Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Remove uses of deprecated Tag types

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-09-29 10:11:17 -07:00
parent 331161138a
commit 8b544d648d
35 changed files with 172 additions and 178 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Conn.cc
View file

@ -286,7 +286,7 @@ analyzer::Analyzer* Connection::FindAnalyzer(analyzer::ID id)
return adapter ? adapter->FindChild(id) : nullptr;
}
analyzer::Analyzer* Connection::FindAnalyzer(const analyzer::Tag& tag)
analyzer::Analyzer* Connection::FindAnalyzer(const zeek::Tag& tag)
{
return adapter ? adapter->FindChild(tag) : nullptr;
}

4
src/Conn.h
View file

@ -11,12 +11,12 @@
#include "zeek/IPAddr.h"
#include "zeek/IntrusivePtr.h"
#include "zeek/Rule.h"
#include "zeek/Tag.h"
#include "zeek/Timer.h"
#include "zeek/UID.h"
#include "zeek/WeirdState.h"
#include "zeek/ZeekArgs.h"
#include "zeek/analyzer/Analyzer.h"
#include "zeek/analyzer/Tag.h"
#include "zeek/iosource/Packet.h"
#include "zeek/session/Session.h"
@ -136,7 +136,7 @@ public:
void FlipRoles();
analyzer::Analyzer* FindAnalyzer(analyzer::ID id);
analyzer::Analyzer* FindAnalyzer(const analyzer::Tag& tag); // find first in tree.
analyzer::Analyzer* FindAnalyzer(const zeek::Tag& tag); // find first in tree.
analyzer::Analyzer* FindAnalyzer(const char* name); // find first in tree.
TransportProto ConnTransport() const { return proto; }

2
src/RuleAction.cc
View file

@ -67,7 +67,7 @@ RuleActionAnalyzer::RuleActionAnalyzer(const char* arg_analyzer)
reporter->Warning("unknown analyzer '%s' specified in rule", arg.c_str());
}
else
child_analyzer = analyzer::Tag();
child_analyzer = zeek::Tag();
}
void RuleActionAnalyzer::PrintDebug()

8
src/RuleAction.h
View file

@ -73,12 +73,12 @@ public:
void PrintDebug() override;
analyzer::Tag Analyzer() const { return analyzer; }
analyzer::Tag ChildAnalyzer() const { return child_analyzer; }
zeek::Tag Analyzer() const { return analyzer; }
zeek::Tag ChildAnalyzer() const { return child_analyzer; }
private:
analyzer::Tag analyzer;
analyzer::Tag child_analyzer;
zeek::Tag analyzer;
zeek::Tag child_analyzer;
};
class RuleActionEnable : public RuleActionAnalyzer

24
src/analyzer/Analyzer.cc
View file

@ -75,7 +75,7 @@ const char* Analyzer::GetAnalyzerName() const
return analyzer_mgr->GetComponentName(tag).c_str();
}
void Analyzer::SetAnalyzerTag(const Tag& arg_tag)
void Analyzer::SetAnalyzerTag(const zeek::Tag& arg_tag)
{
assert(! tag || tag == arg_tag);
tag = arg_tag;
@ -89,7 +89,7 @@ bool Analyzer::IsAnalyzer(const char* name)
Analyzer::Analyzer(const char* name, Connection* conn)
{
Tag tag = analyzer_mgr->GetComponentTag(name);
zeek::Tag tag = analyzer_mgr->GetComponentTag(name);
if ( ! tag )
reporter->InternalError("unknown analyzer name %s; mismatch with tag analyzer::Component?",
@ -98,17 +98,17 @@ Analyzer::Analyzer(const char* name, Connection* conn)
CtorInit(tag, conn);
}
Analyzer::Analyzer(const Tag& tag, Connection* conn)
Analyzer::Analyzer(const zeek::Tag& tag, Connection* conn)
{
CtorInit(tag, conn);
}
Analyzer::Analyzer(Connection* conn)
{
CtorInit(Tag(), conn);
CtorInit(zeek::Tag(), conn);
}
void Analyzer::CtorInit(const Tag& arg_tag, Connection* arg_conn)
void Analyzer::CtorInit(const zeek::Tag& arg_tag, Connection* arg_conn)
{
// Don't Ref conn here to avoid circular ref'ing. It can't be deleted
// before us.
@ -411,7 +411,7 @@ bool Analyzer::AddChildAnalyzer(Analyzer* analyzer, bool init)
return true;
}
Analyzer* Analyzer::AddChildAnalyzer(const Tag& analyzer)
Analyzer* Analyzer::AddChildAnalyzer(const zeek::Tag& analyzer)
{
if ( HasChildAnalyzer(analyzer) )
return nullptr;
@ -466,7 +466,7 @@ bool Analyzer::Remove()
return removing;
}
void Analyzer::PreventChildren(Tag tag)
void Analyzer::PreventChildren(zeek::Tag tag)
{
auto it = std::find(prevented.begin(), prevented.end(), tag);
@ -476,7 +476,7 @@ void Analyzer::PreventChildren(Tag tag)
prevented.emplace_back(tag);
}
bool Analyzer::HasChildAnalyzer(Tag tag)
bool Analyzer::HasChildAnalyzer(zeek::Tag tag)
{
LOOP_OVER_CHILDREN(i)
if ( (*i)->tag == tag )
@ -511,7 +511,7 @@ Analyzer* Analyzer::FindChild(ID arg_id)
return nullptr;
}
Analyzer* Analyzer::FindChild(Tag arg_tag)
Analyzer* Analyzer::FindChild(zeek::Tag arg_tag)
{
if ( tag == arg_tag )
return this;
@ -535,7 +535,7 @@ Analyzer* Analyzer::FindChild(Tag arg_tag)
Analyzer* Analyzer::FindChild(const char* name)
{
Tag tag = analyzer_mgr->GetComponentTag(name);
zeek::Tag tag = analyzer_mgr->GetComponentTag(name);
return tag ? FindChild(tag) : nullptr;
}
@ -607,7 +607,7 @@ void Analyzer::RemoveSupportAnalyzer(SupportAnalyzer* analyzer)
return;
}
bool Analyzer::HasSupportAnalyzer(const Tag& tag, bool orig)
bool Analyzer::HasSupportAnalyzer(const zeek::Tag& tag, bool orig)
{
SupportAnalyzer* s = orig ? orig_supporters : resp_supporters;
for ( ; s; s = s->sibling )
@ -677,7 +677,7 @@ void Analyzer::FlipRoles()
resp_supporters = tmp;
}
void Analyzer::ProtocolConfirmation(Tag arg_tag)
void Analyzer::ProtocolConfirmation(zeek::Tag arg_tag)
{
if ( protocol_confirmed )
return;

