diff --git a/src/Conn.cc b/src/Conn.cc index 46d057a268..36d45dd3b2 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -286,7 +286,7 @@ analyzer::Analyzer* Connection::FindAnalyzer(analyzer::ID id) return adapter ? adapter->FindChild(id) : nullptr; } -analyzer::Analyzer* Connection::FindAnalyzer(const analyzer::Tag& tag) +analyzer::Analyzer* Connection::FindAnalyzer(const zeek::Tag& tag) { return adapter ? adapter->FindChild(tag) : nullptr; } diff --git a/src/Conn.h b/src/Conn.h index 4ce9c51a4c..960df18129 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -11,12 +11,12 @@ #include "zeek/IPAddr.h" #include "zeek/IntrusivePtr.h" #include "zeek/Rule.h" +#include "zeek/Tag.h" #include "zeek/Timer.h" #include "zeek/UID.h" #include "zeek/WeirdState.h" #include "zeek/ZeekArgs.h" #include "zeek/analyzer/Analyzer.h" -#include "zeek/analyzer/Tag.h" #include "zeek/iosource/Packet.h" #include "zeek/session/Session.h" @@ -136,7 +136,7 @@ public: void FlipRoles(); analyzer::Analyzer* FindAnalyzer(analyzer::ID id); - analyzer::Analyzer* FindAnalyzer(const analyzer::Tag& tag); // find first in tree. + analyzer::Analyzer* FindAnalyzer(const zeek::Tag& tag); // find first in tree. analyzer::Analyzer* FindAnalyzer(const char* name); // find first in tree. TransportProto ConnTransport() const { return proto; } diff --git a/src/RuleAction.cc b/src/RuleAction.cc index 32feb824e8..fc3e57adcc 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -67,7 +67,7 @@ RuleActionAnalyzer::RuleActionAnalyzer(const char* arg_analyzer) reporter->Warning("unknown analyzer '%s' specified in rule", arg.c_str()); } else - child_analyzer = analyzer::Tag(); + child_analyzer = zeek::Tag(); } void RuleActionAnalyzer::PrintDebug() diff --git a/src/RuleAction.h b/src/RuleAction.h index c280a6bc5d..c9d1b45db8 100644 --- a/src/RuleAction.h +++ b/src/RuleAction.h @@ -73,12 +73,12 @@ public: void PrintDebug() override; - analyzer::Tag Analyzer() const { return analyzer; } - analyzer::Tag ChildAnalyzer() const { return child_analyzer; } + zeek::Tag Analyzer() const { return analyzer; } + zeek::Tag ChildAnalyzer() const { return child_analyzer; } private: - analyzer::Tag analyzer; - analyzer::Tag child_analyzer; + zeek::Tag analyzer; + zeek::Tag child_analyzer; }; class RuleActionEnable : public RuleActionAnalyzer diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index 61c8a0b3bf..2a98ac0b72 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -75,7 +75,7 @@ const char* Analyzer::GetAnalyzerName() const return analyzer_mgr->GetComponentName(tag).c_str(); } -void Analyzer::SetAnalyzerTag(const Tag& arg_tag) +void Analyzer::SetAnalyzerTag(const zeek::Tag& arg_tag) { assert(! tag || tag == arg_tag); tag = arg_tag; @@ -89,7 +89,7 @@ bool Analyzer::IsAnalyzer(const char* name) Analyzer::Analyzer(const char* name, Connection* conn) { - Tag tag = analyzer_mgr->GetComponentTag(name); + zeek::Tag tag = analyzer_mgr->GetComponentTag(name); if ( ! tag ) reporter->InternalError("unknown analyzer name %s; mismatch with tag analyzer::Component?", @@ -98,17 +98,17 @@ Analyzer::Analyzer(const char* name, Connection* conn) CtorInit(tag, conn); } -Analyzer::Analyzer(const Tag& tag, Connection* conn) +Analyzer::Analyzer(const zeek::Tag& tag, Connection* conn) { CtorInit(tag, conn); } Analyzer::Analyzer(Connection* conn) { - CtorInit(Tag(), conn); + CtorInit(zeek::Tag(), conn); } -void Analyzer::CtorInit(const Tag& arg_tag, Connection* arg_conn) +void Analyzer::CtorInit(const zeek::Tag& arg_tag, Connection* arg_conn) { // Don't Ref conn here to avoid circular ref'ing. It can't be deleted // before us. @@ -411,7 +411,7 @@ bool Analyzer::AddChildAnalyzer(Analyzer* analyzer, bool init) return true; } -Analyzer* Analyzer::AddChildAnalyzer(const Tag& analyzer) +Analyzer* Analyzer::AddChildAnalyzer(const zeek::Tag& analyzer) { if ( HasChildAnalyzer(analyzer) ) return nullptr; @@ -466,7 +466,7 @@ bool Analyzer::Remove() return removing; } -void Analyzer::PreventChildren(Tag tag) +void Analyzer::PreventChildren(zeek::Tag tag) { auto it = std::find(prevented.begin(), prevented.end(), tag); @@ -476,7 +476,7 @@ void Analyzer::PreventChildren(Tag tag) prevented.emplace_back(tag); } -bool Analyzer::HasChildAnalyzer(Tag tag) +bool Analyzer::HasChildAnalyzer(zeek::Tag tag) { LOOP_OVER_CHILDREN(i) if ( (*i)->tag == tag ) @@ -511,7 +511,7 @@ Analyzer* Analyzer::FindChild(ID arg_id) return nullptr; } -Analyzer* Analyzer::FindChild(Tag arg_tag) +Analyzer* Analyzer::FindChild(zeek::Tag arg_tag) { if ( tag == arg_tag ) return this; @@ -535,7 +535,7 @@ Analyzer* Analyzer::FindChild(Tag arg_tag) Analyzer* Analyzer::FindChild(const char* name) { - Tag tag = analyzer_mgr->GetComponentTag(name); + zeek::Tag tag = analyzer_mgr->GetComponentTag(name); return tag ? FindChild(tag) : nullptr; } @@ -607,7 +607,7 @@ void Analyzer::RemoveSupportAnalyzer(SupportAnalyzer* analyzer) return; } -bool Analyzer::HasSupportAnalyzer(const Tag& tag, bool orig) +bool Analyzer::HasSupportAnalyzer(const zeek::Tag& tag, bool orig) { SupportAnalyzer* s = orig ? orig_supporters : resp_supporters; for ( ; s; s = s->sibling ) @@ -677,7 +677,7 @@ void Analyzer::FlipRoles() resp_supporters = tmp; } -void Analyzer::ProtocolConfirmation(Tag arg_tag) +void Analyzer::ProtocolConfirmation(zeek::Tag arg_tag) { if ( protocol_confirmed ) return; diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index ec79400531..06dee27559 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -125,7 +125,7 @@ public: * * @param conn The connection the analyzer is associated with. */ - Analyzer(const Tag& tag, Connection* conn); + Analyzer(const zeek::Tag& tag, Connection* conn); /** * Constructor. As this version of the constructor does not receive a @@ -357,7 +357,7 @@ public: /** * Returns the tag associated with the analyzer's type. */ - Tag GetAnalyzerTag() const + zeek::Tag GetAnalyzerTag() const { assert(tag); return tag; @@ -369,7 +369,7 @@ public: * did not receive a name or tag. The method cannot be used to change * an existing tag. */ - void SetAnalyzerTag(const Tag& tag); + void SetAnalyzerTag(const zeek::Tag& tag); /** * Returns a textual description of the analyzer's type. This is @@ -405,7 +405,7 @@ public: * @param tag The type of analyzer to add. * @return the new analyzer instance that was added. */ - Analyzer* AddChildAnalyzer(const Tag& tag); + Analyzer* AddChildAnalyzer(const zeek::Tag& tag); /** * Removes a child analyzer. It's ok for the analyzer to not to be a @@ -434,14 +434,14 @@ public: * * @param tag The type of analyzer to prevent. */ - void PreventChildren(Tag tag); + void PreventChildren(zeek::Tag tag); /** * Returns true if analyzer has a direct child of a given type. * * @param tag The type of analyzer to check for. */ - bool