Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Cleanup/improve PList usage and Event API

Browse source 
Majority of PLists are now created as automatic/stack objects,
rather than on heap and initialized either with the known-capacity
reserved upfront or directly from an initializer_list (so there's no
wasted slack in the memory that gets allocated for lists containing
a fixed/known number of elements).

Added versions of the ConnectionEvent/QueueEvent methods that take
a val_list by value.

Added a move ctor/assign-operator to Plists to allow passing them
around without having to copy the underlying array of pointers.
This commit is contained in:
Jon Siwek 2019-04-11 19:02:13 -07:00
parent 78dcbcc71a
commit 8bc65f09ec
92 changed files with 1585 additions and 1679 deletions
Download patch file Download diff file Expand all files Collapse all files

57
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -136,12 +136,12 @@ void TCP_Reassembler::Gap(uint64 seq, uint64 len)
if ( report_gap(endp, endp->peer) )
{
val_list* vl = new val_list;
vl->append(dst_analyzer->BuildConnVal());
vl->append(val_mgr->GetBool(IsOrig()));
vl->append(val_mgr->GetCount(seq));
vl->append(val_mgr->GetCount(len));
dst_analyzer->ConnectionEvent(content_gap, vl);
dst_analyzer->ConnectionEvent(content_gap, {
dst_analyzer->BuildConnVal(),
val_mgr->GetBool(IsOrig()),
val_mgr->GetCount(seq),
val_mgr->GetCount(len),
});
}
if ( type == Direct )
@ -335,11 +335,11 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f)
if ( contents_file_write_failure )
{
val_list* vl = new val_list();
vl->append(Endpoint()->Conn()->BuildConnVal());
vl->append(val_mgr->GetBool(IsOrig()));
vl->append(new StringVal("TCP reassembler content write failure"));
tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl);
tcp_analyzer->ConnectionEvent(contents_file_write_failure, {
Endpoint()->Conn()->BuildConnVal(),
val_mgr->GetBool(IsOrig()),
new StringVal("TCP reassembler content write failure"),
});
}
}
@ -352,11 +352,11 @@ void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f)
if ( contents_file_write_failure )
{
val_list* vl = new val_list();
vl->append(Endpoint()->Conn()->BuildConnVal());
vl->append(val_mgr->GetBool(IsOrig()));
vl->append(new StringVal("TCP reassembler gap write failure"));
tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl);
tcp_analyzer->ConnectionEvent(contents_file_write_failure, {
Endpoint()->Conn()->BuildConnVal(),
val_mgr->GetBool(IsOrig()),
new StringVal("TCP reassembler gap write failure"),
});
}
}
@ -425,12 +425,12 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n)
BroString* b1_s = new BroString((const u_char*) b1, n, 0);
BroString* b2_s = new BroString((const u_char*) b2, n, 0);
val_list* vl = new val_list(3);
vl->append(tcp_analyzer->BuildConnVal());
vl->append(new StringVal(b1_s));
vl->append(new StringVal(b2_s));
vl->append(new StringVal(flags.AsString()));
tcp_analyzer->ConnectionEvent(rexmit_inconsistency, vl);
tcp_analyzer->ConnectionEvent(rexmit_inconsistency, {
tcp_analyzer->BuildConnVal(),
new StringVal(b1_s),
new StringVal(b2_s),
new StringVal(flags.AsString()),
});
}
}
@ -596,13 +596,12 @@ void TCP_Reassembler::DeliverBlock(uint64 seq, int len, const u_char* data)
if ( deliver_tcp_contents )
{
val_list* vl = new val_list();
vl->append(tcp_analyzer->BuildConnVal());
vl->append(val_mgr->GetBool(IsOrig()));
vl->append(val_mgr->GetCount(seq));
vl->append(new StringVal(len, (const char*) data));
tcp_analyzer->ConnectionEvent(tcp_contents, vl);
tcp_analyzer->ConnectionEvent(tcp_contents, {
tcp_analyzer->BuildConnVal(),
val_mgr->GetBool(IsOrig()),
val_mgr->GetCount(seq),
new StringVal(len, (const char*) data),
});
}
// Q. Can we say this because it is already checked in DataSent()?