24
src/analyzer/Analyzer.h
View file

@ -125,7 +125,7 @@ public:
*
* @param conn The connection the analyzer is associated with.
*/
Analyzer(const Tag& tag, Connection* conn);
Analyzer(const zeek::Tag& tag, Connection* conn);
/**
* Constructor. As this version of the constructor does not receive a
@ -357,7 +357,7 @@ public:
/**
* Returns the tag associated with the analyzer's type.
*/
Tag GetAnalyzerTag() const
zeek::Tag GetAnalyzerTag() const
{
assert(tag);
return tag;
@ -369,7 +369,7 @@ public:
* did not receive a name or tag. The method cannot be used to change
* an existing tag.
*/
void SetAnalyzerTag(const Tag& tag);
void SetAnalyzerTag(const zeek::Tag& tag);
/**
* Returns a textual description of the analyzer's type. This is
@ -405,7 +405,7 @@ public:
* @param tag The type of analyzer to add.
* @return the new analyzer instance that was added.
*/
Analyzer* AddChildAnalyzer(const Tag& tag);
Analyzer* AddChildAnalyzer(const zeek::Tag& tag);
/**
* Removes a child analyzer. It's ok for the analyzer to not to be a
@ -434,14 +434,14 @@ public:
*
* @param tag The type of analyzer to prevent.
*/
void PreventChildren(Tag tag);
void PreventChildren(zeek::Tag tag);
/**
* Returns true if analyzer has a direct child of a given type.
*
* @param tag The type of analyzer to check for.
*/
bool HasChildAnalyzer(Tag tag);
bool HasChildAnalyzer(zeek::Tag tag);
/**
* Recursively searches all (direct or indirect) childs of the
@ -463,7 +463,7 @@ public:
* @return The first analyzer of the given type found, or null if
* none.
*/
virtual Analyzer* FindChild(Tag tag);
virtual Analyzer* FindChild(zeek::Tag tag);
/**
* Recursively searches all (direct or indirect) childs of the
@ -533,7 +533,7 @@ public:
* If tag is given, it overrides the analyzer tag passed to the
* scripting layer; the default is the one of the analyzer itself.
*/
virtual void ProtocolConfirmation(Tag tag = Tag());
virtual void ProtocolConfirmation(zeek::Tag tag = zeek::Tag());
/**
* Signals Bro's protocol detection that the analyzer has found a
@ -667,7 +667,7 @@ protected:
*
* @param orig True if asking about the originator side.
*/
bool HasSupportAnalyzer(const Tag& tag, bool orig);
bool HasSupportAnalyzer(const zeek::Tag& tag, bool orig);
/**
* Returns the first still active support analyzer for the given
@ -711,9 +711,9 @@ private:
analyzer_list::iterator DeleteChild(analyzer_list::iterator i);
// Helper for the ctors.
void CtorInit(const Tag& tag, Connection* conn);
void CtorInit(const zeek::Tag& tag, Connection* conn);
Tag tag;
zeek::Tag tag;
ID id;
Connection* conn;
@ -726,7 +726,7 @@ private:
SupportAnalyzer* resp_supporters;
analyzer_list new_children;
std::vector<Tag> prevented;
std::vector<zeek::Tag> prevented;
bool protocol_confirmed;

2
src/analyzer/Component.cc
View file

@ -10,7 +10,7 @@ namespace zeek::analyzer
{
Component::Component(const std::string& name, factory_callback arg_factory,
Tag::subtype_t arg_subtype, bool arg_enabled, bool arg_partial,
zeek::Tag::subtype_t arg_subtype, bool arg_enabled, bool arg_partial,
bool arg_adapter)
: plugin::Component(
arg_adapter ? plugin::component::SESSION_ADAPTER : plugin::component::ANALYZER, name),

8
src/analyzer/Component.h
View file

@ -4,7 +4,7 @@
#include "zeek/zeek-config.h"
#include "zeek/analyzer/Tag.h"
#include "zeek/Tag.h"
#include "zeek/plugin/Component.h"
#include "zeek/plugin/TaggedComponent.h"
#include "zeek/util.h"
@ -45,8 +45,8 @@ public:
*
* @param subtype A subtype associated with this component that
* further distinguishes it. The subtype will be integrated into
* the analyzer::Tag that the manager associates with this analyzer,
* and analyzer instances can accordingly access it via analyzer::Tag().
* the Tag that the manager associates with this analyzer,
* and analyzer instances can accordingly access it via Tag().
* If not used, leave at zero.
*
* @param enabled If false the analyzer starts out as disabled and
@ -62,7 +62,7 @@ public:
* @param adapter If true, this analyzer is a session adapter from
* the packet analyzer framework.
*/
Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0,
Component(const std::string& name, factory_callback factory, zeek::Tag::subtype_t subtype = 0,
bool enabled = true, bool partial = false, bool adapter = false);
/**

28
src/analyzer/Manager.cc
View file

@ -123,7 +123,7 @@ void Manager::DumpDebug()
void Manager::Done() { }
bool Manager::EnableAnalyzer(const Tag& tag)
bool Manager::EnableAnalyzer(const zeek::Tag& tag)
{
Component* p = Lookup(tag);
@ -149,7 +149,7 @@ bool Manager::EnableAnalyzer(EnumVal* val)
return true;
}
bool Manager::DisableAnalyzer(const Tag& tag)
bool Manager::DisableAnalyzer(const zeek::Tag& tag)
{
Component* p = Lookup(tag);
@ -185,12 +185,12 @@ void Manager::DisableAllAnalyzers()
(*i)->SetEnabled(false);
}
analyzer::Tag Manager::GetAnalyzerTag(const char* name)
zeek::Tag Manager::GetAnalyzerTag(const char* name)
{
return GetComponentTag(name);
}
bool Manager::IsEnabled(const Tag& tag)
bool Manager::IsEnabled(const zeek::Tag& tag)
{
if ( ! tag )
return false;
@ -233,7 +233,7 @@ bool Manager::UnregisterAnalyzerForPort(EnumVal* val, PortVal* port)
return UnregisterAnalyzerForPort(p->Tag(), port->PortType(), port->Port());
}
bool Manager::RegisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port)
bool Manager::RegisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port)
{
if ( initialized )
return RegisterAnalyzerForPort(std::make_tuple(tag, proto, port));
@ -247,7 +247,7 @@ bool Manager::RegisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint
}
}
bool Manager::RegisterAnalyzerForPort(const std::tuple<Tag, TransportProto, uint32_t>& p)
bool Manager::RegisterAnalyzerForPort(const std::tuple<zeek::Tag, TransportProto, uint32_t>& p)
{
const auto& [tag, proto, port] = p;
@ -267,7 +267,7 @@ bool Manager::RegisterAnalyzerForPort(const std::tuple<Tag, TransportProto, uint
return ipba->RegisterAnalyzerForPort(tag, port);
}
bool Manager::UnregisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port)
bool Manager::UnregisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port)
{
if ( auto i = pending_analyzers_for_ports.find(std::make_tuple(tag, proto, port));
i != pending_analyzers_for_ports.end() )
@ -289,7 +289,7 @@ bool Manager::UnregisterAnalyzerForPort(const Tag& tag, TransportProto proto, ui
return ipba->UnregisterAnalyzerForPort(tag, port);
}
Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, Connection* conn)
Analyzer* Manager::InstantiateAnalyzer(const zeek::Tag& tag, Connection* conn)
{
Component* c = Lookup(tag);
@ -324,7 +324,7 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, Connection* conn)
Analyzer* Manager::InstantiateAnalyzer(const char* name, Connection* conn)
{
Tag tag = GetComponentTag(name);
zeek::Tag tag = GetComponentTag(name);
return tag ? InstantiateAnalyzer(tag, conn) : nullptr;
}
@ -367,7 +367,7 @@ void Manager::ExpireScheduledAnalyzers()
}
void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p,
TransportProto proto, const Tag& analyzer, double timeout)
TransportProto proto, const zeek::Tag& analyzer, double timeout)
{
if ( ! run_state::network_time )
{
@ -392,9 +392,9 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t
void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p,
TransportProto proto, const char* analyzer, double timeout)
{
Tag tag = GetComponentTag(analyzer);
zeek::Tag tag = GetComponentTag(analyzer);
if ( tag != Tag() )
if ( tag != zeek::Tag() )
ScheduleAnalyzer(orig, resp, resp_p, proto, tag, timeout);
}
@ -402,8 +402,8 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, PortVal*
Val* analyzer, double timeout)
{
EnumValPtr ev{NewRef{}, analyzer->AsEnumVal()};
return ScheduleAnalyzer(orig, resp, resp_p->Port(), resp_p->PortType(), Tag(std::move(ev)),
timeout);
return ScheduleAnalyzer(orig, resp, resp_p->Port(), resp_p->PortType(),
zeek::Tag(std::move(ev)), timeout);
}
Manager::tag_set Manager::GetScheduled(const Connection* conn)