HasChildAnalyzer(Tag tag); + bool HasChildAnalyzer(zeek::Tag tag); /** * Recursively searches all (direct or indirect) childs of the @@ -463,7 +463,7 @@ public: * @return The first analyzer of the given type found, or null if * none. */ - virtual Analyzer* FindChild(Tag tag); + virtual Analyzer* FindChild(zeek::Tag tag); /** * Recursively searches all (direct or indirect) childs of the @@ -533,7 +533,7 @@ public: * If tag is given, it overrides the analyzer tag passed to the * scripting layer; the default is the one of the analyzer itself. */ - virtual void ProtocolConfirmation(Tag tag = Tag()); + virtual void ProtocolConfirmation(zeek::Tag tag = zeek::Tag()); /** * Signals Bro's protocol detection that the analyzer has found a @@ -667,7 +667,7 @@ protected: * * @param orig True if asking about the originator side. */ - bool HasSupportAnalyzer(const Tag& tag, bool orig); + bool HasSupportAnalyzer(const zeek::Tag& tag, bool orig); /** * Returns the first still active support analyzer for the given @@ -711,9 +711,9 @@ private: analyzer_list::iterator DeleteChild(analyzer_list::iterator i); // Helper for the ctors. - void CtorInit(const Tag& tag, Connection* conn); + void CtorInit(const zeek::Tag& tag, Connection* conn); - Tag tag; + zeek::Tag tag; ID id; Connection* conn; @@ -726,7 +726,7 @@ private: SupportAnalyzer* resp_supporters; analyzer_list new_children; - std::vector prevented; + std::vector prevented; bool protocol_confirmed; diff --git a/src/analyzer/Component.cc b/src/analyzer/Component.cc index f8dfa32f72..b01eb2f0ba 100644 --- a/src/analyzer/Component.cc +++ b/src/analyzer/Component.cc @@ -10,7 +10,7 @@ namespace zeek::analyzer { Component::Component(const std::string& name, factory_callback arg_factory, - Tag::subtype_t arg_subtype, bool arg_enabled, bool arg_partial, + zeek::Tag::subtype_t arg_subtype, bool arg_enabled, bool arg_partial, bool arg_adapter) : plugin::Component( arg_adapter ? plugin::component::SESSION_ADAPTER : plugin::component::ANALYZER, name), diff --git a/src/analyzer/Component.h b/src/analyzer/Component.h index adf8dceea4..0ad42f253a 100644 --- a/src/analyzer/Component.h +++ b/src/analyzer/Component.h @@ -4,7 +4,7 @@ #include "zeek/zeek-config.h" -#include "zeek/analyzer/Tag.h" +#include "zeek/Tag.h" #include "zeek/plugin/Component.h" #include "zeek/plugin/TaggedComponent.h" #include "zeek/util.h" @@ -45,8 +45,8 @@ public: * * @param subtype A subtype associated with this component that * further distinguishes it. The subtype will be integrated into - * the analyzer::Tag that the manager associates with this analyzer, - * and analyzer instances can accordingly access it via analyzer::Tag(). + * the Tag that the manager associates with this analyzer, + * and analyzer instances can accordingly access it via Tag(). * If not used, leave at zero. * * @param enabled If false the analyzer starts out as disabled and @@ -62,7 +62,7 @@ public: * @param adapter If true, this analyzer is a session adapter from * the packet analyzer framework. */ - Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0, + Component(const std::string& name, factory_callback factory, zeek::Tag::subtype_t subtype = 0, bool enabled = true, bool partial = false, bool adapter = false); /** diff --git a/src/analyzer/Manager.cc b/src/analyzer/Manager.cc index 4416fa4fe5..70d4847931 100644 --- a/src/analyzer/Manager.cc +++ b/src/analyzer/Manager.cc @@ -123,7 +123,7 @@ void Manager::DumpDebug() void Manager::Done() { } -bool Manager::EnableAnalyzer(const Tag& tag) +bool Manager::EnableAnalyzer(const zeek::Tag& tag) { Component* p = Lookup(tag); @@ -149,7 +149,7 @@ bool Manager::EnableAnalyzer(EnumVal* val) return true; } -bool Manager::DisableAnalyzer(const Tag& tag) +bool Manager::DisableAnalyzer(const zeek::Tag& tag) { Component* p = Lookup(tag); @@ -185,12 +185,12 @@ void Manager::DisableAllAnalyzers() (*i)->SetEnabled(false); } -analyzer::Tag Manager::GetAnalyzerTag(const char* name) +zeek::Tag Manager::GetAnalyzerTag(const char* name) { return GetComponentTag(name); } -bool Manager::IsEnabled(const Tag& tag) +bool Manager::IsEnabled(const zeek::Tag& tag) { if ( ! tag ) return false; @@ -233,7 +233,7 @@ bool Manager::UnregisterAnalyzerForPort(EnumVal* val, PortVal* port) return UnregisterAnalyzerForPort(p->Tag(), port->PortType(), port->Port()); } -bool Manager::RegisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port) +bool Manager::RegisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port) { if ( initialized ) return RegisterAnalyzerForPort(std::make_tuple(tag, proto, port)); @@ -247,7 +247,7 @@ bool Manager::RegisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint } } -bool Manager::RegisterAnalyzerForPort(const std::tuple& p) +bool Manager::RegisterAnalyzerForPort(const std::tuple& p) { const auto& [tag, proto, port] = p; @@ -267,7 +267,7 @@ bool Manager::RegisterAnalyzerForPort(const std::tupleRegisterAnalyzerForPort(tag, port); } -bool Manager::UnregisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port) +bool Manager::UnregisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port) { if ( auto i = pending_analyzers_for_ports.find(std::make_tuple(tag, proto, port)); i != pending_analyzers_for_ports.end() ) @@ -289,7 +289,7 @@ bool Manager::UnregisterAnalyzerForPort(const Tag& tag, TransportProto proto, ui return ipba->UnregisterAnalyzerForPort(tag, port); } -Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, Connection* conn) +Analyzer* Manager::InstantiateAnalyzer(const zeek::Tag& tag, Connection* conn) { Component* c = Lookup(tag); @@ -324,7 +324,7 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, Connection* conn) Analyzer* Manager::InstantiateAnalyzer(const char* name, Connection* conn) { - Tag tag = GetComponentTag(name); + zeek::Tag tag = GetComponentTag(name); return tag ? InstantiateAnalyzer(tag, conn) : nullptr; } @@ -367,7 +367,7 @@ void Manager::ExpireScheduledAnalyzers() } void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p, - TransportProto proto, const Tag& analyzer, double timeout) + TransportProto proto, const zeek::Tag& analyzer, double timeout) { if ( ! run_state::network_time ) { @@ -392,9 +392,9 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p, TransportProto proto, const char* analyzer, double timeout) { - Tag tag = GetComponentTag(analyzer); + zeek::Tag tag = GetComponentTag(analyzer); - if ( tag != Tag() ) + if ( tag != zeek::Tag() ) ScheduleAnalyzer(orig, resp, resp_p, proto, tag, timeout); } @@ -402,8 +402,8 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, PortVal* Val* analyzer, double timeout) { EnumValPtr ev{NewRef{}, analyzer->AsEnumVal()}; - return ScheduleAnalyzer(orig, resp, resp_p->Port(), resp_p->PortType(), Tag(std::move(ev)), - timeout); + return