mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Update deprecated ValManager::GetCount usages
This commit is contained in:
Jon Siwek
parent
0ddac4abcf
commit
93f4c5871b
89 changed files with 830 additions and 844 deletions
|
|
@ -787,7 +787,7 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0,
|
|||
switch ( tag ) {
|
||||
case TYPE_COUNT:
|
||||
case TYPE_COUNTER:
|
||||
*pval = {AdoptRef{}, val_mgr->GetCount(*kp)};
|
||||
*pval = val_mgr->Count(*kp);
|
||||
break;
|
||||
|
||||
case TYPE_PORT:
|
||||
|
|
|
|||
20
src/Conn.cc
20
src/Conn.cc
|
|
@ -262,7 +262,7 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig,
|
|||
EnqueueEvent(e, nullptr,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
val_mgr->Bool(is_orig),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(threshold)}
|
||||
val_mgr->Count(threshold)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -344,9 +344,9 @@ RecordVal* Connection::BuildConnVal()
|
|||
id_val->Assign(3, val_mgr->GetPort(ntohs(resp_port), prot_type));
|
||||
|
||||
auto orig_endp = make_intrusive<RecordVal>(endpoint);
|
||||
orig_endp->Assign(0, val_mgr->GetCount(0));
|
||||
orig_endp->Assign(1, val_mgr->GetCount(0));
|
||||
orig_endp->Assign(4, val_mgr->GetCount(orig_flow_label));
|
||||
orig_endp->Assign(0, val_mgr->Count(0));
|
||||
orig_endp->Assign(1, val_mgr->Count(0));
|
||||
orig_endp->Assign(4, val_mgr->Count(orig_flow_label));
|
||||
|
||||
const int l2_len = sizeof(orig_l2_addr);
|
||||
char null[l2_len]{};
|
||||
|
|
@ -355,9 +355,9 @@ RecordVal* Connection::BuildConnVal()
|
|||
orig_endp->Assign(5, make_intrusive<StringVal>(fmt_mac(orig_l2_addr, l2_len)));
|
||||
|
||||
auto resp_endp = make_intrusive<RecordVal>(endpoint);
|
||||
resp_endp->Assign(0, val_mgr->GetCount(0));
|
||||
resp_endp->Assign(1, val_mgr->GetCount(0));
|
||||
resp_endp->Assign(4, val_mgr->GetCount(resp_flow_label));
|
||||
resp_endp->Assign(0, val_mgr->Count(0));
|
||||
resp_endp->Assign(1, val_mgr->Count(0));
|
||||
resp_endp->Assign(4, val_mgr->Count(resp_flow_label));
|
||||
|
||||
if ( memcmp(&resp_l2_addr, &null, l2_len) != 0 )
|
||||
resp_endp->Assign(5, make_intrusive<StringVal>(fmt_mac(resp_l2_addr, l2_len)));
|
||||
|
|
@ -690,7 +690,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label)
|
|||
if ( conn_val )
|
||||
{
|
||||
RecordVal *endp = conn_val->Lookup(is_orig ? 1 : 2)->AsRecordVal();
|
||||
endp->Assign(4, val_mgr->GetCount(flow_label));
|
||||
endp->Assign(4, val_mgr->Count(flow_label));
|
||||
}
|
||||
|
||||
if ( connection_flow_label_changed &&
|
||||
|
|
@ -699,8 +699,8 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label)
|
|||
EnqueueEvent(connection_flow_label_changed, nullptr,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
val_mgr->Bool(is_orig),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(my_flow_label)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(flow_label)}
|
||||
val_mgr->Count(my_flow_label),
|
||||
val_mgr->Count(flow_label)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -682,7 +682,7 @@ IntrusivePtr<Val> BinaryExpr::Fold(Val* v1, Val* v2) const
|
|||
else if ( ret_type->InternalType() == TYPE_INTERNAL_DOUBLE )
|
||||
return make_intrusive<Val>(d3, ret_type->Tag());
|
||||
else if ( ret_type->InternalType() == TYPE_INTERNAL_UNSIGNED )
|
||||
return {AdoptRef{}, val_mgr->GetCount(u3)};
|
||||
return val_mgr->Count(u3);
|
||||
else if ( ret_type->Tag() == TYPE_BOOL )
|
||||
return val_mgr->Bool(i3);
|
||||
else
|
||||
|
|
@ -960,7 +960,7 @@ IntrusivePtr<Val> IncrExpr::DoSingleEval(Frame* f, Val* v) const
|
|||
if ( ret_type->Tag() == TYPE_INT )
|
||||
return val_mgr->Int(k);
|
||||
else
|
||||
return {AdoptRef{}, val_mgr->GetCount(k)};
|
||||
return val_mgr->Count(k);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -1018,7 +1018,7 @@ ComplementExpr::ComplementExpr(IntrusivePtr<Expr> arg_op)
|
|||
|
||||
IntrusivePtr<Val> ComplementExpr::Fold(Val* v) const
|
||||
{
|
||||
return {AdoptRef{}, val_mgr->GetCount(~ v->InternalUnsigned())};
|
||||
return val_mgr->Count(~ v->InternalUnsigned());
|
||||
}
|
||||
|
||||
NotExpr::NotExpr(IntrusivePtr<Expr> arg_op)
|
||||
|
|
@ -3488,7 +3488,7 @@ IntrusivePtr<Val> ArithCoerceExpr::FoldSingleVal(Val* v, InternalTypeTag t) cons
|
|||
return val_mgr->Int(v->CoerceToInt());
|
||||
|
||||
case TYPE_INTERNAL_UNSIGNED:
|
||||
return {AdoptRef{}, val_mgr->GetCount(v->CoerceToUnsigned())};
|
||||
return val_mgr->Count(v->CoerceToUnsigned());
|
||||
|
||||
default:
|
||||
RuntimeErrorWithCallStack("bad type in CoerceExpr::Fold");
|
||||
|
|
|
|||
136
src/IP.cc
136
src/IP.cc
|
|
@ -50,12 +50,12 @@ static VectorVal* BuildOptionsVal(const u_char* data, int len)
|
|||
{
|
||||
const struct ip6_opt* opt = (const struct ip6_opt*) data;
|
||||
RecordVal* rv = new RecordVal(hdrType(ip6_option_type, "ip6_option"));
|
||||
rv->Assign(0, val_mgr->GetCount(opt->ip6o_type));
|
||||
rv->Assign(0, val_mgr->Count(opt->ip6o_type));
|
||||
|
||||
if ( opt->ip6o_type == 0 )
|
||||
{
|
||||
// Pad1 option
|
||||
rv->Assign(1, val_mgr->GetCount(0));
|
||||
rv->Assign(1, val_mgr->Count(0));
|
||||
rv->Assign(2, val_mgr->GetEmptyString());
|
||||
data += sizeof(uint8_t);
|
||||
len -= sizeof(uint8_t);
|
||||
|
|
@ -64,7 +64,7 @@ static VectorVal* BuildOptionsVal(const u_char* data, int len)
|
|||
{
|
||||
// PadN or other option
|
||||
uint16_t off = 2 * sizeof(uint8_t);
|
||||
rv->Assign(1, val_mgr->GetCount(opt->ip6o_len));
|
||||
rv->Assign(1, val_mgr->Count(opt->ip6o_len));
|
||||
rv->Assign(2, make_intrusive<StringVal>(
|
||||
new BroString(data + off, opt->ip6o_len, true)));
|
||||
data += opt->ip6o_len + off;
|
||||
|
|
@ -86,11 +86,11 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
{
|
||||
rv = new RecordVal(hdrType(ip6_hdr_type, "ip6_hdr"));
|
||||
const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data;
|
||||
rv->Assign(0, val_mgr->GetCount((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20));
|
||||
rv->Assign(1, val_mgr->GetCount(ntohl(ip6->ip6_flow) & 0x000fffff));
|
||||
rv->Assign(2, val_mgr->GetCount(ntohs(ip6->ip6_plen)));
|
||||
rv->Assign(3, val_mgr->GetCount(ip6->ip6_nxt));
|
||||
rv->Assign(4, val_mgr->GetCount(ip6->ip6_hlim));
|
||||
rv->Assign(0, val_mgr->Count((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20));
|
||||
rv->Assign(1, val_mgr->Count(ntohl(ip6->ip6_flow) & 0x000fffff));
|
||||
rv->Assign(2, val_mgr->Count(ntohs(ip6->ip6_plen)));
|
||||
rv->Assign(3, val_mgr->Count(ip6->ip6_nxt));
|
||||
rv->Assign(4, val_mgr->Count(ip6->ip6_hlim));
|
||||
rv->Assign(5, make_intrusive<AddrVal>(IPAddr(ip6->ip6_src)));
|
||||
rv->Assign(6, make_intrusive<AddrVal>(IPAddr(ip6->ip6_dst)));
|
||||
if ( ! chain )
|
||||
|
|
@ -104,8 +104,8 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
{
|
||||
rv = new RecordVal(hdrType(ip6_hopopts_type, "ip6_hopopts"));
|
||||
const struct ip6_hbh* hbh = (const struct ip6_hbh*)data;
|
||||
rv->Assign(0, val_mgr->GetCount(hbh->ip6h_nxt));
|
||||
rv->Assign(1, val_mgr->GetCount(hbh->ip6h_len));
|
||||
rv->Assign(0, val_mgr->Count(hbh->ip6h_nxt));
|
||||
rv->Assign(1, val_mgr->Count(hbh->ip6h_len));
|
||||
uint16_t off = 2 * sizeof(uint8_t);
|
||||
rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
|
||||
|
||||
|
|
@ -116,8 +116,8 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
{
|
||||
rv = new RecordVal(hdrType(ip6_dstopts_type, "ip6_dstopts"));
|
||||
const struct ip6_dest* dst = (const struct ip6_dest*)data;
|
||||
rv->Assign(0, val_mgr->GetCount(dst->ip6d_nxt));
|
||||
rv->Assign(1, val_mgr->GetCount(dst->ip6d_len));
|
||||
rv->Assign(0, val_mgr->Count(dst->ip6d_nxt));
|
||||
rv->Assign(1, val_mgr->Count(dst->ip6d_len));
|
||||
uint16_t off = 2 * sizeof(uint8_t);
|
||||
rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
|
||||
}
|
||||
|
|
@ -127,10 +127,10 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
{
|
||||
rv = new RecordVal(hdrType(ip6_routing_type, "ip6_routing"));
|
||||
const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data;
|
||||
rv->Assign(0, val_mgr->GetCount(rt->ip6r_nxt));
|
||||
rv->Assign(1, val_mgr->GetCount(rt->ip6r_len));
|
||||
rv->Assign(2, val_mgr->GetCount(rt->ip6r_type));
|
||||
rv->Assign(3, val_mgr->GetCount(rt->ip6r_segleft));
|
||||
rv->Assign(0, val_mgr->Count(rt->ip6r_nxt));
|
||||
rv->Assign(1, val_mgr->Count(rt->ip6r_len));
|
||||
rv->Assign(2, val_mgr->Count(rt->ip6r_type));
|
||||
rv->Assign(3, val_mgr->Count(rt->ip6r_segleft));
|
||||
uint16_t off = 4 * sizeof(uint8_t);
|
||||
rv->Assign(4, make_intrusive<StringVal>(new BroString(data + off, Length() - off, true)));
|
||||
}
|
||||
|
|
@ -140,28 +140,28 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
{
|
||||
rv = new RecordVal(hdrType(ip6_fragment_type, "ip6_fragment"));
|
||||
const struct ip6_frag* frag = (const struct ip6_frag*)data;
|
||||
rv->Assign(0, val_mgr->GetCount(frag->ip6f_nxt));
|
||||
rv->Assign(1, val_mgr->GetCount(frag->ip6f_reserved));
|
||||
rv->Assign(2, val_mgr->GetCount((ntohs(frag->ip6f_offlg) & 0xfff8)>>3));
|
||||
rv->Assign(3, val_mgr->GetCount((ntohs(frag->ip6f_offlg) & 0x0006)>>1));
|
||||
rv->Assign(0, val_mgr->Count(frag->ip6f_nxt));
|
||||
rv->Assign(1, val_mgr->Count(frag->ip6f_reserved));
|
||||
rv->Assign(2, val_mgr->Count((ntohs(frag->ip6f_offlg) & 0xfff8)>>3));
|
||||
rv->Assign(3, val_mgr->Count((ntohs(frag->ip6f_offlg) & 0x0006)>>1));
|
||||
rv->Assign(4, val_mgr->Bool(ntohs(frag->ip6f_offlg) & 0x0001));
|
||||
rv->Assign(5, val_mgr->GetCount(ntohl(frag->ip6f_ident)));
|
||||
rv->Assign(5, val_mgr->Count(ntohl(frag->ip6f_ident)));
|
||||
}
|
||||
break;
|
||||
|
||||
case IPPROTO_AH:
|
||||
{
|
||||
rv = new RecordVal(hdrType(ip6_ah_type, "ip6_ah"));
|
||||
rv->Assign(0, val_mgr->GetCount(((ip6_ext*)data)->ip6e_nxt));
|
||||
rv->Assign(1, val_mgr->GetCount(((ip6_ext*)data)->ip6e_len));
|
||||
rv->Assign(2, val_mgr->GetCount(ntohs(((uint16_t*)data)[1])));
|
||||
rv->Assign(3, val_mgr->GetCount(ntohl(((uint32_t*)data)[1])));
|
||||
rv->Assign(0, val_mgr->Count(((ip6_ext*)data)->ip6e_nxt));
|
||||
rv->Assign(1, val_mgr->Count(((ip6_ext*)data)->ip6e_len));
|
||||
rv->Assign(2, val_mgr->Count(ntohs(((uint16_t*)data)[1])));
|
||||
rv->Assign(3, val_mgr->Count(ntohl(((uint32_t*)data)[1])));
|
||||
|
||||
if ( Length() >= 12 )
|
||||
{
|
||||
// Sequence Number and ICV fields can only be extracted if
|
||||
// Payload Len was non-zero for this header.