42
src/analyzer/Manager.h
View file

@ -25,9 +25,9 @@
#include "zeek/Dict.h"
#include "zeek/IP.h"
#include "zeek/Tag.h"
#include "zeek/analyzer/Analyzer.h"
#include "zeek/analyzer/Component.h"
#include "zeek/analyzer/Tag.h"
#include "zeek/analyzer/analyzer.bif.h"
#include "zeek/net_util.h"
#include "zeek/plugin/ComponentManager.h"
@ -50,7 +50,7 @@ namespace analyzer
* Class maintaining and scheduling available protocol analyzers.
*
* The manager maintains a registry of all available protocol analyzers,
* including a mapping between their textual names and analyzer::Tag. It
* including a mapping between their textual names and Tag. It
* instantantiates new analyzers on demand. For new connections, the manager
* sets up their initial analyzer tree, including adding the right \c PIA,
* respecting well-known ports, and tracking any analyzers specifically
@ -95,14 +95,14 @@ public:
*
* @return True if successful.
*/
bool EnableAnalyzer(const Tag& tag);
bool EnableAnalyzer(const zeek::Tag& tag);
/**
* Enables an analyzer type. Only enabled analyzers will be
* instantiated for new connections.
*
* @param tag The analyzer's tag as an enum of script type \c
* Analyzer::Tag.
* Tag.
*
* @return True if successful.
*/
@ -116,14 +116,14 @@ public:
*
* @return True if successful.
*/
bool DisableAnalyzer(const Tag& tag);
bool DisableAnalyzer(const zeek::Tag& tag);
/**
* Disables an analyzer type. Disabled analyzers will not be
* instantiated for new connections.
*
* @param tag The analyzer's tag as an enum of script type \c
* Analyzer::Tag.
* Tag.
*
* @return True if successful.
*/
@ -140,20 +140,20 @@ public:
*
* @param name The canonical analyzer name to check.
*/
Tag GetAnalyzerTag(const char* name);
zeek::Tag GetAnalyzerTag(const char* name);
/**
* Returns true if an analyzer is enabled.
*
* @param tag The analyzer's tag.
*/
bool IsEnabled(const Tag& tag);
bool IsEnabled(const zeek::Tag& tag);
/**
* Returns true if an analyzer is enabled.
*
* @param tag The analyzer's tag as an enum of script type \c
* Analyzer::Tag.
* Tag.
*/
bool IsEnabled(EnumVal* tag);
@ -163,7 +163,7 @@ public:
* assigned.
*
* @param tag The analyzer's tag as an enum of script type \c
* Analyzer::Tag.
* Tag.
*
* @param port The well-known port.
*
@ -184,13 +184,13 @@ public:
*
* @return True if successful.
*/
bool RegisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port);
bool RegisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port);
/**
* Unregisters a well-known port for an anlyzers.
*
* @param tag The analyzer's tag as an enum of script type \c
* Analyzer::Tag.
* Tag.
*
* @param port The well-known port.
*
@ -210,9 +210,9 @@ public:
* @param port The port's number.
*
* @param tag The analyzer's tag as an enum of script type \c
* Analyzer::Tag.
* Tag.
*/
bool UnregisterAnalyzerForPort(const Tag& tag, TransportProto proto, uint32_t port);
bool UnregisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port);
/**
* Instantiates a new analyzer instance for a connection.
@ -226,7 +226,7 @@ public:
* null if tag is invalid, the requested analyzer is disabled, or the
* analyzer can't be instantiated.
*/
Analyzer* InstantiateAnalyzer(const Tag& tag, Connection* c);
Analyzer* InstantiateAnalyzer(const zeek::Tag& tag, Connection* c);
/**
* Instantiates a new analyzer instance for a connection.
@ -263,7 +263,7 @@ public:
* schedule this analyzer. Must be non-zero.
*/
void ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p,
TransportProto proto, const Tag& analyzer, double timeout);
TransportProto proto, const zeek::Tag& analyzer, double timeout);
/**
* Schedules a particular analyzer for an upcoming connection. Once
@ -321,7 +321,7 @@ public:
* @param resp_p The connection's anticipated responder port.
*
* @param analyzer The analyzer to use once the connection is seen as
* an enum value of script-type \c Analyzer::Tag.
* an enum value of script-type \c Tag.
*
* @param timeout An interval after which to timeout the request to
* schedule this analyzer. Must be non-zero.
@ -336,11 +336,11 @@ public:
private:
// Internal version that must be used only once InitPostScript has completed.
bool RegisterAnalyzerForPort(const std::tuple<Tag, TransportProto, uint32_t>& p);
bool RegisterAnalyzerForPort(const std::tuple<zeek::Tag, TransportProto, uint32_t>& p);
friend class packet_analysis::IP::IPBasedAnalyzer;
using tag_set = std::set<Tag>;
using tag_set = std::set<zeek::Tag>;
tag_set GetScheduled(const Connection* conn);
void ExpireScheduledAnalyzers();
@ -365,7 +365,7 @@ private:
struct ScheduledAnalyzer
{
ConnIndex conn;
Tag analyzer;
zeek::Tag analyzer;
double timeout;
struct Comparator
@ -377,7 +377,7 @@ private:
};
};
using protocol_analyzers = std::set<std::tuple<Tag, TransportProto, uint32_t>>;
using protocol_analyzers = std::set<std::tuple<zeek::Tag, TransportProto, uint32_t>>;
using conns_map = std::multimap<ConnIndex, ScheduledAnalyzer*>;
using conns_queue = std::priority_queue<ScheduledAnalyzer*, std::vector<ScheduledAnalyzer*>,
ScheduledAnalyzer::Comparator>;