ScheduleAnalyzer(orig, resp, resp_p->Port(), resp_p->PortType(), + zeek::Tag(std::move(ev)), timeout); } Manager::tag_set Manager::GetScheduled(const Connection* conn) diff --git a/src/analyzer/Manager.h b/src/analyzer/Manager.h index 8211824e3d..74938c8941 100644 --- a/src/analyzer/Manager.h +++ b/src/analyzer/Manager.h @@ -25,9 +25,9 @@ #include "zeek/Dict.h" #include "zeek/IP.h" +#include "zeek/Tag.h" #include "zeek/analyzer/Analyzer.h" #include "zeek/analyzer/Component.h" -#include "zeek/analyzer/Tag.h" #include "zeek/analyzer/analyzer.bif.h" #include "zeek/net_util.h" #include "zeek/plugin/ComponentManager.h" @@ -50,7 +50,7 @@ namespace analyzer * Class maintaining and scheduling available protocol analyzers. * * The manager maintains a registry of all available protocol analyzers, - * including a mapping between their textual names and analyzer::Tag. It + * including a mapping between their textual names and Tag. It * instantantiates new analyzers on demand. For new connections, the manager * sets up their initial analyzer tree, including adding the right \c PIA, * respecting well-known ports, and tracking any analyzers specifically @@ -95,14 +95,14 @@ public: * * @return True if successful. */ - bool EnableAnalyzer(const Tag& tag); + bool EnableAnalyzer(const zeek::Tag& tag); /** * Enables an analyzer type. Only enabled analyzers will be * instantiated for new connections. * * @param tag The analyzer's tag as an enum of script type \c - * Analyzer::Tag. + * Tag. * * @return True if successful. */ @@ -116,14 +116,14 @@ public: * * @return True if successful. */ - bool DisableAnalyzer(const Tag& tag); + bool DisableAnalyzer(const zeek::Tag& tag); /** * Disables an analyzer type. Disabled analyzers will not be * instantiated for new connections. * * @param tag The analyzer's tag as an enum of script type \c - * Analyzer::Tag. + * Tag. * * @return True if successful. */ @@ -140,20 +140,20 @@ public: * * @param name The canonical analyzer name to check. */ - Tag GetAnalyzerTag(const char* name); + zeek::Tag GetAnalyzerTag(const char* name); /** * Returns true if an analyzer is enabled. * * @param tag The analyzer's tag. */ - bool IsEnabled(const Tag& tag); + bool IsEnabled(const zeek::Tag& tag); /** * Returns true if an analyzer is enabled. * * @param tag The analyzer's tag as an enum of script type \c - * Analyzer::Tag. + * Tag. */ bool IsEnabled(EnumVal* tag); @@ -163,7 +163,7 @@ public: * assigned. * * @param tag The analyzer's tag as an enum of script type \c - * Analyzer::Tag. + * Tag. * * @param port The well-known port. * @@ -184,13 +184,13 @@ public: * * @return True if successful. */ - bool RegisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port); + bool RegisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port); /** * Unregisters a well-known port for an anlyzers. * * @param tag The analyzer's tag as an enum of script type \c - * Analyzer::Tag. + * Tag. * * @param port The well-known port. * @@ -210,9 +210,9 @@ public: * @param port The port's number. * * @param tag The analyzer's tag as an enum of script type \c - * Analyzer::Tag. + * Tag. */ - bool UnregisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port); + bool UnregisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port); /** * Instantiates a new analyzer instance for a connection. @@ -226,7 +226,7 @@ public: * null if tag is invalid, the requested analyzer is disabled, or the * analyzer can't be instantiated. */ - Analyzer* InstantiateAnalyzer(const Tag& tag, Connection* c); + Analyzer* InstantiateAnalyzer(const zeek::Tag& tag, Connection* c); /** * Instantiates a new analyzer instance for a connection. @@ -263,7 +263,7 @@ public: * schedule this analyzer. Must be non-zero. */ void ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p, - TransportProto proto, const Tag& analyzer, double timeout); + TransportProto proto, const zeek::Tag& analyzer, double timeout); /** * Schedules a particular analyzer for an upcoming connection. Once @@ -321,7 +321,7 @@ public: * @param resp_p The connection's anticipated responder port. * * @param analyzer The analyzer to use once the connection is seen as - * an enum value of script-type \c Analyzer::Tag. + * an enum value of script-type \c Tag. * * @param timeout An interval after which to timeout the request to * schedule this analyzer. Must be non-zero. @@ -336,11 +336,11 @@ public: private: // Internal version that must be used only once InitPostScript has completed. - bool RegisterAnalyzerForPort(const std::tuple& p); + bool RegisterAnalyzerForPort(const std::tuple& p); friend class packet_analysis::IP::IPBasedAnalyzer; - using tag_set = std::set; + using tag_set = std::set; tag_set GetScheduled(const Connection* conn); void ExpireScheduledAnalyzers(); @@ -365,7 +365,7 @@ private: struct ScheduledAnalyzer { ConnIndex conn; - Tag analyzer; + zeek::Tag analyzer; double timeout; struct Comparator @@ -377,7 +377,7 @@ private: }; }; - using protocol_analyzers = std::set>; + using protocol_analyzers = std::set>; using conns_map = std::multimap; using conns_queue = std::priority_queue, ScheduledAnalyzer::Comparator>; diff --git a/src/analyzer/analyzer.bif b/src/analyzer/analyzer.bif index 18ed0e883b..9e8018342f 100644 --- a/src/analyzer/analyzer.bif +++ b/src/analyzer/analyzer.bif @@ -46,6 +46,6 @@ function __name%(atype: Analyzer::Tag%) : string function __tag%(name: string%) : Analyzer::Tag %{ - analyzer::Tag t = zeek::analyzer_mgr->GetComponentTag(name->CheckString()); + zeek::Tag t = zeek::analyzer_mgr->GetComponentTag(name->CheckString()); return t.AsVal(); %} diff --git a/src/analyzer/protocol/pia/PIA.cc b/src/analyzer/protocol/pia/PIA.cc index a4314294c1..3103c84ad9 100644 --- a/src/analyzer/protocol/pia/PIA.cc +++ b/src/analyzer/protocol/pia/PIA.cc @@ -147,7 +147,7 @@ void PIA::DoMatch(const u_char* data, int len, bool is_orig, bool bol, bool eol, clear_state); } -void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule) +void PIA_UDP::ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule) { if ( pkt_buffer.state == MATCHING_ONLY ) { @@ -181,7 +181,7 @@ void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule ReplayPacketBuffer(a); } -void PIA_UDP::DeactivateAnalyzer(analyzer::Tag tag) +void PIA_UDP::DeactivateAnalyzer(zeek::Tag tag) { reporter->InternalError("PIA_UDP::Deact not implemented yet"); } @@ -307,7 +307,7 @@ void PIA_TCP::Undelivered(uint64_t seq, int len, bool is_orig) } } -void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule) +void PIA_TCP::ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule) { if ( stream_buffer.state == MATCHING_ONLY ) { @@ -429,7 +429,7 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule tcp->SetReassembler(reass_orig, reass_resp); } -void