|
||||
rv->Assign(4, val_mgr->GetCount(ntohl(((uint32_t*)data)[2])));
|
||||
rv->Assign(4, val_mgr->Count(ntohl(((uint32_t*)data)[2])));
|
||||
uint16_t off = 3 * sizeof(uint32_t);
|
||||
rv->Assign(5, make_intrusive<StringVal>(new BroString(data + off, Length() - off, true)));
|
||||
}
|
||||
|
|
@ -172,8 +172,8 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
{
|
||||
rv = new RecordVal(hdrType(ip6_esp_type, "ip6_esp"));
|
||||
const uint32_t* esp = (const uint32_t*)data;
|
||||
rv->Assign(0, val_mgr->GetCount(ntohl(esp[0])));
|
||||
rv->Assign(1, val_mgr->GetCount(ntohl(esp[1])));
|
||||
rv->Assign(0, val_mgr->Count(ntohl(esp[0])));
|
||||
rv->Assign(1, val_mgr->Count(ntohl(esp[1])));
|
||||
}
|
||||
break;
|
||||
|
||||
|
|
@ -182,14 +182,14 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
{
|
||||
rv = new RecordVal(hdrType(ip6_mob_type, "ip6_mobility_hdr"));
|
||||
const struct ip6_mobility* mob = (const struct ip6_mobility*) data;
|
||||
rv->Assign(0, val_mgr->GetCount(mob->ip6mob_payload));
|
||||
rv->Assign(1, val_mgr->GetCount(mob->ip6mob_len));
|
||||
rv->Assign(2, val_mgr->GetCount(mob->ip6mob_type));
|
||||
rv->Assign(3, val_mgr->GetCount(mob->ip6mob_rsv));
|
||||
rv->Assign(4, val_mgr->GetCount(ntohs(mob->ip6mob_chksum)));
|
||||
rv->Assign(0, val_mgr->Count(mob->ip6mob_payload));
|
||||
rv->Assign(1, val_mgr->Count(mob->ip6mob_len));
|
||||
rv->Assign(2, val_mgr->Count(mob->ip6mob_type));
|
||||
rv->Assign(3, val_mgr->Count(mob->ip6mob_rsv));
|
||||
rv->Assign(4, val_mgr->Count(ntohs(mob->ip6mob_chksum)));
|
||||
|
||||
RecordVal* msg = new RecordVal(hdrType(ip6_mob_msg_type, "ip6_mobility_msg"));
|
||||
msg->Assign(0, val_mgr->GetCount(mob->ip6mob_type));
|
||||
msg->Assign(0, val_mgr->Count(mob->ip6mob_type));
|
||||
|
||||
uint16_t off = sizeof(ip6_mobility);
|
||||
const u_char* msg_data = data + off;
|
||||
|
|
@ -198,7 +198,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
case 0:
|
||||
{
|
||||
RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_brr"));
|
||||
m->Assign(0, val_mgr->GetCount(ntohs(*((uint16_t*)msg_data))));
|
||||
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
|
||||
off += sizeof(uint16_t);
|
||||
m->Assign(1, BuildOptionsVal(data + off, Length() - off));
|
||||
msg->Assign(1, m);
|
||||
|
|
@ -208,8 +208,8 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
case 1:
|
||||
{
|
||||
RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_hoti"));
|
||||
m->Assign(0, val_mgr->GetCount(ntohs(*((uint16_t*)msg_data))));
|
||||
m->Assign(1, val_mgr->GetCount(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
|
||||
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
|
||||
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
|
||||
off += sizeof(uint16_t) + sizeof(uint64_t);
|
||||
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
|
||||
msg->Assign(2, m);
|
||||
|
|
@ -219,8 +219,8 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
case 2:
|
||||
{
|
||||
RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_coti"));
|
||||
m->Assign(0, val_mgr->GetCount(ntohs(*((uint16_t*)msg_data))));
|
||||
m->Assign(1, val_mgr->GetCount(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
|
||||
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
|
||||
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
|
||||
off += sizeof(uint16_t) + sizeof(uint64_t);
|
||||
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
|
||||
msg->Assign(3, m);
|
||||
|
|
@ -230,9 +230,9 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
case 3:
|
||||
{
|
||||
RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_hot"));
|
||||
m->Assign(0, val_mgr->GetCount(ntohs(*((uint16_t*)msg_data))));
|
||||
m->Assign(1, val_mgr->GetCount(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
|
||||
m->Assign(2, val_mgr->GetCount(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
|
||||
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
|
||||
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
|
||||
m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
|
||||
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
|
||||
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
|
||||
msg->Assign(4, m);
|
||||
|
|
@ -242,9 +242,9 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
case 4:
|
||||
{
|
||||
RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_cot"));
|
||||
m->Assign(0, val_mgr->GetCount(ntohs(*((uint16_t*)msg_data))));
|
||||
m->Assign(1, val_mgr->GetCount(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
|
||||
m->Assign(2, val_mgr->GetCount(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
|
||||
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
|
||||
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
|
||||
m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
|
||||
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
|
||||
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
|
||||
msg->Assign(5, m);
|
||||
|
|
@ -254,12 +254,12 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
case 5:
|
||||
{
|
||||
RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_bu"));
|
||||
m->Assign(0, val_mgr->GetCount(ntohs(*((uint16_t*)msg_data))));
|
||||
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
|
||||
m->Assign(1, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000));
|
||||
m->Assign(2, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000));
|
||||
m->Assign(3, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000));
|
||||
m->Assign(4, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000));
|
||||
m->Assign(5, val_mgr->GetCount(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))));
|
||||
m->Assign(5, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))));
|
||||
off += 3 * sizeof(uint16_t);
|
||||
m->Assign(6, BuildOptionsVal(data + off, Length() - off));
|
||||
msg->Assign(6, m);
|
||||
|
|
@ -269,10 +269,10 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
case 6:
|
||||
{
|
||||
RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_back"));
|
||||
m->Assign(0, val_mgr->GetCount(*((uint8_t*)msg_data)));
|
||||
m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data)));
|
||||
m->Assign(1, val_mgr->Bool(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
|
||||
m->Assign(2, val_mgr->GetCount(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t))))));
|
||||
m->Assign(3, val_mgr->GetCount(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))));
|
||||
m->Assign(2, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t))))));
|
||||
m->Assign(3, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))));
|
||||
off += 3 * sizeof(uint16_t);
|
||||
m->Assign(4, BuildOptionsVal(data + off, Length() - off));
|
||||
msg->Assign(7, m);
|
||||
|
|
@ -282,7 +282,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
|
|||
case 7:
|
||||
{
|
||||
RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_be"));
|
||||
m->Assign(0, val_mgr->GetCount(*((uint8_t*)msg_data)));
|
||||
m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data)));
|
||||
const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16_t));
|
||||
m->Assign(1, make_intrusive<AddrVal>(IPAddr(*hoa)));
|
||||
off += sizeof(uint16_t) + sizeof(in6_addr);
|
||||
|
|
@ -335,12 +335,12 @@ RecordVal* IP_Hdr::BuildIPHdrVal() const
|
|||
if ( ip4 )
|
||||
{
|
||||
rval = new RecordVal(hdrType(ip4_hdr_type, "ip4_hdr"));
|
||||
rval->Assign(0, val_mgr->GetCount(ip4->ip_hl * 4));
|
||||
rval->Assign(1, val_mgr->GetCount(ip4->ip_tos));
|
||||
rval->Assign(2, val_mgr->GetCount(ntohs(ip4->ip_len)));
|
||||
rval->Assign(3, val_mgr->GetCount(ntohs(ip4->ip_id)));
|
||||
rval->Assign(4, val_mgr->GetCount(ip4->ip_ttl));
|
||||
rval->Assign(5, val_mgr->GetCount(ip4->ip_p));
|
||||
rval->Assign(0, val_mgr->Count(ip4->ip_hl * 4));
|
||||
rval->Assign(1, val_mgr->Count(ip4->ip_tos));
|
||||
rval->Assign(2, val_mgr->Count(ntohs(ip4->ip_len)));
|
||||
rval->Assign(3, val_mgr->Count(ntohs(ip4->ip_id)));
|
||||
rval->Assign(4, val_mgr->Count(ip4->ip_ttl));
|
||||
rval->Assign(5, val_mgr->Count(ip4->ip_p));
|
||||
rval->Assign(6, make_intrusive<AddrVal>(ip4->ip_src.s_addr));
|
||||
rval->Assign(7, make_intrusive<AddrVal>(ip4->ip_dst.s_addr));
|
||||
}
|
||||
|
|
@ -396,13 +396,13 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
|
|||
|
||||
tcp_hdr->Assign(0, val_mgr->GetPort(ntohs(tp->th_sport), TRANSPORT_TCP));
|
||||
tcp_hdr->Assign(1, val_mgr->GetPort(ntohs(tp->th_dport), TRANSPORT_TCP));
|
||||
tcp_hdr->Assign(2, val_mgr->GetCount(uint32_t(ntohl(tp->th_seq))));
|
||||
tcp_hdr->Assign(3, val_mgr->GetCount(uint32_t(ntohl(tp->th_ack))));
|
||||
tcp_hdr->Assign(4, val_mgr->GetCount(tcp_hdr_len));
|
||||
tcp_hdr->Assign(5, val_mgr->GetCount(data_len));
|
||||
tcp_hdr->Assign(6, val_mgr->GetCount(tp->th_x2));
|
||||
tcp_hdr->Assign(7, val_mgr->GetCount(tp->th_flags));
|
||||
tcp_hdr->Assign(8, val_mgr->GetCount(ntohs(tp->th_win)));
|
||||
tcp_hdr->Assign(2, val_mgr->Count(uint32_t(ntohl(tp->th_seq))));
|
||||
tcp_hdr->Assign(3, val_mgr->Count(uint32_t(ntohl(tp->th_ack))));
|
||||
tcp_hdr->Assign(4, val_mgr->Count(tcp_hdr_len));
|
||||
tcp_hdr->Assign(5, val_mgr->Count(data_len));
|
||||
tcp_hdr->Assign(6, val_mgr->Count(tp->th_x2));
|
||||
tcp_hdr->Assign(7, val_mgr->Count(tp->th_flags));
|
||||
tcp_hdr->Assign(8, val_mgr->Count(ntohs(tp->th_win)));
|
||||
|
||||
pkt_hdr->Assign(sindex + 2, tcp_hdr);
|
||||
break;
|
||||
|
|
@ -415,7 +415,7 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
|
|||
|
||||
udp_hdr->Assign(0, val_mgr->GetPort(ntohs(up->uh_sport), TRANSPORT_UDP));
|
||||
udp_hdr->Assign(1, val_mgr->GetPort(ntohs(up->uh_dport), TRANSPORT_UDP));
|
||||
udp_hdr->Assign(2, val_mgr->GetCount(ntohs(up->uh_ulen)));
|
||||
udp_hdr->Assign(2, val_mgr->Count(ntohs(up->uh_ulen)));
|
||||
|
||||
pkt_hdr->Assign(sindex + 3, udp_hdr);
|
||||
break;
|
||||
|
|
@ -426,7 +426,7 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
|
|||
const struct icmp* icmpp = (const struct icmp *) data;
|
||||
RecordVal* icmp_hdr = new RecordVal(icmp_hdr_type);
|
||||
|
||||
icmp_hdr->Assign(0, val_mgr->GetCount(icmpp->icmp_type));
|
||||
icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp_type));
|
||||
|
||||
pkt_hdr->Assign(sindex + 4, icmp_hdr);
|
||||
break;
|
||||
|
|
@ -437,7 +437,7 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
|
|||
const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*) data;
|
||||
RecordVal* icmp_hdr = new RecordVal(icmp_hdr_type);
|
||||
|
||||
icmp_hdr->Assign(0, val_mgr->GetCount(icmpp->icmp6_type));
|
||||
icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp6_type));
|
||||
|
||||
pkt_hdr->Assign(sindex + 4, icmp_hdr);
|
||||
break;
|
||||
|
|
@ -696,7 +696,7 @@ VectorVal* IPv6_Hdr_Chain::BuildVal() const
|
|||
RecordVal* v = chain[i]->BuildRecordVal();
|
||||
RecordVal* ext_hdr = new RecordVal(ip6_ext_hdr_type);
|
||||
uint8_t type = chain[i]->Type();
|
||||
ext_hdr->Assign(0, val_mgr->GetCount(type));
|
||||
ext_hdr->Assign(0, val_mgr->Count(type));
|
||||
|
||||
switch (type) {
|
||||
case IPPROTO_HOPOPTS:
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ Val* RuleMatcher::BuildRuleStateValue(const Rule* rule,
|
|||
val->Assign(0, make_intrusive<StringVal>(rule->ID()));
|
||||
val->Assign(1, state->GetAnalyzer()->BuildConnVal());
|
||||
val->Assign(2, val_mgr->Bool(state->is_orig));
|
||||
val->Assign(3, val_mgr->GetCount(state->payload_size));
|
||||
val->Assign(3, val_mgr->Count(state->payload_size));
|
||||
return val;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ VectorVal* BroSubstring::VecToPolicy(Vec* vec)
|
|||
|
||||
auto align_val = make_intrusive<RecordVal>(sw_align_type);
|
||||
align_val->Assign(0, make_intrusive<StringVal>(new BroString(*align.string)));
|
||||
align_val->Assign(1, val_mgr->GetCount(align.index));
|
||||
align_val->Assign(1, val_mgr->Count(align.index));
|
||||
|
||||
aligns->Assign(j + 1, std::move(align_val));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1232,8 +1232,7 @@ IntrusivePtr<Val> ForStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const
|
|||
|
||||
// Set the loop variable to the current index, and make
|
||||
// another pass over the loop body.