2
src/analyzer/analyzer.bif
View file

@ -46,6 +46,6 @@ function __name%(atype: Analyzer::Tag%) : string
function __tag%(name: string%) : Analyzer::Tag
%{
analyzer::Tag t = zeek::analyzer_mgr->GetComponentTag(name->CheckString());
zeek::Tag t = zeek::analyzer_mgr->GetComponentTag(name->CheckString());
return t.AsVal();
%}

8
src/analyzer/protocol/pia/PIA.cc
View file

@ -147,7 +147,7 @@ void PIA::DoMatch(const u_char* data, int len, bool is_orig, bool bol, bool eol,
clear_state);
}
void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule)
void PIA_UDP::ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule)
{
if ( pkt_buffer.state == MATCHING_ONLY )
{
@ -181,7 +181,7 @@ void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule
ReplayPacketBuffer(a);
}
void PIA_UDP::DeactivateAnalyzer(analyzer::Tag tag)
void PIA_UDP::DeactivateAnalyzer(zeek::Tag tag)
{
reporter->InternalError("PIA_UDP::Deact not implemented yet");
}
@ -307,7 +307,7 @@ void PIA_TCP::Undelivered(uint64_t seq, int len, bool is_orig)
}
}
void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule)
void PIA_TCP::ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule)
{
if ( stream_buffer.state == MATCHING_ONLY )
{
@ -429,7 +429,7 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule
tcp->SetReassembler(reass_orig, reass_resp);
}
void PIA_TCP::DeactivateAnalyzer(analyzer::Tag tag)
void PIA_TCP::DeactivateAnalyzer(zeek::Tag tag)
{
reporter->InternalError("PIA_TCP::Deact not implemented yet");
}

12
src/analyzer/protocol/pia/PIA.h
View file

@ -29,10 +29,10 @@ public:
// Called when PIA wants to put an Analyzer in charge. rule is the
// signature that triggered the activitation, if any.
virtual void ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule = nullptr) = 0;
virtual void ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule = nullptr) = 0;
// Called when PIA wants to remove an Analyzer.
virtual void DeactivateAnalyzer(analyzer::Tag tag) = 0;
virtual void DeactivateAnalyzer(zeek::Tag tag) = 0;
void Match(zeek::detail::Rule::PatternType type, const u_char* data, int len, bool is_orig,
bool bol, bool eol, bool clear_state);
@ -129,8 +129,8 @@ protected:
PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen, true);
}
void ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule) override;
void DeactivateAnalyzer(analyzer::Tag tag) override;
void ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule) override;
void DeactivateAnalyzer(zeek::Tag tag) override;
};
// PIA for TCP. Accepts both packet and stream input (and reassembles
@ -180,8 +180,8 @@ protected:
void DeliverStream(int len, const u_char* data, bool is_orig) override;
void Undelivered(uint64_t seq, int len, bool is_orig) override;
void ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule = nullptr) override;
void DeactivateAnalyzer(analyzer::Tag tag) override;
void ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule = nullptr) override;
void DeactivateAnalyzer(zeek::Tag tag) override;
private:
// FIXME: Not sure yet whether we need both pkt_buffer and stream_buffer.

4
src/file_analysis/Analyzer.cc
View file

@ -15,13 +15,13 @@ Analyzer::~Analyzer()
DBG_LOG(DBG_FILE_ANALYSIS, "Destroy file analyzer %s", file_mgr->GetComponentName(tag).c_str());
}
void Analyzer::SetAnalyzerTag(const file_analysis::Tag& arg_tag)
void Analyzer::SetAnalyzerTag(const zeek::Tag& arg_tag)
{
assert(! tag || tag == arg_tag);
tag = arg_tag;
}
Analyzer::Analyzer(file_analysis::Tag arg_tag, RecordValPtr arg_args, File* arg_file)
Analyzer::Analyzer(zeek::Tag arg_tag, RecordValPtr arg_args, File* arg_file)
: tag(arg_tag), args(std::move(arg_args)), file(arg_file), got_stream_delivery(false),
skip(false)
{

10
src/file_analysis/Analyzer.h
View file

@ -4,7 +4,7 @@
#include <sys/types.h> // for u_char
#include "zeek/file_analysis/Tag.h"
#include "zeek/Tag.h"
namespace zeek
{
@ -81,7 +81,7 @@ public:
/**
* @return the analyzer type enum value.
*/
file_analysis::Tag Tag() const { return tag; }
zeek::Tag Tag() const { return tag; }
/**
* Returns the analyzer instance's internal ID. These IDs are unique
@ -106,7 +106,7 @@ public:
* did not receive a name or tag. The method cannot be used to change
* an existing tag.
*/
void SetAnalyzerTag(const file_analysis::Tag& tag);
void SetAnalyzerTag(const zeek::Tag& tag);
/**
* @return true if the analyzer has ever seen a stream-wise delivery.
@ -141,7 +141,7 @@ protected:
* tunable options, if any, related to a particular analyzer type.
* @param arg_file the file to which the the analyzer is being attached.
*/
Analyzer(file_analysis::Tag arg_tag, RecordValPtr arg_args, File* arg_file);
Analyzer(zeek::Tag arg_tag, RecordValPtr arg_args, File* arg_file);
/**
* Constructor. Only derived classes are meant to be instantiated.
@ -156,7 +156,7 @@ protected:
private:
ID id; /**< Unique instance ID. */
file_analysis::Tag tag; /**< The particular type of the analyzer instance. */
zeek::Tag tag; /**< The particular type of the analyzer instance. */
RecordValPtr args; /**< \c AnalyzerArgs val gives tunable analyzer params. */
File* file; /**< The file to which the analyzer is attached. */
bool got_stream_delivery;

