diff --git a/src/Anon.cc b/src/Anon.cc index a2afc489ca..de225e95a8 100644 --- a/src/Anon.cc +++ b/src/Anon.cc @@ -415,10 +415,10 @@ void log_anonymization_mapping(ipaddr32_t input, ipaddr32_t output) { if ( anonymization_mapping ) { - val_list* vl = new val_list; - vl->append(new AddrVal(input)); - vl->append(new AddrVal(output)); - mgr.QueueEvent(anonymization_mapping, vl); + mgr.QueueEvent(anonymization_mapping, { + new AddrVal(input), + new AddrVal(output) + }); } } diff --git a/src/Attr.cc b/src/Attr.cc index 47ea7d4f06..0e6db9c068 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -141,7 +141,7 @@ Attributes::~Attributes() void Attributes::AddAttr(Attr* attr) { if ( ! attrs ) - attrs = new attr_list; + attrs = new attr_list(1); if ( ! attr->RedundantAttrOkay() ) // We overwrite old attributes by deleting them first. diff --git a/src/BroList.h b/src/BroList.h index 6168bf7bda..0aa94d55ec 100644 --- a/src/BroList.h +++ b/src/BroList.h @@ -13,10 +13,6 @@ class ID; declare(PList,ID); typedef PList(ID) id_list; -class HashKey; -declare(PList,HashKey); -typedef PList(HashKey) hash_key_list; - class Val; declare(PList,Val); typedef PList(Val) val_list; @@ -29,28 +25,12 @@ class BroType; declare(PList,BroType); typedef PList(BroType) type_list; -class TypeDecl; -declare(PList,TypeDecl); -typedef PList(TypeDecl) type_decl_list; - -class Case; -declare(PList,Case); -typedef PList(Case) case_list; - class Attr; declare(PList,Attr); typedef PList(Attr) attr_list; -class Scope; -declare(PList,Scope); -typedef PList(Scope) scope_list; - class Timer; declare(PList,Timer); typedef PList(Timer) timer_list; -class DNS_Mgr_Request; -declare(PList,DNS_Mgr_Request); -typedef PList(DNS_Mgr_Request) DNS_mgr_request_list; - #endif diff --git a/src/Conn.cc b/src/Conn.cc index 03ecf32703..494d2d21c4 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -325,12 +325,11 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig, // and at this stage it's not a *multiple* instance. return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(threshold)); - - ConnectionEvent(e, 0, vl); + ConnectionEvent(e, 0, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(threshold) + }); } void Connection::DeleteTimer(double /* t */) @@ -390,9 +389,7 @@ void Connection::EnableStatusUpdateTimer() void Connection::StatusUpdateTimer(double t) { - val_list* vl = new val_list(1); - vl->append(BuildConnVal()); - ConnectionEvent(connection_status_update, 0, vl); + ConnectionEvent(connection_status_update, 0, { BuildConnVal() }); ADD_TIMER(&Connection::StatusUpdateTimer, network_time + connection_status_update_interval, 0, TIMER_CONN_STATUS_UPDATE); @@ -630,23 +627,23 @@ int Connection::VersionFoundEvent(const IPAddr& addr, const char* s, int len, { if ( software_parse_error ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(new StringVal(len, s)); - ConnectionEvent(software_parse_error, analyzer, vl); + ConnectionEvent(software_parse_error, analyzer, { + BuildConnVal(), + new AddrVal(addr), + new StringVal(len, s), + }); } return 0; } if ( software_version_found ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(val); - vl->append(new StringVal(len, s)); - ConnectionEvent(software_version_found, 0, vl); + ConnectionEvent(software_version_found, 0, { + BuildConnVal(), + new AddrVal(addr), + val, + new StringVal(len, s), + }); } else Unref(val); @@ -669,11 +666,11 @@ int Connection::UnparsedVersionFoundEvent(const IPAddr& addr, if ( software_unparsed_version_found ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(new StringVal(len, full)); - ConnectionEvent(software_unparsed_version_found, analyzer, vl); + ConnectionEvent(software_unparsed_version_found, analyzer, { + BuildConnVal(), + new AddrVal(addr), + new StringVal(len, full), + }); } return 1; @@ -684,12 +681,11 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch if ( ! f ) return; - val_list* vl = new val_list(2); if ( name ) - vl->append(new StringVal(name)); - vl->append(BuildConnVal()); + ConnectionEvent(f, analyzer, {new StringVal(name), BuildConnVal()}); + else + ConnectionEvent(f, analyzer, {BuildConnVal()}); - ConnectionEvent(f, analyzer, vl); } void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2) @@ -701,33 +697,35 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, return; } - val_list* vl = new val_list(3); - vl->append(BuildConnVal()); - vl->append(v1); - if ( v2 ) - vl->append(v2); - - ConnectionEvent(f, analyzer, vl); + ConnectionEvent(f, analyzer, {BuildConnVal(), v1, v2}); + else + ConnectionEvent(f, analyzer, {BuildConnVal(), v1}); } -void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl) +void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl) { if ( ! f ) { // This may actually happen if there is no local handler // and a previously existing remote handler went away. - loop_over_list(*vl, i) - Unref((*vl)[i]); - delete vl; + loop_over_list(vl, i) + Unref(vl[i]); + return; } // "this" is passed as a cookie for the event - mgr.QueueEvent(f, vl, SOURCE_LOCAL, + mgr.QueueEvent(f, std::move(vl), SOURCE_LOCAL, a ? a->GetID() : 0, GetTimerMgr(), this); } +void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl) + { + ConnectionEvent(f, a, std::move(*vl)); + delete vl; + } + void Connection::Weird(const char* name, const char* addl) { weird = 1; @@ -1055,12 +1053,12 @@ void Connection::CheckFlowLabel(bool is_orig, uint32 flow_label) if ( connection_flow_label_changed && (is_orig ? saw_first_orig_packet : saw_first_resp_packet) ) { - val_list* vl = new val_list(4); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(my_flow_label)); - vl->append(val_mgr->GetCount(flow_label)); - ConnectionEvent(connection_flow_label_changed, 0, vl); + ConnectionEvent(connection_flow_label_changed, 0, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(my_flow_label), + val_mgr->GetCount(flow_label), + }); } my_flow_label = flow_label; diff --git a/src/Conn.h b/src/Conn.h index e49314968a..2622134f2a 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -176,8 +176,11 @@ public: void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const char* name = 0); void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2 = 0); + void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, val_list* vl); + void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, + val_list vl); void Weird(const char* name, const char* addl = ""); bool DidWeird() const { return weird != 0; } diff --git a/src/DFA.h b/src/DFA.h index 2f06f4e98f..1b58774da0 100644 --- a/src/DFA.h +++ b/src/DFA.h @@ -111,9 +111,6 @@ private: PDict(CacheEntry) states; }; -declare(PList,DFA_State); -typedef PList(DFA_State) DFA_state_list; - class DFA_Machine : public BroObj { public: DFA_Machine(NFA_Machine* n, EquivClass* ec); diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 2fff6903b0..c72e66f0bf 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -699,25 +699,27 @@ int DNS_Mgr::Save() return 1; } +void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm) + { + if ( ! e ) + return; + + mgr.QueueEvent(e, {BuildMappingVal(dm)}); + } + void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2) { if ( ! e ) return; - val_list* vl = new val_list; - vl->append(BuildMappingVal(dm)); + Unref(l1); + Unref(l2); - if ( l1 ) - { - vl->append(l1->ConvertToSet()); - if ( l2 ) - vl->append(l2->ConvertToSet()); - - Unref(l1); - Unref(l2); - } - - mgr.QueueEvent(e, vl); + mgr.QueueEvent(e, { + BuildMappingVal(dm), + l1->ConvertToSet(), + l2->ConvertToSet(), + }); } void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm) @@ -725,10 +727,10 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm) if ( ! e ) return; - val_list* vl = new val_list; - vl->append(BuildMappingVal(old_dm)); - vl->append(BuildMappingVal(new_dm)); - mgr.QueueEvent(e, vl); + mgr.QueueEvent(e, { + BuildMappingVal(old_dm), + BuildMappingVal(new_dm), + }); } Val* DNS_Mgr::BuildMappingVal(DNS_Mapping* dm) diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 0358ceba18..24d1e4c850 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -9,7 +9,7 @@ #include #include "util.h" -#include "BroList.h" +#include "List.h" #include "Dict.h" #include "EventHandler.h" #include "iosource/IOSource.h" @@ -23,6 +23,9 @@ class EventHandler; class RecordType; class DNS_Mgr_Request; +declare(PList,DNS_Mgr_Request); +typedef PList(DNS_Mgr_Request) DNS_mgr_request_list; + struct nb_dns_info; struct nb_dns_result; @@ -96,8 +99,8 @@ protected: friend class LookupCallback; friend class DNS_Mgr_Request; - void Event(EventHandlerPtr e, DNS_Mapping* dm, - ListVal* l1 = 0, ListVal* l2 = 0); + void Event(EventHandlerPtr e, DNS_Mapping* dm); + void Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2); void Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm); Val* BuildMappingVal(DNS_Mapping* dm); diff --git a/src/Discard.cc b/src/Discard.cc index 2a20c897aa..d1acd80b4d 100644 --- a/src/Discard.cc +++ b/src/Discard.cc @@ -33,12 +33,11 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) if ( check_ip ) { - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); + val_list args{ip->BuildPktHdrVal()}; try { - discard_packet = check_ip->Call(args)->AsBool(); + discard_packet = check_ip->Call(&args)->AsBool(); } catch ( InterpreterException& e ) @@ -46,8 +45,6 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) discard_packet = false; } - delete args; - if ( discard_packet ) return discard_packet; } @@ -88,21 +85,20 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) const struct tcphdr* tp = (const struct tcphdr*) data; int th_len = tp->th_off * 4; - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); - args->append(BuildData(data, th_len, len, caplen)); + val_list args{ + ip->BuildPktHdrVal(), + BuildData(data, th_len, len, caplen), + }; try { - discard_packet = check_tcp->Call(args)->AsBool(); + discard_packet = check_tcp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } @@ -113,21 +109,20 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) const struct udphdr* up = (const struct udphdr*) data; int uh_len = sizeof (struct udphdr); - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); - args->append(BuildData(data, uh_len, len, caplen)); + val_list args{ + ip->BuildPktHdrVal(), + BuildData(data, uh_len, len, caplen), + }; try { - discard_packet = check_udp->Call(args)->AsBool(); + discard_packet = check_udp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } @@ -137,20 +132,17 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) { const struct icmp* ih = (const struct icmp*) data; - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); + val_list args{ip->BuildPktHdrVal()}; try { - discard_packet = check_icmp->Call(args)->AsBool(); + discard_packet = check_icmp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } diff --git a/src/Event.cc b/src/Event.cc index 36ba2dfc3c..26ca874c2a 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -13,28 +13,27 @@ EventMgr mgr; uint64 num_events_queued = 0; uint64 num_events_dispatched = 0; +Event::Event(EventHandlerPtr arg_handler, val_list arg_args, + SourceID arg_src, analyzer::ID arg_aid, TimerMgr* arg_mgr, + BroObj* arg_obj) + : handler(arg_handler), + args(std::move(arg_args)), + src(arg_src), + aid(arg_aid), + mgr(arg_mgr ? arg_mgr : timer_mgr), + obj(arg_obj), + next_event(nullptr) + { + if ( obj ) + Ref(obj); + } + Event::Event(EventHandlerPtr arg_handler, val_list* arg_args, SourceID arg_src, analyzer::ID arg_aid, TimerMgr* arg_mgr, BroObj* arg_obj) + : Event(arg_handler, std::move(*arg_args), arg_src, arg_aid, arg_mgr, arg_obj) { - handler = arg_handler; - args = arg_args; - src = arg_src; - mgr = arg_mgr ? arg_mgr : timer_mgr; // default is global - aid = arg_aid; - obj = arg_obj; - - if ( obj ) - Ref(obj); - - next_event = 0; - } - -Event::~Event() - { - // We don't Unref() the individual arguments by using delete_vals() - // here, because Func::Call already did that. - delete args; + delete arg_args; } void Event::Describe(ODesc* d) const @@ -49,7 +48,7 @@ void Event::Describe(ODesc* d) const if ( ! d->IsBinary() ) d->Add("("); - describe_vals(args, d); + describe_vals(&args, d); if ( ! d->IsBinary() ) d->Add("("); } @@ -62,7 +61,7 @@ void Event::Dispatch(bool no_remote) if ( event_serializer ) { SerialInfo info(event_serializer); - event_serializer->Serialize(&info, handler->Name(), args); + event_serializer->Serialize(&info, handler->Name(), &args); } if ( handler->ErrorHandler() ) @@ -70,7 +69,7 @@ void Event::Dispatch(bool no_remote) try { - handler->Call(args, no_remote); + handler->Call(&args, no_remote); } catch ( InterpreterException& e ) @@ -129,7 +128,7 @@ void EventMgr::QueueEvent(Event* event) void EventMgr::Drain() { if ( event_queue_flush_point ) - QueueEvent(event_queue_flush_point, new val_list()); + QueueEvent(event_queue_flush_point, val_list{}); SegmentProfiler(segment_logger, "draining-events"); diff --git a/src/Event.h b/src/Event.h index 69860daf50..9ee30ae674 100644 --- a/src/Event.h +++ b/src/Event.h @@ -11,12 +11,17 @@ class EventMgr; +// We don't Unref() the individual arguments by using delete_vals() +// in a dtor because Func::Call already does that. class Event : public BroObj { public: + Event(EventHandlerPtr handler, val_list args, + SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + TimerMgr* mgr = 0, BroObj* obj = 0); + Event(EventHandlerPtr handler, val_list* args, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0); - ~Event() override; void SetNext(Event* n) { next_event = n; } Event* NextEvent() const { return next_event; } @@ -25,7 +30,7 @@ public: analyzer::ID Analyzer() const { return aid; } TimerMgr* Mgr() const { return mgr; } EventHandlerPtr Handler() const { return handler; } - val_list* Args() const { return args; } + const val_list* Args() const { return &args; } void Describe(ODesc* d) const override; @@ -37,7 +42,7 @@ protected: void Dispatch(bool no_remote = false); EventHandlerPtr handler; - val_list* args; + val_list args; SourceID src; analyzer::ID aid; TimerMgr* mgr; @@ -53,14 +58,25 @@ public: EventMgr(); ~EventMgr() override; - void QueueEvent(const EventHandlerPtr &h, val_list* vl, + void QueueEvent(const EventHandlerPtr &h, val_list vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) { if ( h ) - QueueEvent(new Event(h, vl, src, aid, mgr, obj)); + QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj)); else - delete_vals(vl); + { + loop_over_list(vl, i) + Unref(vl[i]); + } + } + + void QueueEvent(const EventHandlerPtr &h, val_list* vl, + SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + TimerMgr* mgr = 0, BroObj* obj = 0) + { + QueueEvent(h, std::move(*vl), src, aid, mgr, obj); + delete vl; } void Dispatch(Event* event, bool no_remote = false) diff --git a/src/EventHandler.cc b/src/EventHandler.cc index 00b19f7832..08e8728d6f 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -172,11 +172,10 @@ void EventHandler::NewEvent(val_list* vl) vargs->Assign(i, rec); } - val_list* mvl = new val_list(2); - mvl->append(new StringVal(name)); - mvl->append(vargs); - - Event* ev = new Event(new_event, mvl); + Event* ev = new Event(new_event, { + new StringVal(name), + vargs, + }); mgr.Dispatch(ev); } diff --git a/src/EventRegistry.cc b/src/EventRegistry.cc index 875d6d6b26..e28c7b4176 100644 --- a/src/EventRegistry.cc +++ b/src/EventRegistry.cc @@ -73,7 +73,7 @@ EventRegistry::string_list* EventRegistry::UsedHandlers() EventRegistry::string_list* EventRegistry::AllHandlers() { - string_list* names = new string_list; + string_list* names = new string_list(handlers.Length()); IterCookie* c = handlers.InitForIteration(); diff --git a/src/Expr.cc b/src/Expr.cc index 737a9455ca..ff039ece35 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -2565,7 +2565,7 @@ bool AssignExpr::TypeCheck(attr_list* attrs) if ( attrs ) { - attr_copy = new attr_list; + attr_copy = new attr_list(attrs->length()); loop_over_list(*attrs, i) attr_copy->append((*attrs)[i]); } @@ -2634,7 +2634,7 @@ bool AssignExpr::TypeCheck(attr_list* attrs) if ( sce->Attrs() ) { attr_list* a = sce->Attrs()->Attrs(); - attrs = new attr_list; + attrs = new attr_list(a->length()); loop_over_list(*a, i) attrs->append((*a)[i]); } @@ -3467,9 +3467,9 @@ RecordConstructorExpr::RecordConstructorExpr(ListExpr* constructor_list) // Spin through the list, which should be comprised only of // record-field-assign expressions, and build up a // record type to associate with this constructor. - type_decl_list* record_types = new type_decl_list; - const expr_list& exprs = constructor_list->Exprs(); + type_decl_list* record_types = new type_decl_list(exprs.length()); + loop_over_list(exprs, i) { Expr* e = exprs[i]; @@ -4469,11 +4469,12 @@ bool FlattenExpr::DoUnserialize(UnserialInfo* info) ScheduleTimer::ScheduleTimer(EventHandlerPtr arg_event, val_list* arg_args, double t, TimerMgr* arg_tmgr) -: Timer(t, TIMER_SCHEDULE) + : Timer(t, TIMER_SCHEDULE), + event(arg_event), + args(std::move(*arg_args)), + tmgr(arg_tmgr) { - event = arg_event; - args = arg_args; - tmgr = arg_tmgr; + delete arg_args; } ScheduleTimer::~ScheduleTimer() @@ -4482,7 +4483,7 @@ ScheduleTimer::~ScheduleTimer() void ScheduleTimer::Dispatch(double /* t */, int /* is_expire */) { - mgr.QueueEvent(event, args, SOURCE_LOCAL, 0, tmgr); + mgr.QueueEvent(event, std::move(args), SOURCE_LOCAL, 0, tmgr); } ScheduleExpr::ScheduleExpr(Expr* arg_when, EventExpr* arg_event) @@ -4998,7 +4999,8 @@ Val* EventExpr::Eval(Frame* f) const return 0; val_list* v = eval_list(f, args); - mgr.QueueEvent(handler, v); + mgr.QueueEvent(handler, std::move(*v)); + delete v; return 0; } @@ -5128,7 +5130,7 @@ BroType* ListExpr::InitType() const if ( exprs[0]->IsRecordElement(0) ) { - type_decl_list* types = new type_decl_list; + type_decl_list* types = new type_decl_list(exprs.length()); loop_over_list(exprs, i) { TypeDecl* td = new TypeDecl(0, 0); diff --git a/src/Expr.h b/src/Expr.h index 820de2b876..e268f07648 100644 --- a/src/Expr.h +++ b/src/Expr.h @@ -937,7 +937,7 @@ public: protected: EventHandlerPtr event; - val_list* args; + val_list args; TimerMgr* tmgr; }; diff --git a/src/File.cc b/src/File.cc index 609ea4f0ac..d7a213237f 100644 --- a/src/File.cc +++ b/src/File.cc @@ -65,10 +65,8 @@ void RotateTimer::Dispatch(double t, int is_expire) { if ( raise ) { - val_list* vl = new val_list; Ref(file); - vl->append(new Val(file)); - mgr.QueueEvent(rotate_interval, vl); + mgr.QueueEvent(rotate_interval, {new Val(file)}); } file->InstallRotateTimer(); @@ -641,19 +639,15 @@ void BroFile::CloseCachedFiles() // Send final rotate events (immediately). if ( f->rotate_interval ) { - val_list* vl = new val_list; Ref(f); - vl->append(new Val(f)); - Event* event = new Event(::rotate_interval, vl); + Event* event = new Event(::rotate_interval, {new Val(f)}); mgr.Dispatch(event, true); } if ( f->rotate_size ) { - val_list* vl = new val_list; Ref(f); - vl->append(new Val(f)); - Event* event = new ::Event(::rotate_size, vl); + Event* event = new ::Event(::rotate_size, {new Val(f)}); mgr.Dispatch(event, true); } @@ -801,9 +795,7 @@ int BroFile::Write(const char* data, int len) if ( rotate_size && current_size < rotate_size && current_size + len >= rotate_size ) { - val_list* vl = new val_list; - vl->append(new Val(this)); - mgr.QueueEvent(::rotate_size, vl); + mgr.QueueEvent(::rotate_size, {new Val(this)}); } // This does not work if we seek around. But none of the logs does that @@ -818,10 +810,8 @@ void BroFile::RaiseOpenEvent() if ( ! ::file_opened ) return; - val_list* vl = new val_list; Ref(this); - vl->append(new Val(this)); - Event* event = new ::Event(::file_opened, vl); + Event* event = new ::Event(::file_opened, {new Val(this)}); mgr.Dispatch(event, true); } diff --git a/src/ID.cc b/src/ID.cc index fd99d7c937..faa11b3408 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -258,8 +258,7 @@ void ID::MakeDeprecated() if ( IsDeprecated() ) return; - attr_list* attr = new attr_list; - attr->append(new Attr(ATTR_DEPRECATED)); + attr_list* attr = new attr_list{new Attr(ATTR_DEPRECATED)}; AddAttrs(new Attributes(attr, Type(), false)); } @@ -305,8 +304,7 @@ void ID::SetOption() // option implied redefinable if ( ! IsRedefinable() ) { - attr_list* attr = new attr_list; - attr->append(new Attr(ATTR_REDEF)); + attr_list* attr = new attr_list{new Attr(ATTR_REDEF)}; AddAttrs(new Attributes(attr, Type(), false)); } } diff --git a/src/List.cc b/src/List.cc index 0f7f706bcd..86129ccfa0 100644 --- a/src/List.cc +++ b/src/List.cc @@ -12,11 +12,13 @@ BaseList::BaseList(int size) { num_entries = 0; - max_entries = 0; - entry = 0; if ( size <= 0 ) + { + max_entries = 0; + entry = 0; return; + } max_entries = size; @@ -24,7 +26,7 @@ BaseList::BaseList(int size) } -BaseList::BaseList(BaseList& b) +BaseList::BaseList(const BaseList& b) { max_entries = b.max_entries; num_entries = b.num_entries; @@ -38,18 +40,34 @@ BaseList::BaseList(BaseList& b) entry[i] = b.entry[i]; } +BaseList::BaseList(BaseList&& b) + { + entry = b.entry; + num_entries = b.num_entries; + max_entries = b.max_entries; + + b.entry = 0; + b.num_entries = b.max_entries = 0; + } + +BaseList::BaseList(const ent* arr, int n) + { + num_entries = max_entries = n; + entry = (ent*) safe_malloc(max_entries * sizeof(ent)); + memcpy(entry, arr, n * sizeof(ent)); + } + void BaseList::sort(list_cmp_func cmp_func) { qsort(entry, num_entries, sizeof(ent), cmp_func); } -void BaseList::operator=(BaseList& b) +BaseList& BaseList::operator=(const BaseList& b) { if ( this == &b ) - return; // i.e., this already equals itself + return *this; - if ( entry ) - free(entry); + free(entry); max_entries = b.max_entries; num_entries = b.num_entries; @@ -61,6 +79,23 @@ void BaseList::operator=(BaseList& b) for ( int i = 0; i < num_entries; ++i ) entry[i] = b.entry[i]; + + return *this; + } + +BaseList& BaseList::operator=(BaseList&& b) + { + if ( this == &b ) + return *this; + + free(entry); + entry = b.entry; + num_entries = b.num_entries; + max_entries = b.max_entries; + + b.entry = 0; + b.num_entries = b.max_entries = 0; + return *this; } void BaseList::insert(ent a) @@ -145,12 +180,8 @@ ent BaseList::get() void BaseList::clear() { - if ( entry ) - { - free(entry); - entry = 0; - } - + free(entry); + entry = 0; num_entries = max_entries = 0; } diff --git a/src/List.h b/src/List.h index 6fb2bbcec6..15e99eb0dd 100644 --- a/src/List.h +++ b/src/List.h @@ -20,6 +20,8 @@ // Entries must be either a pointer to the data or nonzero data with // sizeof(data) <= sizeof(void*). +#include +#include #include #include "util.h" @@ -28,8 +30,6 @@ typedef int (*list_cmp_func)(const void* v1, const void* v2); class BaseList { public: - ~BaseList() { clear(); } - void clear(); // remove all entries int length() const { return num_entries; } int max() const { return max_entries; } @@ -41,8 +41,14 @@ public: { return padded_sizeof(*this) + pad_size(max_entries * sizeof(ent)); } protected: + ~BaseList() { free(entry); } explicit BaseList(int = 0); - BaseList(BaseList&); + BaseList(const BaseList&); + BaseList(BaseList&&); + BaseList(const ent* arr, int n); + + BaseList& operator=(const BaseList&); + BaseList& operator=(BaseList&&); void insert(ent); // add at head of list @@ -75,7 +81,29 @@ protected: return entry[i]; } - void operator=(BaseList&); + // This could essentially be an std::vector if we wanted. Some + // reasons to maybe not refactor to use std::vector ? + // + // - Harder to use a custom growth factor. Also, the growth + // factor would be implementation-specific, taking some control over + // performance out of our hands. + // + // - It won't ever take advantage of realloc's occasional ability to + // grow in-place. + // + // - Combine above point this with lack of control of growth + // factor means the common choice of 2x growth factor causes + // a growth pattern that crawls forward in memory with no possible + // re-use of previous chunks (the new capacity is always larger than + // all previously allocated chunks combined). This point and + // whether 2x is empirically an issue still seems debated (at least + // GCC seems to stand by 2x as empirically better). + // + // - Sketchy shrinking behavior: standard says that requests to + // shrink are non-binding (it's expected implementations heed, but + // still not great to have no guarantee). Also, it would not take + // advantage of realloc's ability to contract in-place, it would + // allocate-and-copy. ent* entry; int max_entries; @@ -103,10 +131,13 @@ struct List(type) : BaseList \ explicit List(type)(type ...); \ List(type)() : BaseList(0) {} \ explicit List(type)(int sz) : BaseList(sz) {} \ - List(type)(List(type)& l) : BaseList((BaseList&)l) {} \ + List(type)(const List(type)& l) : BaseList(l) {} \ + List(type)(List(type)&& l) : BaseList(std::move(l)) {} \ \ - void operator=(List(type)& l) \ - { BaseList::operator=((BaseList&)l); } \ + List(type)& operator=(const List(type)& l) \ + { return (List(type)&) BaseList::operator=(l); } \ + List(type)& operator=(List(type)&& l) \ + { return (List(type)&) BaseList::operator=(std::move(l)); } \ void insert(type a) { BaseList::insert(ent(a)); } \ void sortedinsert(type a, list_cmp_func cmp_func) \ { BaseList::sortedinsert(ent(a), cmp_func); } \ @@ -144,10 +175,14 @@ struct PList(type) : BaseList \ explicit PList(type)(type* ...); \ PList(type)() : BaseList(0) {} \ explicit PList(type)(int sz) : BaseList(sz) {} \ - PList(type)(PList(type)& l) : BaseList((BaseList&)l) {} \ + PList(type)(const PList(type)& l) : BaseList(l) {} \ + PList(type)(PList(type)&& l) : BaseList(std::move(l)) {} \ + PList(type)(std::initializer_list il) : BaseList((const ent*)il.begin(), il.size()) {} \ \ - void operator=(PList(type)& l) \ - { BaseList::operator=((BaseList&)l); } \ + PList(type)& operator=(const PList(type)& l) \ + { return (PList(type)&) BaseList::operator=(l); } \ + PList(type)& operator=(PList(type)&& l) \ + { return (PList(type)&) BaseList::operator=(std::move(l)); } \ void insert(type* a) { BaseList::insert(ent(a)); } \ void sortedinsert(type* a, list_cmp_func cmp_func) \ { BaseList::sortedinsert(ent(a), cmp_func); } \ diff --git a/src/PersistenceSerializer.cc b/src/PersistenceSerializer.cc index ae5c531aa7..6f4082314f 100644 --- a/src/PersistenceSerializer.cc +++ b/src/PersistenceSerializer.cc @@ -201,7 +201,8 @@ void PersistenceSerializer::RaiseFinishedSendState() void PersistenceSerializer::GotEvent(const char* name, double time, EventHandlerPtr event, val_list* args) { - mgr.QueueEvent(event, args); + mgr.QueueEvent(event, std::move(*args)); + delete args; } void PersistenceSerializer::GotFunctionCall(const char* name, double time, diff --git a/src/RE.h b/src/RE.h index 06b0699864..286eb1b44d 100644 --- a/src/RE.h +++ b/src/RE.h @@ -229,9 +229,6 @@ protected: Specific_RE_Matcher* re_exact; }; -declare(PList, RE_Matcher); -typedef PList(RE_Matcher) re_matcher_list; - extern RE_Matcher* RE_Matcher_conjunction(const RE_Matcher* re1, const RE_Matcher* re2); extern RE_Matcher* RE_Matcher_disjunction(const RE_Matcher* re1, const RE_Matcher* re2); diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index f55fba167c..3abd8e6423 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -1435,7 +1435,9 @@ void RemoteSerializer::Process() break; BufferedEvent* be = events[0]; - ::Event* event = new ::Event(be->handler, be->args, be->src); + ::Event* event = new ::Event(be->handler, std::move(*be->args), be->src); + delete be->args; + be->args = nullptr; Peer* old_current_peer = current_peer; // Prevent the source peer from getting the event back. @@ -2260,14 +2262,14 @@ bool RemoteSerializer::ProcessPongMsg() ping_args* args = (ping_args*) current_args->data; - val_list* vl = new val_list; - vl->append(current_peer->val->Ref()); - vl->append(val_mgr->GetCount((unsigned int) ntohl(args->seq))); - vl->append(new Val(current_time(true) - ntohd(args->time1), - TYPE_INTERVAL)); - vl->append(new Val(ntohd(args->time2), TYPE_INTERVAL)); - vl->append(new Val(ntohd(args->time3), TYPE_INTERVAL)); - mgr.QueueEvent(remote_pong, vl); + mgr.QueueEvent(remote_pong, { + current_peer->val->Ref(), + val_mgr->GetCount((unsigned int) ntohl(args->seq)), + new Val(current_time(true) - ntohd(args->time1), + TYPE_INTERVAL), + new Val(ntohd(args->time2), TYPE_INTERVAL), + new Val(ntohd(args->time3), TYPE_INTERVAL) + }); return true; } @@ -3006,20 +3008,20 @@ void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer, { if ( peer ) { - val_list* vl = new val_list(); - vl->append(peer->val->Ref()); - vl->append(val_mgr->GetCount(level)); - vl->append(val_mgr->GetCount(src)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(remote_log_peer, vl); + mgr.QueueEvent(remote_log_peer, { + peer->val->Ref(), + val_mgr->GetCount(level), + val_mgr->GetCount(src), + new StringVal(msg) + }); } else { - val_list* vl = new val_list(); - vl->append(val_mgr->GetCount(level)); - vl->append(val_mgr->GetCount(src)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(remote_log, vl); + mgr.QueueEvent(remote_log, { + val_mgr->GetCount(level), + val_mgr->GetCount(src), + new StringVal(msg) + }); } #ifdef DEBUG @@ -3041,27 +3043,27 @@ void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer, void RemoteSerializer::RaiseEvent(EventHandlerPtr event, Peer* peer, const char* arg) { - val_list* vl = new val_list; + val_list vl(1 + (bool)arg); if ( peer ) { Ref(peer->val); - vl->append(peer->val); + vl.append(peer->val); } else { Val* v = mgr.GetLocalPeerVal(); v->Ref(); - vl->append(v); + vl.append(v); } if ( arg ) - vl->append(new StringVal(arg)); + vl.append(new StringVal(arg)); // If we only have remote sources, the network time // will not increase as long as no peers are connected. // Therefore, we send these events immediately. - mgr.Dispatch(new Event(event, vl, PEER_LOCAL)); + mgr.Dispatch(new Event(event, std::move(vl), PEER_LOCAL)); } void RemoteSerializer::LogStats() diff --git a/src/Reporter.cc b/src/Reporter.cc index 413f89b9ea..9821911d17 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -216,36 +216,30 @@ void Reporter::Syslog(const char* fmt, ...) void Reporter::WeirdHelper(EventHandlerPtr event, Val* conn_val, file_analysis::File* f, const char* addl, const char* fmt_name, ...) { - val_list* vl = new val_list(1); + val_list vl(2); if ( conn_val ) - vl->append(conn_val); + vl.append(conn_val); else if ( f ) - vl->append(f->GetVal()->Ref()); + vl.append(f->GetVal()->Ref()); if ( addl ) - vl->append(new StringVal(addl)); + vl.append(new StringVal(addl)); va_list ap; va_start(ap, fmt_name); - DoLog("weird", event, 0, 0, vl, false, false, 0, fmt_name, ap); + DoLog("weird", event, 0, 0, &vl, false, false, 0, fmt_name, ap); va_end(ap); - - delete vl; } void Reporter::WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const char* fmt_name, ...) { - val_list* vl = new val_list(2); - vl->append(new AddrVal(orig)); - vl->append(new AddrVal(resp)); + val_list vl{new AddrVal(orig), new AddrVal(resp)}; va_list ap; va_start(ap, fmt_name); - DoLog("weird", flow_weird, 0, 0, vl, false, false, 0, fmt_name, ap); + DoLog("weird", flow_weird, 0, 0, &vl, false, false, 0, fmt_name, ap); va_end(ap); - - delete vl; } void Reporter::UpdateWeirdStats(const char* name) @@ -489,29 +483,32 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, if ( raise_event && event && via_events && ! in_error_handler ) { - val_list* vl = new val_list; + auto vl_size = 1 + (bool)time + (bool)location + (bool)conn + + (addl ? addl->length() : 0); + + val_list vl(vl_size); if ( time ) - vl->append(new Val((bro_start_network_time != 0.0) ? network_time : 0, TYPE_TIME)); + vl.append(new Val((bro_start_network_time != 0.0) ? network_time : 0, TYPE_TIME)); - vl->append(new StringVal(buffer)); + vl.append(new StringVal(buffer)); if ( location ) - vl->append(new StringVal(loc_str.c_str())); + vl.append(new StringVal(loc_str.c_str())); if ( conn ) - vl->append(conn->BuildConnVal()); + vl.append(conn->BuildConnVal()); if ( addl ) { loop_over_list(*addl, i) - vl->append((*addl)[i]); + vl.append((*addl)[i]); } if ( conn ) - conn->ConnectionEvent(event, 0, vl); + conn->ConnectionEvent(event, 0, std::move(vl)); else - mgr.QueueEvent(event, vl); + mgr.QueueEvent(event, std::move(vl)); } else { diff --git a/src/RuleAction.cc b/src/RuleAction.cc index e67c51b514..ab9994bde2 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -17,16 +17,11 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state, { if ( signature_match ) { - val_list* vl = new val_list; - vl->append(rule_matcher->BuildRuleStateValue(parent, state)); - vl->append(new StringVal(msg)); - - if ( data ) - vl->append(new StringVal(len, (const char*)data)); - else - vl->append(val_mgr->GetEmptyString()); - - mgr.QueueEvent(signature_match, vl); + mgr.QueueEvent(signature_match, { + rule_matcher->BuildRuleStateValue(parent, state), + new StringVal(msg), + data ? new StringVal(len, (const char*)data) : val_mgr->GetEmptyString(), + }); } } diff --git a/src/RuleCondition.cc b/src/RuleCondition.cc index 0534570ed7..fdb35f5d06 100644 --- a/src/RuleCondition.cc +++ b/src/RuleCondition.cc @@ -162,7 +162,7 @@ bool RuleConditionEval::DoMatch(Rule* rule, RuleEndpointState* state, return id->ID_Val()->AsBool(); // Call function with a signature_state value as argument. - val_list args; + val_list args(2); args.append(rule_matcher->BuildRuleStateValue(rule, state)); if ( data ) diff --git a/src/Scope.cc b/src/Scope.cc index a707336381..e260ea3ca7 100644 --- a/src/Scope.cc +++ b/src/Scope.cc @@ -7,6 +7,9 @@ #include "Scope.h" #include "Reporter.h" +declare(PList,Scope); +typedef PList(Scope) scope_list; + static scope_list scopes; static Scope* top_scope; diff --git a/src/Serializer.cc b/src/Serializer.cc index 0366c36c81..2c32283c56 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -365,7 +365,7 @@ bool Serializer::UnserializeCall(UnserialInfo* info) d.SetIncludeStats(true); d.SetShort(); - val_list* args = new val_list; + val_list* args = new val_list(len); for ( int i = 0; i < len; ++i ) { Val* v = Val::Unserialize(info); @@ -996,7 +996,8 @@ void EventPlayer::GotEvent(const char* name, double time, { ne_time = time; ne_handler = event; - ne_args = args; + ne_args = std::move(*args); + delete args; } void EventPlayer::GotFunctionCall(const char* name, double time, @@ -1054,7 +1055,7 @@ void EventPlayer::Process() if ( ! (io && ne_time) ) return; - Event* event = new Event(ne_handler, ne_args); + Event* event = new Event(ne_handler, std::move(ne_args)); mgr.Dispatch(event); ne_time = 0; diff --git a/src/Serializer.h b/src/Serializer.h index 3b863a5b6e..2c30ef5443 100644 --- a/src/Serializer.h +++ b/src/Serializer.h @@ -353,7 +353,7 @@ protected: // Next event waiting to be dispatched. double ne_time; EventHandlerPtr ne_handler; - val_list* ne_args; + val_list ne_args; }; diff --git a/src/Sessions.cc b/src/Sessions.cc index edccb7e00c..db4e9e5d3a 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -171,11 +171,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt) SegmentProfiler(segment_logger, "dispatching-packet"); if ( raw_packet ) - { - val_list* vl = new val_list(); - vl->append(pkt->BuildPktHdrVal()); - mgr.QueueEvent(raw_packet, vl); - } + mgr.QueueEvent(raw_packet, {pkt->BuildPktHdrVal()}); if ( pkt_profiler ) pkt_profiler->ProfilePkt(t, pkt->cap_len); @@ -415,11 +411,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr { dump_this_packet = 1; if ( esp_packet ) - { - val_list* vl = new val_list(); - vl->append(ip_hdr->BuildPktHdrVal()); - mgr.QueueEvent(esp_packet, vl); - } + mgr.QueueEvent(esp_packet, {ip_hdr->BuildPktHdrVal()}); // Can't do more since upper-layer payloads are going to be encrypted. return; @@ -439,11 +431,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr } if ( mobile_ipv6_message ) - { - val_list* vl = new val_list(); - vl->append(ip_hdr->BuildPktHdrVal()); - mgr.QueueEvent(mobile_ipv6_message, vl); - } + mgr.QueueEvent(mobile_ipv6_message, {ip_hdr->BuildPktHdrVal()}); if ( ip_hdr->NextProto() != IPPROTO_NONE ) Weird("mobility_piggyback", pkt, encapsulation); @@ -1329,10 +1317,10 @@ Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id, if ( external ) { - val_list* vl = new val_list(2); - vl->append(conn->BuildConnVal()); - vl->append(new StringVal(conn->GetTimerMgr()->GetTag().c_str())); - conn->ConnectionEvent(connection_external, 0, vl); + conn->ConnectionEvent(connection_external, 0, { + conn->BuildConnVal(), + new StringVal(conn->GetTimerMgr()->GetTag().c_str()), + }); } } diff --git a/src/StateAccess.cc b/src/StateAccess.cc index 874ed9c5c2..b9f08a54cc 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -192,12 +192,12 @@ bool StateAccess::CheckOld(const char* op, ID* id, Val* index, else arg3 = new StringVal(""); - val_list* args = new val_list; - args->append(new StringVal(op)); - args->append(arg1); - args->append(arg2); - args->append(arg3); - mgr.QueueEvent(remote_state_inconsistency, args); + mgr.QueueEvent(remote_state_inconsistency, { + new StringVal(op), + arg1, + arg2, + arg3, + }); return false; } @@ -219,12 +219,12 @@ bool StateAccess::CheckOldSet(const char* op, ID* id, Val* index, Val* arg2 = new StringVal(should ? "set" : "not set"); Val* arg3 = new StringVal(is ? "set" : "not set"); - val_list* args = new val_list; - args->append(new StringVal(op)); - args->append(arg1); - args->append(arg2); - args->append(arg3); - mgr.QueueEvent(remote_state_inconsistency, args); + mgr.QueueEvent(remote_state_inconsistency, { + new StringVal(op), + arg1, + arg2, + arg3, + }); return false; } @@ -514,12 +514,12 @@ void StateAccess::Replay() d.SetShort(); op1.val->Describe(&d); - val_list* args = new val_list; - args->append(new StringVal("read")); - args->append(new StringVal(fmt("%s[%s]", target.id->Name(), d.Description()))); - args->append(new StringVal("existent")); - args->append(new StringVal("not existent")); - mgr.QueueEvent(remote_state_inconsistency, args); + mgr.QueueEvent(remote_state_inconsistency, { + new StringVal("read"), + new StringVal(fmt("%s[%s]", target.id->Name(), d.Description())), + new StringVal("existent"), + new StringVal("not existent"), + }); } } } @@ -536,10 +536,10 @@ void StateAccess::Replay() if ( remote_state_access_performed ) { - val_list* vl = new val_list; - vl->append(new StringVal(target.id->Name())); - vl->append(target.id->ID_Val()->Ref()); - mgr.QueueEvent(remote_state_access_performed, vl); + mgr.QueueEvent(remote_state_access_performed, { + new StringVal(target.id->Name()), + target.id->ID_Val()->Ref(), + }); } } @@ -943,8 +943,7 @@ void NotifierRegistry::Register(ID* id, NotifierRegistry::Notifier* notifier) } else { - attr_list* a = new attr_list; - a->append(attr); + attr_list* a = new attr_list{attr}; id->SetAttrs(new Attributes(a, id->Type(), false)); } diff --git a/src/Stats.cc b/src/Stats.cc index 780ffdc39b..7c232f7aa4 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -310,11 +310,11 @@ void