|
||||
f->SetElement((*loop_vars)[0],
|
||||
val_mgr->GetCount(i));
|
||||
f->SetElement((*loop_vars)[0], val_mgr->Count(i).release());
|
||||
flow = FLOW_NEXT;
|
||||
ret = body->Exec(f, flow);
|
||||
|
||||
|
|
|
|||
26
src/Val.cc
26
src/Val.cc
|
|
@ -250,19 +250,19 @@ IntrusivePtr<Val> Val::SizeVal() const
|
|||
// Return abs value. However abs() only works on ints and llabs
|
||||
// doesn't work on Mac OS X 10.5. So we do it by hand
|
||||
if ( val.int_val < 0 )
|
||||
return {AdoptRef{}, val_mgr->GetCount(-val.int_val)};
|
||||
return val_mgr->Count(-val.int_val);
|
||||
else
|
||||
return {AdoptRef{}, val_mgr->GetCount(val.int_val)};
|
||||
return val_mgr->Count(val.int_val);
|
||||
|
||||
case TYPE_INTERNAL_UNSIGNED:
|
||||
return {AdoptRef{}, val_mgr->GetCount(val.uint_val)};
|
||||
return val_mgr->Count(val.uint_val);
|
||||
|
||||
case TYPE_INTERNAL_DOUBLE:
|
||||
return make_intrusive<Val>(fabs(val.double_val), TYPE_DOUBLE);
|
||||
|
||||
case TYPE_INTERNAL_OTHER:
|
||||
if ( type->Tag() == TYPE_FUNC )
|
||||
return {AdoptRef{}, val_mgr->GetCount(val.func_val->FType()->ArgTypes()->Types()->length())};
|
||||
return val_mgr->Count(val.func_val->FType()->ArgTypes()->Types()->length());
|
||||
|
||||
if ( type->Tag() == TYPE_FILE )
|
||||
return make_intrusive<Val>(val.file_val->Size(), TYPE_DOUBLE);
|
||||
|
|
@ -272,7 +272,7 @@ IntrusivePtr<Val> Val::SizeVal() const
|
|||
break;
|
||||
}
|
||||
|
||||
return {AdoptRef{}, val_mgr->GetCount(0)};
|
||||
return val_mgr->Count(0);
|
||||
}
|
||||
|
||||
unsigned int Val::MemoryAllocation() const
|
||||
|
|
@ -851,9 +851,9 @@ unsigned int AddrVal::MemoryAllocation() const
|
|||
IntrusivePtr<Val> AddrVal::SizeVal() const
|
||||
{
|
||||
if ( val.addr_val->GetFamily() == IPv4 )
|
||||
return {AdoptRef{}, val_mgr->GetCount(32)};
|
||||
return val_mgr->Count(32);
|
||||
else
|
||||
return {AdoptRef{}, val_mgr->GetCount(128)};
|
||||
return val_mgr->Count(128);
|
||||
}
|
||||
|
||||
IntrusivePtr<Val> AddrVal::DoClone(CloneState* state)
|
||||
|
|
@ -979,7 +979,7 @@ StringVal::StringVal(const string& s) : StringVal(s.length(), s.data())
|
|||
|
||||
IntrusivePtr<Val> StringVal::SizeVal() const
|
||||
{
|
||||
return {AdoptRef{}, val_mgr->GetCount(val.string_val->Len())};
|
||||
return val_mgr->Count(val.string_val->Len());
|
||||
}
|
||||
|
||||
int StringVal::Len()
|
||||
|
|
@ -1193,7 +1193,7 @@ ListVal::~ListVal()
|
|||
|
||||
IntrusivePtr<Val> ListVal::SizeVal() const
|
||||
{
|
||||
return {AdoptRef{}, val_mgr->GetCount(vals.length())};
|
||||
return val_mgr->Count(vals.length());
|
||||
}
|
||||
|
||||
RE_Matcher* ListVal::BuildRE() const
|
||||
|
|
@ -1564,7 +1564,7 @@ bool TableVal::Assign(Val* index, HashKey* k, Val* new_val)
|
|||
|
||||
IntrusivePtr<Val> TableVal::SizeVal() const
|
||||
{
|
||||
return {AdoptRef{}, val_mgr->GetCount(Size())};
|
||||
return val_mgr->Count(Size());
|
||||
}
|
||||
|
||||
bool TableVal::AddTo(Val* val, bool is_first_init) const
|
||||
|
|
@ -2683,7 +2683,7 @@ RecordVal::~RecordVal()
|
|||
|
||||
IntrusivePtr<Val> RecordVal::SizeVal() const
|
||||
{
|
||||
return {AdoptRef{}, val_mgr->GetCount(Type()->AsRecordType()->NumFields())};
|
||||
return val_mgr->Count(Type()->AsRecordType()->NumFields());
|
||||
}
|
||||
|
||||
void RecordVal::Assign(int field, IntrusivePtr<Val> new_val)
|
||||
|
|
@ -2968,7 +2968,7 @@ VectorVal::~VectorVal()
|
|||
|
||||
IntrusivePtr<Val> VectorVal::SizeVal() const
|
||||
{
|
||||
return {AdoptRef{}, val_mgr->GetCount(uint32_t(val.vector_val->size()))};
|
||||
return val_mgr->Count(uint32_t(val.vector_val->size()));
|
||||
}
|
||||
|
||||
bool VectorVal::Assign(unsigned int index, IntrusivePtr<Val> element)
|
||||
|
|
@ -3221,7 +3221,7 @@ IntrusivePtr<Val> check_and_promote(IntrusivePtr<Val> v, const BroType* t,
|
|||
return nullptr;
|
||||
}
|
||||
else if ( t_tag == TYPE_COUNT || t_tag == TYPE_COUNTER )
|
||||
promoted_v = {AdoptRef{}, val_mgr->GetCount(v->CoerceToUnsigned())};
|
||||
promoted_v = val_mgr->Count(v->CoerceToUnsigned());
|
||||
else // port
|
||||
{
|
||||
reporter->InternalError("bad internal type in check_and_promote()");
|
||||
|
|
|
|||
|
|
@ -692,7 +692,7 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag)
|
|||
mgr.Enqueue(protocol_confirmation,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
IntrusivePtr{NewRef{}, tval},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(id)}
|
||||
val_mgr->Count(id)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -719,7 +719,7 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len)
|
|||
mgr.Enqueue(protocol_violation,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
IntrusivePtr{NewRef{}, tval},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(id)},
|
||||
val_mgr->Count(id),
|
||||
IntrusivePtr{AdoptRef{}, r}
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -118,10 +118,10 @@ Val* asn1_integer_to_val(const ASN1Encoding* i, TypeTag t)
|
|||
return val_mgr->Int(v).release();
|
||||
case TYPE_COUNT:
|
||||
case TYPE_COUNTER:
|
||||
return val_mgr->GetCount(v);
|
||||
return val_mgr->Count(v).release();
|
||||
default:
|
||||
reporter->Error("bad asn1_integer_to_val tag: %s", type_name(t));
|
||||
return val_mgr->GetCount(v);
|
||||
return val_mgr->Count(v).release();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -403,7 +403,7 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line)
|
|||
if ( bt_tracker_response_not_ok )
|
||||
EnqueueConnEvent(bt_tracker_response_not_ok,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(res_status)},
|
||||
val_mgr->Count(res_status),
|
||||
IntrusivePtr{AdoptRef{}, res_val_headers}
|
||||
);
|
||||
res_val_headers = nullptr;
|
||||
|
|
@ -790,7 +790,7 @@ void BitTorrentTracker_Analyzer::EmitResponse(void)
|
|||
if ( bt_tracker_response )
|
||||
EnqueueConnEvent(bt_tracker_response,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(res_status)},
|
||||
val_mgr->Count(res_status),
|
||||
IntrusivePtr{AdoptRef{}, res_val_headers},
|
||||
IntrusivePtr{AdoptRef{}, res_val_peers},
|
||||
IntrusivePtr{AdoptRef{}, res_val_benc}
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64_t threshold, bo
|
|||
|
||||
EnqueueConnEvent(f,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(threshold)},
|
||||
val_mgr->Count(threshold),
|
||||
val_mgr->Bool(is_orig)
|
||||
);
|
||||
}
|
||||
|
|
@ -183,10 +183,10 @@ void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val)
|
|||
if ( bytesidx < 0 )
|
||||
reporter->InternalError("'endpoint' record missing 'num_bytes_ip' field");
|
||||
|
||||
orig_endp->Assign(pktidx, val_mgr->GetCount(orig_pkts));
|
||||
orig_endp->Assign(bytesidx, val_mgr->GetCount(orig_bytes));
|
||||
resp_endp->Assign(pktidx, val_mgr->GetCount(resp_pkts));
|
||||
resp_endp->Assign(bytesidx, val_mgr->GetCount(resp_bytes));
|
||||
orig_endp->Assign(pktidx, val_mgr->Count(orig_pkts));
|
||||
orig_endp->Assign(bytesidx, val_mgr->Count(orig_bytes));
|
||||
resp_endp->Assign(pktidx, val_mgr->Count(resp_pkts));
|
||||
resp_endp->Assign(bytesidx, val_mgr->Count(resp_bytes));
|
||||
|
||||
Analyzer::UpdateConnVal(conn_val);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -103,9 +103,9 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count
|
|||
%{
|
||||
analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
|
||||
if ( ! a )
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
|
||||
return val_mgr->GetCount(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(true, is_orig));
|
||||
return val_mgr->Count(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(true, is_orig));
|
||||
%}
|
||||
|
||||
## Gets the current packet threshold size for a connection.
|
||||
|
|
@ -122,9 +122,9 @@ function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): coun
|
|||
%{
|
||||
analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
|
||||
if ( ! a )
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
|
||||
return val_mgr->GetCount(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(false, is_orig));
|
||||
return val_mgr->Count(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(false, is_orig));