14
src/file_analysis/AnalyzerSet.cc
View file

@ -42,14 +42,14 @@ AnalyzerSet::~AnalyzerSet()
delete analyzer_hash;
}
Analyzer* AnalyzerSet::Find(const file_analysis::Tag& tag, RecordValPtr args)
Analyzer* AnalyzerSet::Find(const zeek::Tag& tag, RecordValPtr args)
{
auto key = GetKey(tag, std::move(args));
Analyzer* rval = analyzer_map.Lookup(key.get());
return rval;
}
bool AnalyzerSet::Add(const file_analysis::Tag& tag, RecordValPtr args)
bool AnalyzerSet::Add(const zeek::Tag& tag, RecordValPtr args)
{
auto key = GetKey(tag, args);
@ -71,7 +71,7 @@ bool AnalyzerSet::Add(const file_analysis::Tag& tag, RecordValPtr args)
return true;
}
Analyzer* AnalyzerSet::QueueAdd(const file_analysis::Tag& tag, RecordValPtr args)
Analyzer* AnalyzerSet::QueueAdd(const zeek::Tag& tag, RecordValPtr args)
{
auto key = GetKey(tag, args);
file_analysis::Analyzer* a = InstantiateAnalyzer(tag, std::move(args));
@ -105,12 +105,12 @@ void AnalyzerSet::AddMod::Abort()
delete a;
}
bool AnalyzerSet::Remove(const file_analysis::Tag& tag, RecordValPtr args)
bool AnalyzerSet::Remove(const zeek::Tag& tag, RecordValPtr args)
{
return Remove(tag, GetKey(tag, std::move(args)));
}
bool AnalyzerSet::Remove(const file_analysis::Tag& tag, std::unique_ptr<zeek::detail::HashKey> key)
bool AnalyzerSet::Remove(const zeek::Tag& tag, std::unique_ptr<zeek::detail::HashKey> key)
{
auto a = (file_analysis::Analyzer*)analyzer_map.Remove(key.get());
@ -134,7 +134,7 @@ bool AnalyzerSet::Remove(const file_analysis::Tag& tag, std::unique_ptr<zeek::de
return true;
}
bool AnalyzerSet::QueueRemove(const file_analysis::Tag& tag, RecordValPtr args)
bool AnalyzerSet::QueueRemove(const zeek::Tag& tag, RecordValPtr args)
{
auto key = GetKey(tag, std::move(args));
auto rval = analyzer_map.Lookup(key.get());
@ -147,7 +147,7 @@ bool AnalyzerSet::RemoveMod::Perform(AnalyzerSet* set)
return set->Remove(tag, std::move(key));
}
std::unique_ptr<zeek::detail::HashKey> AnalyzerSet::GetKey(const file_analysis::Tag& t,
std::unique_ptr<zeek::detail::HashKey> AnalyzerSet::GetKey(const zeek::Tag& t,
RecordValPtr args) const
{
auto lv = make_intrusive<ListVal>(TYPE_ANY);

24
src/file_analysis/AnalyzerSet.h
View file

@ -6,7 +6,7 @@
#include <queue>
#include "zeek/Dict.h"
#include "zeek/file_analysis/Tag.h"
#include "zeek/Tag.h"
namespace zeek
{
@ -55,7 +55,7 @@ public:
* @param args an \c AnalyzerArgs record.
* @return pointer to an analyzer instance, or a null pointer if not found.
*/
Analyzer* Find(const file_analysis::Tag& tag, RecordValPtr args);
Analyzer* Find(const zeek::Tag& tag, RecordValPtr args);
/**
* Attach an analyzer to #file immediately.
@ -63,7 +63,7 @@ public:
* @param args an \c AnalyzerArgs value which specifies an analyzer.
* @return true if analyzer was instantiated/attached, else false.
*/
bool Add(const file_analysis::Tag& tag, RecordValPtr args);
bool Add(const zeek::Tag& tag, RecordValPtr args);
/**
* Queue the attachment of an analyzer to #file.
@ -72,7 +72,7 @@ public:
* @return if successful, a pointer to a newly instantiated analyzer else
* a null pointer. The caller does *not* take ownership of the memory.
*/
file_analysis::Analyzer* QueueAdd(const file_analysis::Tag& tag, RecordValPtr args);
file_analysis::Analyzer* QueueAdd(const zeek::Tag& tag, RecordValPtr args);
/**
* Remove an analyzer from #file immediately.
@ -80,7 +80,7 @@ public:
* @param args an \c AnalyzerArgs value which specifies an analyzer.
* @return false if analyzer didn't exist and so wasn't removed, else true.
*/
bool Remove(const file_analysis::Tag& tag, RecordValPtr args);
bool Remove(const zeek::Tag& tag, RecordValPtr args);
/**
* Queue the removal of an analyzer from #file.
@ -88,7 +88,7 @@ public:
* @param args an \c AnalyzerArgs value which specifies an analyzer.
* @return true if analyzer exists at time of call, else false;
*/
bool QueueRemove(const file_analysis::Tag& tag, RecordValPtr args);
bool QueueRemove(const zeek::Tag& tag, RecordValPtr args);
/**
* Perform all queued modifications to the current analyzer set.
@ -146,8 +146,7 @@ protected:
* @param args an \c AnalyzerArgs value which specifies an analyzer.
* @return the hash key calculated from \a args
*/
std::unique_ptr<zeek::detail::HashKey> GetKey(const file_analysis::Tag& tag,
RecordValPtr args) const;
std::unique_ptr<zeek::detail::HashKey> GetKey(const zeek::Tag& tag, RecordValPtr args) const;
/**
* Create an instance of a file analyzer.
@ -155,8 +154,7 @@ protected:
* @param args an \c AnalyzerArgs value which specifies an analyzer.
* @return a new file analyzer instance.
*/
file_analysis::Analyzer* InstantiateAnalyzer(const file_analysis::Tag& tag,
RecordValPtr args) const;
file_analysis::Analyzer* InstantiateAnalyzer(const zeek::Tag& tag, RecordValPtr args) const;
/**
* Insert an analyzer instance in to the set.
@ -171,7 +169,7 @@ protected:
* just used for debugging messages.
* @param key the hash key which represents the analyzer's \c AnalyzerArgs.
*/
bool Remove(const file_analysis::Tag& tag, std::unique_ptr<zeek::detail::HashKey> key);
bool Remove(const zeek::Tag& tag, std::unique_ptr<zeek::detail::HashKey> key);
private:
File* file; /**< File which owns the set */
@ -234,7 +232,7 @@ private:
* @param arg_a an analyzer instance to add to an analyzer set.
* @param arg_key hash key representing the analyzer's \c AnalyzerArgs.
*/
RemoveMod(const file_analysis::Tag& arg_tag, std::unique_ptr<zeek::detail::HashKey> arg_key)
RemoveMod(const zeek::Tag& arg_tag, std::unique_ptr<zeek::detail::HashKey> arg_key)
: Modification(), tag(arg_tag), key(std::move(arg_key))
{
}
@ -243,7 +241,7 @@ private:
void Abort() override { }
protected:
file_analysis::Tag tag;
zeek::Tag tag;
std::unique_ptr<zeek::detail::HashKey> key;
};

8
src/file_analysis/Component.h
View file

@ -4,7 +4,7 @@
#include "zeek/zeek-config.h"
#include "zeek/file_analysis/Tag.h"
#include "zeek/Tag.h"
#include "zeek/plugin/Component.h"
#include "zeek/plugin/TaggedComponent.h"
@ -47,15 +47,15 @@ public:
*
* @param subtype A subtype associated with this component that
* further distinguishes it. The subtype will be integrated into the
* analyzer::Tag that the manager associates with this analyzer, and
* analyzer instances can accordingly access it via analyzer::Tag().
* Tag that the manager associates with this analyzer, and
* analyzer instances can accordingly access it via Tag().
* If not used, leave at zero.
*
* @param enabled If false the analyzer starts out as disabled and
* hence won't be used. It can still be enabled later via the
* manager, including from script-land.
*/
Component(const std::string& name, factory_function factory, Tag::subtype_t subtype = 0,
Component(const std::string& name, factory_function factory, zeek::Tag::subtype_t subtype = 0,
bool enabled = true);
/**