ProfileLogger::Log() // (and for consistency we dispatch it *now*) if ( profiling_update ) { - val_list* vl = new val_list; Ref(file); - vl->append(new Val(file)); - vl->append(val_mgr->GetBool(expensive)); - mgr.Dispatch(new Event(profiling_update, vl)); + mgr.Dispatch(new Event(profiling_update, { + new Val(file), + val_mgr->GetBool(expensive), + })); } } @@ -369,12 +369,11 @@ void SampleLogger::SegmentProfile(const char* /* name */, const Location* /* loc */, double dtime, int dmem) { - val_list* vl = new val_list(2); - vl->append(load_samples->Ref()); - vl->append(new IntervalVal(dtime, Seconds)); - vl->append(val_mgr->GetInt(dmem)); - - mgr.QueueEvent(load_sample, vl); + mgr.QueueEvent(load_sample, { + load_samples->Ref(), + new IntervalVal(dtime, Seconds), + val_mgr->GetInt(dmem) + }); } void SegmentProfiler::Init() diff --git a/src/Stmt.cc b/src/Stmt.cc index 7e7ba23a18..6dba9eb251 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -292,13 +292,14 @@ Val* PrintStmt::DoExec(val_list* vals, stmt_flow_type& /* flow */) const if ( print_hook ) { - val_list* vl = new val_list(2); ::Ref(f); - vl->append(new Val(f)); - vl->append(new StringVal(d.Len(), d.Description())); // Note, this doesn't do remote printing. - mgr.Dispatch(new Event(print_hook, vl), true); + mgr.Dispatch( + new Event( + print_hook, + {new Val(f), new StringVal(d.Len(), d.Description())}), + true); } if ( remote_serializer ) @@ -704,7 +705,7 @@ bool Case::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - type_cases = new id_list; + type_cases = new id_list(len); while ( len-- ) { @@ -1198,7 +1199,10 @@ Val* EventStmt::Exec(Frame* f, stmt_flow_type& flow) const val_list* args = eval_list(f, event_expr->Args()); if ( args ) - mgr.QueueEvent(event_expr->Handler(), args); + { + mgr.QueueEvent(event_expr->Handler(), std::move(*args)); + delete args; + } flow = FLOW_NEXT; @@ -1633,7 +1637,7 @@ bool ForStmt::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - loop_vars = new id_list; + loop_vars = new id_list(len); while ( len-- ) { @@ -2149,7 +2153,7 @@ bool InitStmt::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - inits = new id_list; + inits = new id_list(len); while ( len-- ) { diff --git a/src/Stmt.h b/src/Stmt.h index a9bf7cddf8..c3ee6611fe 100644 --- a/src/Stmt.h +++ b/src/Stmt.h @@ -213,6 +213,9 @@ protected: Stmt* s; }; +declare(PList,Case); +typedef PList(Case) case_list; + class SwitchStmt : public ExprStmt { public: SwitchStmt(Expr* index, case_list* cases); diff --git a/src/Type.cc b/src/Type.cc index 77a5ac6d16..28f4a28492 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -2266,7 +2266,7 @@ BroType* merge_types(const BroType* t1, const BroType* t2) if ( rt1->NumFields() != rt2->NumFields() ) return 0; - type_decl_list* tdl3 = new type_decl_list; + type_decl_list* tdl3 = new type_decl_list(rt1->NumFields()); for ( int i = 0; i < rt1->NumFields(); ++i ) { diff --git a/src/Type.h b/src/Type.h index bc13997461..c537bb6203 100644 --- a/src/Type.h +++ b/src/Type.h @@ -460,6 +460,9 @@ public: const char* id; }; +declare(PList,TypeDecl); +typedef PList(TypeDecl) type_decl_list; + class RecordType : public BroType { public: explicit RecordType(type_decl_list* types); diff --git a/src/Val.cc b/src/Val.cc index b55a9090d3..a7bb933524 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -1861,29 +1861,30 @@ Val* TableVal::Default(Val* index) return def_attr->AttrExpr()->IsConst() ? def_val->Ref() : def_val->Clone(); const Func* f = def_val->AsFunc(); - val_list* vl = new val_list(); + val_list vl; if ( index->Type()->Tag() == TYPE_LIST ) { const val_list* vl0 = index->AsListVal()->Vals(); + vl = val_list(vl0->length()); loop_over_list(*vl0, i) - vl->append((*vl0)[i]->Ref()); + vl.append((*vl0)[i]->Ref()); } else - vl->append(index->Ref()); + { + vl = val_list{index->Ref()}; + } Val* result = 0; try { - result = f->Call(vl); + result = f->Call(&vl); } catch ( InterpreterException& e ) { /* Already reported. */ } - delete vl; - if ( ! result ) { Error("no value returned from &default function"); @@ -2423,21 +2424,6 @@ double TableVal::CallExpireFunc(Val* idx) return 0; } - val_list* vl = new val_list; - vl->append(Ref()); - - // Flatten lists of a single element. - if ( idx->Type()->Tag() == TYPE_LIST && - idx->AsListVal()->Length() == 1 ) - { - Val* old = idx; - idx = idx->AsListVal()->Index(0); - idx->Ref(); - Unref(old); - } - - vl->append(idx); - double secs = 0; try @@ -2447,19 +2433,31 @@ double TableVal::CallExpireFunc(Val* idx) if ( ! vf ) { // Will have been reported already. - delete_vals(vl); + Unref(idx); return 0; } if ( vf->Type()->Tag() != TYPE_FUNC ) { - Unref(vf); - delete_vals(vl); vf->Error("not a function"); + Unref(vf); + Unref(idx); return 0; } - Val* vs = vf->AsFunc()->Call(vl); + + // Flatten lists of a single element. + if ( idx->Type()->Tag() == TYPE_LIST && + idx->AsListVal()->Length() == 1 ) + { + Val* old = idx; + idx = idx->AsListVal()->Index(0); + idx->Ref(); + Unref(old); + } + + val_list vl{Ref(), idx}; + Val* vs = vf->AsFunc()->Call(&vl); if ( vs ) { @@ -2468,7 +2466,6 @@ double TableVal::CallExpireFunc(Val* idx) } Unref(vf); - delete vl; } catch ( InterpreterException& e ) diff --git a/src/Var.cc b/src/Var.cc index 8534fdd910..fb27b7261f 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -325,8 +325,7 @@ static void transfer_arg_defaults(RecordType* args, RecordType* recv) if ( ! recv_i->attrs ) { - attr_list* a = new attr_list(); - a->append(def); + attr_list* a = new attr_list{def}; recv_i->attrs = new Attributes(a, recv_i->type, true); } diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index 818dd917e8..be2cfcf627 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -665,11 +665,11 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag) EnumVal* tval = arg_tag ? arg_tag.AsEnumVal() : tag.AsEnumVal(); Ref(tval); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(tval); - vl->append(val_mgr->GetCount(id)); - mgr.QueueEvent(protocol_confirmation, vl); + mgr.QueueEvent(protocol_confirmation, { + BuildConnVal(), + tval, + val_mgr->GetCount(id), + }); protocol_confirmed = true; } @@ -692,12 +692,12 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) EnumVal* tval = tag.AsEnumVal(); Ref(tval); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(tval); - vl->append(val_mgr->GetCount(id)); - vl->append(r); - mgr.QueueEvent(protocol_violation, vl); + mgr.QueueEvent(protocol_violation, { + BuildConnVal(), + tval, + val_mgr->GetCount(id), + r, + }); } void Analyzer::AddTimer(analyzer_timer_func timer, double t, @@ -782,6 +782,11 @@ void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list* vl) conn->ConnectionEvent(f, this, vl); } +void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list vl) + { + conn->ConnectionEvent(f, this, std::move(vl)); + } + void Analyzer::Weird(const char* name, const char* addl) { conn->Weird(name, addl); diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index a13df7e21e..ab09e63458 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -541,6 +541,12 @@ public: */ void ConnectionEvent(EventHandlerPtr f, val_list* vl); + /** + * Convenience function that forwards directly to + * Connection::ConnectionEvent(). + */ + void ConnectionEvent(EventHandlerPtr f, val_list vl); + /** * Convenience function that forwards directly to the corresponding * Connection::Weird(). diff --git a/src/analyzer/protocol/arp/ARP.cc b/src/analyzer/protocol/arp/ARP.cc index 83166bd149..e206303e9c 100644 --- a/src/analyzer/protocol/arp/ARP.cc +++ b/src/analyzer/protocol/arp/ARP.cc @@ -190,13 +190,13 @@ void ARP_Analyzer::BadARP(const struct arp_pkthdr* hdr, const char* msg) if ( ! bad_arp ) return; - val_list* vl = new val_list; - vl->append(ConstructAddrVal(ar_spa(hdr))); - vl->append(EthAddrToStr((const u_char*) ar_sha(hdr))); - vl->append(ConstructAddrVal(ar_tpa(hdr))); - vl->append(EthAddrToStr((const u_char*) ar_tha(hdr))); - vl->append(new StringVal(msg)); - mgr.QueueEvent(bad_arp, vl); + mgr.QueueEvent(bad_arp, { + ConstructAddrVal(ar_spa(hdr)), + EthAddrToStr((const u_char*) ar_sha(hdr)), + ConstructAddrVal(ar_tpa(hdr)), + EthAddrToStr((const u_char*) ar_tha(hdr)), + new StringVal(msg), + }); } void ARP_Analyzer::Corrupted(const char* msg) @@ -212,18 +212,14 @@ void ARP_Analyzer::RREvent(EventHandlerPtr e, if ( ! e ) return; - // init the val_list - val_list* vl = new val_list; - - // prepare the event arguments - vl->append(EthAddrToStr(src)); - vl->append(EthAddrToStr(dst)); - vl->append(ConstructAddrVal(spa)); - vl->append(EthAddrToStr((const u_char*) sha)); - vl->append(ConstructAddrVal(tpa)); - vl->append(EthAddrToStr((const u_char*) tha)); - - mgr.QueueEvent(e, vl); + mgr.QueueEvent(e, { + EthAddrToStr(src), + EthAddrToStr(dst), + ConstructAddrVal(spa), + EthAddrToStr((const u_char*) sha), + ConstructAddrVal(tpa), + EthAddrToStr((const u_char*) tha), + }); } AddrVal* ARP_Analyzer::ConstructAddrVal(const void* addr) diff --git a/src/analyzer/protocol/backdoor/BackDoor.cc b/src/analyzer/protocol/backdoor/BackDoor.cc index ecfb660b94..4cc8d5f703 100644 --- a/src/analyzer/protocol/backdoor/BackDoor.cc +++ b/src/analyzer/protocol/backdoor/BackDoor.cc @@ -246,13 +246,12 @@ void BackDoorEndpoint::RloginSignatureFound(int len) rlogin_checking_done = 1; - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(rlogin_num_null)); - vl->append(val_mgr->GetCount(len)); - - endp->TCP()->ConnectionEvent(rlogin_signature_found, vl); + endp->TCP()->ConnectionEvent(rlogin_signature_found, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(rlogin_num_null), + val_mgr->GetCount(len), + }); } void BackDoorEndpoint::CheckForTelnet(uint64 /* seq */, int len, const u_char* data) @@ -338,12 +337,11 @@ void BackDoorEndpoint::CheckForTelnet(uint64 /* seq */, int len, const u_char* d void BackDoorEndpoint::TelnetSignatureFound(int len) { - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(len)); - - endp->TCP()->ConnectionEvent(telnet_signature_found, vl); + endp->TCP()->ConnectionEvent(telnet_signature_found, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(len), + }); } void BackDoorEndpoint::CheckForSSH(uint64 seq, int len, const u_char* data) @@ -643,13 +641,12 @@ void BackDoorEndpoint::CheckForHTTPProxy(uint64 /* seq */, int len, void BackDoorEndpoint::SignatureFound(EventHandlerPtr e, int do_orig) { - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); - if ( do_orig ) - vl->append(val_mgr->GetBool(endp->IsOrig())); + endp->TCP()->ConnectionEvent(e, + {endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig())}); - endp->TCP()->ConnectionEvent(e, vl); + else + endp->TCP()->ConnectionEvent(e, {endp->TCP()->BuildConnVal()}); } @@ -776,20 +773,16 @@ void BackDoor_Analyzer::StatTimer(double t, int is_expire) void BackDoor_Analyzer::StatEvent() { - val_list* vl = new val_list; - vl->append(TCP()->BuildConnVal()); - vl->append(orig_endp->BuildStats()); - vl->append(resp_endp->BuildStats()); - - TCP()->ConnectionEvent(backdoor_stats, vl); + TCP()->ConnectionEvent(backdoor_stats, { + TCP()->BuildConnVal(), + orig_endp->BuildStats(), + resp_endp->BuildStats(), + }); } void BackDoor_Analyzer::RemoveEvent() { - val_list* vl = new val_list; - vl->append(TCP()->BuildConnVal()); - - TCP()->ConnectionEvent(backdoor_remove_conn, vl); + TCP()->ConnectionEvent(backdoor_remove_conn, {TCP()->BuildConnVal()}); } BackDoorTimer::BackDoorTimer(double t, BackDoor_Analyzer* a) diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.cc b/src/analyzer/protocol/bittorrent/BitTorrent.cc index 652d3d120c..989265623c 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc @@ -120,10 +120,10 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bittorrent_peer_weird ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(msg)); - ConnectionEvent(bittorrent_peer_weird, vl); + ConnectionEvent(bittorrent_peer_weird, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(msg), + }); } } diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index 54cac790fb..411bbf0aff 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -247,11 +247,11 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bt_tracker_weird ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(msg)); - ConnectionEvent(bt_tracker_weird, vl); + ConnectionEvent(bt_tracker_weird, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(msg), + }); } } @@ -346,19 +346,16 @@ void BitTorrentTracker_Analyzer::RequestGet(char* uri) void BitTorrentTracker_Analyzer::EmitRequest(void) { - val_list* vl; - ProtocolConfirmation(); - vl = new val_list; - vl->append(BuildConnVal()); - vl->append(req_val_uri); - vl->append(req_val_headers); + ConnectionEvent(bt_tracker_request, { + BuildConnVal(), + req_val_uri, + req_val_headers, + }); req_val_uri = 0; req_val_headers = 0; - - ConnectionEvent(bt_tracker_request, vl); } bool BitTorrentTracker_Analyzer::ParseResponse(char* line) @@ -404,11 +401,11 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line) { if ( res_status != 200 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(res_status)); - vl->append(res_val_headers); - ConnectionEvent(bt_tracker_response_not_ok, vl); + ConnectionEvent(bt_tracker_response_not_ok, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + }); res_val_headers = 0; res_buf_pos = res_buf + res_buf_len; res_state = BTT_RES_DONE; @@ -790,16 +787,15 @@ void BitTorrentTracker_Analyzer::EmitResponse(void) { ProtocolConfirmation(); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(res_status)); - vl->append(res_val_headers); - vl->append(res_val_peers); - vl->append(res_val_benc); + ConnectionEvent(bt_tracker_response, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + res_val_peers, + res_val_benc, + }); res_val_headers = 0; res_val_peers = 0; res_val_benc = 0; - - ConnectionEvent(bt_tracker_response, vl); } diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index 52d81e3111..cf6521103c 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -47,11 +47,11 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64 threshold, bool if ( ! f ) return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(threshold)); - vl->append(val_mgr->GetBool(is_orig)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + val_mgr->GetCount(threshold), + val_mgr->GetBool(is_orig), + }); } void ConnSize_Analyzer::CheckSizes(bool is_orig) diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 944ce92731..a67b548fe9 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -46,13 +46,12 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) if ( dns_message ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_query)); - vl->append(msg.BuildHdrVal()); - vl->append(val_mgr->GetCount(len)); - - analyzer->ConnectionEvent(dns_message, vl); + analyzer->ConnectionEvent(dns_message, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_query), + msg.BuildHdrVal(), + val_mgr->GetCount(len), + }); } // There is a great deal of non-DNS traffic that runs on port 53. @@ -133,11 +132,10 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) int DNS_Interpreter::EndMessage(DNS_MsgInfo* msg) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - analyzer->ConnectionEvent(dns_end, vl); + analyzer->ConnectionEvent(dns_end, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + }); return 1; } @@ -336,11 +334,11 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, if ( dns_unknown_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - analyzer->ConnectionEvent(dns_unknown_reply, vl); + analyzer->ConnectionEvent(dns_unknown_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + }); } analyzer->Weird("DNS_RR_unknown_type", fmt("%d", msg->atype)); @@ -551,14 +549,12 @@ int DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg, if ( reply_event && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - - analyzer->ConnectionEvent(reply_event, vl); + analyzer->ConnectionEvent(reply_event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + }); } return 1; @@ -598,14 +594,7 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, if ( dns_SOA_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - RecordVal* r = new RecordVal(dns_soa); - r->Assign(0, new StringVal(new BroString(mname, mname_end - mname, 1))); r->Assign(1, new StringVal(new BroString(rname, rname_end - rname, 1))); r->Assign(2, val_mgr->GetCount(serial)); @@ -614,9 +603,12 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, r->Assign(5, new IntervalVal(double(expire), Seconds)); r->Assign(6, new IntervalVal(double(minimum), Seconds)); - vl->append(r); - - analyzer->ConnectionEvent(dns_SOA_reply, vl); + analyzer->ConnectionEvent(dns_SOA_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + r + }); } return 1; @@ -642,15 +634,13 @@ int DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg, if ( dns_MX_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(val_mgr->GetCount(preference)); - - analyzer->ConnectionEvent(dns_MX_reply, vl); + analyzer->ConnectionEvent(dns_MX_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + val_mgr->GetCount(preference), + }); } return 1; @@ -687,16 +677,15 @@ int DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg, if ( dns_SRV_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(val_mgr->GetCount(priority)); - vl->append(val_mgr->GetCount(weight)); - vl->append(val_mgr->GetCount(port)); - - analyzer->ConnectionEvent(dns_SRV_reply, vl); + analyzer->ConnectionEvent(dns_SRV_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + val_mgr->GetCount(priority), + val_mgr->GetCount(weight), + val_mgr->GetCount(port), + }); } return 1; @@ -711,12 +700,11 @@ int DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg, if ( dns_EDNS_addl && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildEDNS_Val()); - analyzer->ConnectionEvent(dns_EDNS_addl, vl); + analyzer->ConnectionEvent(dns_EDNS_addl, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildEDNS_Val(), + }); } // Currently EDNS supports the movement of type:data pairs @@ -789,13 +777,11 @@ int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, msg->tsig->orig_id = orig_id; msg->tsig->rr_error = rr_error; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildTSIG_Val()); - - analyzer->ConnectionEvent(dns_TSIG_addl, vl); + analyzer->ConnectionEvent(dns_TSIG_addl, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildTSIG_Val(), + }); return 1; } @@ -889,14 +875,12 @@ int DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg, rrsig.signer_name = new BroString(name, name_end - name, 1); rrsig.signature = sign; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildRRSIG_Val(&rrsig)); - - analyzer->ConnectionEvent(dns_RRSIG, vl); + analyzer->ConnectionEvent(dns_RRSIG, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildRRSIG_Val(&rrsig), + }); return 1; } @@ -983,14 +967,12 @@ int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg, dnskey.dprotocol = dprotocol; dnskey.public_key = key; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildDNSKEY_Val(&dnskey)); - - analyzer->ConnectionEvent(dns_DNSKEY, vl); + analyzer->ConnectionEvent(dns_DNSKEY, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDNSKEY_Val(&dnskey), + }); return 1; } @@ -1035,15 +1017,13 @@ int DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg, typebitmaps_len = typebitmaps_len - (2 + bmlen); } - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(char_strings); - - analyzer->ConnectionEvent(dns_NSEC, vl); + analyzer->ConnectionEvent(dns_NSEC, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + char_strings, + }); return 1; } @@ -1121,14 +1101,12 @@ int DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg, nsec3.nsec_hash = hash_val; nsec3.bitmaps = char_strings; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildNSEC3_Val(&nsec3)); - - analyzer->ConnectionEvent(dns_NSEC3, vl); + analyzer->ConnectionEvent(dns_NSEC3, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildNSEC3_Val(&nsec3), + }); return 1; } @@ -1178,14 +1156,12 @@ int DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg, ds.digest_type = ds_dtype; ds.digest_val = ds_digest; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildDS_Val(&ds)); - - analyzer->ConnectionEvent(dns_DS, vl); + analyzer->ConnectionEvent(dns_DS, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDS_Val(&ds), + }); return 1; } @@ -1203,14 +1179,12 @@ int DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg, if ( dns_A_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new AddrVal(htonl(addr))); - - analyzer->ConnectionEvent(dns_A_reply, vl); + analyzer->ConnectionEvent(dns_A_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new AddrVal(htonl(addr)), + }); } return 1; @@ -1242,13 +1216,12 @@ int DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg, event = dns_A6_reply; if ( event && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new AddrVal(addr)); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new AddrVal(addr), + }); } return 1; @@ -1317,14 +1290,12 @@ int DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg, while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) ) char_strings->Assign(char_strings->Size(), char_string); - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(char_strings); - - analyzer->ConnectionEvent(dns_TXT_reply, vl); + analyzer->ConnectionEvent(dns_TXT_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + char_strings, + }); return rdlength == 0; } @@ -1359,16 +1330,14 @@ int DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg, data += value->Len(); rdlength -= value->Len(); - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(val_mgr->GetCount(flags)); - vl->append(new StringVal(tag)); - vl->append(new StringVal(value)); - - analyzer->ConnectionEvent(dns_CAA_reply, vl); + analyzer->ConnectionEvent(dns_CAA_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + val_mgr->GetCount(flags), + new StringVal(tag), + new StringVal(value), + }); return rdlength == 0; } @@ -1382,14 +1351,13 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg, RR_Type qtype = RR_Type(ExtractShort(data, len)); int qclass = ExtractShort(data, len); - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(new StringVal(question_name)); - vl->append(val_mgr->GetCount(qtype)); - vl->append(val_mgr->GetCount(qclass)); - - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + new StringVal(question_name), + val_mgr->GetCount(qtype), + val_mgr->GetCount(qclass), + }); } @@ -1737,10 +1705,10 @@ void DNS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, { if ( ! interp->ParseMessage(data, len, 1) && non_dns_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(len, (const char*) data)); - ConnectionEvent(non_dns_request, vl); + ConnectionEvent(non_dns_request, { + BuildConnVal(), + new StringVal(len, (const char*) data), + }); } } diff --git a/src/analyzer/protocol/file/File.cc b/src/analyzer/protocol/file/File.cc index b7e00c7fa4..bb81eaa1fd 100644 --- a/src/analyzer/protocol/file/File.cc +++ b/src/analyzer/protocol/file/File.cc @@ -77,10 +77,11 @@ void File_Analyzer::Identify() &matches); string match = matches.empty() ? "" : *(matches.begin()->second.begin()); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(buffer_len, buffer)); - vl->append(new StringVal("")); - vl->append(new StringVal(match)); - ConnectionEvent(file_transferred, vl); + + ConnectionEvent(file_transferred, { + BuildConnVal(), + new StringVal(buffer_len, buffer), + new StringVal(""), + new StringVal(match), + }); } diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index 6729c34448..0f7cec2677 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -66,14 +66,15 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig else host = at + 1; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(long_cnt)); - vl->append(new StringVal(at - line, line)); - vl->append(new StringVal(end_of_line - host, host)); - if ( finger_request ) - ConnectionEvent(finger_request, vl); + { + ConnectionEvent(finger_request, { + BuildConnVal(), + val_mgr->GetBool(long_cnt), + new StringVal(at - line, line), + new StringVal(end_of_line - host, host), + }); + } Conn()->Match(Rule::FINGER, (const u_char *) line, end_of_line - line, true, true, 1, true); @@ -86,10 +87,9 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig if ( ! finger_reply ) return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(end_of_line - line, line)); - - ConnectionEvent(finger_reply, vl); + ConnectionEvent(finger_reply, { + BuildConnVal(), + new StringVal(end_of_line - line, line), + }); } } diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index f28dadf670..d4a659124e 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -73,8 +73,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) // Could emit "ftp empty request/reply" weird, but maybe not worth it. return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); + val_list vl; EventHandlerPtr f; if ( orig ) @@ -95,8 +94,11 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) else cmd_str = (new StringVal(cmd_len, cmd))->ToUpper(); - vl->append(cmd_str); - vl->append(new StringVal(end_of_line - line, line)); + vl = val_list{ + BuildConnVal(), + cmd_str, + new StringVal(end_of_line - line, line), + }; f = ftp_request; ProtocolConfirmation(); @@ -171,14 +173,17 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) } } - vl->append(val_mgr->GetCount(reply_code)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(val_mgr->GetBool(cont_resp)); + vl = val_list{ + BuildConnVal(), + val_mgr->GetCount(reply_code), + new StringVal(end_of_line - line, line), + val_mgr->GetBool(cont_resp), + }; f = ftp_reply; } - ConnectionEvent(f, vl); + ConnectionEvent(f, std::move(vl)); ForwardStream(length, data, orig); } diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index e7c11b40bb..dc6e14bf63 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -58,16 +58,10 @@ void Gnutella_Analyzer::Done() if ( ! sent_establish && (gnutella_establish || gnutella_not_establish) ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - if ( Established() && gnutella_establish ) - ConnectionEvent(gnutella_establish, vl); + ConnectionEvent(gnutella_establish, {BuildConnVal()}); else if ( ! Established () && gnutella_not_establish ) - ConnectionEvent(gnutella_not_establish, vl); - else - delete_vals(vl); + ConnectionEvent(gnutella_not_establish, {BuildConnVal()}); } if ( gnutella_partial_binary_msg ) @@ -78,14 +72,12 @@ void Gnutella_Analyzer::Done() { if ( ! p->msg_sent && p->msg_pos ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(p->msg)); - vl->append(val_mgr->GetBool((i == 0))); - vl->append(val_mgr->GetCount(p->msg_pos)); - - ConnectionEvent(gnutella_partial_binary_msg, vl); + ConnectionEvent(gnutella_partial_binary_msg, { + BuildConnVal(), + new StringVal(p->msg), + val_mgr->GetBool((i == 0)), + val_mgr->GetCount(p->msg_pos), + }); } else if ( ! p->msg_sent && p->payload_left ) @@ -129,10 +121,7 @@ int Gnutella_Analyzer::IsHTTP(string header) if ( gnutella_http_notify ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - ConnectionEvent(gnutella_http_notify, vl); + ConnectionEvent(gnutella_http_notify, {BuildConnVal()}); } analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn()); @@ -192,13 +181,11 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) { if ( gnutella_text_msg ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(ms->headers.data())); - - ConnectionEvent(gnutella_text_msg, vl); + ConnectionEvent(gnutella_text_msg, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(ms->headers.data()), + }); } ms->headers = ""; @@ -206,12 +193,9 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) if ( Established () && gnutella_establish ) { - val_list* vl = new val_list; - sent_establish = 1; - vl->append(BuildConnVal()); - ConnectionEvent(gnutella_establish, vl); + ConnectionEvent(gnutella_establish, {BuildConnVal()}); } } } @@ -237,21 +221,18 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig) if ( gnutella_binary_msg ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(p->msg_type)); - vl->append(val_mgr->GetCount(p->msg_ttl)); - vl->append(val_mgr->GetCount(p->msg_hops)); - vl->append(val_mgr->GetCount(p->msg_len)); - vl->append(new StringVal(p->payload)); - vl->append(val_mgr->GetCount(p->payload_len)); - vl->append(val_mgr->GetBool( - (p->payload_len < min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD)))); - vl->append(val_mgr->GetBool((p->payload_left == 0))); - - ConnectionEvent(gnutella_binary_msg, vl); + ConnectionEvent(gnutella_binary_msg, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(p->msg_type), + val_mgr->GetCount(p->msg_ttl), + val_mgr->GetCount(p->msg_hops), + val_mgr->GetCount(p->msg_len), + new StringVal(p->payload), + val_mgr->GetCount(p->payload_len), + val_mgr->GetBool((p->payload_len < min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD))), + val_mgr->GetBool((p->payload_left == 0)), + }); } } diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 4706286914..6087f7b43d 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -646,11 +646,11 @@ void HTTP_Message::Done(const int interrupted, const char* detail) if ( http_message_done ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(BuildMessageStat(interrupted, detail)); - GetAnalyzer()->ConnectionEvent(http_message_done, vl); + GetAnalyzer()->ConnectionEvent(http_message_done, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + BuildMessageStat(interrupted, detail), + }); } MyHTTP_Analyzer()->HTTP_MessageDone(is_orig, this); @@ -679,10 +679,10 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity) if ( http_begin_entity ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - analyzer->ConnectionEvent(http_begin_entity, vl); + analyzer->ConnectionEvent(http_begin_entity, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } } @@ -696,10 +696,10 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity) if ( http_end_entity ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - analyzer->ConnectionEvent(http_end_entity, vl); + analyzer->ConnectionEvent(http_end_entity, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } current_entity = (HTTP_Entity*) entity->Parent(); @@ -737,11 +737,11 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) { if ( http_all_headers ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(BuildHeaderTable(hlist)); - analyzer->ConnectionEvent(http_all_headers, vl); + analyzer->ConnectionEvent(http_all_headers, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + BuildHeaderTable(hlist), + }); } if ( http_content_type ) @@ -751,12 +751,12 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) ty->Ref(); subty->Ref(); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(ty); - vl->append(subty); - analyzer->ConnectionEvent(http_content_type, vl); + analyzer->ConnectionEvent(http_content_type, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + ty, + subty, + }); } } @@ -1182,12 +1182,8 @@ void HTTP_Analyzer::GenStats() r->Assign(2, new Val(request_version, TYPE_DOUBLE)); r->Assign(3, new Val(reply_version, TYPE_DOUBLE)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(r); - // DEBUG_MSG("%.6f http_stats\n", network_time); - ConnectionEvent(http_stats, vl); + ConnectionEvent(http_stats, {BuildConnVal(), r}); } } @@ -1384,13 +1380,12 @@ void HTTP_Analyzer::HTTP_Event(const char* category, StringVal* detail) { if ( http_event ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(new StringVal(category)); - vl->append(detail); - // DEBUG_MSG("%.6f http_event\n", network_time); - ConnectionEvent(http_event, vl); + ConnectionEvent(http_event, { + BuildConnVal(), + new StringVal(category), + detail, + }); } else delete detail; @@ -1426,17 +1421,16 @@ void HTTP_Analyzer::HTTP_Request() if ( http_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - Ref(request_method); - vl->append(request_method); - vl->append(TruncateURI(request_URI->AsStringVal())); - vl->append(TruncateURI(unescaped_URI->AsStringVal())); - vl->append(new StringVal(fmt("%.1f", request_version))); // DEBUG_MSG("%.6f http_request\n", network_time); - ConnectionEvent(http_request, vl); + ConnectionEvent(http_request, { + BuildConnVal(), + request_method, + TruncateURI(request_URI->AsStringVal()), + TruncateURI(unescaped_URI->AsStringVal()), + new StringVal(fmt("%.1f", request_version)), + }); } } @@ -1444,15 +1438,14 @@ void HTTP_Analyzer::HTTP_Reply() { if ( http_reply ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(fmt("%.1f", reply_version))); - vl->append(val_mgr->GetCount(reply_code)); - if ( reply_reason_phrase ) - vl->append(reply_reason_phrase->Ref()); - else - vl->append(new StringVal("")); - ConnectionEvent(http_reply, vl); + ConnectionEvent(http_reply, { + BuildConnVal(), + new StringVal(fmt("%.1f", reply_version)), + val_mgr->GetCount(reply_code), + reply_reason_phrase ? + reply_reason_phrase->Ref() : + new StringVal(""), + }); } else { @@ -1524,10 +1517,10 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg) if ( http_connection_upgrade ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(new StringVal(upgrade_protocol)); - ConnectionEvent(http_connection_upgrade, vl); + ConnectionEvent(http_connection_upgrade, { + BuildConnVal(), + new StringVal(upgrade_protocol), + }); } } @@ -1697,14 +1690,15 @@ void HTTP_Analyzer::HTTP_Header(int is_orig, mime::MIME_Header* h) Conn()->Match(rule, (const u_char*) hd_value.data, hd_value.length, is_orig, false, true, false); - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(mime::new_string_val(h->get_name())->ToUpper()); - vl->append(mime::new_string_val(h->get_value())); if ( DEBUG_http ) DEBUG_MSG("%.6f http_header\n", network_time); - ConnectionEvent(http_header, vl); + + ConnectionEvent(http_header, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + mime::new_string_val(h->get_name())->ToUpper(), + mime::new_string_val(h->get_value()), + }); } } @@ -1833,12 +1827,12 @@ void HTTP_Analyzer::HTTP_EntityData(int is_orig, BroString* entity_data) { if ( http_entity_data ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(entity_data->Len())); - vl->append(new StringVal(entity_data)); - ConnectionEvent(http_entity_data, vl); + ConnectionEvent(http_entity_data, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(entity_data->Len()), + new StringVal(entity_data), + }); } else delete entity_data; diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 1832b324b2..a740ac8848 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -199,20 +199,21 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, { if ( icmp_sent ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); - ConnectionEvent(icmp_sent, vl); + ConnectionEvent(icmp_sent, { + BuildConnVal(), + BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + }); } if ( icmp_sent_payload ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); BroString* payload = new BroString(data, min(len, caplen), 0); - vl->append(new StringVal(payload)); - ConnectionEvent(icmp_sent_payload, vl); + + ConnectionEvent(icmp_sent_payload, { + BuildConnVal(), + BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + new StringVal(payload), + }); } } @@ -511,14 +512,13 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, BroString* payload = new BroString(data, caplen, 0); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr)); - vl->append(val_mgr->GetCount(iid)); - vl->append(val_mgr->GetCount(iseq)); - vl->append(new StringVal(payload)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr), + val_mgr->GetCount(iid), + val_mgr->GetCount(iseq), + new StringVal(payload), + }); } @@ -534,24 +534,23 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, if ( caplen >= (int)sizeof(reachable) + (int)sizeof(retrans) ) memcpy(&retrans, data + sizeof(reachable), sizeof(retrans)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_num_addrs)); // Cur Hop Limit - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x80)); // Managed - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x40)); // Other - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x20)); // Home Agent - vl->append(val_mgr->GetCount((icmpp->icmp_wpa & 0x18)>>3)); // Pref - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x04)); // Proxy - vl->append(val_mgr->GetCount(icmpp->icmp_wpa & 0x02)); // Reserved - vl->append(new IntervalVal((double)ntohs(icmpp->icmp_lifetime), Seconds)); - vl->append(new IntervalVal((double)ntohl(reachable), Milliseconds)); - vl->append(new IntervalVal((double)ntohl(retrans), Milliseconds)); - int opt_offset = sizeof(reachable) + sizeof(retrans); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetCount(icmpp->icmp_num_addrs), // Cur Hop Limit + val_mgr->GetBool(icmpp->icmp_wpa & 0x80), // Managed + val_mgr->GetBool(icmpp->icmp_wpa & 0x40), // Other + val_mgr->GetBool(icmpp->icmp_wpa & 0x20), // Home Agent + val_mgr->GetCount((icmpp->icmp_wpa & 0x18)>>3), // Pref + val_mgr->GetBool(icmpp->icmp_wpa & 0x04), // Proxy + val_mgr->GetCount(icmpp->icmp_wpa & 0x02), // Reserved + new IntervalVal((double)ntohs(icmpp->icmp_lifetime), Seconds), + new IntervalVal((double)ntohl(reachable), Milliseconds), + new IntervalVal((double)ntohl(retrans), Milliseconds), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -564,18 +563,17 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, if ( caplen >= (int)sizeof(in6_addr) ) tgtaddr = IPAddr(*((const in6_addr*)data)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80)); // Router - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x40)); // Solicited - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x20)); // Override - vl->append(new AddrVal(tgtaddr)); - int opt_offset = sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80), // Router + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x40), // Solicited + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x20), // Override + new AddrVal(tgtaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -588,15 +586,14 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, if ( caplen >= (int)sizeof(in6_addr) ) tgtaddr = IPAddr(*((const in6_addr*)data)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new AddrVal(tgtaddr)); - int opt_offset = sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + new AddrVal(tgtaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -612,16 +609,15 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, if ( caplen >= 2 * (int)sizeof(in6_addr) ) dstaddr = IPAddr(*((const in6_addr*)(data + sizeof(in6_addr)))); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new AddrVal(tgtaddr)); - vl->append(new AddrVal(dstaddr)); - int opt_offset = 2 * sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + new AddrVal(tgtaddr), + new AddrVal(dstaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -630,12 +626,11 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, { EventHandlerPtr f = icmp_router_solicitation; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(BuildNDOptionsVal(caplen, data)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildNDOptionsVal(caplen, data), + }); } @@ -657,12 +652,12 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, if ( f ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 0, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_code)); - vl->append(ExtractICMP4Context(caplen, data)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 0, ip_hdr), + val_mgr->GetCount(icmpp->icmp_code), + ExtractICMP4Context(caplen, data), + }); } } @@ -697,12 +692,12 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, if ( f ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_code)); - vl->append(ExtractICMP6Context(caplen, data)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetCount(icmpp->icmp_code), + ExtractICMP6Context(caplen, data), + }); } } diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index 125f2d7f64..ba32968c3b 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -83,12 +83,11 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) Weird("ident_request_addendum", s.CheckString()); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - - ConnectionEvent(ident_request, vl); + ConnectionEvent(ident_request, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + }); did_deliver = 1; } @@ -144,13 +143,12 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) if ( is_error ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - vl->append(new StringVal(end_of_line - line, line)); - - ConnectionEvent(ident_error, vl); + ConnectionEvent(ident_error, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + new StringVal(end_of_line - line, line), + }); } else @@ -178,14 +176,13 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) line = skip_whitespace(colon + 1, end_of_line); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(new StringVal(sys_type_s)); - - ConnectionEvent(ident_reply, vl); + ConnectionEvent(ident_reply, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + new StringVal(end_of_line - line, line), + new StringVal(sys_type_s), + }); } } } diff --git a/src/analyzer/protocol/interconn/InterConn.cc b/src/analyzer/protocol/interconn/InterConn.cc index 8d9dd72774..39749a0deb 100644 --- a/src/analyzer/protocol/interconn/InterConn.cc +++ b/src/analyzer/protocol/interconn/InterConn.cc @@ -241,20 +241,16 @@ void InterConn_Analyzer::StatTimer(double t, int is_expire) void InterConn_Analyzer::StatEvent() { - val_list* vl = new val_list; - vl->append(Conn()->BuildConnVal()); - vl->append(orig_endp->BuildStats()); - vl->append(resp_endp->BuildStats()); - - Conn()->ConnectionEvent(interconn_stats, this, vl); + Conn()->ConnectionEvent(interconn_stats, this, { + Conn()->BuildConnVal(), + orig_endp->BuildStats(), + resp_endp->BuildStats(), + }); } void InterConn_Analyzer::RemoveEvent() { - val_list* vl = new val_list; - vl->append(Conn()->BuildConnVal()); - - Conn()->ConnectionEvent(interconn_remove_conn, this, vl); + Conn()->ConnectionEvent(interconn_remove_conn, this, {Conn()->BuildConnVal()}); } InterConnTimer::InterConnTimer(double t, InterConn_Analyzer* a) diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index 25d568d627..cd48d8469c 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -233,14 +233,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(users)); - vl->append(val_mgr->GetInt(services)); - vl->append(val_mgr->GetInt(servers)); - - ConnectionEvent(irc_network_info, vl); + ConnectionEvent(irc_network_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(users), + val_mgr->GetInt(services), + val_mgr->GetInt(servers), + }); } break; @@ -271,13 +270,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(type.c_str())); - vl->append(new StringVal(channel.c_str())); - TableVal* set = new TableVal(string_set); + for ( unsigned int i = 0; i < parts.size(); ++i ) { if ( parts[i][0] == '@' ) @@ -286,9 +280,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) set->Assign(idx, 0); Unref(idx); } - vl->append(set); - ConnectionEvent(irc_names_info, vl); + ConnectionEvent(irc_names_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(type.c_str()), + new StringVal(channel.c_str()), + set, + }); } break; @@ -316,14 +315,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(users)); - vl->append(val_mgr->GetInt(services)); - vl->append(val_mgr->GetInt(servers)); - - ConnectionEvent(irc_server_info, vl); + ConnectionEvent(irc_server_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(users), + val_mgr->GetInt(services), + val_mgr->GetInt(servers), + }); } break; @@ -339,12 +337,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[i] == ":channels" ) channels = atoi(parts[i - 1].c_str()); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(channels)); - - ConnectionEvent(irc_channel_info, vl); + ConnectionEvent(irc_channel_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(channels), + }); } break; @@ -372,12 +369,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) break; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(eop - prefix, prefix)); - vl->append(new StringVal(++msg)); - ConnectionEvent(irc_global_users, vl); + ConnectionEvent(irc_global_users, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(eop - prefix, prefix), + new StringVal(++msg), + }); break; } @@ -397,12 +394,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - vl->append(new StringVal(parts[2].c_str())); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); + vl.append(new StringVal(parts[0].c_str())); + vl.append(new StringVal(parts[1].c_str())); + vl.append(new StringVal(parts[2].c_str())); parts.erase(parts.begin(), parts.begin() + 4); @@ -413,9 +410,9 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( real_name[0] == ':' ) real_name = real_name.substr(1); - vl->append(new StringVal(real_name.c_str())); + vl.append(new StringVal(real_name.c_str())); - ConnectionEvent(irc_whois_user_line, vl); + ConnectionEvent(irc_whois_user_line, std::move(vl)); } break; @@ -436,12 +433,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - - ConnectionEvent(irc_whois_operator_line, vl); + ConnectionEvent(irc_whois_operator_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + }); } break; @@ -467,11 +463,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nick.c_str())); TableVal* set = new TableVal(string_set); + for ( unsigned int i = 0; i < parts.size(); ++i ) { Val* idx = new StringVal(parts[i].c_str()); @@ -479,9 +472,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - vl->append(set); - - ConnectionEvent(irc_whois_channel_line, vl); + ConnectionEvent(irc_whois_channel_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nick.c_str()), + set, + }); } break; @@ -502,19 +498,17 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( pos < params.size() ) { string topic = params.substr(pos + 1); - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[1].c_str())); - const char* t = topic.c_str(); + if ( *t == ':' ) ++t; - vl->append(new StringVal(t)); - - ConnectionEvent(irc_channel_topic, vl); + ConnectionEvent(irc_channel_topic, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[1].c_str()), + new StringVal(t), + }); } else { @@ -537,24 +531,25 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); if ( parts[2][0] == '~' ) parts[2] = parts[2].substr(1); - vl->append(new StringVal(parts[2].c_str())); - vl->append(new StringVal(parts[3].c_str())); - vl->append(new StringVal(parts[4].c_str())); - vl->append(new StringVal(parts[5].c_str())); - vl->append(new StringVal(parts[6].c_str())); + if ( parts[7][0] == ':' ) parts[7] = parts[7].substr(1); - vl->append(val_mgr->GetInt(atoi(parts[7].c_str()))); - vl->append(new StringVal(parts[8].c_str())); - ConnectionEvent(irc_who_line, vl); + ConnectionEvent(irc_who_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + new StringVal(parts[2].c_str()), + new StringVal(parts[3].c_str()), + new StringVal(parts[4].c_str()), + new StringVal(parts[5].c_str()), + new StringVal(parts[6].c_str()), + val_mgr->GetInt(atoi(parts[7].c_str())), + new StringVal(parts[8].c_str()), + }); } break; @@ -565,10 +560,10 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 436: if ( irc_invalid_nick ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - ConnectionEvent(irc_invalid_nick, vl); + ConnectionEvent(irc_invalid_nick, { + BuildConnVal(), + val_mgr->GetBool(orig), + }); } break; @@ -577,11 +572,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 491: // user is not operator if ( irc_oper_response ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetBool(code == 381)); - ConnectionEvent(irc_oper_response, vl); + ConnectionEvent(irc_oper_response, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetBool(code == 381), + }); } break; @@ -592,14 +587,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // All other server replies. default: - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(val_mgr->GetCount(code)); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_reply, vl); + ConnectionEvent(irc_reply, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + val_mgr->GetCount(code), + new StringVal(params.c_str()), + }); break; } return; @@ -662,33 +656,31 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) raw_ip = (10 * raw_ip) + atoi(s.c_str()); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(parts[1].c_str())); - vl->append(new StringVal(parts[2].c_str())); - vl->append(new AddrVal(htonl(raw_ip))); - vl->append(val_mgr->GetCount(atoi(parts[4].c_str()))); - if ( parts.size() >= 6 ) - vl->append(val_mgr->GetCount(atoi(parts[5].c_str()))); - else - vl->append(val_mgr->GetCount(0)); - ConnectionEvent(irc_dcc_message, vl); + ConnectionEvent(irc_dcc_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(parts[1].c_str()), + new StringVal(parts[2].c_str()), + new AddrVal(htonl(raw_ip)), + val_mgr->GetCount(atoi(parts[4].c_str())), + parts.size() >= 6 ? + val_mgr->GetCount(atoi(parts[5].c_str())) : + val_mgr->GetCount(0), + }); } else { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_privmsg_message, vl); + ConnectionEvent(irc_privmsg_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } } @@ -707,14 +699,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_notice_message, vl); + ConnectionEvent(irc_notice_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_squery_message && command == "SQUERY" ) @@ -732,35 +723,34 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_squery_message, vl); + ConnectionEvent(irc_squery_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_user_message && command == "USER" ) { // extract username and real name vector parts = SplitWords(params, ' '); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); if ( parts.size() > 0 ) - vl->append(new StringVal(parts[0].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[0].c_str())); + else vl.append(val_mgr->GetEmptyString()); if ( parts.size() > 1 ) - vl->append(new StringVal(parts[1].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[1].c_str())); + else vl.append(val_mgr->GetEmptyString()); if ( parts.size() > 2 ) - vl->append(new StringVal(parts[2].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[2].c_str())); + else vl.append(val_mgr->GetEmptyString()); string realname; for ( unsigned int i = 3; i < parts.size(); i++ ) @@ -771,9 +761,9 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } const char* name = realname.c_str(); - vl->append(new StringVal(*name == ':' ? name + 1 : name)); + vl.append(new StringVal(*name == ':' ? name + 1 : name)); - ConnectionEvent(irc_user_message, vl); + ConnectionEvent(irc_user_message, std::move(vl)); } else if ( irc_oper_message && command == "OPER" ) @@ -782,13 +772,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vector parts = SplitWords(params, ' '); if ( parts.size() == 2 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - - ConnectionEvent(irc_oper_message, vl); + ConnectionEvent(irc_oper_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + }); } else @@ -805,12 +794,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); + vl.append(new StringVal(prefix.c_str())); + vl.append(new StringVal(parts[0].c_str())); + vl.append(new StringVal(parts[1].c_str())); if ( parts.size() > 2 ) { string comment = parts[2]; @@ -820,12 +809,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( comment[0] == ':' ) comment = comment.substr(1); - vl->append(new StringVal(comment.c_str())); + vl.append(new StringVal(comment.c_str())); } else - vl->append(val_mgr->GetEmptyString()); + vl.append(val_mgr->GetEmptyString()); - ConnectionEvent(irc_kick_message, vl); + ConnectionEvent(irc_kick_message, std::move(vl)); } else if ( irc_join_message && command == "JOIN" ) @@ -849,11 +838,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) nickname = prefix.substr(0, pos); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - TableVal* list = new TableVal(irc_join_list); + vector channels = SplitWords(parts[0], ','); vector passwords; @@ -876,9 +862,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - vl->append(list); - - ConnectionEvent(irc_join_message, vl); + ConnectionEvent(irc_join_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + list, + }); } else if ( irc_join_message && command == "NJOIN" ) @@ -895,12 +883,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) parts[1] = parts[1].substr(1); vector users = SplitWords(parts[1], ','); - - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - TableVal* list = new TableVal(irc_join_list); + string empty_string = ""; for ( unsigned int i = 0; i < users.size(); ++i ) @@ -939,9 +923,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - vl->append(list); - - ConnectionEvent(irc_join_message, vl); + ConnectionEvent(irc_join_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + list, + }); } else if ( irc_part_message && command == "PART" ) @@ -977,14 +963,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nick.c_str())); - vl->append(set); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_part_message, vl); + ConnectionEvent(irc_part_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nick.c_str()), + set, + new StringVal(message.c_str()), + }); } else if ( irc_quit_message && command == "QUIT" ) @@ -1001,13 +986,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) nickname = prefix.substr(0, pos); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nickname.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_quit_message, vl); + ConnectionEvent(irc_quit_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nickname.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_nick_message && command == "NICK" ) @@ -1016,13 +1000,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( nick[0] == ':' ) nick = nick.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(nick.c_str())); - - ConnectionEvent(irc_nick_message, vl); + ConnectionEvent(irc_nick_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(nick.c_str()) + }); } else if ( irc_who_message && command == "WHO" ) @@ -1042,16 +1025,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0].size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - if ( parts.size() > 0 ) - vl->append(new StringVal(parts[0].c_str())); - else - vl->append(val_mgr->GetEmptyString()); - vl->append(val_mgr->GetBool(oper)); - - ConnectionEvent(irc_who_message, vl); + ConnectionEvent(irc_who_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + parts.size() > 0 ? + new StringVal(parts[0].c_str()) : + val_mgr->GetEmptyString(), + val_mgr->GetBool(oper), + }); } else if ( irc_whois_message && command == "WHOIS" ) @@ -1074,26 +1055,25 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else users = parts[0]; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(server.c_str())); - vl->append(new StringVal(users.c_str())); - - ConnectionEvent(irc_whois_message, vl); + ConnectionEvent(irc_whois_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(server.c_str()), + new StringVal(users.c_str()), + }); } else if ( irc_error_message && command == "ERROR" ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); if ( params[0] == ':' ) params = params.substr(1); - vl->append(new StringVal(params.c_str())); - ConnectionEvent(irc_error_message, vl); + ConnectionEvent(irc_error_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(params.c_str()), + }); } else if ( irc_invite_message && command == "INVITE" ) @@ -1104,14 +1084,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[1].size() > 0 && parts[1][0] == ':' ) parts[1] = parts[1].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - - ConnectionEvent(irc_invite_message, vl); + ConnectionEvent(irc_invite_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + }); } else Weird("irc_invalid_invite_message_format"); @@ -1121,13 +1100,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( params.size() > 0 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_mode_message, vl); + ConnectionEvent(irc_mode_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(params.c_str()), + }); } else @@ -1136,11 +1114,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else if ( irc_password_message && command == "PASS" ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(params.c_str())); - ConnectionEvent(irc_password_message, vl); + ConnectionEvent(irc_password_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(params.c_str()), + }); } else if ( irc_squit_message && command == "SQUIT" ) @@ -1158,14 +1136,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) message = message.substr(1); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(server.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_squit_message, vl); + ConnectionEvent(irc_squit_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(server.c_str()), + new StringVal(message.c_str()), + }); } @@ -1173,14 +1150,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(command.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_request, vl); + ConnectionEvent(irc_request, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(command.c_str()), + new StringVal(params.c_str()), + }); } } @@ -1188,14 +1164,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_message ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(command.