|
||||
%}
|
||||
|
||||
## Gets the current duration threshold size for a connection.
|
||||
|
|
|
|||
|
|
@ -35,8 +35,7 @@ refine flow DHCP_Flow += {
|
|||
init_options();
|
||||
|
||||
if ( code != 255 )
|
||||
all_options->Assign(all_options->Size(),
|
||||
val_mgr->GetCount(code));
|
||||
all_options->Assign(all_options->Size(), val_mgr->Count(code));
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
|
@ -58,11 +57,11 @@ refine flow DHCP_Flow += {
|
|||
double secs = static_cast<double>(${msg.secs});
|
||||
|
||||
auto dhcp_msg_val = new RecordVal(BifType::Record::DHCP::Msg);
|
||||
dhcp_msg_val->Assign(0, val_mgr->GetCount(${msg.op}));
|
||||
dhcp_msg_val->Assign(1, val_mgr->GetCount(${msg.type}));
|
||||
dhcp_msg_val->Assign(2, val_mgr->GetCount(${msg.xid}));
|
||||
dhcp_msg_val->Assign(0, val_mgr->Count(${msg.op}));
|
||||
dhcp_msg_val->Assign(1, val_mgr->Count(${msg.type}));
|
||||
dhcp_msg_val->Assign(2, val_mgr->Count(${msg.xid}));
|
||||
dhcp_msg_val->Assign(3, make_intrusive<Val>(secs, TYPE_INTERVAL));
|
||||
dhcp_msg_val->Assign(4, val_mgr->GetCount(${msg.flags}));
|
||||
dhcp_msg_val->Assign(4, val_mgr->Count(${msg.flags}));
|
||||
dhcp_msg_val->Assign(5, make_intrusive<AddrVal>(htonl(${msg.ciaddr})));
|
||||
dhcp_msg_val->Assign(6, make_intrusive<AddrVal>(htonl(${msg.yiaddr})));
|
||||
dhcp_msg_val->Assign(7, make_intrusive<AddrVal>(htonl(${msg.siaddr})));
|
||||
|
|
|
|||
|
|
@ -469,7 +469,7 @@ refine flow DHCP_Flow += {
|
|||
for ( int i = 0; i < num_parms; ++i )
|
||||
{
|
||||
uint8 param = (*plist)[i];
|
||||
params->Assign(i, val_mgr->GetCount(param));
|
||||
params->Assign(i, val_mgr->Count(param));
|
||||
}
|
||||
|
||||
${context.flow}->options->Assign(13, params);
|
||||
|
|
@ -521,7 +521,7 @@ refine casetype OptionValue += {
|
|||
refine flow DHCP_Flow += {
|
||||
function process_max_message_size_option(v: OptionValue): bool
|
||||
%{
|
||||
${context.flow}->options->Assign(15, val_mgr->GetCount(${v.max_msg_size}));
|
||||
${context.flow}->options->Assign(15, val_mgr->Count(${v.max_msg_size}));
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
|
@ -626,7 +626,7 @@ refine flow DHCP_Flow += {
|
|||
function process_client_id_option(v: OptionValue): bool
|
||||
%{
|
||||
RecordVal* client_id = new RecordVal(BifType::Record::DHCP::ClientID);
|
||||
client_id->Assign(0, val_mgr->GetCount(${v.client_id.hwtype}));
|
||||
client_id->Assign(0, val_mgr->Count(${v.client_id.hwtype}));
|
||||
client_id->Assign(1, make_intrusive<StringVal>(fmt_mac(${v.client_id.hwaddr}.begin(), ${v.client_id.hwaddr}.length())));
|
||||
|
||||
${context.flow}->options->Assign(19, client_id);
|
||||
|
|
@ -686,9 +686,9 @@ refine flow DHCP_Flow += {
|
|||
function process_client_fqdn_option(v: OptionValue): bool
|
||||
%{
|
||||
RecordVal* client_fqdn = new RecordVal(BifType::Record::DHCP::ClientFQDN);
|
||||
client_fqdn->Assign(0, val_mgr->GetCount(${v.client_fqdn.flags}));
|
||||
client_fqdn->Assign(1, val_mgr->GetCount(${v.client_fqdn.rcode1}));
|
||||
client_fqdn->Assign(2, val_mgr->GetCount(${v.client_fqdn.rcode2}));
|
||||
client_fqdn->Assign(0, val_mgr->Count(${v.client_fqdn.flags}));
|
||||
client_fqdn->Assign(1, val_mgr->Count(${v.client_fqdn.rcode1}));
|
||||
client_fqdn->Assign(2, val_mgr->Count(${v.client_fqdn.rcode2}));
|
||||
const char* domain_name = reinterpret_cast<const char*>(${v.client_fqdn.domain_name}.begin());
|
||||
client_fqdn->Assign(3, make_intrusive<StringVal>(${v.client_fqdn.domain_name}.length(), domain_name));
|
||||
|
||||
|
|
@ -751,7 +751,7 @@ refine flow DHCP_Flow += {
|
|||
ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt )
|
||||
{
|
||||
auto r = new RecordVal(BifType::Record::DHCP::SubOpt);
|
||||
r->Assign(0, val_mgr->GetCount((*ptrsubopt)->code()));
|
||||
r->Assign(0, val_mgr->Count((*ptrsubopt)->code()));
|
||||
r->Assign(1, bytestring_to_val((*ptrsubopt)->value()));
|
||||
|
||||
relay_agent_sub_opt->Assign(i, r);
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
|
|||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
val_mgr->Bool(is_query),
|
||||
IntrusivePtr{AdoptRef{}, msg.BuildHdrVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(len)}
|
||||
val_mgr->Count(len)
|
||||
);
|
||||
|
||||
// There is a great deal of non-DNS traffic that runs on port 53.
|
||||
|
|
@ -596,7 +596,7 @@ bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg,
|
|||
auto r = make_intrusive<RecordVal>(dns_soa);
|
||||
r->Assign(0, make_intrusive<StringVal>(new BroString(mname, mname_end - mname, true)));
|
||||
r->Assign(1, make_intrusive<StringVal>(new BroString(rname, rname_end - rname, true)));
|
||||
r->Assign(2, val_mgr->GetCount(serial));
|
||||
r->Assign(2, val_mgr->Count(serial));
|
||||
r->Assign(3, make_intrusive<IntervalVal>(double(refresh), Seconds));
|
||||
r->Assign(4, make_intrusive<IntervalVal>(double(retry), Seconds));
|
||||
r->Assign(5, make_intrusive<IntervalVal>(double(expire), Seconds));
|
||||
|
|
@ -637,7 +637,7 @@ bool DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg,
|
|||
IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
|
||||
IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
|
||||
make_intrusive<StringVal>(new BroString(name, name_end - name, true)),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(preference)}
|
||||
val_mgr->Count(preference)
|
||||
);
|
||||
|
||||
return true;
|
||||
|
|
@ -678,9 +678,9 @@ bool DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg,
|
|||
IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
|
||||
IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
|
||||
make_intrusive<StringVal>(new BroString(name, name_end - name, true)),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(priority)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(weight)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(port)}
|
||||
val_mgr->Count(priority),
|
||||
val_mgr->Count(weight),
|
||||
val_mgr->Count(port)
|
||||
);
|
||||
|
||||
return true;
|
||||
|
|
@ -1371,7 +1371,7 @@ bool DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg,
|
|||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
|
||||
IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(flags)},
|
||||
val_mgr->Count(flags),
|
||||
make_intrusive<StringVal>(tag),
|
||||
make_intrusive<StringVal>(value)
|
||||
);
|
||||
|
|
@ -1399,8 +1399,8 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg,
|
|||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()},
|
||||
make_intrusive<StringVal>(question_name),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(qtype)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(qclass)}
|
||||
val_mgr->Count(qtype),
|
||||
val_mgr->Count(qclass)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -1446,19 +1446,19 @@ Val* DNS_MsgInfo::BuildHdrVal()
|
|||
{
|
||||
RecordVal* r = new RecordVal(dns_msg);
|
||||
|
||||
r->Assign(0, val_mgr->GetCount(id));
|
||||
r->Assign(1, val_mgr->GetCount(opcode));
|
||||
r->Assign(2, val_mgr->GetCount(rcode));
|
||||
r->Assign(0, val_mgr->Count(id));
|
||||
r->Assign(1, val_mgr->Count(opcode));
|
||||
r->Assign(2, val_mgr->Count(rcode));
|
||||
r->Assign(3, val_mgr->Bool(QR));
|
||||
r->Assign(4, val_mgr->Bool(AA));
|
||||
r->Assign(5, val_mgr->Bool(TC));
|
||||
r->Assign(6, val_mgr->Bool(RD));
|
||||
r->Assign(7, val_mgr->Bool(RA));
|
||||
r->Assign(8, val_mgr->GetCount(Z));
|
||||
r->Assign(9, val_mgr->GetCount(qdcount));
|
||||
r->Assign(10, val_mgr->GetCount(ancount));
|
||||
r->Assign(11, val_mgr->GetCount(nscount));
|
||||
r->Assign(12, val_mgr->GetCount(arcount));
|
||||
r->Assign(8, val_mgr->Count(Z));
|
||||
r->Assign(9, val_mgr->Count(qdcount));
|
||||
r->Assign(10, val_mgr->Count(ancount));
|
||||
r->Assign(11, val_mgr->Count(nscount));
|
||||
r->Assign(12, val_mgr->Count(arcount));
|
||||
|
||||
return r;
|
||||
}
|
||||
|
|
@ -1468,10 +1468,10 @@ Val* DNS_MsgInfo::BuildAnswerVal()
|
|||
RecordVal* r = new RecordVal(dns_answer);
|
||||
|
||||
Ref(query_name);
|
||||
r->Assign(0, val_mgr->GetCount(int(answer_type)));
|
||||
r->Assign(0, val_mgr->Count(int(answer_type)));
|
||||
r->Assign(1, query_name);
|
||||
r->Assign(2, val_mgr->GetCount(atype));
|
||||
r->Assign(3, val_mgr->GetCount(aclass));
|
||||
r->Assign(2, val_mgr->Count(atype));
|
||||
r->Assign(3, val_mgr->Count(aclass));
|
||||
r->Assign(4, make_intrusive<IntervalVal>(double(ttl), Seconds));
|
||||
|
||||
return r;
|
||||
|
|
@ -1484,14 +1484,14 @@ Val* DNS_MsgInfo::BuildEDNS_Val()
|
|||
RecordVal* r = new RecordVal(dns_edns_additional);
|
||||
|
||||
Ref(query_name);
|
||||
r->Assign(0, val_mgr->GetCount(int(answer_type)));
|
||||
r->Assign(0, val_mgr->Count(int(answer_type)));
|
||||
r->Assign(1, query_name);
|
||||
|
||||
// type = 0x29 or 41 = EDNS
|
||||
r->Assign(2, val_mgr->GetCount(atype));
|
||||
r->Assign(2, val_mgr->Count(atype));
|
||||
|
||||
// sender's UDP payload size, per RFC 2671 4.3
|
||||
r->Assign(3, val_mgr->GetCount(aclass));
|
||||
r->Assign(3, val_mgr->Count(aclass));
|
||||
|
||||
// Need to break the TTL field into three components:
|
||||
// initial: [------------- ttl (32) ---------------------]
|
||||
|
|
@ -1504,11 +1504,11 @@ Val* DNS_MsgInfo::BuildEDNS_Val()
|
|||
|
||||
unsigned int return_error = (ercode << 8) | rcode;
|
||||
|
||||
r->Assign(4, val_mgr->GetCount(return_error));
|
||||
r->Assign(5, val_mgr->GetCount(version));
|
||||
r->Assign(6, val_mgr->GetCount(z));
|
||||
r->Assign(4, val_mgr->Count(return_error));
|
||||
r->Assign(5, val_mgr->Count(version));
|
||||
r->Assign(6, val_mgr->Count(z));
|
||||
r->Assign(7, make_intrusive<IntervalVal>(double(ttl), Seconds));
|
||||
r->Assign(8, val_mgr->GetCount(is_query));
|
||||
r->Assign(8, val_mgr->Count(is_query));
|
||||
|
||||
return r;
|
||||
}
|
||||
|
|
@ -1519,16 +1519,16 @@ Val* DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
|
|||
double rtime = tsig->time_s + tsig->time_ms / 1000.0;
|
||||
|
||||
Ref(query_name);
|
||||
// r->Assign(0, val_mgr->GetCount(int(answer_type)));
|
||||
// r->Assign(0, val_mgr->Count(int(answer_type)));
|
||||
r->Assign(0, query_name);
|
||||
r->Assign(1, val_mgr->GetCount(int(answer_type)));
|
||||
r->Assign(1, val_mgr->Count(int(answer_type)));
|
||||
r->Assign(2, make_intrusive<StringVal>(tsig->alg_name));
|