6
src/file_analysis/File.cc
View file

@ -79,7 +79,7 @@ void File::StaticInit()
}
File::File(const std::string& file_id, const std::string& source_name, Connection* conn,
analyzer::Tag tag, bool is_orig)
zeek::Tag tag, bool is_orig)
: id(file_id), val(nullptr), file_reassembler(nullptr), stream_offset(0),
reassembly_max_buffer(0), did_metadata_inference(false), reassembly_enabled(false),
postpone_timeout(false), done(false), analyzers(this)
@ -246,7 +246,7 @@ void File::ScheduleInactivityTimer() const
new detail::FileTimer(run_state::network_time, id, GetTimeoutInterval()));
}
bool File::AddAnalyzer(file_analysis::Tag tag, RecordValPtr args)
bool File::AddAnalyzer(zeek::Tag tag, RecordValPtr args)
{
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Queuing addition of %s analyzer", id.c_str(),
file_mgr->GetComponentName(tag).c_str());
@ -257,7 +257,7 @@ bool File::AddAnalyzer(file_analysis::Tag tag, RecordValPtr args)
return analyzers.QueueAdd(tag, std::move(args)) != nullptr;
}
bool File::RemoveAnalyzer(file_analysis::Tag tag, RecordValPtr args)
bool File::RemoveAnalyzer(zeek::Tag tag, RecordValPtr args)
{
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Queuing remove of %s analyzer", id.c_str(),
file_mgr->GetComponentName(tag).c_str());

6
src/file_analysis/File.h
View file

@ -119,7 +119,7 @@ public:
* @param args an \c AnalyzerArgs value representing a file analyzer.
* @return false if analyzer can't be instantiated, else true.
*/
bool AddAnalyzer(file_analysis::Tag tag, RecordValPtr args);
bool AddAnalyzer(zeek::Tag tag, RecordValPtr args);
/**
* Queues removal of an analyzer.
@ -127,7 +127,7 @@ public:
* @param args an \c AnalyzerArgs value representing a file analyzer.
* @return true if analyzer was active at time of call, else false.
*/
bool RemoveAnalyzer(file_analysis::Tag tag, RecordValPtr args);
bool RemoveAnalyzer(zeek::Tag tag, RecordValPtr args);
/**
* Signal that this analyzer can be deleted once it's safe to do so.
@ -223,7 +223,7 @@ protected:
* direction.
*/
File(const std::string& file_id, const std::string& source_name, Connection* conn = nullptr,
analyzer::Tag tag = analyzer::Tag::Error, bool is_orig = false);
zeek::Tag tag = zeek::Tag::Error, bool is_orig = false);
/**
* Updates the "conn_ids" and "conn_uids" fields in #val record with the

30
src/file_analysis/Manager.cc
View file

@ -87,7 +87,7 @@ void Manager::SetHandle(const string& handle)
current_file_id = HashHandle(handle);
}
string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const analyzer::Tag& tag,
string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const zeek::Tag& tag,
Connection* conn, bool is_orig, const string& precomputed_id,
const string& mime_type)
{
@ -117,7 +117,7 @@ string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const
return id;
}
string Manager::DataIn(const u_char* data, uint64_t len, const analyzer::Tag& tag, Connection* conn,
string Manager::DataIn(const u_char* data, uint64_t len, const zeek::Tag& tag, Connection* conn,
bool is_orig, const string& precomputed_id, const string& mime_type)
{
string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id;
@ -145,7 +145,7 @@ string Manager::DataIn(const u_char* data, uint64_t len, const analyzer::Tag& ta
void Manager::DataIn(const u_char* data, uint64_t len, const string& file_id, const string& source,
const string& mime_type)
{
File* file = GetFile(file_id, nullptr, analyzer::Tag::Error, false, false, source.c_str());
File* file = GetFile(file_id, nullptr, zeek::Tag::Error, false, false, source.c_str());
if ( ! file )
return;
@ -162,7 +162,7 @@ void Manager::DataIn(const u_char* data, uint64_t len, const string& file_id, co
void Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const string& file_id,
const string& source, const string& mime_type)
{
File* file = GetFile(file_id, nullptr, analyzer::Tag::Error, false, false, source.c_str());
File* file = GetFile(file_id, nullptr, zeek::Tag::Error, false, false, source.c_str());
if ( ! file )
return;
@ -176,13 +176,13 @@ void Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, const st
RemoveFile(file->GetID());
}
void Manager::EndOfFile(const analyzer::Tag& tag, Connection* conn)
void Manager::EndOfFile(const zeek::Tag& tag, Connection* conn)
{
EndOfFile(tag, conn, true);
EndOfFile(tag, conn, false);
}
void Manager::EndOfFile(const analyzer::Tag& tag, Connection* conn, bool is_orig)
void Manager::EndOfFile(const zeek::Tag& tag, Connection* conn, bool is_orig)
{
// Don't need to create a file if we're just going to remove it right away.
RemoveFile(GetFileID(tag, conn, is_orig));
@ -193,7 +193,7 @@ void Manager::EndOfFile(const string& file_id)
RemoveFile(file_id);
}
string Manager::Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, Connection* conn,
string Manager::Gap(uint64_t offset, uint64_t len, const zeek::Tag& tag, Connection* conn,
bool is_orig, const string& precomputed_id)
{
string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id;
@ -206,7 +206,7 @@ string Manager::Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, Con
return id;
}
string Manager::SetSize(uint64_t size, const analyzer::Tag& tag, Connection* conn, bool is_orig,
string Manager::SetSize(uint64_t size, const zeek::Tag& tag, Connection* conn, bool is_orig,
const string& precomputed_id)
{
string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id;
@ -283,8 +283,7 @@ bool Manager::SetExtractionLimit(const string& file_id, RecordValPtr args, uint6
return file->SetExtractionLimit(std::move(args), n);
}
bool Manager::AddAnalyzer(const string& file_id, const file_analysis::Tag& tag,
RecordValPtr args) const
bool Manager::AddAnalyzer(const string& file_id, const zeek::Tag& tag, RecordValPtr args) const
{
File* file = LookupFile(file_id);
@ -294,8 +293,7 @@ bool Manager::AddAnalyzer(const string& file_id, const file_analysis::Tag& tag,
return file->AddAnalyzer(tag, std::move(args));
}
bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& tag,
RecordValPtr args) const
bool Manager::RemoveAnalyzer(const string& file_id, const zeek::Tag& tag, RecordValPtr args) const
{
File* file = LookupFile(file_id);
@ -305,8 +303,8 @@ bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& ta
return file->RemoveAnalyzer(tag, std::move(args));
}
File* Manager::GetFile(const string& file_id, Connection* conn, const analyzer::Tag& tag,
bool is_orig, bool update_conn, const char* source_name)
File* Manager::GetFile(const string& file_id, Connection* conn, const zeek::Tag& tag, bool is_orig,
bool update_conn, const char* source_name)
{
if ( file_id.empty() )
return nullptr;
@ -417,7 +415,7 @@ bool Manager::IsIgnored(const string& file_id)
return ignored.find(file_id) != ignored.end();
}
string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig)
string Manager::GetFileID(const zeek::Tag& tag, Connection* c, bool is_orig)
{
current_file_id.clear();
@ -437,7 +435,7 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig)
return current_file_id;
}
bool Manager::IsDisabled(const analyzer::Tag& tag)
bool Manager::IsDisabled(const zeek::Tag& tag)
{
if ( ! disabled )
disabled = id::find_const("Files::disable")->AsTableVal();

