%(topic_prefix: string%): bool
%{
bro_broker::Manager::ScriptScopeGuard ssg;
auto rval = broker_mgr->Unsubscribe(topic_prefix->CheckString());
return val_mgr->Bool(rval);
return zeek::val_mgr->Bool(rval);
%}
module Cluster;
@ -191,7 +191,7 @@ function Cluster::publish_rr%(pool: Pool, key: string, ...%): bool
auto topic = topic_func->Invoke(&vl);
if ( ! topic->AsString()->Len() )
return val_mgr->False();
return zeek::val_mgr->False();
const auto& bif_args = @ARGS@;
val_list args(bif_args->size() - 2);
@ -200,7 +200,7 @@ function Cluster::publish_rr%(pool: Pool, key: string, ...%): bool
args.push_back((*bif_args)[i].get());
auto rval = publish_event_args(args, topic->AsString(), frame);
return val_mgr->Bool(rval);
return zeek::val_mgr->Bool(rval);
%}
@ -228,7 +228,7 @@ function Cluster::publish_hrw%(pool: Pool, key: any, ...%): bool
auto topic = topic_func->Invoke(&vl);
if ( ! topic->AsString()->Len() )
return val_mgr->False();
return zeek::val_mgr->False();
const auto& bif_args = @ARGS@;
val_list args(bif_args->size() - 2);
@ -237,5 +237,5 @@ function Cluster::publish_hrw%(pool: Pool, key: any, ...%): bool
args.push_back((*bif_args)[i].get());
auto rval = publish_event_args(args, topic->AsString(), frame);
return val_mgr->Bool(rval);
return zeek::val_mgr->Bool(rval);
%}

102
src/broker/store.bif
View file

@ -91,11 +91,11 @@ function Broker::__is_closed%(h: opaque of Broker::Store%): bool
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
return val_mgr->Bool(broker_mgr->LookupStore(handle->store.name()));
return zeek::val_mgr->Bool(broker_mgr->LookupStore(handle->store.name()));
%}
function Broker::__close%(h: opaque of Broker::Store%): bool
@ -105,11 +105,11 @@ function Broker::__close%(h: opaque of Broker::Store%): bool
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
return val_mgr->Bool(broker_mgr->CloseStore(handle->store.name()));
return zeek::val_mgr->Bool(broker_mgr->CloseStore(handle->store.name()));
%}
function Broker::__store_name%(h: opaque of Broker::Store%): string
@ -117,7 +117,7 @@ function Broker::__store_name%(h: opaque of Broker::Store%): string
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->EmptyString();
return zeek::val_mgr->EmptyString();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -130,7 +130,7 @@ function Broker::__exists%(h: opaque of Broker::Store,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -175,7 +175,7 @@ function Broker::__get%(h: opaque of Broker::Store,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -220,7 +220,7 @@ function Broker::__put_unique%(h: opaque of Broker::Store,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -274,7 +274,7 @@ function Broker::__get_index_from_value%(h: opaque of Broker::Store,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -327,7 +327,7 @@ function Broker::__keys%(h: opaque of Broker::Store%): Broker::QueryResult
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -365,7 +365,7 @@ function Broker::__put%(h: opaque of Broker::Store,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -375,17 +375,17 @@ function Broker::__put%(h: opaque of Broker::Store,
if ( ! key )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
if ( ! val )
{
zeek::emit_builtin_error("invalid Broker data conversion for value argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
handle->store.put(std::move(*key), std::move(*val), prepare_expiry(e));
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool
@ -393,7 +393,7 @@ function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -402,11 +402,11 @@ function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool
if ( ! key )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
handle->store.erase(std::move(*key));
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any,
@ -415,7 +415,7 @@ function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -425,18 +425,18 @@ function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any,
if ( ! key )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
if ( ! amount )
{
zeek::emit_builtin_error("invalid Broker data conversion for amount argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
handle->store.increment(std::move(*key), std::move(*amount),
prepare_expiry(e));
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any,
@ -445,7 +445,7 @@ function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -455,17 +455,17 @@ function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any,
if ( ! key )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
if ( ! amount )
{
zeek::emit_builtin_error("invalid Broker data conversion for amount argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
handle->store.decrement(std::move(*key), std::move(*amount), prepare_expiry(e));
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__append%(h: opaque of Broker::Store, k: any, s: any,
@ -474,7 +474,7 @@ function Broker::__append%(h: opaque of Broker::Store, k: any, s: any,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -484,17 +484,17 @@ function Broker::__append%(h: opaque of Broker::Store, k: any, s: any,
if ( ! key )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
if ( ! str )
{
zeek::emit_builtin_error("invalid Broker data conversion for str argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
handle->store.append(std::move(*key), std::move(*str), prepare_expiry(e));
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any,
@ -503,7 +503,7 @@ function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -513,18 +513,18 @@ function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any,
if ( ! key )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
if ( ! idx )
{
zeek::emit_builtin_error("invalid Broker data conversion for index argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
handle->store.insert_into(std::move(*key), std::move(*idx),
prepare_expiry(e));
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any,
@ -533,7 +533,7 @@ function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -544,24 +544,24 @@ function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any,
if ( ! key )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
if ( ! idx )
{
zeek::emit_builtin_error("invalid Broker data conversion for index argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
if ( ! val )
{
zeek::emit_builtin_error("invalid Broker data conversion for value argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
handle->store.insert_into(std::move(*key), std::move(*idx),
std::move(*val), prepare_expiry(e));
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any,
@ -570,7 +570,7 @@ function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -580,18 +580,18 @@ function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any,
if ( ! key )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
if ( ! idx )
{
zeek::emit_builtin_error("invalid Broker data conversion for index argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
handle->store.remove_from(std::move(*key), std::move(*idx),
prepare_expiry(e));
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__push%(h: opaque of Broker::Store, k: any, v: any,
@ -600,7 +600,7 @@ function Broker::__push%(h: opaque of Broker::Store, k: any, v: any,
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -610,17 +610,17 @@ function Broker::__push%(h: opaque of Broker::Store, k: any, v: any,
if ( ! key )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
if ( ! val )
{
zeek::emit_builtin_error("invalid Broker data conversion for value argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
handle->store.push(std::move(*key), std::move(*val), prepare_expiry(e));
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool
@ -628,7 +628,7 @@ function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
@ -637,11 +637,11 @@ function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool
if ( ! key )
{
zeek::emit_builtin_error("invalid Broker data conversion for key argument");
return val_mgr->False();
return zeek::val_mgr->False();
}
handle->store.pop(std::move(*key), prepare_expiry(e));
return val_mgr->True();
return zeek::val_mgr->True();
%}
function Broker::__clear%(h: opaque of Broker::Store%): bool
@ -649,11 +649,11 @@ function Broker::__clear%(h: opaque of Broker::Store%): bool
if ( ! h )
{
zeek::emit_builtin_error("invalid Broker store handle");
return val_mgr->False();
return zeek::val_mgr->False();
}
auto handle = static_cast<bro_broker::StoreHandleVal*>(h);
handle->store.clear();
return val_mgr->True();
return zeek::val_mgr->True();
%}

Some files were not shown because too many files have changed in this diff Show more