||||
r->Assign(3, make_intrusive<StringVal>(tsig->sig));
|
||||
r->Assign(4, make_intrusive<Val>(rtime, TYPE_TIME));
|
||||
r->Assign(5, make_intrusive<Val>(double(tsig->fudge), TYPE_TIME));
|
||||
r->Assign(6, val_mgr->GetCount(tsig->orig_id));
|
||||
r->Assign(7, val_mgr->GetCount(tsig->rr_error));
|
||||
r->Assign(8, val_mgr->GetCount(is_query));
|
||||
r->Assign(6, val_mgr->Count(tsig->orig_id));
|
||||
r->Assign(7, val_mgr->Count(tsig->rr_error));
|
||||
r->Assign(8, val_mgr->Count(is_query));
|
||||
|
||||
return r;
|
||||
}
|
||||
|
|
@ -1539,17 +1539,17 @@ Val* DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
|
|||
|
||||
Ref(query_name);
|
||||
r->Assign(0, query_name);
|
||||
r->Assign(1, val_mgr->GetCount(int(answer_type)));
|
||||
r->Assign(2, val_mgr->GetCount(rrsig->type_covered));
|
||||
r->Assign(3, val_mgr->GetCount(rrsig->algorithm));
|
||||
r->Assign(4, val_mgr->GetCount(rrsig->labels));
|
||||
r->Assign(1, val_mgr->Count(int(answer_type)));
|
||||
r->Assign(2, val_mgr->Count(rrsig->type_covered));
|
||||
r->Assign(3, val_mgr->Count(rrsig->algorithm));
|
||||
r->Assign(4, val_mgr->Count(rrsig->labels));
|
||||
r->Assign(5, make_intrusive<IntervalVal>(double(rrsig->orig_ttl), Seconds));
|
||||
r->Assign(6, make_intrusive<Val>(double(rrsig->sig_exp), TYPE_TIME));
|
||||
r->Assign(7, make_intrusive<Val>(double(rrsig->sig_incep), TYPE_TIME));
|
||||
r->Assign(8, val_mgr->GetCount(rrsig->key_tag));
|
||||
r->Assign(8, val_mgr->Count(rrsig->key_tag));
|
||||
r->Assign(9, make_intrusive<StringVal>(rrsig->signer_name));
|
||||
r->Assign(10, make_intrusive<StringVal>(rrsig->signature));
|
||||
r->Assign(11, val_mgr->GetCount(is_query));
|
||||
r->Assign(11, val_mgr->Count(is_query));
|
||||
|
||||
return r;
|
||||
}
|
||||
|
|
@ -1560,12 +1560,12 @@ Val* DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
|
|||
|
||||
Ref(query_name);
|
||||
r->Assign(0, query_name);
|
||||
r->Assign(1, val_mgr->GetCount(int(answer_type)));
|
||||
r->Assign(2, val_mgr->GetCount(dnskey->dflags));
|
||||
r->Assign(3, val_mgr->GetCount(dnskey->dprotocol));
|
||||
r->Assign(4, val_mgr->GetCount(dnskey->dalgorithm));
|
||||
r->Assign(1, val_mgr->Count(int(answer_type)));
|
||||
r->Assign(2, val_mgr->Count(dnskey->dflags));
|
||||
r->Assign(3, val_mgr->Count(dnskey->dprotocol));
|
||||
r->Assign(4, val_mgr->Count(dnskey->dalgorithm));
|
||||
r->Assign(5, make_intrusive<StringVal>(dnskey->public_key));
|
||||
r->Assign(6, val_mgr->GetCount(is_query));
|
||||
r->Assign(6, val_mgr->Count(is_query));
|
||||
|
||||
return r;
|
||||
}
|
||||
|
|
@ -1576,16 +1576,16 @@ Val* DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
|
|||
|
||||
Ref(query_name);
|
||||
r->Assign(0, query_name);
|
||||
r->Assign(1, val_mgr->GetCount(int(answer_type)));
|
||||
r->Assign(2, val_mgr->GetCount(nsec3->nsec_flags));
|
||||
r->Assign(3, val_mgr->GetCount(nsec3->nsec_hash_algo));
|
||||
r->Assign(4, val_mgr->GetCount(nsec3->nsec_iter));
|
||||
r->Assign(5, val_mgr->GetCount(nsec3->nsec_salt_len));
|
||||
r->Assign(1, val_mgr->Count(int(answer_type)));
|
||||
r->Assign(2, val_mgr->Count(nsec3->nsec_flags));
|
||||
r->Assign(3, val_mgr->Count(nsec3->nsec_hash_algo));
|
||||
r->Assign(4, val_mgr->Count(nsec3->nsec_iter));
|
||||
r->Assign(5, val_mgr->Count(nsec3->nsec_salt_len));
|
||||
r->Assign(6, make_intrusive<StringVal>(nsec3->nsec_salt));
|
||||
r->Assign(7, val_mgr->GetCount(nsec3->nsec_hlen));
|
||||
r->Assign(7, val_mgr->Count(nsec3->nsec_hlen));
|
||||
r->Assign(8, make_intrusive<StringVal>(nsec3->nsec_hash));
|
||||
r->Assign(9, nsec3->bitmaps);
|
||||
r->Assign(10, val_mgr->GetCount(is_query));
|
||||
r->Assign(10, val_mgr->Count(is_query));
|
||||
|
||||
return r;
|
||||
}
|
||||
|
|
@ -1596,12 +1596,12 @@ Val* DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
|
|||
|
||||
Ref(query_name);
|
||||
r->Assign(0, query_name);
|
||||
r->Assign(1, val_mgr->GetCount(int(answer_type)));
|
||||
r->Assign(2, val_mgr->GetCount(ds->key_tag));
|
||||
r->Assign(3, val_mgr->GetCount(ds->algorithm));
|
||||
r->Assign(4, val_mgr->GetCount(ds->digest_type));
|
||||
r->Assign(1, val_mgr->Count(int(answer_type)));
|
||||
r->Assign(2, val_mgr->Count(ds->key_tag));
|
||||
r->Assign(3, val_mgr->Count(ds->algorithm));
|
||||
r->Assign(4, val_mgr->Count(ds->digest_type));
|
||||
r->Assign(5, make_intrusive<StringVal>(ds->digest_val));
|
||||
r->Assign(6, val_mgr->GetCount(is_query));
|
||||
r->Assign(6, val_mgr->Count(is_query));
|
||||
|
||||
return r;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -177,7 +177,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
|
|||
|
||||
vl = {
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(reply_code)},
|
||||
val_mgr->Count(reply_code),
|
||||
make_intrusive<StringVal>(end_of_line - line, line),
|
||||
val_mgr->Bool(cont_resp)
|
||||
};
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ void Gnutella_Analyzer::Done()
|
|||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
make_intrusive<StringVal>(p->msg),
|
||||
val_mgr->Bool((i == 0)),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(p->msg_pos)}
|
||||
val_mgr->Count(p->msg_pos)
|
||||
);
|
||||
|
||||
else if ( ! p->msg_sent && p->payload_left )
|
||||
|
|
@ -217,12 +217,12 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig)
|
|||
EnqueueConnEvent(gnutella_binary_msg,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
val_mgr->Bool(is_orig),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(p->msg_type)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(p->msg_ttl)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(p->msg_hops)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(p->msg_len)},
|
||||
val_mgr->Count(p->msg_type),
|
||||
val_mgr->Count(p->msg_ttl),
|
||||
val_mgr->Count(p->msg_hops),
|
||||
val_mgr->Count(p->msg_len),
|
||||
make_intrusive<StringVal>(p->payload),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(p->payload_len)},
|
||||
val_mgr->Count(p->payload_len),
|
||||
val_mgr->Bool((p->payload_len < std::min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD))),
|
||||
val_mgr->Bool((p->payload_left == 0))
|
||||
);
|
||||
|
|
|
|||
|
|
@ -8,86 +8,86 @@ RecordVal* BuildGTPv1Hdr(const GTPv1_Header* pdu)
|
|||
{
|
||||
RecordVal* rv = new RecordVal(BifType::Record::gtpv1_hdr);
|
||||
|
||||
rv->Assign(0, val_mgr->GetCount(pdu->version()));
|
||||
rv->Assign(0, val_mgr->Count(pdu->version()));
|
||||
rv->Assign(1, val_mgr->Bool(pdu->pt_flag()));
|
||||
rv->Assign(2, val_mgr->Bool(pdu->rsv()));
|
||||
rv->Assign(3, val_mgr->Bool(pdu->e_flag()));
|
||||
rv->Assign(4, val_mgr->Bool(pdu->s_flag()));
|
||||
rv->Assign(5, val_mgr->Bool(pdu->pn_flag()));
|
||||
rv->Assign(6, val_mgr->GetCount(pdu->msg_type()));
|
||||
rv->Assign(7, val_mgr->GetCount(pdu->length()));
|
||||
rv->Assign(8, val_mgr->GetCount(pdu->teid()));
|
||||
rv->Assign(6, val_mgr->Count(pdu->msg_type()));
|
||||
rv->Assign(7, val_mgr->Count(pdu->length()));
|
||||
rv->Assign(8, val_mgr->Count(pdu->teid()));
|
||||
|
||||
if ( pdu->has_opt() )
|
||||
{
|
||||
rv->Assign(9, val_mgr->GetCount(pdu->opt_hdr()->seq()));
|
||||
rv->Assign(10, val_mgr->GetCount(pdu->opt_hdr()->n_pdu()));
|
||||
rv->Assign(11, val_mgr->GetCount(pdu->opt_hdr()->next_type()));
|
||||
rv->Assign(9, val_mgr->Count(pdu->opt_hdr()->seq()));
|
||||
rv->Assign(10, val_mgr->Count(pdu->opt_hdr()->n_pdu()));
|
||||
rv->Assign(11, val_mgr->Count(pdu->opt_hdr()->next_type()));
|
||||
}
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
Val* BuildIMSI(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildIMSI(const InformationElement* ie)
|
||||
{
|
||||
return val_mgr->GetCount(ie->imsi()->value());
|
||||
return val_mgr->Count(ie->imsi()->value());
|
||||
}
|
||||
|
||||
Val* BuildRAI(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildRAI(const InformationElement* ie)
|
||||
{
|
||||
RecordVal* ev = new RecordVal(BifType::Record::gtp_rai);
|
||||
ev->Assign(0, val_mgr->GetCount(ie->rai()->mcc()));
|
||||
ev->Assign(1, val_mgr->GetCount(ie->rai()->mnc()));
|
||||
ev->Assign(2, val_mgr->GetCount(ie->rai()->lac()));
|
||||
ev->Assign(3, val_mgr->GetCount(ie->rai()->rac()));
|
||||
auto ev = make_intrusive<RecordVal>(BifType::Record::gtp_rai);
|
||||
ev->Assign(0, val_mgr->Count(ie->rai()->mcc()));
|
||||
ev->Assign(1, val_mgr->Count(ie->rai()->mnc()));
|
||||
ev->Assign(2, val_mgr->Count(ie->rai()->lac()));
|
||||
ev->Assign(3, val_mgr->Count(ie->rai()->rac()));
|
||||
return ev;
|
||||
}
|
||||
|
||||
Val* BuildRecovery(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildRecovery(const InformationElement* ie)
|
||||
{
|
||||
return val_mgr->GetCount(ie->recovery()->restart_counter());
|
||||
return val_mgr->Count(ie->recovery()->restart_counter());
|
||||
}
|
||||
|
||||
Val* BuildSelectionMode(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildSelectionMode(const InformationElement* ie)
|
||||
{
|
||||
return val_mgr->GetCount(ie->selection_mode()->mode());
|
||||
return val_mgr->Count(ie->selection_mode()->mode());
|
||||
}
|
||||
|
||||
Val* BuildTEID1(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildTEID1(const InformationElement* ie)
|
||||
{
|
||||
return val_mgr->GetCount(ie->teid1()->value());
|
||||
return val_mgr->Count(ie->teid1()->value());
|
||||
}
|
||||
|
||||
Val* BuildTEID_ControlPlane(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildTEID_ControlPlane(const InformationElement* ie)
|
||||
{
|
||||
return val_mgr->GetCount(ie->teidcp()->value());
|
||||
return val_mgr->Count(ie->teidcp()->value());
|
||||
}
|
||||
|
||||
Val* BuildNSAPI(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildNSAPI(const InformationElement* ie)
|
||||
{
|
||||
return val_mgr->GetCount(ie->nsapi()->nsapi());
|
||||
return val_mgr->Count(ie->nsapi()->nsapi());
|
||||
}
|
||||
|
||||
Val* BuildChargingCharacteristics(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildChargingCharacteristics(const InformationElement* ie)
|
||||
{
|
||||
return val_mgr->GetCount(ie->charging_characteristics()->value());
|
||||
return val_mgr->Count(ie->charging_characteristics()->value());
|
||||
}
|
||||
|
||||
Val* BuildTraceReference(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildTraceReference(const InformationElement* ie)