PIA_TCP::DeactivateAnalyzer(analyzer::Tag tag) +void PIA_TCP::DeactivateAnalyzer(zeek::Tag tag) { reporter->InternalError("PIA_TCP::Deact not implemented yet"); } diff --git a/src/analyzer/protocol/pia/PIA.h b/src/analyzer/protocol/pia/PIA.h index ba31190cb6..b00145d2c9 100644 --- a/src/analyzer/protocol/pia/PIA.h +++ b/src/analyzer/protocol/pia/PIA.h @@ -29,10 +29,10 @@ public: // Called when PIA wants to put an Analyzer in charge. rule is the // signature that triggered the activitation, if any. - virtual void ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule = nullptr) = 0; + virtual void ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule = nullptr) = 0; // Called when PIA wants to remove an Analyzer. - virtual void DeactivateAnalyzer(analyzer::Tag tag) = 0; + virtual void DeactivateAnalyzer(zeek::Tag tag) = 0; void Match(zeek::detail::Rule::PatternType type, const u_char* data, int len, bool is_orig, bool bol, bool eol, bool clear_state); @@ -129,8 +129,8 @@ protected: PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen, true); } - void ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule) override; - void DeactivateAnalyzer(analyzer::Tag tag) override; + void ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule) override; + void DeactivateAnalyzer(zeek::Tag tag) override; }; // PIA for TCP. Accepts both packet and stream input (and reassembles @@ -180,8 +180,8 @@ protected: void DeliverStream(int len, const u_char* data, bool is_orig) override; void Undelivered(uint64_t seq, int len, bool is_orig) override; - void ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule = nullptr) override; - void DeactivateAnalyzer(analyzer::Tag tag) override; + void ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule = nullptr) override; + void DeactivateAnalyzer(zeek::Tag tag) override; private: // FIXME: Not sure yet whether we need both pkt_buffer and stream_buffer. diff --git a/src/file_analysis/Analyzer.cc b/src/file_analysis/Analyzer.cc index 70bb644b63..b30a2cd786 100644 --- a/src/file_analysis/Analyzer.cc +++ b/src/file_analysis/Analyzer.cc @@ -15,13 +15,13 @@ Analyzer::~Analyzer() DBG_LOG(DBG_FILE_ANALYSIS, "Destroy file analyzer %s", file_mgr->GetComponentName(tag).c_str()); } -void Analyzer::SetAnalyzerTag(const file_analysis::Tag& arg_tag) +void Analyzer::SetAnalyzerTag(const zeek::Tag& arg_tag) { assert(! tag || tag == arg_tag); tag = arg_tag; } -Analyzer::Analyzer(file_analysis::Tag arg_tag, RecordValPtr arg_args, File* arg_file) +Analyzer::Analyzer(zeek::Tag arg_tag, RecordValPtr arg_args, File* arg_file) : tag(arg_tag), args(std::move(arg_args)), file(arg_file), got_stream_delivery(false), skip(false) { diff --git a/src/file_analysis/Analyzer.h b/src/file_analysis/Analyzer.h index 10669bb843..4e10a46ff3 100644 --- a/src/file_analysis/Analyzer.h +++ b/src/file_analysis/Analyzer.h @@ -4,7 +4,7 @@ #include // for u_char -#include "zeek/file_analysis/Tag.h" +#include "zeek/Tag.h" namespace zeek { @@ -81,7 +81,7 @@ public: /** * @return the analyzer type enum value. */ - file_analysis::Tag Tag() const { return tag; } + zeek::Tag Tag() const { return tag; } /** * Returns the analyzer instance's internal ID. These IDs are unique @@ -106,7 +106,7 @@ public: * did not receive a name or tag. The method cannot be used to change * an existing tag. */ - void SetAnalyzerTag(const file_analysis::Tag& tag); + void SetAnalyzerTag(const zeek::Tag& tag); /** * @return true if the analyzer has ever seen a stream-wise delivery. @@ -141,7 +141,7 @@ protected: * tunable options, if any, related to a particular analyzer type. * @param arg_file the file to which the the analyzer is being attached. */ - Analyzer(file_analysis::Tag arg_tag, RecordValPtr arg_args, File* arg_file); + Analyzer(zeek::Tag arg_tag, RecordValPtr arg_args, File* arg_file); /** * Constructor. Only derived classes are meant to be instantiated. @@ -156,7 +156,7 @@ protected: private: ID id; /**< Unique instance ID. */ - file_analysis::Tag tag; /**< The particular type of the analyzer instance. */ + zeek::Tag tag; /**< The particular type of the analyzer instance. */ RecordValPtr args; /**< \c AnalyzerArgs val gives tunable analyzer params. */ File* file; /**< The file to which the analyzer is attached. */ bool got_stream_delivery; diff --git a/src/file_analysis/AnalyzerSet.cc b/src/file_analysis/AnalyzerSet.cc index 45e58dfac5..bbae639081 100644 --- a/src/file_analysis/AnalyzerSet.cc +++ b/src/file_analysis/AnalyzerSet.cc @@ -42,14 +42,14 @@ AnalyzerSet::~AnalyzerSet() delete analyzer_hash; } -Analyzer* AnalyzerSet::Find(const file_analysis::Tag& tag, RecordValPtr args) +Analyzer* AnalyzerSet::Find(const zeek::Tag& tag, RecordValPtr args) { auto key = GetKey(tag, std::move(args)); Analyzer* rval = analyzer_map.Lookup(key.get()); return rval; } -bool AnalyzerSet::Add(const file_analysis::Tag& tag, RecordValPtr args) +bool AnalyzerSet::Add(const zeek::Tag& tag, RecordValPtr args) { auto key = GetKey(tag, args); @@ -71,7 +71,7 @@ bool AnalyzerSet::Add(const file_analysis::Tag& tag, RecordValPtr args) return true; } -Analyzer* AnalyzerSet::QueueAdd(const file_analysis::Tag& tag, RecordValPtr args) +Analyzer* AnalyzerSet::QueueAdd(const zeek::Tag& tag, RecordValPtr args) { auto key = GetKey(tag, args); file_analysis::Analyzer* a = InstantiateAnalyzer(tag, std::move(args)); @@ -105,12 +105,12 @@ void AnalyzerSet::AddMod::Abort() delete a; } -bool AnalyzerSet::Remove(const file_analysis::Tag& tag, RecordValPtr args) +bool AnalyzerSet::Remove(const zeek::Tag& tag, RecordValPtr args) { return Remove(tag, GetKey(tag, std::move(args))); } -bool AnalyzerSet::Remove(const file_analysis::Tag& tag, std::unique_ptr key) +bool AnalyzerSet::Remove(const zeek::Tag& tag, std::unique_ptr key) { auto a = (file_analysis::Analyzer*)analyzer_map.Remove(key.get()); @@ -134,7 +134,7 @@ bool AnalyzerSet::Remove(const file_analysis::Tag& tag, std::unique_ptrRemove(tag, std::move(key)); } -std::unique_ptr AnalyzerSet::GetKey(const file_analysis::Tag& t, +std::unique_ptr AnalyzerSet::GetKey(const zeek::Tag& t, RecordValPtr args) const { auto lv = make_intrusive(TYPE_ANY); diff --git a/src/file_analysis/AnalyzerSet.h b/src/file_analysis/AnalyzerSet.h index 4ec009f68c..518c4f4d10 100644 --- a/src/file_analysis/AnalyzerSet.h +++ b/src/file_analysis/AnalyzerSet.h @@ -6,7 +6,7 @@ #include #include "zeek/Dict.h" -#include "zeek/file_analysis/Tag.h" +#include "zeek/Tag.h" namespace zeek { @@ -55,7 +55,7 @@ public: * @param args an \c AnalyzerArgs record. * @return pointer to an analyzer instance, or a null pointer if not found. */ - Analyzer* Find(const file_analysis::Tag& tag, RecordValPtr args); + Analyzer* Find(const zeek::Tag& tag, RecordValPtr