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_message, vl); + ConnectionEvent(irc_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(command.c_str()), + new StringVal(params.c_str()), + }); } } @@ -1224,10 +1199,7 @@ void IRC_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(irc_starttls, vl); + ConnectionEvent(irc_starttls, {BuildConnVal()}); } vector IRC_Analyzer::SplitWords(const string input, const char split) diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index f8eb233a29..326c126ae9 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -289,9 +289,7 @@ void Login_Analyzer::AuthenticationDialog(bool orig, char* line) { if ( authentication_skipped ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - ConnectionEvent(authentication_skipped, vl); + ConnectionEvent(authentication_skipped, {BuildConnVal()}); } state = LOGIN_STATE_SKIP; @@ -334,32 +332,26 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else if ( login_terminal && streq(name, "TERM") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_terminal, vl); + ConnectionEvent(login_terminal, { + BuildConnVal(), + new StringVal(val), + }); } else if ( login_display && streq(name, "DISPLAY") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_display, vl); + ConnectionEvent(login_display, { + BuildConnVal(), + new StringVal(val), + }); } else if ( login_prompt && streq(name, "TTYPROMPT") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_prompt, vl); + ConnectionEvent(login_prompt, { + BuildConnVal(), + new StringVal(val), + }); } } @@ -433,15 +425,13 @@ void Login_Analyzer::LoginEvent(EventHandlerPtr f, const char* line, Val* password = HaveTypeahead() ? PopUserTextVal() : new StringVal(""); - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(username->Ref()); - vl->append(client_name ? client_name->Ref() : val_mgr->GetEmptyString()); - vl->append(password); - vl->append(new StringVal(line)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + username->Ref(), + client_name ? client_name->Ref() : val_mgr->GetEmptyString(), + password, + new StringVal(line), + }); } const char* Login_Analyzer::GetUsername(const char* line) const @@ -454,12 +444,10 @@ const char* Login_Analyzer::GetUsername(const char* line) const void Login_Analyzer::LineEvent(EventHandlerPtr f, const char* line) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(line)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + new StringVal(line), + }); } @@ -469,12 +457,11 @@ void Login_Analyzer::Confused(const char* msg, const char* line) if ( login_confused ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(msg)); - vl->append(new StringVal(line)); - - ConnectionEvent(login_confused, vl); + ConnectionEvent(login_confused, { + BuildConnVal(), + new StringVal(msg), + new StringVal(line), + }); } if ( login_confused_text ) @@ -496,10 +483,10 @@ void Login_Analyzer::ConfusionText(const char* line) { if ( login_confused_text ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(line)); - ConnectionEvent(login_confused_text, vl); + ConnectionEvent(login_confused_text, { + BuildConnVal(), + new StringVal(line), + }); } } diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index 11952103bf..53ad3c202d 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -461,11 +461,10 @@ void NVT_Analyzer::SetTerminal(const u_char* terminal, int len) { if ( login_terminal ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(new BroString(terminal, len, 0))); - - ConnectionEvent(login_terminal, vl); + ConnectionEvent(login_terminal, { + BuildConnVal(), + new StringVal(new BroString(terminal, len, 0)), + }); } } diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index 0afacb2f2b..4688bf9280 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -156,31 +156,38 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { Login_Analyzer::DeliverStream(len, data, orig); + if ( orig ) + { + if ( ! rsh_request ) + return; + } + else + { + if ( ! rsh_reply ) + return; + } + + val_list vl(4 + orig); const char* line = (const char*) data; - val_list* vl = new val_list; - line = skip_whitespace(line); - vl->append(BuildConnVal()); - vl->append(client_name ? client_name->Ref() : new StringVal("")); - vl->append(username ? username->Ref() : new StringVal("")); - vl->append(new StringVal(line)); + vl.append(BuildConnVal()); + vl.append(client_name ? client_name->Ref() : new StringVal("")); + vl.append(username ? username->Ref() : new StringVal("")); + vl.append(new StringVal(line)); - if ( orig && rsh_request ) + if ( orig ) { if ( contents_orig->RshSaveState() == RSH_SERVER_USER_NAME ) // First input - vl->append(val_mgr->GetTrue()); + vl.append(val_mgr->GetTrue()); else - vl->append(val_mgr->GetFalse()); + vl.append(val_mgr->GetFalse()); - ConnectionEvent(rsh_request, vl); + ConnectionEvent(rsh_request, std::move(vl)); } - else if ( rsh_reply ) - ConnectionEvent(rsh_reply, vl); - else - delete_vals(vl); + ConnectionEvent(rsh_reply, std::move(vl)); } void Rsh_Analyzer::ClientUserName(const char* s) diff --git a/src/analyzer/protocol/login/Rlogin.cc b/src/analyzer/protocol/login/Rlogin.cc index 6979148676..10d9e23e91 100644 --- a/src/analyzer/protocol/login/Rlogin.cc +++ b/src/analyzer/protocol/login/Rlogin.cc @@ -244,11 +244,9 @@ void Rlogin_Analyzer::TerminalType(const char* s) { if ( login_terminal ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(s)); - - ConnectionEvent(login_terminal, vl); + ConnectionEvent(login_terminal, { + BuildConnVal(), + new StringVal(s), + }); } } diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index 931e155fdf..edb5316bac 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1358,11 +1358,11 @@ void MIME_Mail::Done() hash_final(md5_hash, digest); md5_hash = nullptr; - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(content_hash_length)); - vl->append(new StringVal(new BroString(1, digest, 16))); - analyzer->ConnectionEvent(mime_content_hash, vl); + analyzer->ConnectionEvent(mime_content_hash, { + analyzer->BuildConnVal(), + val_mgr->GetCount(content_hash_length), + new StringVal(new BroString(1, digest, 16)), + }); } MIME_Message::Done(); @@ -1386,11 +1386,7 @@ void MIME_Mail::BeginEntity(MIME_Entity* /* entity */) cur_entity_id.clear(); if ( mime_begin_entity ) - { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - analyzer->ConnectionEvent(mime_begin_entity, vl); - } + analyzer->ConnectionEvent(mime_begin_entity, {analyzer->BuildConnVal()}); buffer_start = data_start = 0; ASSERT(entity_content.size() == 0); @@ -1402,12 +1398,12 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) { BroString* s = concatenate(entity_content); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(s->Len())); - vl->append(new StringVal(s)); - analyzer->ConnectionEvent(mime_entity_data, vl); + analyzer->ConnectionEvent(mime_entity_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(s->Len()), + new StringVal(s), + }); if ( ! mime_all_data ) delete_strings(entity_content); @@ -1416,11 +1412,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) } if ( mime_end_entity ) - { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - analyzer->ConnectionEvent(mime_end_entity, vl); - } + analyzer->ConnectionEvent(mime_end_entity, {analyzer->BuildConnVal()}); file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn()); cur_entity_id.clear(); @@ -1430,10 +1422,10 @@ void MIME_Mail::SubmitHeader(MIME_Header* h) { if ( mime_one_header ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(BuildHeaderVal(h)); - analyzer->ConnectionEvent(mime_one_header, vl); + analyzer->ConnectionEvent(mime_one_header, { + analyzer->BuildConnVal(), + BuildHeaderVal(h), + }); } } @@ -1441,10 +1433,10 @@ void MIME_Mail::SubmitAllHeaders(MIME_HeaderList& hlist) { if ( mime_all_headers ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(BuildHeaderTable(hlist)); - analyzer->ConnectionEvent(mime_all_headers, vl); + analyzer->ConnectionEvent(mime_all_headers, { + analyzer->BuildConnVal(), + BuildHeaderTable(hlist), + }); } } @@ -1478,11 +1470,11 @@ void MIME_Mail::SubmitData(int len, const char* buf) const char* data = (char*) data_buffer->Bytes() + data_start; int data_len = (buf + len) - data; - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(data_len)); - vl->append(new StringVal(data_len, data)); - analyzer->ConnectionEvent(mime_segment_data, vl); + analyzer->ConnectionEvent(mime_segment_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(data_len), + new StringVal(data_len, data), + }); } cur_entity_id = file_mgr->DataIn(reinterpret_cast(buf), len, @@ -1525,12 +1517,11 @@ void MIME_Mail::SubmitAllData() BroString* s = concatenate(all_content); delete_strings(all_content); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(s->Len())); - vl->append(new StringVal(s)); - - analyzer->ConnectionEvent(mime_all_data, vl); + analyzer->ConnectionEvent(mime_all_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(s->Len()), + new StringVal(s), + }); } } @@ -1555,10 +1546,10 @@ void MIME_Mail::SubmitEvent(int event_type, const char* detail) if ( mime_event ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(new StringVal(category)); - vl->append(new StringVal(detail)); - analyzer->ConnectionEvent(mime_event, vl); + analyzer->ConnectionEvent(mime_event, { + analyzer->BuildConnVal(), + new StringVal(category), + new StringVal(detail), + }); } } diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index b59358b703..ceb480292b 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -61,21 +61,27 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame) EventHandlerPtr f = frame->is_orig() ? ncp_request : ncp_reply; if ( f ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(frame->frame_type())); - vl->append(val_mgr->GetCount(frame->body_length())); - if ( frame->is_orig() ) - vl->append(val_mgr->GetCount(req_func)); + { + analyzer->ConnectionEvent(f, { + analyzer->BuildConnVal(), + val_mgr->GetCount(frame->frame_type()), + val_mgr->GetCount(frame->body_length()), + val_mgr->GetCount(req_func), + }); + } else { - vl->append(val_mgr->GetCount(req_frame_type)); - vl->append(val_mgr->GetCount(req_func)); - vl->append(val_mgr->GetCount(frame->reply()->completion_code())); + analyzer->ConnectionEvent(f, { + analyzer->BuildConnVal(), + val_mgr->GetCount(frame->frame_type()), + val_mgr->GetCount(frame->body_length()), + val_mgr->GetCount(req_frame_type), + val_mgr->GetCount(req_func), + val_mgr->GetCount(frame->reply()->completion_code()), + }); } - analyzer->ConnectionEvent(f, vl); } } diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 492375b7aa..5dc07f7d0d 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -58,12 +58,12 @@ int NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags, { if ( netbios_session_message ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_query)); - vl->append(val_mgr->GetCount(type)); - vl->append(val_mgr->GetCount(len)); - analyzer->ConnectionEvent(netbios_session_message, vl); + analyzer->ConnectionEvent(netbios_session_message, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_query), + val_mgr->GetCount(type), + val_mgr->GetCount(len), + }); } switch ( type ) { @@ -328,13 +328,19 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data, if ( ! event ) return; - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); if ( is_orig >= 0 ) - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(new BroString(data, len, 0))); - - analyzer->ConnectionEvent(event, vl); + { + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(new BroString(data, len, 0)), + }); + } + else + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + new StringVal(new BroString(data, len, 0)), + }); } diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index 631d5bc3e9..2e6988d13f 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -78,12 +78,11 @@ void NTP_Analyzer::Message(const u_char* data, int len) msg->Assign(9, new Val(LongFloat(ntp_data->rec), TYPE_TIME)); msg->Assign(10, new Val(LongFloat(ntp_data->xmt), TYPE_TIME)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(msg); - vl->append(new StringVal(new BroString(data, len, 0))); - - ConnectionEvent(ntp_message, vl); + ConnectionEvent(ntp_message, { + BuildConnVal(), + msg, + new StringVal(new BroString(data, len, 0)), + }); } double NTP_Analyzer::ShortFloat(struct s_fixedpt fp) diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index 2cd5041a70..e7ccf3907c 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -833,10 +833,7 @@ void POP3_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(pop3_starttls, vl); + ConnectionEvent(pop3_starttls, {BuildConnVal()}); } void POP3_Analyzer::AuthSuccessfull() @@ -926,14 +923,14 @@ void POP3_Analyzer::POP3Event(EventHandlerPtr event, bool is_orig, if ( ! event ) return; - val_list* vl = new val_list; + val_list vl(2 + (bool)arg1 + (bool)arg2); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(is_orig)); if ( arg1 ) - vl->append(new StringVal(arg1)); + vl.append(new StringVal(arg1)); if ( arg2 ) - vl->append(new StringVal(arg2)); + vl.append(new StringVal(arg2)); - ConnectionEvent(event, vl); + ConnectionEvent(event, std::move(vl)); } diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index 604d2e3ed1..1cea8e0211 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -93,9 +93,9 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status if ( mount_reply_status ) { - val_list* vl = event_common_vl(c, rpc_status, mount_status, - start_time, last_time, reply_len); - analyzer->ConnectionEvent(mount_reply_status, vl); + auto vl = event_common_vl(c, rpc_status, mount_status, + start_time, last_time, reply_len, 0); + analyzer->ConnectionEvent(mount_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -162,34 +162,34 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status // optional and all are set to 0 ... if ( event ) { - val_list* vl = event_common_vl(c, rpc_status, mount_status, - start_time, last_time, reply_len); - Val *request = c->TakeRequestVal(); + auto vl = event_common_vl(c, rpc_status, mount_status, + start_time, last_time, reply_len, (bool)request + (bool)reply); + if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, std::move(vl)); } else Unref(reply); return 1; } -val_list* MOUNT_Interp::event_common_vl(RPC_CallInfo *c, +val_list MOUNT_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::MOUNT3::status_t mount_status, double rep_start_time, - double rep_last_time, int reply_len) + double rep_last_time, int reply_len, int extra_elements) { // Returns a new val_list that already has a conn_val, and mount3_info. // These are the first parameters for each mount_* event ... - val_list *vl = new val_list; - vl->append(analyzer->BuildConnVal()); + val_list vl(2 + extra_elements); + vl.append(analyzer->BuildConnVal()); VectorVal* auxgids = new VectorVal(internal_type("index_vec")->AsVectorType()); for (size_t i = 0; i < c->AuxGIDs().size(); ++i) @@ -212,7 +212,7 @@ val_list* MOUNT_Interp::event_common_vl(RPC_CallInfo *c, info->Assign(11, new StringVal(c->MachineName())); info->Assign(12, auxgids); - vl->append(info); + vl.append(info); return vl; } diff --git a/src/analyzer/protocol/rpc/MOUNT.h b/src/analyzer/protocol/rpc/MOUNT.h index 42da4f61ed..7c243f96a0 100644 --- a/src/analyzer/protocol/rpc/MOUNT.h +++ b/src/analyzer/protocol/rpc/MOUNT.h @@ -22,10 +22,10 @@ protected: // Returns a new val_list that already has a conn_val, rpc_status and // mount_status. These are the first parameters for each mount_* event // ... - val_list* event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, + val_list event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::MOUNT3::status_t mount_status, double rep_start_time, double rep_last_time, - int reply_len); + int reply_len, int extra_elements); // These methods parse the appropriate MOUNTv3 "type" out of buf. If // there are any errors (i.e., buffer to short, etc), buf will be set diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index ff16812d65..3453263dd0 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -147,9 +147,9 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, if ( nfs_reply_status ) { - val_list* vl = event_common_vl(c, rpc_status, nfs_status, - start_time, last_time, reply_len); - analyzer->ConnectionEvent(nfs_reply_status, vl); + auto vl = event_common_vl(c, rpc_status, nfs_status, + start_time, last_time, reply_len, 0); + analyzer->ConnectionEvent(nfs_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -274,18 +274,18 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, // optional and all are set to 0 ... if ( event ) { - val_list* vl = event_common_vl(c, rpc_status, nfs_status, - start_time, last_time, reply_len); - Val *request = c->TakeRequestVal(); + auto vl = event_common_vl(c, rpc_status, nfs_status, + start_time, last_time, reply_len, (bool)request + (bool)reply); + if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, std::move(vl)); } else Unref(reply); @@ -317,15 +317,15 @@ StringVal* NFS_Interp::nfs3_file_data(const u_char*& buf, int& n, uint64_t offse return 0; } -val_list* NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, +val_list NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::NFS3::status_t nfs_status, double rep_start_time, - double rep_last_time, int reply_len) + double rep_last_time, int reply_len, int extra_elements) { // Returns a new val_list that already has a conn_val, and nfs3_info. // These are the first parameters for each nfs_* event ... - val_list *vl = new val_list; - vl->append(analyzer->BuildConnVal()); + val_list vl(2 + extra_elements); + vl.append(analyzer->BuildConnVal()); VectorVal* auxgids = new VectorVal(internal_type("index_vec")->AsVectorType()); for ( size_t i = 0; i < c->AuxGIDs().size(); ++i ) @@ -346,7 +346,7 @@ val_list* NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_s info->Assign(11, new StringVal(c->MachineName())); info->Assign(12, auxgids); - vl->append(info); + vl.append(info); return vl; } diff --git a/src/analyzer/protocol/rpc/NFS.h b/src/analyzer/protocol/rpc/NFS.h index 2ec4047946..56a368bfdc 100644 --- a/src/analyzer/protocol/rpc/NFS.h +++ b/src/analyzer/protocol/rpc/NFS.h @@ -22,10 +22,10 @@ protected: // Returns a new val_list that already has a conn_val, rpc_status and // nfs_status. These are the first parameters for each nfs_* event // ... - val_list* event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, + val_list event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::NFS3::status_t nfs_status, double rep_start_time, double rep_last_time, - int reply_len); + int reply_len, int extra_elements); // These methods parse the appropriate NFSv3 "type" out of buf. If // there are any errors (i.e., buffer to short, etc), buf will be set diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 95beab6b62..8333f615fa 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -261,10 +261,10 @@ uint32 PortmapperInterp::CheckPort(uint32 port) { if ( pm_bad_port ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(port)); - analyzer->ConnectionEvent(pm_bad_port, vl); + analyzer->ConnectionEvent(pm_bad_port, { + analyzer->BuildConnVal(), + val_mgr->GetCount(port), + }); } port = 0; @@ -282,25 +282,25 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu return; } - val_list* vl = new val_list; + val_list vl; - vl->append(analyzer->BuildConnVal()); + vl.append(analyzer->BuildConnVal()); if ( status == BifEnum::RPC_SUCCESS ) { if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); } else { - vl->append(BifType::Enum::rpc_status->GetVal(status)); + vl.append(BifType::Enum::rpc_status->GetVal(status)); if ( request ) - vl->append(request); + vl.append(request); } - analyzer->ConnectionEvent(f, vl); + analyzer->ConnectionEvent(f, std::move(vl)); } Portmapper_Analyzer::Portmapper_Analyzer(Connection* conn) diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 5bd748d1ea..781ba20681 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -330,16 +330,16 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st { if ( rpc_dialogue ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(c->Program())); - vl->append(val_mgr->GetCount(c->Version())); - vl->append(val_mgr->GetCount(c->Proc())); - vl->append(BifType::Enum::rpc_status->GetVal(status)); - vl->append(new Val(c->StartTime(), TYPE_TIME)); - vl->append(val_mgr->GetCount(c->CallLen())); - vl->append(val_mgr->GetCount(reply_len)); - analyzer->ConnectionEvent(rpc_dialogue, vl); + analyzer->ConnectionEvent(rpc_dialogue, { + analyzer->BuildConnVal(), + val_mgr->GetCount(c->Program()), + val_mgr->GetCount(c->Version()), + val_mgr->GetCount(c->Proc()), + BifType::Enum::rpc_status->GetVal(status), + new