26
src/file_analysis/Manager.h
View file

@ -8,7 +8,7 @@
#include "zeek/RuleMatcher.h"
#include "zeek/RunState.h"
#include "zeek/analyzer/Tag.h"
#include "zeek/Tag.h"
#include "zeek/file_analysis/Component.h"
#include "zeek/file_analysis/FileTimer.h"
#include "zeek/plugin/ComponentManager.h"
@ -110,7 +110,7 @@ public:
* the \c get_file_handle script-layer event). An empty string
* indicates the associate file is not going to be analyzed further.
*/
std::string DataIn(const u_char* data, uint64_t len, uint64_t offset, const analyzer::Tag& tag,
std::string DataIn(const u_char* data, uint64_t len, uint64_t offset, const zeek::Tag& tag,
Connection* conn, bool is_orig, const std::string& precomputed_file_id = "",
const std::string& mime_type = "");
@ -136,7 +136,7 @@ public:
* the \c get_file_handle script-layer event). An empty string
* indicates the associated file is not going to be analyzed further.
*/
std::string DataIn(const u_char* data, uint64_t len, const analyzer::Tag& tag, Connection* conn,
std::string DataIn(const u_char* data, uint64_t len, const zeek::Tag& tag, Connection* conn,
bool is_orig, const std::string& precomputed_file_id = "",
const std::string& mime_type = "");
@ -183,7 +183,7 @@ public:
* @param tag network protocol over which the file data is transferred.
* @param conn network connection over which the file data is transferred.
*/
void EndOfFile(const analyzer::Tag& tag, Connection* conn);
void EndOfFile(const zeek::Tag& tag, Connection* conn);
/**
* Signal the end of file data being transferred over a connection in
@ -191,7 +191,7 @@ public:
* @param tag network protocol over which the file data is transferred.
* @param conn network connection over which the file data is transferred.
*/
void EndOfFile(const analyzer::Tag& tag, Connection* conn, bool is_orig);
void EndOfFile(const zeek::Tag& tag, Connection* conn, bool is_orig);
/**
* Signal the end of file data being transferred using the file identifier.
@ -215,7 +215,7 @@ public:
* the \c get_file_handle script-layer event). An empty string
* indicates the associate file is not going to be analyzed further.
*/
std::string Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, Connection* conn,
std::string Gap(uint64_t offset, uint64_t len, const zeek::Tag& tag, Connection* conn,
bool is_orig, const std::string& precomputed_file_id = "");
/**
@ -233,7 +233,7 @@ public:
* the \c get_file_handle script-layer event). An empty string
* indicates the associate file is not going to be analyzed further.
*/
std::string SetSize(uint64_t size, const analyzer::Tag& tag, Connection* conn, bool is_orig,
std::string SetSize(uint64_t size, const zeek::Tag& tag, Connection* conn, bool is_orig,
const std::string& precomputed_file_id = "");
/**
@ -298,8 +298,7 @@ public:
* @param args a \c AnalyzerArgs value which describes a file analyzer.
* @return false if the analyzer failed to be instantiated, else true.
*/
bool AddAnalyzer(const std::string& file_id, const file_analysis::Tag& tag,
RecordValPtr args) const;
bool AddAnalyzer(const std::string& file_id, const zeek::Tag& tag, RecordValPtr args) const;
/**
* Queue removal of an analyzer for a given file identifier.
@ -308,8 +307,7 @@ public:
* @param args a \c AnalyzerArgs value which describes a file analyzer.
* @return true if the analyzer is active at the time of call, else false.
*/
bool RemoveAnalyzer(const std::string& file_id, const file_analysis::Tag& tag,
RecordValPtr args) const;
bool RemoveAnalyzer(const std::string& file_id, const zeek::Tag& tag, RecordValPtr args) const;
/**
* Tells whether analysis for a file is active or ignored.
@ -379,7 +377,7 @@ protected:
* connection-related fields.
*/
File* GetFile(const std::string& file_id, Connection* conn = nullptr,
const analyzer::Tag& tag = analyzer::Tag::Error, bool is_orig = false,
const zeek::Tag& tag = zeek::Tag::Error, bool is_orig = false,
bool update_conn = true, const char* source_name = nullptr);
/**
@ -409,7 +407,7 @@ protected:
* @return #current_file_id, which is a hash of a unique file handle string
* set by a \c get_file_handle event handler.
*/
std::string GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig);
std::string GetFileID(const zeek::Tag& tag, Connection* c, bool is_orig);
/**
* Check if analysis is available for files transferred over a given
@ -419,7 +417,7 @@ protected:
* @return whether file analysis is disabled for the analyzer given by
* \a tag.
*/
static bool IsDisabled(const analyzer::Tag& tag);
static bool IsDisabled(const zeek::Tag& tag);
private:
using TagSet = std::set<Tag>;

2
src/file_analysis/analyzer/x509/X509Common.cc
View file

@ -17,7 +17,7 @@
namespace zeek::file_analysis::detail
{
X509Common::X509Common(const file_analysis::Tag& arg_tag, RecordValPtr arg_args,
X509Common::X509Common(const zeek::Tag& arg_tag, RecordValPtr arg_args,
file_analysis::File* arg_file)
: file_analysis::Analyzer(arg_tag, std::move(arg_args), arg_file)
{

3
src/file_analysis/analyzer/x509/X509Common.h
View file

@ -49,8 +49,7 @@ public:
Reporter* reporter);
protected:
X509Common(const file_analysis::Tag& arg_tag, RecordValPtr arg_args,
file_analysis::File* arg_file);
X509Common(const zeek::Tag& arg_tag, RecordValPtr arg_args, file_analysis::File* arg_file);
void ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bool global);
void ParseSignedCertificateTimestamps(X509_EXTENSION* ext);

2
src/input/Component.h
View file

@ -2,7 +2,7 @@
#pragma once
#include "zeek/input/Tag.h"
#include "zeek/Tag.h"
#include "zeek/plugin/Component.h"
#include "zeek/plugin/TaggedComponent.h"

2
src/logging/Component.h
View file

@ -2,7 +2,7 @@
#pragma once
#include "zeek/logging/Tag.h"
#include "zeek/Tag.h"
#include "zeek/plugin/Component.h"
#include "zeek/plugin/TaggedComponent.h"