args); /** * Attach an analyzer to #file immediately. @@ -63,7 +63,7 @@ public: * @param args an \c AnalyzerArgs value which specifies an analyzer. * @return true if analyzer was instantiated/attached, else false. */ - bool Add(const file_analysis::Tag& tag, RecordValPtr args); + bool Add(const zeek::Tag& tag, RecordValPtr args); /** * Queue the attachment of an analyzer to #file. @@ -72,7 +72,7 @@ public: * @return if successful, a pointer to a newly instantiated analyzer else * a null pointer. The caller does *not* take ownership of the memory. */ - file_analysis::Analyzer* QueueAdd(const file_analysis::Tag& tag, RecordValPtr args); + file_analysis::Analyzer* QueueAdd(const zeek::Tag& tag, RecordValPtr args); /** * Remove an analyzer from #file immediately. @@ -80,7 +80,7 @@ public: * @param args an \c AnalyzerArgs value which specifies an analyzer. * @return false if analyzer didn't exist and so wasn't removed, else true. */ - bool Remove(const file_analysis::Tag& tag, RecordValPtr args); + bool Remove(const zeek::Tag& tag, RecordValPtr args); /** * Queue the removal of an analyzer from #file. @@ -88,7 +88,7 @@ public: * @param args an \c AnalyzerArgs value which specifies an analyzer. * @return true if analyzer exists at time of call, else false; */ - bool QueueRemove(const file_analysis::Tag& tag, RecordValPtr args); + bool QueueRemove(const zeek::Tag& tag, RecordValPtr args); /** * Perform all queued modifications to the current analyzer set. @@ -146,8 +146,7 @@ protected: * @param args an \c AnalyzerArgs value which specifies an analyzer. * @return the hash key calculated from \a args */ - std::unique_ptr GetKey(const file_analysis::Tag& tag, - RecordValPtr args) const; + std::unique_ptr GetKey(const zeek::Tag& tag, RecordValPtr args) const; /** * Create an instance of a file analyzer. @@ -155,8 +154,7 @@ protected: * @param args an \c AnalyzerArgs value which specifies an analyzer. * @return a new file analyzer instance. */ - file_analysis::Analyzer* InstantiateAnalyzer(const file_analysis::Tag& tag, - RecordValPtr args) const; + file_analysis::Analyzer* InstantiateAnalyzer(const zeek::Tag& tag, RecordValPtr args) const; /** * Insert an analyzer instance in to the set. @@ -171,7 +169,7 @@ protected: * just used for debugging messages. * @param key the hash key which represents the analyzer's \c AnalyzerArgs. */ - bool Remove(const file_analysis::Tag& tag, std::unique_ptr key); + bool Remove(const zeek::Tag& tag, std::unique_ptr key); private: File* file; /**< File which owns the set */ @@ -234,7 +232,7 @@ private: * @param arg_a an analyzer instance to add to an analyzer set. * @param arg_key hash key representing the analyzer's \c AnalyzerArgs. */ - RemoveMod(const file_analysis::Tag& arg_tag, std::unique_ptr arg_key) + RemoveMod(const zeek::Tag& arg_tag, std::unique_ptr arg_key) : Modification(), tag(arg_tag), key(std::move(arg_key)) { } @@ -243,7 +241,7 @@ private: void Abort() override { } protected: - file_analysis::Tag tag; + zeek::Tag tag; std::unique_ptr key; }; diff --git a/src/file_analysis/Component.h b/src/file_analysis/Component.h index 681bb20acc..c085e10947 100644 --- a/src/file_analysis/Component.h +++ b/src/file_analysis/Component.h @@ -4,7 +4,7 @@ #include "zeek/zeek-config.h" -#include "zeek/file_analysis/Tag.h" +#include "zeek/Tag.h" #include "zeek/plugin/Component.h" #include "zeek/plugin/TaggedComponent.h" @@ -47,15 +47,15 @@ public: * * @param subtype A subtype associated with this component that * further distinguishes it. The subtype will be integrated into the - * analyzer::Tag that the manager associates with this analyzer, and - * analyzer instances can accordingly access it via analyzer::Tag(). + * Tag that the manager associates with this analyzer, and + * analyzer instances can accordingly access it via Tag(). * If not used, leave at zero. * * @param enabled If false the analyzer starts out as disabled and * hence won't be used. It can still be enabled later via the * manager, including from script-land. */ - Component(const std::string& name, factory_function factory, Tag::subtype_t subtype = 0, + Component(const std::string& name, factory_function factory, zeek::Tag::subtype_t subtype = 0, bool enabled = true); /** diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 74d389ceb7..4c4229e5bd 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -79,7 +79,7 @@ void File::StaticInit() } File::File(const std::string& file_id, const std::string& source_name, Connection* conn, - analyzer::Tag tag, bool is_orig) + zeek::Tag tag, bool is_orig) : id(file_id), val(nullptr), file_reassembler(nullptr), stream_offset(0), reassembly_max_buffer(0), did_metadata_inference(false), reassembly_enabled(false), postpone_timeout(false), done(false), analyzers(this) @@ -246,7 +246,7 @@ void File::ScheduleInactivityTimer() const new detail::FileTimer(run_state::network_time, id, GetTimeoutInterval())); } -bool File::AddAnalyzer(file_analysis::Tag tag, RecordValPtr args) +bool File::AddAnalyzer(zeek::Tag tag, RecordValPtr args) { DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Queuing addition of %s analyzer", id.c_str(), file_mgr->GetComponentName(tag).c_str()); @@ -257,7 +257,7 @@ bool File::AddAnalyzer(file_analysis::Tag tag, RecordValPtr args) return analyzers.QueueAdd(tag, std::move(args)) != nullptr; } -bool File::RemoveAnalyzer(file_analysis::Tag tag, RecordValPtr args) +bool File::RemoveAnalyzer(zeek::Tag tag, RecordValPtr args) { DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Queuing remove of %s analyzer", id.c_str(), file_mgr->GetComponentName(tag).c_str()); diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h index 634110e8cc..db8e20f025 100644 --- a/src/file_analysis/File.h +++ b/src/file_analysis/File.h @@ -119,7 +119,7 @@ public: * @param args an \c AnalyzerArgs value representing a file analyzer. * @return false if analyzer can't be instantiated, else true. */ - bool AddAnalyzer(file_analysis::Tag tag, RecordValPtr args); + bool AddAnalyzer(zeek::Tag tag, RecordValPtr args); /** * Queues removal of an analyzer. @@ -127,7 +127,7 @@ public: * @param args an \c AnalyzerArgs value representing a file analyzer. * @return true if analyzer was active at time of call, else false. */ - bool RemoveAnalyzer(file_analysis::Tag tag, RecordValPtr args); + bool RemoveAnalyzer(zeek::Tag tag, RecordValPtr args); /** * Signal that this analyzer can be deleted once it's safe to do so. @@ -223,7 +223,7 @@ protected: * direction. */ File(const std::string& file_id, const std::string& source_name, Connection* conn = nullptr, - analyzer::Tag tag = analyzer::Tag::Error, bool is_orig = false); + zeek::Tag tag = zeek::Tag::Error, bool is_orig = false); /** * Updates the "conn_ids" and "conn_uids" fields