|
||||
{
|
||||
return val_mgr->GetCount(ie->trace_reference()->value());
|
||||
return val_mgr->Count(ie->trace_reference()->value());
|
||||
}
|
||||
|
||||
Val* BuildTraceType(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildTraceType(const InformationElement* ie)
|
||||
{
|
||||
return val_mgr->GetCount(ie->trace_type()->value());
|
||||
return val_mgr->Count(ie->trace_type()->value());
|
||||
}
|
||||
|
||||
Val* BuildEndUserAddr(const InformationElement* ie)
|
||||
{
|
||||
RecordVal* ev = new RecordVal(BifType::Record::gtp_end_user_addr);
|
||||
ev->Assign(0, val_mgr->GetCount(ie->end_user_addr()->pdp_type_org()));
|
||||
ev->Assign(1, val_mgr->GetCount(ie->end_user_addr()->pdp_type_num()));
|
||||
ev->Assign(0, val_mgr->Count(ie->end_user_addr()->pdp_type_org()));
|
||||
ev->Assign(1, val_mgr->Count(ie->end_user_addr()->pdp_type_num()));
|
||||
|
||||
int len = ie->end_user_addr()->pdp_addr().length();
|
||||
|
||||
|
|
@ -161,7 +161,7 @@ Val* BuildQoS_Profile(const InformationElement* ie)
|
|||
const u_char* d = (const u_char*) ie->qos_profile()->data().data();
|
||||
int len = ie->qos_profile()->data().length();
|
||||
|
||||
ev->Assign(0, val_mgr->GetCount(ie->qos_profile()->alloc_retention_priority()));
|
||||
ev->Assign(0, val_mgr->Count(ie->qos_profile()->alloc_retention_priority()));
|
||||
ev->Assign(1, make_intrusive<StringVal>(new BroString(d, len, false)));
|
||||
|
||||
return ev;
|
||||
|
|
@ -195,15 +195,15 @@ Val* BuildPrivateExt(const InformationElement* ie)
|
|||
const uint8* d = ie->private_ext()->value().data();
|
||||
int len = ie->private_ext()->value().length();
|
||||
|
||||
ev->Assign(0, val_mgr->GetCount(ie->private_ext()->id()));
|
||||
ev->Assign(0, val_mgr->Count(ie->private_ext()->id()));
|
||||
ev->Assign(1, make_intrusive<StringVal>(new BroString((const u_char*) d, len, false)));
|
||||
|
||||
return ev;
|
||||
}
|
||||
|
||||
Val* BuildCause(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildCause(const InformationElement* ie)
|
||||
{
|
||||
return val_mgr->GetCount(ie->cause()->value());
|
||||
return val_mgr->Count(ie->cause()->value());
|
||||
}
|
||||
|
||||
static IntrusivePtr<Val> BuildReorderReq(const InformationElement* ie)
|
||||
|
|
@ -211,9 +211,9 @@ static IntrusivePtr<Val> BuildReorderReq(const InformationElement* ie)
|
|||
return val_mgr->Bool(ie->reorder_req()->req());
|
||||
}
|
||||
|
||||
Val* BuildChargingID(const InformationElement* ie)
|
||||
static IntrusivePtr<Val> BuildChargingID(const InformationElement* ie)
|
||||
{
|
||||
return val_mgr->GetCount(ie->charging_id()->value());;
|
||||
return val_mgr->Count(ie->charging_id()->value());;
|
||||
}
|
||||
|
||||
Val* BuildChargingGatewayAddr(const InformationElement* ie)
|
||||
|
|
|
|||
|
|
@ -620,9 +620,9 @@ Val* HTTP_Message::BuildMessageStat(bool interrupted, const char* msg)
|
|||
stat->Assign(field++, make_intrusive<Val>(start_time, TYPE_TIME));
|
||||
stat->Assign(field++, val_mgr->Bool(interrupted));
|
||||
stat->Assign(field++, make_intrusive<StringVal>(msg));
|
||||
stat->Assign(field++, val_mgr->GetCount(body_length));
|
||||
stat->Assign(field++, val_mgr->GetCount(content_gap_length));
|
||||
stat->Assign(field++, val_mgr->GetCount(header_length));
|
||||
stat->Assign(field++, val_mgr->Count(body_length));
|
||||
stat->Assign(field++, val_mgr->Count(content_gap_length));
|
||||
stat->Assign(field++, val_mgr->Count(header_length));
|
||||
return stat;
|
||||
}
|
||||
|
||||
|
|
@ -1172,8 +1172,8 @@ void HTTP_Analyzer::GenStats()
|
|||
if ( http_stats )
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(http_stats_rec);
|
||||
r->Assign(0, val_mgr->GetCount(num_requests));
|
||||
r->Assign(1, val_mgr->GetCount(num_replies));
|
||||
r->Assign(0, val_mgr->Count(num_requests));
|
||||
r->Assign(1, val_mgr->Count(num_replies));
|
||||
r->Assign(2, make_intrusive<Val>(request_version.ToDouble(), TYPE_DOUBLE));
|
||||
r->Assign(3, make_intrusive<Val>(reply_version.ToDouble(), TYPE_DOUBLE));
|
||||
|
||||
|
|
@ -1431,7 +1431,7 @@ void HTTP_Analyzer::HTTP_Reply()
|
|||
EnqueueConnEvent(http_reply,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
make_intrusive<StringVal>(fmt("%.1f", reply_version.ToDouble())),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(reply_code)},
|
||||
val_mgr->Count(reply_code),
|
||||
reply_reason_phrase ?
|
||||
IntrusivePtr{NewRef{}, reply_reason_phrase} :
|
||||
make_intrusive<StringVal>("<empty>")
|
||||
|
|
@ -1684,7 +1684,7 @@ void HTTP_Analyzer::HTTP_EntityData(bool is_orig, BroString* entity_data)
|
|||
EnqueueConnEvent(http_entity_data,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
val_mgr->Bool(is_orig),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(entity_data->Len())},
|
||||
val_mgr->Count(entity_data->Len()),
|
||||
make_intrusive<StringVal>(entity_data)
|
||||
);
|
||||
else
|
||||
|
|
|
|||
|
|
@ -228,10 +228,10 @@ RecordVal* ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len,
|
|||
|
||||
icmp_conn_val->Assign(0, make_intrusive<AddrVal>(Conn()->OrigAddr()));
|
||||
icmp_conn_val->Assign(1, make_intrusive<AddrVal>(Conn()->RespAddr()));
|
||||
icmp_conn_val->Assign(2, val_mgr->GetCount(icmpp->icmp_type));
|
||||
icmp_conn_val->Assign(3, val_mgr->GetCount(icmpp->icmp_code));
|
||||
icmp_conn_val->Assign(4, val_mgr->GetCount(len));
|
||||
icmp_conn_val->Assign(5, val_mgr->GetCount(ip_hdr->TTL()));
|
||||
icmp_conn_val->Assign(2, val_mgr->Count(icmpp->icmp_type));
|
||||
icmp_conn_val->Assign(3, val_mgr->Count(icmpp->icmp_code));
|
||||
icmp_conn_val->Assign(4, val_mgr->Count(len));
|
||||
icmp_conn_val->Assign(5, val_mgr->Count(ip_hdr->TTL()));
|
||||
icmp_conn_val->Assign(6, val_mgr->Bool(icmpv6));
|
||||
}
|
||||
|
||||
|
|
@ -360,9 +360,9 @@ RecordVal* ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
|
|||
id_val->Assign(3, val_mgr->GetPort(dst_port, proto));
|
||||
|
||||
iprec->Assign(0, id_val);
|
||||
iprec->Assign(1, val_mgr->GetCount(ip_len));
|
||||
iprec->Assign(2, val_mgr->GetCount(proto));
|
||||
iprec->Assign(3, val_mgr->GetCount(frag_offset));
|
||||
iprec->Assign(1, val_mgr->Count(ip_len));
|
||||
iprec->Assign(2, val_mgr->Count(proto));
|
||||
iprec->Assign(3, val_mgr->Count(frag_offset));
|
||||
iprec->Assign(4, val_mgr->Bool(bad_hdr_len));
|
||||
iprec->Assign(5, val_mgr->Bool(bad_checksum));
|
||||
iprec->Assign(6, val_mgr->Bool(MF));
|
||||
|
|
@ -419,9 +419,9 @@ RecordVal* ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data)
|
|||
id_val->Assign(3, val_mgr->GetPort(dst_port, proto));
|
||||
|
||||
iprec->Assign(0, id_val);
|
||||
iprec->Assign(1, val_mgr->GetCount(ip_len));
|
||||
iprec->Assign(2, val_mgr->GetCount(proto));
|
||||
iprec->Assign(3, val_mgr->GetCount(frag_offset));
|
||||
iprec->Assign(1, val_mgr->Count(ip_len));
|
||||
iprec->Assign(2, val_mgr->Count(proto));
|
||||
iprec->Assign(3, val_mgr->Count(frag_offset));
|
||||
iprec->Assign(4, val_mgr->Bool(bad_hdr_len));
|
||||
// bad_checksum is always false since IPv6 layer doesn't have a checksum.
|
||||
iprec->Assign(5, val_mgr->False());
|
||||
|
|
@ -474,14 +474,14 @@ void ICMP_Analyzer::UpdateEndpointVal(RecordVal* endp, bool is_orig)
|
|||
int size = is_orig ? request_len : reply_len;
|
||||
if ( size < 0 )
|
||||
{
|
||||
endp->Assign(0, val_mgr->GetCount(0));
|
||||
endp->Assign(1, val_mgr->GetCount(int(ICMP_INACTIVE)));
|
||||
endp->Assign(0, val_mgr->Count(0));
|
||||
endp->Assign(1, val_mgr->Count(int(ICMP_INACTIVE)));
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
endp->Assign(0, val_mgr->GetCount(size));
|
||||
endp->Assign(1, val_mgr->GetCount(int(ICMP_ACTIVE)));
|
||||
endp->Assign(0, val_mgr->Count(size));
|
||||
endp->Assign(1, val_mgr->Count(int(ICMP_ACTIVE)));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -517,8 +517,8 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len,
|
|||
EnqueueConnEvent(f,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(iid)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(iseq)},
|
||||
val_mgr->Count(iid),
|
||||
val_mgr->Count(iseq),
|
||||
make_intrusive<StringVal>(payload)
|
||||
);
|
||||
}
|
||||
|
|
@ -545,13 +545,13 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len,
|
|||
EnqueueConnEvent(f,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(icmpp->icmp_num_addrs)}, // Cur Hop Limit
|
||||
val_mgr->Count(icmpp->icmp_num_addrs), // Cur Hop Limit
|
||||
val_mgr->Bool(icmpp->icmp_wpa & 0x80), // Managed
|
||||
val_mgr->Bool(icmpp->icmp_wpa & 0x40), // Other
|
||||
val_mgr->Bool(icmpp->icmp_wpa & 0x20), // Home Agent
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount((icmpp->icmp_wpa & 0x18)>>3)}, // Pref
|
||||
val_mgr->Count((icmpp->icmp_wpa & 0x18)>>3), // Pref
|
||||
val_mgr->Bool(icmpp->icmp_wpa & 0x04), // Proxy
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(icmpp->icmp_wpa & 0x02)}, // Reserved
|
||||
val_mgr->Count(icmpp->icmp_wpa & 0x02), // Reserved
|
||||
make_intrusive<IntervalVal>((double)ntohs(icmpp->icmp_lifetime), Seconds),
|
||||
make_intrusive<IntervalVal>((double)ntohl(reachable), Milliseconds),
|
||||
make_intrusive<IntervalVal>((double)ntohl(retrans), Milliseconds),
|
||||
|
|
@ -675,7 +675,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp,
|
|||
EnqueueConnEvent(f,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 0, ip_hdr)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(icmpp->icmp_code)},
|
||||
val_mgr->Count(icmpp->icmp_code),
|
||||
IntrusivePtr{AdoptRef{}, ExtractICMP4Context(caplen, data)}
|
||||
);
|
||||
}
|
||||
|
|
@ -713,7 +713,7 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp,
|
|||
EnqueueConnEvent(f,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(icmpp->icmp_code)},
|
||||
val_mgr->Count(icmpp->icmp_code),
|
||||
IntrusivePtr{AdoptRef{}, ExtractICMP6Context(caplen, data)}
|
||||
);
|
||||
}
|
||||
|
|
@ -752,8 +752,8 @@ VectorVal* ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
|
|||
}
|
||||
|
||||
RecordVal* rv = new RecordVal(icmp6_nd_option_type);
|
||||
rv->Assign(0, val_mgr->GetCount(type));
|
||||
rv->Assign(1, val_mgr->GetCount(length));
|
||||
rv->Assign(0, val_mgr->Count(type));
|
||||
rv->Assign(1, val_mgr->Count(length));
|
||||
|
||||
// Adjust length to be in units of bytes, exclude type/length fields.