Val(c->StartTime(), TYPE_TIME), + val_mgr->GetCount(c->CallLen()), + val_mgr->GetCount(reply_len), + }); } } @@ -347,14 +347,14 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c) { if ( rpc_call ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(c->XID())); - vl->append(val_mgr->GetCount(c->Program())); - vl->append(val_mgr->GetCount(c->Version())); - vl->append(val_mgr->GetCount(c->Proc())); - vl->append(val_mgr->GetCount(c->CallLen())); - analyzer->ConnectionEvent(rpc_call, vl); + analyzer->ConnectionEvent(rpc_call, { + analyzer->BuildConnVal(), + val_mgr->GetCount(c->XID()), + val_mgr->GetCount(c->Program()), + val_mgr->GetCount(c->Version()), + val_mgr->GetCount(c->Proc()), + val_mgr->GetCount(c->CallLen()), + }); } } @@ -362,12 +362,12 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status, { if ( rpc_reply ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(xid)); - vl->append(BifType::Enum::rpc_status->GetVal(status)); - vl->append(val_mgr->GetCount(reply_len)); - analyzer->ConnectionEvent(rpc_reply, vl); + analyzer->ConnectionEvent(rpc_reply, { + analyzer->BuildConnVal(), + val_mgr->GetCount(xid), + BifType::Enum::rpc_status->GetVal(status), + val_mgr->GetCount(reply_len), + }); } } diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index 6b92484431..dff1677fc3 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -220,11 +220,11 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) if ( smtp_data && ! skip_data ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(data_len, line)); - ConnectionEvent(smtp_data, vl); + ConnectionEvent(smtp_data, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(data_len, line), + }); } } @@ -350,15 +350,14 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) break; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetCount(reply_code)); - vl->append(new StringVal(cmd)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(val_mgr->GetBool((pending_reply > 0))); - - ConnectionEvent(smtp_reply, vl); + ConnectionEvent(smtp_reply, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetCount(reply_code), + new StringVal(cmd), + new StringVal(end_of_line - line, line), + val_mgr->GetBool((pending_reply > 0)), + }); } } @@ -411,10 +410,7 @@ void SMTP_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(smtp_starttls, vl); + ConnectionEvent(smtp_starttls, {BuildConnVal()}); } @@ -856,14 +852,12 @@ void SMTP_Analyzer::RequestEvent(int cmd_len, const char* cmd, int arg_len, const char* arg) { ProtocolConfirmation(); - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig_is_sender)); - vl->append((new StringVal(cmd_len, cmd))->ToUpper()); - vl->append(new StringVal(arg_len, arg)); - - ConnectionEvent(smtp_request, vl); + ConnectionEvent(smtp_request, { + BuildConnVal(), + val_mgr->GetBool(orig_is_sender), + (new StringVal(cmd_len, cmd))->ToUpper(), + new StringVal(arg_len, arg), + }); } void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, @@ -874,17 +868,16 @@ void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, if ( smtp_unexpected ) { - val_list* vl = new val_list; int is_orig = is_sender; if ( ! orig_is_sender ) is_orig = ! is_orig; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(msg)); - vl->append(new StringVal(detail_len, detail)); - - ConnectionEvent(smtp_unexpected, vl); + ConnectionEvent(smtp_unexpected, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(msg), + new StringVal(detail_len, detail), + }); } } diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index 3035a0b1a5..f4b4f78c89 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -139,25 +139,20 @@ void SteppingStoneEndpoint::Event(EventHandlerPtr f, int id1, int id2) if ( ! f ) return; - val_list* vl = new val_list; - - vl->append(val_mgr->GetInt(id1)); - if ( id2 >= 0 ) - vl->append(val_mgr->GetInt(id2)); + endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1), val_mgr->GetInt(id2)}); + else + endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1)}); - endp->TCP()->ConnectionEvent(f, vl); } void SteppingStoneEndpoint::CreateEndpEvent(int is_orig) { - val_list* vl = new val_list; - - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetInt(stp_id)); - vl->append(val_mgr->GetBool(is_orig)); - - endp->TCP()->ConnectionEvent(stp_create_endp, vl); + endp->TCP()->ConnectionEvent(stp_create_endp, { + endp->TCP()->BuildConnVal(), + val_mgr->GetInt(stp_id), + val_mgr->GetBool(is_orig), + }); } SteppingStone_Analyzer::SteppingStone_Analyzer(Connection* c) diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 9329b103ed..a90e0f32c4 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -299,11 +299,11 @@ static void passive_fingerprint(TCP_Analyzer* tcp, bool is_orig, if ( OS_val ) { // found new OS version - val_list* vl = new val_list; - vl->append(tcp->BuildConnVal()); - vl->append(src_addr_val->Ref()); - vl->append(OS_val); - tcp->ConnectionEvent(OS_version_found, vl); + tcp->ConnectionEvent(OS_version_found, { + tcp->BuildConnVal(), + src_addr_val->Ref(), + OS_val, + }); } } @@ -965,20 +965,17 @@ void TCP_Analyzer::GeneratePacketEvent( const u_char* data, int len, int caplen, int is_orig, TCP_Flags flags) { - val_list* vl = new val_list(); - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(flags.AsString())); - vl->append(val_mgr->GetCount(rel_seq)); - vl->append(val_mgr->GetCount(flags.ACK() ? rel_ack : 0)); - vl->append(val_mgr->GetCount(len)); - - // We need the min() here because Ethernet padding can lead to - // caplen > len. - vl->append(new StringVal(min(caplen, len), (const char*) data)); - - ConnectionEvent(tcp_packet, vl); + ConnectionEvent(tcp_packet, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(flags.AsString()), + val_mgr->GetCount(rel_seq), + val_mgr->GetCount(flags.ACK() ? rel_ack : 0), + val_mgr->GetCount(len), + // We need the min() here because Ethernet padding can lead to + // caplen > len. + new StringVal(min(caplen, len), (const char*) data), + }); } int TCP_Analyzer::DeliverData(double t, const u_char* data, int len, int caplen, @@ -1283,10 +1280,10 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( connection_SYN_packet ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(SYN_vals->Ref()); - ConnectionEvent(connection_SYN_packet, vl); + ConnectionEvent(connection_SYN_packet, { + BuildConnVal(), + SYN_vals->Ref(), + }); } passive_fingerprint(this, is_orig, ip, tp, tcp_hdr_len); @@ -1503,14 +1500,12 @@ int TCP_Analyzer::TCPOptionEvent(unsigned int opt, { if ( tcp_option ) { - val_list* vl = new val_list(); - - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(opt)); - vl->append(val_mgr->GetCount(optlen)); - - analyzer->ConnectionEvent(tcp_option, vl); + analyzer->ConnectionEvent(tcp_option, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(opt), + val_mgr->GetCount(optlen), + }); } return 0; @@ -1826,10 +1821,10 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp) { if ( connection_EOF ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - ConnectionEvent(connection_EOF, vl); + ConnectionEvent(connection_EOF, { + BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + }); } const analyzer_list& children(GetChildren()); @@ -2108,15 +2103,14 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen, if ( tcp_rexmit ) { - val_list* vl = new val_list(); - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(val_mgr->GetCount(len)); - vl->append(val_mgr->GetCount(data_in_flight)); - vl->append(val_mgr->GetCount(endp->peer->window)); - - endp->TCP()->ConnectionEvent(tcp_rexmit, vl); + endp->TCP()->ConnectionEvent(tcp_rexmit, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(seq), + val_mgr->GetCount(len), + val_mgr->GetCount(data_in_flight), + val_mgr->GetCount(endp->peer->window), + }); } } else @@ -2164,11 +2158,11 @@ void TCPStats_Analyzer::Done() { TCP_ApplicationAnalyzer::Done(); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(orig_stats->BuildStats()); - vl->append(resp_stats->BuildStats()); - ConnectionEvent(conn_stats, vl); + ConnectionEvent(conn_stats, { + BuildConnVal(), + orig_stats->BuildStats(), + resp_stats->BuildStats(), + }); } void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64 seq, const IP_Hdr* ip, int caplen) diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index 7e7b316e10..ce58398f2d 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -237,11 +237,11 @@ int TCP_Endpoint::DataSent(double t, uint64 seq, int len, int caplen, if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal(buf)); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal(buf), + }); } } } diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index ef68f621b5..5ad6d2e460 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -136,12 +136,12 @@ void TCP_Reassembler::Gap(uint64 seq, uint64 len) if ( report_gap(endp, endp->peer) ) { - val_list* vl = new val_list; - vl->append(dst_analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(val_mgr->GetCount(len)); - dst_analyzer->ConnectionEvent(content_gap, vl); + dst_analyzer->ConnectionEvent(content_gap, { + dst_analyzer->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + val_mgr->GetCount(seq), + val_mgr->GetCount(len), + }); } if ( type == Direct ) @@ -335,11 +335,11 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f) if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Endpoint()->Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal("TCP reassembler content write failure")); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + Endpoint()->Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal("TCP reassembler content write failure"), + }); } } @@ -352,11 +352,11 @@ void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f) if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Endpoint()->Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal("TCP reassembler gap write failure")); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + Endpoint()->Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal("TCP reassembler gap write failure"), + }); } } @@ -425,12 +425,12 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n) BroString* b1_s = new BroString((const u_char*) b1, n, 0); BroString* b2_s = new BroString((const u_char*) b2, n, 0); - val_list* vl = new val_list(3); - vl->append(tcp_analyzer->BuildConnVal()); - vl->append(new StringVal(b1_s)); - vl->append(new StringVal(b2_s)); - vl->append(new StringVal(flags.AsString())); - tcp_analyzer->ConnectionEvent(rexmit_inconsistency, vl); + tcp_analyzer->ConnectionEvent(rexmit_inconsistency, { + tcp_analyzer->BuildConnVal(), + new StringVal(b1_s), + new StringVal(b2_s), + new StringVal(flags.AsString()), + }); } } @@ -596,13 +596,12 @@ void TCP_Reassembler::DeliverBlock(uint64 seq, int len, const u_char* data) if ( deliver_tcp_contents ) { - val_list* vl = new val_list(); - vl->append(tcp_analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(new StringVal(len, (const char*) data)); - - tcp_analyzer->ConnectionEvent(tcp_contents, vl); + tcp_analyzer->ConnectionEvent(tcp_contents, { + tcp_analyzer->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + val_mgr->GetCount(seq), + new StringVal(len, (const char*) data), + }); } // Q. Can we say this because it is already checked in DataSent()? diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index ca144941b6..6123c42e91 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -157,11 +157,11 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( do_udp_contents ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(len, (const char*) data)); - ConnectionEvent(udp_contents, vl); + ConnectionEvent(udp_contents, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(len, (const char*) data), + }); } Unref(port_val); diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index d31198ced7..c9d1d7a1e3 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -540,9 +540,11 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int std::string serial_data(data, len); free(data); - val_list vl(2); - vl.append(stream->Ref()); - vl.append(new StringVal(path)); + val_list vl{ + stream->Ref(), + new StringVal(path), + }; + Val* v = log_topic_func->Call(&vl); if ( ! v ) @@ -993,7 +995,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) return; } - auto vl = new val_list; + val_list vl(args.size()); for ( auto i = 0u; i < args.size(); ++i ) { @@ -1002,7 +1004,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) auto val = data_to_val(std::move(args[i]), expected_type); if ( val ) - vl->append(val); + vl.append(val); else { reporter->Warning("failed to convert remote event '%s' arg #%d," @@ -1013,10 +1015,13 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) } } - if ( static_cast(vl->length()) == args.size() ) - mgr.QueueEvent(handler, vl, SOURCE_BROKER); + if ( static_cast(vl.length()) == args.size() ) + mgr.QueueEvent(handler, std::move(vl), SOURCE_BROKER); else - delete_vals(vl); + { + loop_over_list(vl, i) + Unref(vl[i]); + } } bool bro_broker::Manager::ProcessLogCreate(broker::bro::LogCreate lc) @@ -1270,11 +1275,7 @@ void Manager::ProcessStatus(broker::status stat) auto str = stat.message(); auto msg = new StringVal(str ? *str : ""); - auto vl = new val_list; - vl->append(endpoint_info); - vl->append(msg); - - mgr.QueueEvent(event, vl); + mgr.QueueEvent(event, {endpoint_info, msg}); } void Manager::ProcessError(broker::error err) @@ -1351,10 +1352,10 @@ void Manager::ProcessError(broker::error err) msg = fmt("[%s] %s", caf::to_string(err.category()).c_str(), caf::to_string(err.context()).c_str()); } - auto vl = new val_list; - vl->append(BifType::Enum::Broker::ErrorCode->GetVal(ec)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(Broker::error, vl); + mgr.QueueEvent(Broker::error, { + BifType::Enum::Broker::ErrorCode->GetVal(ec), + new StringVal(msg), + }); } void Manager::ProcessStoreResponse(StoreHandleVal* s, broker::store::response response) diff --git a/src/broker/messaging.bif b/src/broker/messaging.bif index ec7696c752..d80f3742b6 100644 --- a/src/broker/messaging.bif +++ b/src/broker/messaging.bif @@ -183,9 +183,7 @@ function Cluster::publish_rr%(pool: Pool, key: string, ...%): bool if ( ! topic_func ) topic_func = global_scope()->Lookup("Cluster::rr_topic")->ID_Val()->AsFunc(); - val_list vl(2); - vl.append(pool->Ref()); - vl.append(key->Ref()); + val_list vl{pool->Ref(), key->Ref()}; auto topic = topic_func->Call(&vl); if ( ! topic->AsString()->Len() ) @@ -226,9 +224,7 @@ function Cluster::publish_hrw%(pool: Pool, key: any, ...%): bool if ( ! topic_func ) topic_func = global_scope()->Lookup("Cluster::hrw_topic")->ID_Val()->AsFunc(); - val_list vl(2); - vl.append(pool->Ref()); - vl.append(key->Ref()); + val_list vl{pool->Ref(), key->Ref()}; auto topic = topic_func->Call(&vl); if ( ! topic->AsString()->Len() ) diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 641943909e..faa6b280b0 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -154,11 +154,11 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig) { if ( conn && FileEventAvailable(file_over_new_connection) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(conn->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - FileEvent(file_over_new_connection, vl); + FileEvent(file_over_new_connection, { + val->Ref(), + conn->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } } @@ -303,13 +303,11 @@ bool File::SetMime(const string& mime_type) if ( ! FileEventAvailable(file_sniff) ) return false; - val_list* vl = new val_list(); - vl->append(val->Ref()); RecordVal* meta = new RecordVal(fa_metadata_type); - vl->append(meta); meta->Assign(meta_mime_type_idx, new StringVal(mime_type)); meta->Assign(meta_inferred_idx, val_mgr->GetBool(0)); - FileEvent(file_sniff, vl); + + FileEvent(file_sniff, {val->Ref(), meta}); return true; } @@ -338,10 +336,7 @@ void File::InferMetadata() len = min(len, LookupFieldDefaultCount(bof_buffer_size_idx)); file_mgr->DetectMIME(data, len, &matches); - val_list* vl = new val_list(); - vl->append(val->Ref()); RecordVal* meta = new RecordVal(fa_metadata_type); - vl->append(meta); if ( ! matches.empty() ) { @@ -351,7 +346,7 @@ void File::InferMetadata() file_analysis::GenMIMEMatchesVal(matches)); } - FileEvent(file_sniff, vl); + FileEvent(file_sniff, {val->Ref(), meta}); return; } @@ -463,11 +458,11 @@ void File::DeliverChunk(const u_char* data, uint64 len, uint64 offset) if ( FileEventAvailable(file_reassembly_overflow) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(val_mgr->GetCount(current_offset)); - vl->append(val_mgr->GetCount(gap_bytes)); - FileEvent(file_reassembly_overflow, vl); + FileEvent(file_reassembly_overflow, { + val->Ref(), + val_mgr->GetCount(current_offset), + val_mgr->GetCount(gap_bytes), + }); } } @@ -608,11 +603,11 @@ void File::Gap(uint64 offset, uint64 len) if ( FileEventAvailable(file_gap) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(val_mgr->GetCount(offset)); - vl->append(val_mgr->GetCount(len)); - FileEvent(file_gap, vl); + FileEvent(file_gap, { + val->Ref(), + val_mgr->GetCount(offset), + val_mgr->GetCount(len), + }); } analyzers.DrainModifications(); @@ -631,14 +626,18 @@ void File::FileEvent(EventHandlerPtr h) if ( ! FileEventAvailable(h) ) return; - val_list* vl = new val_list(); - vl->append(val->Ref()); - FileEvent(h, vl); + FileEvent(h, {val->Ref()}); } void File::FileEvent(EventHandlerPtr h, val_list* vl) { - mgr.QueueEvent(h, vl); + FileEvent(h, std::move(*vl)); + delete vl; + } + +void File::FileEvent(EventHandlerPtr h, val_list vl) + { + mgr.QueueEvent(h, std::move(vl)); if ( h == file_new || h == file_over_new_connection || h == file_sniff || diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h index 0c4c313f06..54517b53ba 100644 --- a/src/file_analysis/File.h +++ b/src/file_analysis/File.h @@ -172,6 +172,12 @@ public: */ void FileEvent(EventHandlerPtr h, val_list* vl); + /** + * Raises an event related to the file's life-cycle. + * @param h pointer to an event handler. + * @param vl list of argument values to pass to event call. + */ + void FileEvent(EventHandlerPtr h, val_list vl); /** * Sets the MIME type for a file to a specific value. diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index ab4b1ed261..134418a476 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -443,12 +443,11 @@ string Manager::GetFileID(analyzer::Tag tag, Connection* c, bool is_orig) EnumVal* tagval = tag.AsEnumVal(); Ref(tagval); - val_list* vl = new val_list(); - vl->append(tagval); - vl->append(c->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - - mgr.QueueEvent(get_file_handle, vl); + mgr.QueueEvent(get_file_handle, { + tagval, + c->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); mgr.Drain(); // need file handle immediately so we don't have to buffer data return current_file_id; } diff --git a/src/file_analysis/analyzer/data_event/DataEvent.cc b/src/file_analysis/analyzer/data_event/DataEvent.cc index 15462e8e92..8aa688b879 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.cc +++ b/src/file_analysis/analyzer/data_event/DataEvent.cc @@ -41,12 +41,11 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset) { if ( ! chunk_event ) return true; - val_list* args = new val_list; - args->append(GetFile()->GetVal()->Ref()); - args->append(new StringVal(new BroString(data, len, 0))); - args->append(val_mgr->GetCount(offset)); - - mgr.QueueEvent(chunk_event, args); + mgr.QueueEvent(chunk_event, { + GetFile()->GetVal()->Ref(), + new StringVal(new BroString(data, len, 