in #val record with the diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index 60fd82acc4..c8a48c5802 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -87,7 +87,7 @@ void Manager::SetHandle(const string& handle) current_file_id = HashHandle(handle); } -string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const analyzer::Tag& tag, +string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const zeek::Tag& tag, Connection* conn, bool is_orig, const string& precomputed_id, const string& mime_type) { @@ -117,7 +117,7 @@ string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const return id; } -string Manager::DataIn(const u_char* data, uint64_t len, const analyzer::Tag& tag, Connection* conn, +string Manager::DataIn(const u_char* data, uint64_t len, const zeek::Tag& tag, Connection* conn, bool is_orig, const string& precomputed_id, const string& mime_type) { string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id; @@ -145,7 +145,7 @@ string Manager::DataIn(const u_char* data, uint64_t len, const analyzer::Tag& ta void Manager::DataIn(const u_char* data, uint64_t len, const string& file_id, const string& source, const string& mime_type) { - File* file = GetFile(file_id, nullptr, analyzer::Tag::Error, false, false, source.c_str()); + File* file = GetFile(file_id, nullptr, zeek::Tag::Error, false, false, source.c_str()); if ( ! file ) return; @@ -162,7 +162,7 @@ void Manager::DataIn(const u_char* data, uint64_t len, const string& file_id, co void Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const string& file_id, const string& source, const string& mime_type) { - File* file = GetFile(file_id, nullptr, analyzer::Tag::Error, false, false, source.c_str()); + File* file = GetFile(file_id, nullptr, zeek::Tag::Error, false, false, source.c_str()); if ( ! file ) return; @@ -176,13 +176,13 @@ void Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const st RemoveFile(file->GetID()); } -void Manager::EndOfFile(const analyzer::Tag& tag, Connection* conn) +void Manager::EndOfFile(const zeek::Tag& tag, Connection* conn) { EndOfFile(tag, conn, true); EndOfFile(tag, conn, false); } -void Manager::EndOfFile(const analyzer::Tag& tag, Connection* conn, bool is_orig) +void Manager::EndOfFile(const zeek::Tag& tag, Connection* conn, bool is_orig) { // Don't need to create a file if we're just going to remove it right away. RemoveFile(GetFileID(tag, conn, is_orig)); @@ -193,7 +193,7 @@ void Manager::EndOfFile(const string& file_id) RemoveFile(file_id); } -string Manager::Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, Connection* conn, +string Manager::Gap(uint64_t offset, uint64_t len, const zeek::Tag& tag, Connection* conn, bool is_orig, const string& precomputed_id) { string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id; @@ -206,7 +206,7 @@ string Manager::Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, Con return id; } -string Manager::SetSize(uint64_t size, const analyzer::Tag& tag, Connection* conn, bool is_orig, +string Manager::SetSize(uint64_t size, const zeek::Tag& tag, Connection* conn, bool is_orig, const string& precomputed_id) { string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id; @@ -283,8 +283,7 @@ bool Manager::SetExtractionLimit(const string& file_id, RecordValPtr args, uint6 return file->SetExtractionLimit(std::move(args), n); } -bool Manager::AddAnalyzer(const string& file_id, const file_analysis::Tag& tag, - RecordValPtr args) const +bool Manager::AddAnalyzer(const string& file_id, const zeek::Tag& tag, RecordValPtr args) const { File* file = LookupFile(file_id); @@ -294,8 +293,7 @@ bool Manager::AddAnalyzer(const string& file_id, const file_analysis::Tag& tag, return file->AddAnalyzer(tag, std::move(args)); } -bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& tag, - RecordValPtr args) const +bool Manager::RemoveAnalyzer(const string& file_id, const zeek::Tag& tag, RecordValPtr args) const { File* file = LookupFile(file_id); @@ -305,8 +303,8 @@ bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& ta return file->RemoveAnalyzer(tag, std::move(args)); } -File* Manager::GetFile(const string& file_id, Connection* conn, const analyzer::Tag& tag, - bool is_orig, bool update_conn, const char* source_name) +File* Manager::GetFile(const string& file_id, Connection* conn, const zeek::Tag& tag, bool is_orig, + bool update_conn, const char* source_name) { if ( file_id.empty() ) return nullptr; @@ -417,7 +415,7 @@ bool Manager::IsIgnored(const string& file_id) return ignored.find(file_id) != ignored.end(); } -string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig) +string Manager::GetFileID(const zeek::Tag& tag, Connection* c, bool is_orig) { current_file_id.clear(); @@ -437,7 +435,7 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig) return current_file_id; } -bool Manager::IsDisabled(const analyzer::Tag& tag) +bool Manager::IsDisabled(const zeek::Tag& tag) { if ( ! disabled ) disabled = id::find_const("Files::disable")->AsTableVal(); diff --git a/src/file_analysis/Manager.h b/src/file_analysis/Manager.h index 97e4c66be9..5f48fddec7 100644 --- a/src/file_analysis/Manager.h +++ b/src/file_analysis/Manager.h @@ -8,7 +8,7 @@ #include "zeek/RuleMatcher.h" #include "zeek/RunState.h" -#include "zeek/analyzer/Tag.h" +#include "zeek/Tag.h" #include "zeek/file_analysis/Component.h" #include "zeek/file_analysis/FileTimer.h" #include "zeek/plugin/ComponentManager.h" @@ -110,7 +110,7 @@ public: * the \c get_file_handle script-layer event). An empty string * indicates the associate file is not going to be analyzed further. */ - std::string DataIn(const u_char* data, uint64_t len, uint64_t offset, const analyzer::Tag& tag, + std::string DataIn(const u_char* data, uint64_t len, uint64_t offset, const zeek::Tag& tag, Connection* conn, bool is_orig, const std::string& precomputed_file_id = "", const std::string& mime_type = ""); @@ -136,7 +136,7 @@ public: * the \c get_file_handle script-layer event). An empty string * indicates the associated file is not going to be analyzed further. */ - std::string DataIn(const u_char* data, uint64_t len, const analyzer::Tag& tag, Connection* conn, + std::string DataIn(const u_char* data, uint64_t len, const zeek::Tag& tag, Connection* conn, bool is_orig, const std::string& precomputed_file_id = "", const std::string& mime_type = ""); @@ -183,7 +183,7 @@ public: * @param tag network protocol over which the file data is transferred. * @param conn network connection over which the file data is transferred. */ - void EndOfFile(const analyzer::Tag& tag, Connection* conn); + void EndOfFile(const zeek::Tag& tag, Connection* conn); /** * Signal the end of file data being transferred over a connection in @@ -191,7 +191,7 @@ public: * @param