|
||||
length = length * 8 - 2;
|
||||
|
|
@ -792,7 +792,7 @@ VectorVal* ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
|
|||
uint32_t valid_life = *((const uint32_t*)(data + 2));
|
||||
uint32_t prefer_life = *((const uint32_t*)(data + 6));
|
||||
in6_addr prefix = *((const in6_addr*)(data + 14));
|
||||
info->Assign(0, val_mgr->GetCount(prefix_len));
|
||||
info->Assign(0, val_mgr->Count(prefix_len));
|
||||
info->Assign(1, val_mgr->Bool(L_flag));
|
||||
info->Assign(2, val_mgr->Bool(A_flag));
|
||||
info->Assign(3, make_intrusive<IntervalVal>((double)ntohl(valid_life), Seconds));
|
||||
|
|
@ -825,7 +825,7 @@ VectorVal* ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
|
|||
// MTU option
|
||||
{
|
||||
if ( caplen >= 6 )
|
||||
rv->Assign(5, val_mgr->GetCount(ntohl(*((const uint32_t*)(data + 2)))));
|
||||
rv->Assign(5, val_mgr->Count(ntohl(*((const uint32_t*)(data + 2)))));
|
||||
else
|
||||
set_payload_field = true;
|
||||
|
||||
|
|
|
|||
|
|
@ -588,7 +588,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
|
|||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
val_mgr->Bool(orig),
|
||||
make_intrusive<StringVal>(prefix.c_str()),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(code)},
|
||||
val_mgr->Count(code),
|
||||
make_intrusive<StringVal>(params.c_str())
|
||||
);
|
||||
break;
|
||||
|
|
@ -663,10 +663,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
|
|||
make_intrusive<StringVal>(parts[1].c_str()),
|
||||
make_intrusive<StringVal>(parts[2].c_str()),
|
||||
make_intrusive<AddrVal>(htonl(raw_ip)),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(atoi(parts[4].c_str()))},
|
||||
IntrusivePtr{AdoptRef{}, parts.size() >= 6 ?
|
||||
val_mgr->GetCount(atoi(parts[5].c_str())) :
|
||||
val_mgr->GetCount(0)}
|
||||
val_mgr->Count(atoi(parts[4].c_str())),
|
||||
parts.size() >= 6 ? val_mgr->Count(atoi(parts[5].c_str())) : val_mgr->Count(0)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
|
|||
case PA_PW_SALT:
|
||||
{
|
||||
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
|
||||
type_val->Assign(0, val_mgr->GetCount(element->data_type()));
|
||||
type_val->Assign(0, val_mgr->Count(element->data_type()));
|
||||
type_val->Assign(1, bytestring_to_val(element->pa_data_element()->pa_pw_salt()->encoding()->content()));
|
||||
vv->Assign(vv->Size(), type_val);
|
||||
break;
|
||||
|
|
@ -45,7 +45,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
|
|||
case PA_ENCTYPE_INFO:
|
||||
{
|
||||
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
|
||||
type_val->Assign(0, val_mgr->GetCount(element->data_type()));
|
||||
type_val->Assign(0, val_mgr->Count(element->data_type()));
|
||||
type_val->Assign(1, bytestring_to_val(element->pa_data_element()->pf_enctype_info()->salt()));
|
||||
vv->Assign(vv->Size(), type_val);
|
||||
break;
|
||||
|
|
@ -53,7 +53,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
|
|||
case PA_ENCTYPE_INFO2:
|
||||
{
|
||||
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
|
||||
type_val->Assign(0, val_mgr->GetCount(element->data_type()));
|
||||
type_val->Assign(0, val_mgr->Count(element->data_type()));
|
||||
type_val->Assign(1, bytestring_to_val(element->pa_data_element()->pf_enctype_info2()->salt()));
|
||||
vv->Assign(vv->Size(), type_val);
|
||||
break;
|
||||
|
|
@ -111,7 +111,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
|
|||
if ( ! is_error && element->pa_data_element()->unknown()->meta()->length() > 0 )
|
||||
{
|
||||
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
|
||||
type_val->Assign(0, val_mgr->GetCount(element->data_type()));
|
||||
type_val->Assign(0, val_mgr->Count(element->data_type()));
|
||||
type_val->Assign(1, bytestring_to_val(element->pa_data_element()->unknown()->content()));
|
||||
vv->Assign(vv->Size(), type_val);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ function get_login_state%(cid: conn_id%): count
|
|||
if ( ! la )
|
||||
return val_mgr->False();
|
||||
|
||||
return val_mgr->GetCount(int(static_cast<analyzer::login::Login_Analyzer*>(la)->LoginState()));
|
||||
return val_mgr->Count(int(static_cast<analyzer::login::Login_Analyzer*>(la)->LoginState()));
|
||||
%}
|
||||
|
||||
## Sets the login state of a connection with a login analyzer.
|
||||
|
|
|
|||
|
|
@ -1303,14 +1303,12 @@ TableVal* MIME_Message::BuildHeaderTable(MIME_HeaderList& hlist)
|
|||
|
||||
for ( unsigned int i = 0; i < hlist.size(); ++i )
|
||||
{
|
||||
Val* index = val_mgr->GetCount(i+1); // index starting from 1
|
||||
auto index = val_mgr->Count(i + 1); // index starting from 1
|
||||
|
||||
MIME_Header* h = hlist[i];
|
||||
RecordVal* header_record = BuildHeaderVal(h);
|
||||
|
||||
t->Assign(index, header_record);
|
||||
|
||||
Unref(index);
|
||||
t->Assign(index.get(), header_record);
|
||||
}
|
||||
|
||||
return t;
|
||||
|
|
@ -1367,7 +1365,7 @@ void MIME_Mail::Done()
|
|||
|
||||
analyzer->EnqueueConnEvent(mime_content_hash,
|
||||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(content_hash_length)},
|
||||
val_mgr->Count(content_hash_length),
|
||||
make_intrusive<StringVal>(new BroString(true, digest, 16))
|
||||
);
|
||||
}
|
||||
|
|
@ -1407,7 +1405,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */)
|
|||
|
||||
analyzer->EnqueueConnEvent(mime_entity_data,
|
||||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(s->Len())},
|
||||
val_mgr->Count(s->Len()),
|
||||
make_intrusive<StringVal>(s)
|
||||
);
|
||||
|
||||
|
|
@ -1474,7 +1472,7 @@ void MIME_Mail::SubmitData(int len, const char* buf)
|
|||
|
||||
analyzer->EnqueueConnEvent(mime_segment_data,
|
||||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(data_len)},
|
||||
val_mgr->Count(data_len),
|
||||
make_intrusive<StringVal>(data_len, data)
|
||||
);
|
||||
}
|
||||
|
|
@ -1521,7 +1519,7 @@ void MIME_Mail::SubmitAllData()
|
|||
|
||||
analyzer->EnqueueConnEvent(mime_all_data,
|
||||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(s->Len())},
|
||||
val_mgr->Count(s->Len()),
|
||||
make_intrusive<StringVal>(s)
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,10 +29,10 @@
|
|||
RecordVal* HeaderToBro(ModbusTCP_TransportHeader *header)
|
||||
{
|
||||
RecordVal* modbus_header = new RecordVal(BifType::Record::ModbusHeaders);
|
||||
modbus_header->Assign(0, val_mgr->GetCount(header->tid()));
|
||||
modbus_header->Assign(1, val_mgr->GetCount(header->pid()));
|
||||
modbus_header->Assign(2, val_mgr->GetCount(header->uid()));
|
||||
modbus_header->Assign(3, val_mgr->GetCount(header->fc()));
|
||||
modbus_header->Assign(0, val_mgr->Count(header->tid()));
|
||||
modbus_header->Assign(1, val_mgr->Count(header->pid()));
|
||||
modbus_header->Assign(2, val_mgr->Count(header->uid()));
|
||||
modbus_header->Assign(3, val_mgr->Count(header->fc()));
|
||||
return modbus_header;
|
||||
}
|
||||
|
||||
|
|
@ -213,7 +213,7 @@ refine flow ModbusTCP_Flow += {
|
|||
VectorVal* t = new VectorVal(BifType::Vector::ModbusRegisters);
|
||||
for ( unsigned int i=0; i < ${message.registers}->size(); ++i )
|
||||
{
|
||||
Val* r = val_mgr->GetCount(${message.registers[i]});
|
||||
auto r = val_mgr->Count(${message.registers[i]});
|
||||
t->Assign(i, r);
|
||||
}
|
||||
|
||||
|
|
@ -256,7 +256,7 @@ refine flow ModbusTCP_Flow += {
|
|||
VectorVal* t = new VectorVal(BifType::Vector::ModbusRegisters);
|
||||
for ( unsigned int i=0; i < (${message.registers})->size(); ++i )
|
||||
{
|
||||
Val* r = val_mgr->GetCount(${message.registers[i]});
|
||||
auto r = val_mgr->Count(${message.registers[i]});
|
||||
t->Assign(i, r);
|
||||
}
|
||||
|
||||
|
|
@ -399,7 +399,7 @@ refine flow ModbusTCP_Flow += {
|
|||
VectorVal * t = new VectorVal(BifType::Vector::ModbusRegisters);
|
||||
for ( unsigned int i = 0; i < (${message.registers}->size()); ++i )
|
||||
{
|
||||
Val* r = val_mgr->GetCount(${message.registers[i]});
|
||||
auto r = val_mgr->Count(${message.registers[i]});
|
||||
t->Assign(i, r);
|
||||
}
|
||||
|
||||
|
|
@ -435,13 +435,13 @@ refine flow ModbusTCP_Flow += {
|
|||
//VectorVal *t = create_vector_of_count();
|
||||
//for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
|
||||
// {
|
||||
// Val* r = val_mgr->GetCount((${message.references[i].ref_type}));
|
||||
// auto r = val_mgr->Count((${message.references[i].ref_type}));
|
||||
// t->Assign(i, r);
|
||||
//
|
||||
// Val* k = val_mgr->GetCount((${message.references[i].file_num}));
|
||||
// auto k = val_mgr->Count((${message.references[i].file_num}));
|
||||
// t->Assign(i, k);
|
||||
//
|
||||
// Val* l = val_mgr->GetCount((${message.references[i].record_num}));
|
||||
// auto l = val_mgr->Count((${message.references[i].record_num}));
|
||||
// t->Assign(i, l);
|
||||
// }
|
||||
|
||||
|
|
@ -462,7 +462,7 @@ refine flow ModbusTCP_Flow += {
|
|||
//for ( unsigned int i = 0; i < ${message.references}->size(); ++i )
|
||||
// {
|
||||
// //TODO: work the reference type in here somewhere
|
||||
// Val* r = val_mgr->GetCount(${message.references[i].record_data}));
|
||||
// auto r = val_mgr->Count(${message.references[i].record_data}));
|
||||
// t->Assign(i, r);
|
||||
// }
|
||||
|
||||
|
|
@ -482,18 +482,18 @@ refine flow ModbusTCP_Flow += {
|
|||
//VectorVal* t = create_vector_of_count();
|
||||
//for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
|
||||
// {
|
||||
// Val* r = val_mgr->GetCount((${message.references[i].ref_type}));
|
||||
// auto r = val_mgr->Count((${message.references[i].ref_type}));
|
||||
// t->Assign(i, r);
|
||||
//
|
||||
// Val* k = val_mgr->GetCount((${message.references[i].file_num}));
|
||||
// auto k = val_mgr->Count((${message.references[i].file_num}));
|
||||
// t->Assign(i, k);
|
||||
//
|
||||
// Val* n = val_mgr->GetCount((${message.references[i].record_num}));
|
||||
// auto n = val_mgr->Count((${message.references[i].record_num}));
|
||||
// t->Assign(i, n);
|
||||
//
|
||||
// for ( unsigned int j = 0; j < (${message.references[i].register_value}->size()); ++j )
|
||||
// {
|
||||
// k = val_mgr->GetCount((${message.references[i].register_value[j]}));
|
||||
