Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Move IntrusivePtr and utility methods to the zeek namespace

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-06-24 16:40:00 -04:00
parent 4668378d91
commit 9364e6a5b7
255 changed files with 3761 additions and 3730 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/file_analysis/analyzer/unified2/Unified2.cc
View file

@ -5,7 +5,7 @@
using namespace file_analysis;
Unified2::Unified2(IntrusivePtr<RecordVal> args, File* file)
Unified2::Unified2(zeek::IntrusivePtr<RecordVal> args, File* file)
: file_analysis::Analyzer(file_mgr->GetComponentTag("UNIFIED2"), std::move(args), file)
{
interp = new binpac::Unified2::Unified2_Analyzer(this);
@ -16,7 +16,7 @@ Unified2::~Unified2()
delete interp;
}
file_analysis::Analyzer* Unified2::Instantiate(IntrusivePtr<RecordVal> args, File* file)
file_analysis::Analyzer* Unified2::Instantiate(zeek::IntrusivePtr<RecordVal> args, File* file)
{
return new Unified2(std::move(args), file);
}

4
src/file_analysis/analyzer/unified2/Unified2.h
View file

@ -20,11 +20,11 @@ public:
bool DeliverStream(const u_char* data, uint64_t len) override;
static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
static file_analysis::Analyzer* Instantiate(zeek::IntrusivePtr<RecordVal> args,
File* file);
protected:
Unified2(IntrusivePtr<RecordVal> args, File* file);
Unified2(zeek::IntrusivePtr<RecordVal> args, File* file);
private:
binpac::Unified2::Unified2_Analyzer* interp;

26
src/file_analysis/analyzer/unified2/unified2-analyzer.pac
View file

@ -8,25 +8,25 @@
%}
%code{
IntrusivePtr<AddrVal> binpac::Unified2::Flow::unified2_addr_to_bro_addr(std::vector<uint32_t>* a)
zeek::IntrusivePtr<AddrVal> binpac::Unified2::Flow::unified2_addr_to_bro_addr(std::vector<uint32_t>* a)
{
if ( a->size() == 1 )
{
return make_intrusive<AddrVal>(IPAddr(IPv4, &(a->at(0)), IPAddr::Host));
return zeek::make_intrusive<AddrVal>(IPAddr(IPv4, &(a->at(0)), IPAddr::Host));
}
else if ( a->size() == 4 )
{
uint32 tmp[4] = { a->at(0), a->at(1), a->at(2), a->at(3) };
return make_intrusive<AddrVal>(IPAddr(IPv6, tmp, IPAddr::Host));
return zeek::make_intrusive<AddrVal>(IPAddr(IPv6, tmp, IPAddr::Host));
}
else
{
// Should never reach here.
return make_intrusive<AddrVal>(1);
return zeek::make_intrusive<AddrVal>(1);
}
}
IntrusivePtr<Val> binpac::Unified2::Flow::to_port(uint16_t n, uint8_t p)
zeek::IntrusivePtr<Val> binpac::Unified2::Flow::to_port(uint16_t n, uint8_t p)
{
TransportProto proto = TRANSPORT_UNKNOWN;
switch ( p ) {
@ -42,8 +42,8 @@ IntrusivePtr<Val> binpac::Unified2::Flow::to_port(uint16_t n, uint8_t p)
refine flow Flow += {
%member{
IntrusivePtr<AddrVal> unified2_addr_to_bro_addr(std::vector<uint32_t>* a);
IntrusivePtr<Val> to_port(uint16_t n, uint8_t p);
zeek::IntrusivePtr<AddrVal> unified2_addr_to_bro_addr(std::vector<uint32_t>* a);
zeek::IntrusivePtr<Val> to_port(uint16_t n, uint8_t p);
%}
%init{
@ -71,10 +71,10 @@ refine flow Flow += {
%{
if ( ::unified2_event )
{
auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
auto ids_event = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
ids_event->Assign(2, make_intrusive<TimeVal>(ts_to_double(${ev.ts})));
ids_event->Assign(2, zeek::make_intrusive<TimeVal>(ts_to_double(${ev.ts})));
ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
@ -97,10 +97,10 @@ refine flow Flow += {
%{
if ( ::unified2_event )
{
auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
auto ids_event = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
ids_event->Assign(2, make_intrusive<TimeVal>(ts_to_double(${ev.ts})));
ids_event->Assign(2, zeek::make_intrusive<TimeVal>(ts_to_double(${ev.ts})));
ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
@ -128,11 +128,11 @@ refine flow Flow += {
%{
if ( ::unified2_packet )
{
auto packet = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::Packet);
auto packet = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::Packet);
packet->Assign(0, val_mgr->Count(${pkt.sensor_id}));
packet->Assign(1, val_mgr->Count(${pkt.event_id}));
packet->Assign(2, val_mgr->Count(${pkt.event_second}));
packet->Assign(3, make_intrusive<TimeVal>(ts_to_double(${pkt.packet_ts})));
packet->Assign(3, zeek::make_intrusive<TimeVal>(ts_to_double(${pkt.packet_ts})));
packet->Assign(4, val_mgr->Count(${pkt.link_type}));
packet->Assign(5, to_stringval(${pkt.packet_data}));