tag network protocol over which the file data is transferred. * @param conn network connection over which the file data is transferred. */ - void EndOfFile(const analyzer::Tag& tag, Connection* conn, bool is_orig); + void EndOfFile(const zeek::Tag& tag, Connection* conn, bool is_orig); /** * Signal the end of file data being transferred using the file identifier. @@ -215,7 +215,7 @@ public: * the \c get_file_handle script-layer event). An empty string * indicates the associate file is not going to be analyzed further. */ - std::string Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, Connection* conn, + std::string Gap(uint64_t offset, uint64_t len, const zeek::Tag& tag, Connection* conn, bool is_orig, const std::string& precomputed_file_id = ""); /** @@ -233,7 +233,7 @@ public: * the \c get_file_handle script-layer event). An empty string * indicates the associate file is not going to be analyzed further. */ - std::string SetSize(uint64_t size, const analyzer::Tag& tag, Connection* conn, bool is_orig, + std::string SetSize(uint64_t size, const zeek::Tag& tag, Connection* conn, bool is_orig, const std::string& precomputed_file_id = ""); /** @@ -298,8 +298,7 @@ public: * @param args a \c AnalyzerArgs value which describes a file analyzer. * @return false if the analyzer failed to be instantiated, else true. */ - bool AddAnalyzer(const std::string& file_id, const file_analysis::Tag& tag, - RecordValPtr args) const; + bool AddAnalyzer(const std::string& file_id, const zeek::Tag& tag, RecordValPtr args) const; /** * Queue removal of an analyzer for a given file identifier. @@ -308,8 +307,7 @@ public: * @param args a \c AnalyzerArgs value which describes a file analyzer. * @return true if the analyzer is active at the time of call, else false. */ - bool RemoveAnalyzer(const std::string& file_id, const file_analysis::Tag& tag, - RecordValPtr args) const; + bool RemoveAnalyzer(const std::string& file_id, const zeek::Tag& tag, RecordValPtr args) const; /** * Tells whether analysis for a file is active or ignored. @@ -379,7 +377,7 @@ protected: * connection-related fields. */ File* GetFile(const std::string& file_id, Connection* conn = nullptr, - const analyzer::Tag& tag = analyzer::Tag::Error, bool is_orig = false, + const zeek::Tag& tag = zeek::Tag::Error, bool is_orig = false, bool update_conn = true, const char* source_name = nullptr); /** @@ -409,7 +407,7 @@ protected: * @return #current_file_id, which is a hash of a unique file handle string * set by a \c get_file_handle event handler. */ - std::string GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig); + std::string GetFileID(const zeek::Tag& tag, Connection* c, bool is_orig); /** * Check if analysis is available for files transferred over a given @@ -419,7 +417,7 @@ protected: * @return whether file analysis is disabled for the analyzer given by * \a tag. */ - static bool IsDisabled(const analyzer::Tag& tag); + static bool IsDisabled(const zeek::Tag& tag); private: using TagSet = std::set; diff --git a/src/file_analysis/analyzer/x509/X509Common.cc b/src/file_analysis/analyzer/x509/X509Common.cc index 57c74965a7..9d5f839b0b 100644 --- a/src/file_analysis/analyzer/x509/X509Common.cc +++ b/src/file_analysis/analyzer/x509/X509Common.cc @@ -17,7 +17,7 @@ namespace zeek::file_analysis::detail { -X509Common::X509Common(const file_analysis::Tag& arg_tag, RecordValPtr arg_args, +X509Common::X509Common(const zeek::Tag& arg_tag, RecordValPtr arg_args, file_analysis::File* arg_file) : file_analysis::Analyzer(arg_tag, std::move(arg_args), arg_file) { diff --git a/src/file_analysis/analyzer/x509/X509Common.h b/src/file_analysis/analyzer/x509/X509Common.h index 25d3efa558..bcaa4da7d2 100644 --- a/src/file_analysis/analyzer/x509/X509Common.h +++ b/src/file_analysis/analyzer/x509/X509Common.h @@ -49,8 +49,7 @@ public: Reporter* reporter); protected: - X509Common(const file_analysis::Tag& arg_tag, RecordValPtr arg_args, - file_analysis::File* arg_file); + X509Common(const zeek::Tag& arg_tag, RecordValPtr arg_args, file_analysis::File* arg_file); void ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bool global); void ParseSignedCertificateTimestamps(X509_EXTENSION* ext); diff --git a/src/input/Component.h b/src/input/Component.h index d52202a414..fe44b09d47 100644 --- a/src/input/Component.h +++ b/src/input/Component.h @@ -2,7 +2,7 @@ #pragma once -#include "zeek/input/Tag.h" +#include "zeek/Tag.h" #include "zeek/plugin/Component.h" #include "zeek/plugin/TaggedComponent.h" diff --git a/src/logging/Component.h b/src/logging/Component.h index b0b29bc02d..10a43021cf 100644 --- a/src/logging/Component.h +++ b/src/logging/Component.h @@ -2,7 +2,7 @@ #pragma once -#include "zeek/logging/Tag.h" +#include "zeek/Tag.h" #include "zeek/plugin/Component.h" #include "zeek/plugin/TaggedComponent.h" diff --git a/src/packet_analysis/Analyzer.h b/src/packet_analysis/Analyzer.h index 8122c487df..59f37dc291 100644 --- a/src/packet_analysis/Analyzer.h +++ b/src/packet_analysis/Analyzer.h @@ -1,9 +1,9 @@ // See the file "COPYING" in the main distribution directory for copyright. #pragma once +#include "zeek/Tag.h" #include "zeek/iosource/Packet.h" #include "zeek/packet_analysis/Manager.h" -#include "zeek/packet_analysis/Tag.h" namespace zeek::packet_analysis { @@ -31,7 +31,7 @@ public: * @param tag The tag for the type of analyzer. The tag must map to * the name the corresponding Component registers. */ - explicit Analyzer(const Tag& tag); + explicit Analyzer(const zeek::Tag& tag); /** * Destructor. @@ -50,7 +50,7 @@ public: /** * Returns the tag associated with the analyzer's type. */ - const Tag GetAnalyzerTag() const; + const zeek::Tag GetAnalyzerTag() const; /** * Returns a textual description of the analyzer's type. This is @@ -165,7 +165,7 @@ protected: void Weird(const char* name, Packet* packet = nullptr, const char* addl = "") const; private: - Tag tag; + zeek::Tag tag; Dispatcher dispatcher; AnalyzerPtr default_analyzer = nullptr; @@ -174,7 +174,7 @@ private: */ bool report_unknown_protocols = true; - void Init(const Tag& tag); + void Init(const zeek::Tag& tag); }; using AnalyzerPtr = std::shared_ptr; diff --git a/src/packet_analysis/Component.h b/src/packet_analysis/Component.h index 25203940bd..69184a8ca5 100644 --- a/src/packet_analysis/Component.h +++ b/src/packet_analysis/Component.h @@ -6,7 +6,7 @@ #include -#include "zeek/packet_analysis/Tag.h" +#include "zeek/Tag.h" #include "zeek/plugin/Component.h" #include "zeek/plugin/TaggedComponent.h" #include "zeek/util.h" @@ -22,7 +22,7 @@ class Component : public plugin::Component, public plugin::TaggedComponent public: using factory_callback = std::function; - Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0); + Component(const