0)), + val_mgr->GetCount(offset), + }); return true; } @@ -55,11 +54,10 @@ bool DataEvent::DeliverStream(const u_char* data, uint64 len) { if ( ! stream_event ) return true; - val_list* args = new val_list; - args->append(GetFile()->GetVal()->Ref()); - args->append(new StringVal(new BroString(data, len, 0))); - - mgr.QueueEvent(stream_event, args); + mgr.QueueEvent(stream_event, { + GetFile()->GetVal()->Ref(), + new StringVal(new BroString(data, len, 0)), + }); return true; } diff --git a/src/file_analysis/analyzer/entropy/Entropy.cc b/src/file_analysis/analyzer/entropy/Entropy.cc index 4802224950..873b8e2fcf 100644 --- a/src/file_analysis/analyzer/entropy/Entropy.cc +++ b/src/file_analysis/analyzer/entropy/Entropy.cc @@ -53,9 +53,6 @@ void Entropy::Finalize() if ( ! fed ) return; - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - double montepi, scc, ent, mean, chisq; montepi = scc = ent = mean = chisq = 0.0; entropy->Get(&ent, &chisq, &mean, &montepi, &scc); @@ -67,6 +64,8 @@ void Entropy::Finalize() ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE)); ent_result->Assign(4, new Val(scc, TYPE_DOUBLE)); - vl->append(ent_result); - mgr.QueueEvent(file_entropy, vl); + mgr.QueueEvent(file_entropy, { + GetFile()->GetVal()->Ref(), + ent_result, + }); } diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index dc05fba367..e7aca5bcf3 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -90,12 +90,12 @@ bool Extract::DeliverStream(const u_char* data, uint64 len) if ( limit_exceeded && file_extraction_limit ) { File* f = GetFile(); - val_list* vl = new val_list(); - vl->append(f->GetVal()->Ref()); - vl->append(Args()->Ref()); - vl->append(val_mgr->GetCount(limit)); - vl->append(val_mgr->GetCount(len)); - f->FileEvent(file_extraction_limit, vl); + f->FileEvent(file_extraction_limit, { + f->GetVal()->Ref(), + Args()->Ref(), + val_mgr->GetCount(limit), + val_mgr->GetCount(len), + }); // Limit may have been modified by a BIF, re-check it. limit_exceeded = check_limit_exceeded(limit, depth, len, &towrite); diff --git a/src/file_analysis/analyzer/hash/Hash.cc b/src/file_analysis/analyzer/hash/Hash.cc index 9829934301..07bcb0babd 100644 --- a/src/file_analysis/analyzer/hash/Hash.cc +++ b/src/file_analysis/analyzer/hash/Hash.cc @@ -48,10 +48,9 @@ void Hash::Finalize() if ( ! hash->IsValid() || ! fed ) return; - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(new StringVal(kind)); - vl->append(hash->Get()); - - mgr.QueueEvent(file_hash, vl); + mgr.QueueEvent(file_hash, { + GetFile()->GetVal()->Ref(), + new StringVal(kind), + hash->Get(), + }); } diff --git a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac index 00229184a2..ee874c4d37 100644 --- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac +++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac @@ -81,10 +81,11 @@ refine flow Flow += { ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol})); ids_event->Assign(17, val_mgr->GetCount(${ev.packet_action})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(ids_event); - mgr.QueueEvent(::unified2_event, vl, SOURCE_LOCAL); + mgr.QueueEvent(::unified2_event, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + ids_event, + }, + SOURCE_LOCAL); } return true; %} @@ -112,10 +113,11 @@ refine flow Flow += { ids_event->Assign(15, val_mgr->GetCount(${ev.mpls_label})); ids_event->Assign(16, val_mgr->GetCount(${ev.vlan_id})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(ids_event); - mgr.QueueEvent(::unified2_event, vl, SOURCE_LOCAL); + mgr.QueueEvent(::unified2_event, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + ids_event, + }, + SOURCE_LOCAL); } return true; @@ -133,10 +135,11 @@ refine flow Flow += { packet->Assign(4, val_mgr->GetCount(${pkt.link_type})); packet->Assign(5, bytestring_to_val(${pkt.packet_data})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(packet); - mgr.QueueEvent(::unified2_packet, vl, SOURCE_LOCAL); + mgr.QueueEvent(::unified2_packet, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + packet, + }, + SOURCE_LOCAL); } return true; diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index c49481c23a..3681c6fd44 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -417,10 +417,6 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) char buf[OCSP_STRING_BUF_SIZE]; // we need a buffer for some of the openssl functions memset(buf, 0, sizeof(buf)); - // build up our response as we go along... - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - uint64 version = 0; #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) @@ -431,23 +427,24 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) // TODO: try to parse out general name ? #endif - vl->append(val_mgr->GetCount(version)); + mgr.QueueEvent(ocsp_request, { + GetFile()->GetVal()->Ref(), + val_mgr->GetCount(version), + }); BIO *bio = BIO_new(BIO_s_mem()); - mgr.QueueEvent(ocsp_request, vl); - int req_count = OCSP_request_onereq_count(req); for ( int i=0; iappend(GetFile()->GetVal()->Ref()); + val_list rvl(5); + rvl.append(GetFile()->GetVal()->Ref()); OCSP_ONEREQ *one_req = OCSP_request_onereq_get0(req, i); OCSP_CERTID *cert_id = OCSP_onereq_get0_id(one_req); - ocsp_add_cert_id(cert_id, rvl, bio); - mgr.QueueEvent(ocsp_request_certificate, rvl); + ocsp_add_cert_id(cert_id, &rvl, bio); + mgr.QueueEvent(ocsp_request_certificate, std::move(rvl)); } BIO_free(bio); @@ -470,14 +467,13 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) char buf[OCSP_STRING_BUF_SIZE]; memset(buf, 0, sizeof(buf)); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - const char *status_str = OCSP_response_status_str(OCSP_response_status(resp)); StringVal* status_val = new StringVal(strlen(status_str), status_str); - vl->append(status_val->Ref()); - mgr.QueueEvent(ocsp_response_status, vl); - vl = nullptr; + + mgr.QueueEvent(ocsp_response_status, { + GetFile()->GetVal()->Ref(), + status_val->Ref(), + }); //if (!resp_bytes) // { @@ -490,6 +486,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) //int len = BIO_read(bio, buf, sizeof(buf)); //BIO_reset(bio); + val_list vl(8); + // get the basic response basic_resp = OCSP_response_get1_basic(resp); if ( !basic_resp ) @@ -501,28 +499,27 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) goto clean_up; #endif - vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(resp_val->Ref()); - vl->append(status_val); + vl.append(GetFile()->GetVal()->Ref()); + vl.append(resp_val->Ref()); + vl.append(status_val); #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - vl->append(val_mgr->GetCount((uint64)ASN1_INTEGER_get(resp_data->version))); + vl.append(val_mgr->GetCount((uint64)ASN1_INTEGER_get(resp_data->version))); #else - vl->append(parse_basic_resp_data_version(basic_resp)); + vl.append(parse_basic_resp_data_version(basic_resp)); #endif // responderID if ( OCSP_RESPID_bio(basic_resp, bio) ) { len = BIO_read(bio, buf, sizeof(buf)); - vl->append(new StringVal(len, buf)); + vl.append(new StringVal(len, buf)); BIO_reset(bio); } else { reporter->Weird("OpenSSL failed to get OCSP responder id"); - vl->append(val_mgr->GetEmptyString()); + vl.append(val_mgr->GetEmptyString()); } // producedAt @@ -532,7 +529,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) produced_at = OCSP_resp_get0_produced_at(basic_resp); #endif - vl->append(new Val(GetTimeFromAsn1(produced_at, GetFile(), reporter), TYPE_TIME)); + vl.append(new Val(GetTimeFromAsn1(produced_at, GetFile(), reporter), TYPE_TIME)); // responses @@ -545,8 +542,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) if ( !single_resp ) continue; - val_list* rvl = new val_list(); - rvl->append(GetFile()->GetVal()->Ref()); + val_list rvl(10); + rvl.append(GetFile()->GetVal()->Ref()); // cert id const OCSP_CERTID* cert_id = nullptr; @@ -557,7 +554,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) cert_id = OCSP_SINGLERESP_get0_id(single_resp); #endif - ocsp_add_cert_id(cert_id, rvl, bio); + ocsp_add_cert_id(cert_id, &rvl, bio); BIO_reset(bio); // certStatus @@ -574,38 +571,38 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) reporter->Weird("OpenSSL failed to find status of OCSP response"); const char* cert_status_str = OCSP_cert_status_str(status); - rvl->append(new StringVal(strlen(cert_status_str), cert_status_str)); + rvl.append(new StringVal(strlen(cert_status_str), cert_status_str)); // revocation time and reason if revoked if ( status == V_OCSP_CERTSTATUS_REVOKED ) { - rvl->append(new Val(GetTimeFromAsn1(revoke_time, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(revoke_time, GetFile(), reporter), TYPE_TIME)); if ( reason != OCSP_REVOKED_STATUS_NOSTATUS ) { const char* revoke_reason = OCSP_crl_reason_str(reason); - rvl->append(new StringVal(strlen(revoke_reason), revoke_reason)); + rvl.append(new StringVal(strlen(revoke_reason), revoke_reason)); } else - rvl->append(new StringVal(0, "")); + rvl.append(new StringVal(0, "")); } else { - rvl->append(new Val(0.0, TYPE_TIME)); - rvl->append(new StringVal(0, "")); + rvl.append(new Val(0.0, TYPE_TIME)); + rvl.append(new StringVal(0, "")); } if ( this_update ) - rvl->append(new Val(GetTimeFromAsn1(this_update, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(this_update, GetFile(), reporter), TYPE_TIME)); else - rvl->append(new Val(0.0, TYPE_TIME)); + rvl.append(new Val(0.0, TYPE_TIME)); if ( next_update ) - rvl->append(new Val(GetTimeFromAsn1(next_update, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(next_update, GetFile(), reporter), TYPE_TIME)); else - rvl->append(new Val(0.0, TYPE_TIME)); + rvl.append(new Val(0.0, TYPE_TIME)); - mgr.QueueEvent(ocsp_response_certificate, rvl); + mgr.QueueEvent(ocsp_response_certificate, std::move(rvl)); num_ext = OCSP_SINGLERESP_get_ext_count(single_resp); for ( int k = 0; k < num_ext; ++k ) @@ -621,10 +618,10 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) i2a_ASN1_OBJECT(bio, basic_resp->signatureAlgorithm->algorithm); len = BIO_read(bio, buf, sizeof(buf)); - vl->append(new StringVal(len, buf)); + vl.append(new StringVal(len, buf)); BIO_reset(bio); #else - vl->append(parse_basic_resp_sig_alg(basic_resp, bio, buf, sizeof(buf))); + vl.append(parse_basic_resp_sig_alg(basic_resp, bio, buf, sizeof(buf))); #endif //i2a_ASN1_OBJECT(bio, basic_resp->signature); @@ -633,7 +630,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) //BIO_reset(bio); certs_vector = new VectorVal(internal_type("x509_opaque_vector")->AsVectorType()); - vl->append(certs_vector); + vl.append(certs_vector); #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) certs = basic_resp->certs; @@ -654,7 +651,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) reporter->Weird("OpenSSL returned null certificate"); } } - mgr.QueueEvent(ocsp_response_bytes, vl); + + mgr.QueueEvent(ocsp_response_bytes, std::move(vl)); // ok, now that we are done with the actual certificate - let's parse extensions :) num_ext = OCSP_BASICRESP_get_ext_count(basic_resp); diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index 38422897db..c33f20a800 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -57,11 +57,11 @@ bool file_analysis::X509::EndOfFile() RecordVal* cert_record = ParseCertificate(cert_val, GetFile()); // and send the record on to scriptland - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(cert_val->Ref()); - vl->append(cert_record->Ref()); // we Ref it here, because we want to keep a copy around for now... - mgr.QueueEvent(x509_certificate, vl); + mgr.QueueEvent(x509_certificate, { + GetFile()->GetVal()->Ref(), + cert_val->Ref(), + cert_record->Ref(), // we Ref it here, because we want to keep a copy around for now... + }); // after parsing the certificate - parse the extensions... @@ -227,11 +227,10 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) if ( constr->pathlen ) pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen))); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(pBasicConstraint); - - mgr.QueueEvent(x509_ext_basic_constraints, vl); + mgr.QueueEvent(x509_ext_basic_constraints, { + GetFile()->GetVal()->Ref(), + pBasicConstraint, + }); BASIC_CONSTRAINTS_free(constr); } @@ -367,10 +366,10 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) sanExt->Assign(4, val_mgr->GetBool(otherfields)); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(sanExt); - mgr.QueueEvent(x509_ext_subject_alternative_name, vl); + mgr.QueueEvent(x509_ext_subject_alternative_name, { + GetFile()->GetVal()->Ref(), + sanExt, + }); GENERAL_NAMES_free(altname); } diff --git a/src/file_analysis/analyzer/x509/X509Common.cc b/src/file_analysis/analyzer/x509/X509Common.cc index b6c16fc1dc..7fb3100e97 100644 --- a/src/file_analysis/analyzer/x509/X509Common.cc +++ b/src/file_analysis/analyzer/x509/X509Common.cc @@ -277,13 +277,18 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, EventHandlerP // parsed. And if we have it, we send the specialized event on top of the // generic event that we just had. I know, that is... kind of not nice, // but I am not sure if there is a better way to do it... - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(pX509Ext); - if ( h == ocsp_extension ) - vl->append(val_mgr->GetBool(global ? 1 : 0)); - mgr.QueueEvent(h, vl); + if ( h == ocsp_extension ) + mgr.QueueEvent(h, { + GetFile()->GetVal()->Ref(), + pX509Ext, + val_mgr->GetBool(global ? 1 : 0), + }); + else + mgr.QueueEvent(h, { + GetFile()->GetVal()->Ref(), + pX509Ext, + }); // let individual analyzers parse more. ParseExtensionsSpecific(ex, global, ext_asn, oid); diff --git a/src/input/Manager.cc b/src/input/Manager.cc index aaf84a99b2..002e8cded9 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -1865,11 +1865,12 @@ bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int nu bool convert_error = false; - val_list* vl = new val_list; + val_list vl(num_vals); + for ( int j = 0; j < num_vals; j++) { Val* v = ValueToVal(i, vals[j], convert_error); - vl->append(v); + vl.append(v); if ( v && ! convert_error && ! same_type(type->FieldType(j), v->Type()) ) { convert_error = true; @@ -1881,18 +1882,20 @@ bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int nu if ( convert_error ) { - delete_vals(vl); + loop_over_list(vl, i) + Unref(vl[i]); + return false; } else - mgr.QueueEvent(handler, vl, SOURCE_LOCAL); + mgr.QueueEvent(handler, std::move(vl), SOURCE_LOCAL); return true; } void Manager::SendEvent(EventHandlerPtr ev, const int numvals, ...) const { - val_list* vl = new val_list; + val_list vl(numvals); #ifdef DEBUG DBG_LOG(DBG_INPUT, "SendEvent with %d vals", @@ -1902,16 +1905,16 @@ void Manager::SendEvent(EventHandlerPtr ev, const int numvals, ...) const va_list lP; va_start(lP, numvals); for ( int i = 0; i < numvals; i++ ) - vl->append( va_arg(lP, Val*) ); + vl.append( va_arg(lP, Val*) ); va_end(lP); - mgr.QueueEvent(ev, vl, SOURCE_LOCAL); + mgr.QueueEvent(ev, std::move(vl), SOURCE_LOCAL); } void Manager::SendEvent(EventHandlerPtr ev, list events) const { - val_list* vl = new val_list; + val_list vl(events.size()); #ifdef DEBUG DBG_LOG(DBG_INPUT, "SendEvent with %" PRIuPTR " vals (list)", @@ -1919,11 +1922,9 @@ void Manager::SendEvent(EventHandlerPtr ev, list events) const #endif for ( list::iterator i = events.begin(); i != events.end(); i++ ) - { - vl->append( *i ); - } + vl.append( *i ); - mgr.QueueEvent(ev, vl, SOURCE_LOCAL); + mgr.QueueEvent(ev, std::move(vl), SOURCE_LOCAL); } // Convert a bro list value to a bro record value. diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index f1b459811f..108869be9f 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -715,11 +715,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) // Raise the log event. if ( stream->event ) - { - val_list* vl = new val_list(1); - vl->append(columns->Ref()); - mgr.QueueEvent(stream->event, vl, SOURCE_LOCAL); - } + mgr.QueueEvent(stream->event, {columns->Ref()}, SOURCE_LOCAL); // Send to each of our filters. for ( list::iterator i = stream->filters.begin(); @@ -732,8 +728,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) { // See whether the predicates indicates that we want // to log this record. - val_list vl(1); - vl.append(columns->Ref()); + val_list vl{columns->Ref()}; int result = 1; @@ -750,17 +745,12 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) if ( filter->path_func ) { - val_list vl(3); - vl.append(id->Ref()); - Val* path_arg; if ( filter->path_val ) path_arg = filter->path_val->Ref(); else path_arg = val_mgr->GetEmptyString(); - vl.append(path_arg); - Val* rec_arg; BroType* rt = filter->path_func->FType()->Args()->FieldType("rec"); @@ -770,7 +760,11 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) // Can be TYPE_ANY here. rec_arg = columns->Ref(); - vl.append(rec_arg); + val_list vl{ + id->Ref(), + path_arg, + rec_arg, + }; Val* v = 0; @@ -1087,8 +1081,7 @@ threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, RecordVal* ext_rec = nullptr; if ( filter->num_ext_fields > 0 ) { - val_list vl(1); - vl.append(filter->path_val->Ref()); + val_list vl{filter->path_val->Ref()}; Val* res = filter->ext_func->Call(&vl); if ( res ) ext_rec = res->AsRecordVal(); @@ -1593,8 +1586,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con assert(func); // Call the postprocessor function. - val_list vl(1); - vl.append(info); + val_list vl{info}; int result = 0; diff --git a/src/main.cc b/src/main.cc index 1116b8c331..56300fc1a2 100644 --- a/src/main.cc +++ b/src/main.cc @@ -284,12 +284,11 @@ void done_with_network() if ( net_done ) { - val_list* args = new val_list; - args->append(new Val(timer_mgr->Time(), TYPE_TIME)); mgr.Drain(); - // Don't propagate this event to remote clients. - mgr.Dispatch(new Event(net_done, args), true); + mgr.Dispatch(new Event(net_done, + {new Val(timer_mgr->Time(), TYPE_TIME)}), + true); } // Save state before expiring the remaining events/timers. @@ -341,7 +340,7 @@ void terminate_bro() EventHandlerPtr bro_done = internal_handler("bro_done"); if ( bro_done ) - mgr.QueueEvent(bro_done, new val_list); + mgr.QueueEvent(bro_done, val_list{}); timer_mgr->Expire(); mgr.Drain(); @@ -1137,8 +1136,9 @@ int main(int argc, char** argv) net_update_time(current_time()); EventHandlerPtr bro_init = internal_handler("bro_init"); - if ( bro_init ) //### this should be a function - mgr.QueueEvent(bro_init, new val_list); + + if ( bro_init ) + mgr.QueueEvent(bro_init, val_list{}); EventRegistry::string_list* dead_handlers = event_registry->UnusedHandlers(); @@ -1190,10 +1190,10 @@ int main(int argc, char** argv) if ( i->skipped ) continue; - val_list* vl = new val_list; - vl->append(new StringVal(i->name.c_str())); - vl->append(val_mgr->GetCount(i->include_level)); - mgr.QueueEvent(bro_script_loaded, vl); + mgr.QueueEvent(bro_script_loaded, { + new StringVal(i->name.c_str()), + val_mgr->GetCount(i->include_level), + }); } reporter->ReportViaEvents(true); diff --git a/src/option.bif b/src/option.bif index 2156808763..04bc7f2b1b 100644 --- a/src/option.bif +++ b/src/option.bif @@ -15,10 +15,12 @@ static bool call_option_handlers_and_set_value(StringVal* name, ID* i, Val* val, { for ( auto handler_function : i->GetOptionHandlers() ) { - val_list vl(2); + bool add_loc = handler_function->FType()->AsFuncType()->ArgTypes()->Types()->length() == 3; + val_list vl(2 + add_loc); vl.append(name->Ref()); vl.append(val); - if ( handler_function->FType()->AsFuncType()->ArgTypes()->Types()->length() == 3 ) + + if ( add_loc ) vl.append(location->Ref()); val = handler_function->Call(&vl); // consumed by next call.