10
src/packet_analysis/Analyzer.h
View file

@ -1,9 +1,9 @@
// See the file "COPYING" in the main distribution directory for copyright.
#pragma once
#include "zeek/Tag.h"
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Manager.h"
#include "zeek/packet_analysis/Tag.h"
namespace zeek::packet_analysis
{
@ -31,7 +31,7 @@ public:
* @param tag The tag for the type of analyzer. The tag must map to
* the name the corresponding Component registers.
*/
explicit Analyzer(const Tag& tag);
explicit Analyzer(const zeek::Tag& tag);
/**
* Destructor.
@ -50,7 +50,7 @@ public:
/**
* Returns the tag associated with the analyzer's type.
*/
const Tag GetAnalyzerTag() const;
const zeek::Tag GetAnalyzerTag() const;
/**
* Returns a textual description of the analyzer's type. This is
@ -165,7 +165,7 @@ protected:
void Weird(const char* name, Packet* packet = nullptr, const char* addl = "") const;
private:
Tag tag;
zeek::Tag tag;
Dispatcher dispatcher;
AnalyzerPtr default_analyzer = nullptr;
@ -174,7 +174,7 @@ private:
*/
bool report_unknown_protocols = true;
void Init(const Tag& tag);
void Init(const zeek::Tag& tag);
};
using AnalyzerPtr = std::shared_ptr<Analyzer>;

4
src/packet_analysis/Component.h
View file

@ -6,7 +6,7 @@
#include <functional>
#include "zeek/packet_analysis/Tag.h"
#include "zeek/Tag.h"
#include "zeek/plugin/Component.h"
#include "zeek/plugin/TaggedComponent.h"
#include "zeek/util.h"
@ -22,7 +22,7 @@ class Component : public plugin::Component, public plugin::TaggedComponent
public:
using factory_callback = std::function<AnalyzerPtr()>;
Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0);
Component(const std::string& name, factory_callback factory, zeek::Tag::subtype_t subtype = 0);
~Component() override = default;
/**

4
src/packet_analysis/Manager.h
View file

@ -4,10 +4,10 @@
#include "zeek/Func.h"
#include "zeek/PacketFilter.h"
#include "zeek/Tag.h"
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Component.h"
#include "zeek/packet_analysis/Dispatcher.h"
#include "zeek/packet_analysis/Tag.h"
#include "zeek/plugin/ComponentManager.h"
namespace zeek
@ -151,7 +151,7 @@ private:
* @return The new analyzer instance. Returns null if tag is invalid, the
* requested analyzer is disabled, or the analyzer can't be instantiated.
*/
AnalyzerPtr InstantiateAnalyzer(const Tag& tag);
AnalyzerPtr InstantiateAnalyzer(const zeek::Tag& tag);
/**
* Instantiates a new analyzer.

2
src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc
View file

@ -16,7 +16,7 @@ enum ICMP_EndpointState
void ICMPSessionAdapter::AddExtraAnalyzers(Connection* conn)
{
static analyzer::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
static zeek::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
if ( analyzer_mgr->IsEnabled(analyzer_connsize) )
// Add ConnSize analyzer. Needs to see packets, not stream.

6
src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc
View file

@ -196,7 +196,7 @@ void IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn)
if ( ! analyzers_by_port.empty() && ! zeek::detail::dpd_ignore_ports )
{
int resp_port = ntohs(conn->RespPort());
std::set<analyzer::Tag>* ports = LookupPort(resp_port, false);
std::set<zeek::Tag>* ports = LookupPort(resp_port, false);
if ( ports )
{
@ -227,7 +227,7 @@ void IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn)
PLUGIN_HOOK_VOID(HOOK_SETUP_ANALYZER_TREE, HookSetupAnalyzerTree(conn));
}
bool IPBasedAnalyzer::RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port)
bool IPBasedAnalyzer::RegisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port)
{
tag_set* l = LookupPort(port, true);
@ -243,7 +243,7 @@ bool IPBasedAnalyzer::RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t
return true;
}
bool IPBasedAnalyzer::UnregisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port)
bool IPBasedAnalyzer::UnregisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port)
{
tag_set* l = LookupPort(port, true);

10
src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
View file

@ -6,7 +6,7 @@
#include <set>
#include "zeek/ID.h"
#include "zeek/analyzer/Tag.h"
#include "zeek/Tag.h"
#include "zeek/packet_analysis/Analyzer.h"
namespace zeek::analyzer::pia
@ -49,7 +49,7 @@ public:
* @param port The port's number.
* @return True if successful.
*/
bool RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port);
bool RegisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port);
/**
* Unregisters a well-known port for an analyzer.
@ -57,9 +57,9 @@ public:
* @param tag The analyzer's tag.
* @param port The port's number.
* @param tag The analyzer's tag as an enum of script type \c
* Analyzer::Tag.
* Tag.
*/
bool UnregisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port);
bool UnregisterAnalyzerForPort(const zeek::Tag& tag, uint32_t port);
/**
* Dumps information about the registered session analyzers per port.
@ -180,7 +180,7 @@ private:
// While this is storing session analyzer tags, we store it here since packet analyzers
// are persitent objects. We can't do this in the adapters because those get created
// and destroyed for each connection.
using tag_set = std::set<analyzer::Tag>;
using tag_set = std::set<zeek::Tag>;
using analyzer_map_by_port = std::map<uint32_t, tag_set*>;
analyzer_map_by_port analyzers_by_port;

6
src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc
View file

@ -724,7 +724,7 @@ analyzer::Analyzer* TCPSessionAdapter::FindChild(analyzer::ID arg_id)
return nullptr;
}
analyzer::Analyzer* TCPSessionAdapter::FindChild(analyzer::Tag arg_tag)
analyzer::Analyzer* TCPSessionAdapter::FindChild(zeek::Tag arg_tag)
{
analyzer::Analyzer* child = packet_analysis::IP::SessionAdapter::FindChild(arg_tag);
@ -1599,8 +1599,8 @@ bool TCPSessionAdapter::IsReuse(double t, const u_char* pkt)
void TCPSessionAdapter::AddExtraAnalyzers(Connection* conn)
{
static analyzer::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
static analyzer::Tag analyzer_tcpstats = analyzer_mgr->GetComponentTag("TCPSTATS");
static zeek::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
static zeek::Tag analyzer_tcpstats = analyzer_mgr->GetComponentTag("TCPSTATS");
// We have to decide whether to reassamble the stream.
// We turn it on right away if we already have an app-layer

3
src/packet_analysis/protocol/tcp/TCPSessionAdapter.h
View file

@ -2,6 +2,7 @@
#pragma once
#include "zeek/Tag.h"
#include "zeek/analyzer/protocol/tcp/TCP_Endpoint.h"
#include "zeek/analyzer/protocol/tcp/TCP_Flags.h"
#include "zeek/packet_analysis/Analyzer.h"
@ -42,7 +43,7 @@ public:
void AddChildPacketAnalyzer(analyzer::Analyzer* a);
Analyzer* FindChild(analyzer::ID id) override;
Analyzer* FindChild(analyzer::Tag tag) override;
Analyzer* FindChild(zeek::Tag tag) override;
bool RemoveChildAnalyzer(analyzer::ID id) override;
// True if the connection has closed in some sense, false otherwise.

2
src/packet_analysis/protocol/udp/UDPSessionAdapter.cc
View file

@ -17,7 +17,7 @@ enum UDP_EndpointState
void UDPSessionAdapter::AddExtraAnalyzers(Connection* conn)
{
static analyzer::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
static zeek::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
if ( analyzer_mgr->IsEnabled(analyzer_connsize) )
// Add ConnSize analyzer. Needs to see packets, not stream.