std::string& name, factory_callback factory, zeek::Tag::subtype_t subtype = 0); ~Component() override = default; /** diff --git a/src/packet_analysis/Manager.h b/src/packet_analysis/Manager.h index ba1a4d8b81..1ae50c2ef2 100644 --- a/src/packet_analysis/Manager.h +++ b/src/packet_analysis/Manager.h @@ -4,10 +4,10 @@ #include "zeek/Func.h" #include "zeek/PacketFilter.h" +#include "zeek/Tag.h" #include "zeek/iosource/Packet.h" #include "zeek/packet_analysis/Component.h" #include "zeek/packet_analysis/Dispatcher.h" -#include "zeek/packet_analysis/Tag.h" #include "zeek/plugin/ComponentManager.h" namespace zeek @@ -151,7 +151,7 @@ private: * @return The new analyzer instance. Returns null if tag is invalid, the * requested analyzer is disabled, or the analyzer can't be instantiated. */ - AnalyzerPtr InstantiateAnalyzer(const Tag& tag); + AnalyzerPtr InstantiateAnalyzer(const zeek::Tag& tag); /** * Instantiates a new analyzer. diff --git a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc index 0090e69fa1..6de5fa959c 100644 --- a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc +++ b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc @@ -16,7 +16,7 @@ enum ICMP_EndpointState void ICMPSessionAdapter::AddExtraAnalyzers(Connection* conn) { - static analyzer::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE"); + static zeek::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE"); if ( analyzer_mgr->IsEnabled(analyzer_connsize) ) // Add ConnSize analyzer. Needs to see packets, not stream. diff --git a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc index 81466dbd60..876ce5ef2c 100644 --- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc +++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc @@ -196,7 +196,7 @@ void IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn) if ( ! analyzers_by_port.empty() && ! zeek::detail::dpd_ignore_ports ) { int resp_port = ntohs(conn->RespPort()); - std::set* ports = LookupPort(resp_port, false); + std::set* ports = LookupPort(resp_port, false); if ( ports ) { @@ -227,7 +227,7 @@ void IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn) PLUGIN_HOOK_VOID(HOOK_SETUP_ANALYZER_TREE, HookSetupAnalyzerTree(conn)); } -bool IPBasedAnalyzer::RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port) +bool IPBasedAnalyzer::RegisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port) { tag_set* l = LookupPort(port, true); @@ -243,7 +243,7 @@ bool IPBasedAnalyzer::RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t return true; } -bool IPBasedAnalyzer::UnregisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port) +bool IPBasedAnalyzer::UnregisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port) { tag_set* l = LookupPort(port, true); diff --git a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h index 0a36811dca..0f87d907f8 100644 --- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h +++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h @@ -6,7 +6,7 @@ #include #include "zeek/ID.h" -#include "zeek/analyzer/Tag.h" +#include "zeek/Tag.h" #include "zeek/packet_analysis/Analyzer.h" namespace zeek::analyzer::pia @@ -49,7 +49,7 @@ public: * @param port The port's number. * @return True if successful. */ - bool RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port); + bool RegisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port); /** * Unregisters a well-known port for an analyzer. @@ -57,9 +57,9 @@ public: * @param tag The analyzer's tag. * @param port The port's number. * @param tag The analyzer's tag as an enum of script type \c - * Analyzer::Tag. + * Tag. */ - bool UnregisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port); + bool UnregisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port); /** * Dumps information about the registered session analyzers per port. @@ -180,7 +180,7 @@ private: // While this is storing session analyzer tags, we store it here since packet analyzers // are persitent objects. We can't do this in the adapters because those get created // and destroyed for each connection. - using tag_set = std::set; + using tag_set = std::set; using analyzer_map_by_port = std::map; analyzer_map_by_port analyzers_by_port; diff --git a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc index a563650b74..c342f1f3b8 100644 --- a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc +++ b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc @@ -724,7 +724,7 @@ analyzer::Analyzer* TCPSessionAdapter::FindChild(analyzer::ID arg_id) return nullptr; } -analyzer::Analyzer* TCPSessionAdapter::FindChild(analyzer::Tag arg_tag) +analyzer::Analyzer* TCPSessionAdapter::FindChild(zeek::Tag arg_tag) { analyzer::Analyzer* child = packet_analysis::IP::SessionAdapter::FindChild(arg_tag); @@ -1599,8 +1599,8 @@ bool TCPSessionAdapter::IsReuse(double t, const u_char* pkt) void TCPSessionAdapter::AddExtraAnalyzers(Connection* conn) { - static analyzer::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE"); - static analyzer::Tag analyzer_tcpstats = analyzer_mgr->GetComponentTag("TCPSTATS"); + static zeek::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE"); + static zeek::Tag analyzer_tcpstats = analyzer_mgr->GetComponentTag("TCPSTATS"); // We have to decide whether to reassamble the stream. // We turn it on right away if we already have an app-layer diff --git a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h index dd62ede029..5025f0299b 100644 --- a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h +++ b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h @@ -2,6 +2,7 @@ #pragma once +#include "zeek/Tag.h" #include "zeek/analyzer/protocol/tcp/TCP_Endpoint.h" #include "zeek/analyzer/protocol/tcp/TCP_Flags.h" #include "zeek/packet_analysis/Analyzer.h" @@ -42,7 +43,7 @@ public: void AddChildPacketAnalyzer(analyzer::Analyzer* a); Analyzer* FindChild(analyzer::ID id) override; - Analyzer* FindChild(analyzer::Tag tag) override; + Analyzer* FindChild(zeek::Tag tag) override; bool RemoveChildAnalyzer(analyzer::ID id) override; // True if the connection has closed in some sense, false otherwise. diff --git a/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc b/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc index 32338cf89c..99a798fe78 100644 --- a/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc +++ b/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc @@ -17,7 +17,7 @@ enum UDP_EndpointState void UDPSessionAdapter::AddExtraAnalyzers(Connection* conn) { - static analyzer::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE"); + static zeek::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE"); if ( analyzer_mgr->IsEnabled(analyzer_connsize) ) // Add ConnSize analyzer. Needs to see packets, not stream.