// k = val_mgr->Count((${message.references[i].register_value[j]}));
|
||||
// t->Assign(i, k);
|
||||
// }
|
||||
// }
|
||||
|
|
@ -515,18 +515,18 @@ refine flow ModbusTCP_Flow += {
|
|||
//VectorVal* t = create_vector_of_count();
|
||||
//for ( unsigned int i = 0; i < (${messages.references}->size()); ++i )
|
||||
// {
|
||||
// Val* r = val_mgr->GetCount((${message.references[i].ref_type}));
|
||||
// auto r = val_mgr->Count((${message.references[i].ref_type}));
|
||||
// t->Assign(i, r);
|
||||
//
|
||||
// Val* f = val_mgr->GetCount((${message.references[i].file_num}));
|
||||
// auto f = val_mgr->Count((${message.references[i].file_num}));
|
||||
// t->Assign(i, f);
|
||||
//
|
||||
// Val* rn = val_mgr->GetCount((${message.references[i].record_num}));
|
||||
// auto rn = val_mgr->Count((${message.references[i].record_num}));
|
||||
// t->Assign(i, rn);
|
||||
//
|
||||
// for ( unsigned int j = 0; j<(${message.references[i].register_value}->size()); ++j )
|
||||
// {
|
||||
// Val* k = val_mgr->GetCount((${message.references[i].register_value[j]}));
|
||||
// auto k = val_mgr->Count((${message.references[i].register_value[j]}));
|
||||
// t->Assign(i, k);
|
||||
// }
|
||||
|
||||
|
|
@ -583,7 +583,7 @@ refine flow ModbusTCP_Flow += {
|
|||
VectorVal* t = new VectorVal(BifType::Vector::ModbusRegisters);
|
||||
for ( unsigned int i = 0; i < ${message.write_register_values}->size(); ++i )
|
||||
{
|
||||
Val* r = val_mgr->GetCount(${message.write_register_values[i]});
|
||||
auto r = val_mgr->Count(${message.write_register_values[i]});
|
||||
t->Assign(i, r);
|
||||
}
|
||||
|
||||
|
|
@ -614,7 +614,7 @@ refine flow ModbusTCP_Flow += {
|
|||
VectorVal* t = new VectorVal(BifType::Vector::ModbusRegisters);
|
||||
for ( unsigned int i = 0; i < ${message.registers}->size(); ++i )
|
||||
{
|
||||
Val* r = val_mgr->GetCount(${message.registers[i]});
|
||||
auto r = val_mgr->Count(${message.registers[i]});
|
||||
t->Assign(i, r);
|
||||
}
|
||||
|
||||
|
|
@ -657,7 +657,7 @@ refine flow ModbusTCP_Flow += {
|
|||
VectorVal* t = create_vector_of_count();
|
||||
for ( unsigned int i = 0; i < (${message.register_data})->size(); ++i )
|
||||
{
|
||||
Val* r = val_mgr->GetCount(${message.register_data[i]});
|
||||
auto r = val_mgr->Count(${message.register_data[i]});
|
||||
t->Assign(i, r);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ refine flow MQTT_Flow += {
|
|||
if ( mqtt_connack )
|
||||
{
|
||||
auto m = new RecordVal(BifType::Record::MQTT::ConnectAckMsg);
|
||||
m->Assign(0, val_mgr->GetCount(${msg.return_code}));
|
||||
m->Assign(0, val_mgr->Count(${msg.return_code}));
|
||||
m->Assign(1, val_mgr->Bool(${msg.session_present}));
|
||||
BifEvent::generate_mqtt_connack(connection()->bro_analyzer(),
|
||||
connection()->bro_analyzer()->Conn(),
|
||||
|
|
|
|||
|
|
@ -47,14 +47,14 @@ refine flow MQTT_Flow += {
|
|||
auto m = new RecordVal(BifType::Record::MQTT::ConnectMsg);
|
||||
m->Assign(0, make_intrusive<StringVal>(${msg.protocol_name.str}.length(),
|
||||
reinterpret_cast<const char*>(${msg.protocol_name.str}.begin())));
|
||||
m->Assign(1, val_mgr->GetCount(${msg.protocol_version}));
|
||||
m->Assign(1, val_mgr->Count(${msg.protocol_version}));
|
||||
m->Assign(2, make_intrusive<StringVal>(${msg.client_id.str}.length(),
|
||||
reinterpret_cast<const char*>(${msg.client_id.str}.begin())));
|
||||
m->Assign(3, make_intrusive<IntervalVal>(double(${msg.keep_alive}), Seconds));
|
||||
|
||||
m->Assign(4, val_mgr->Bool(${msg.clean_session}));
|
||||
m->Assign(5, val_mgr->Bool(${msg.will_retain}));
|
||||
m->Assign(6, val_mgr->GetCount(${msg.will_qos}));
|
||||
m->Assign(6, val_mgr->Count(${msg.will_qos}));
|
||||
|
||||
if ( ${msg.will_flag} )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ refine flow MQTT_Flow += {
|
|||
{
|
||||
auto m = new RecordVal(BifType::Record::MQTT::PublishMsg);
|
||||
m->Assign(0, val_mgr->Bool(${msg.dup}));
|
||||
m->Assign(1, val_mgr->GetCount(${msg.qos}));
|
||||
m->Assign(1, val_mgr->Count(${msg.qos}));
|
||||
m->Assign(2, val_mgr->Bool(${msg.retain}));
|
||||
m->Assign(3, new StringVal(${msg.topic.str}.length(),
|
||||
reinterpret_cast<const char*>(${msg.topic.str}.begin())));
|
||||
|
|
@ -39,7 +39,7 @@ refine flow MQTT_Flow += {
|
|||
m->Assign(4, new StringVal(len,
|
||||
reinterpret_cast<const char*>(${msg.payload}.begin())));
|
||||
|
||||
m->Assign(5, val_mgr->GetCount(${msg.payload}.length()));
|
||||
m->Assign(5, val_mgr->Count(${msg.payload}.length()));
|
||||
|
||||
BifEvent::generate_mqtt_publish(connection()->bro_analyzer(),
|
||||
connection()->bro_analyzer()->Conn(),
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ refine flow MQTT_Flow += {
|
|||
{
|
||||
auto subscribe_topic = new StringVal(${topic.name.str}.length(),
|
||||
reinterpret_cast<const char*>(${topic.name.str}.begin()));
|
||||
auto qos = val_mgr->GetCount(${topic.requested_QoS});
|
||||
auto qos = val_mgr->Count(${topic.requested_QoS});
|
||||
topics->Assign(topics->Size(), subscribe_topic);
|
||||
qos_levels->Assign(qos_levels->Size(), qos);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -64,18 +64,18 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame)
|
|||
if ( frame->is_orig() )
|
||||
analyzer->EnqueueConnEvent(f,
|
||||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(frame->frame_type())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(frame->body_length())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(req_func)}
|
||||
val_mgr->Count(frame->frame_type()),
|
||||
val_mgr->Count(frame->body_length()),
|
||||
val_mgr->Count(req_func)
|
||||
);
|
||||
else
|
||||
analyzer->EnqueueConnEvent(f,
|
||||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(frame->frame_type())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(frame->body_length())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(req_frame_type)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(req_func)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(frame->reply()->completion_code())}
|
||||
val_mgr->Count(frame->frame_type()),
|
||||
val_mgr->Count(frame->body_length()),
|
||||
val_mgr->Count(req_frame_type),
|
||||
val_mgr->Count(req_func),
|
||||
val_mgr->Count(frame->reply()->completion_code())
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,8 +62,8 @@ void NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags,
|
|||
analyzer->EnqueueConnEvent(netbios_session_message,
|
||||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
val_mgr->Bool(is_query),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(type)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(len)}
|
||||
val_mgr->Count(type),
|
||||
val_mgr->Count(len)
|
||||
);
|
||||
|
||||
switch ( type ) {
|
||||
|
|
|
|||
|
|
@ -49,5 +49,5 @@ function decode_netbios_name_type%(name: string%): count
|
|||
%{
|
||||
const u_char* s = name->Bytes();
|
||||
char return_val = ((toupper(s[30]) - 'A') << 4) + (toupper(s[31]) - 'A');
|
||||
return val_mgr->GetCount(return_val);
|
||||
return val_mgr->Count(return_val);
|
||||
%}
|
||||
|
|
|
|||
|
|
@ -16,10 +16,10 @@ refine connection NTLM_Conn += {
|
|||
function build_version_record(val: NTLM_Version): BroVal
|
||||
%{
|
||||
RecordVal* result = new RecordVal(BifType::Record::NTLM::Version);
|
||||
result->Assign(0, val_mgr->GetCount(${val.major_version}));
|
||||
result->Assign(1, val_mgr->GetCount(${val.minor_version}));
|
||||
result->Assign(2, val_mgr->GetCount(${val.build_number}));
|
||||
result->Assign(3, val_mgr->GetCount(${val.ntlm_revision}));
|
||||
result->Assign(0, val_mgr->Count(${val.major_version}));
|
||||
result->Assign(1, val_mgr->Count(${val.minor_version}));
|
||||
result->Assign(2, val_mgr->Count(${val.build_number}));
|
||||
result->Assign(3, val_mgr->Count(${val.ntlm_revision}));
|
||||
|
||||
return result;
|
||||
%}
|
||||
|
|
@ -66,7 +66,7 @@ refine connection NTLM_Conn += {
|
|||
result->Assign(6, filetime2brotime(${val.pairs[i].timestamp}));
|
||||
break;
|
||||
case 8:
|
||||
result->Assign(7, val_mgr->GetCount(${val.pairs[i].single_host.machine_id}));
|
||||
result->Assign(7, val_mgr->Count(${val.pairs[i].single_host.machine_id}));
|
||||
break;
|
||||
case 9:
|
||||
result->Assign(8, utf16_bytestring_to_utf8_val(bro_analyzer()->Conn(), ${val.pairs[i].target_name.data}));
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ refine flow NTP_Flow += {
|
|||
%{
|
||||
RecordVal* rv = new RecordVal(BifType::Record::NTP::StandardMessage);
|
||||
|
||||
rv->Assign(0, val_mgr->GetCount(${nsm.stratum}));
|
||||
rv->Assign(0, val_mgr->Count(${nsm.stratum}));
|
||||
rv->Assign(1, make_intrusive<Val>(pow(2, ${nsm.poll}), TYPE_INTERVAL));
|
||||
rv->Assign(2, make_intrusive<Val>(pow(2, ${nsm.precision}), TYPE_INTERVAL));
|
||||
rv->Assign(3, proc_ntp_short(${nsm.root_delay}));
|
||||
|
|
@ -67,19 +67,19 @@ refine flow NTP_Flow += {
|
|||
|
||||
if ( ${nsm.mac_len} == 20 )
|
||||
{
|
||||
rv->Assign(12, val_mgr->GetCount(${nsm.mac.key_id}));
|
||||
rv->Assign(12, val_mgr->Count(${nsm.mac.key_id}));
|
||||
rv->Assign(13, bytestring_to_val(${nsm.mac.digest}));
|
||||
}
|
||||
else if ( ${nsm.mac_len} == 24 )
|
||||
{
|
||||
rv->Assign(12, val_mgr->GetCount(${nsm.mac_ext.key_id}));
|
||||
rv->Assign(12, val_mgr->Count(${nsm.mac_ext.key_id}));
|
||||
rv->Assign(13, bytestring_to_val(${nsm.mac_ext.digest}));
|
||||
}
|
||||
|
||||
if ( ${nsm.has_exts} )
|
||||
{
|
||||
// TODO: add extension fields
|
||||
rv->Assign(14, val_mgr->GetCount((uint32) ${nsm.exts}->size()));
|
||||
rv->Assign(14, val_mgr->Count((uint32) ${nsm.exts}->size()));
|
||||
}
|
||||
|
||||
return rv;
|
||||
|
|
@ -90,20 +90,20 @@ refine flow NTP_Flow += {
|
|||
%{
|
||||
RecordVal* rv = new RecordVal(BifType::Record::NTP::ControlMessage);
|
||||
|
||||
rv->Assign(0, val_mgr->GetCount(${ncm.OpCode}));
|
||||
rv->Assign(0, val_mgr->Count(${ncm.OpCode}));
|
||||
rv->Assign(1, val_mgr->Bool(${ncm.R}));
|
||||
rv->Assign(2, val_mgr->Bool(${ncm.E}));
|
||||
rv->Assign(3, val_mgr->Bool(${ncm.M}));
|
||||
rv->Assign(4, val_mgr->GetCount(${ncm.sequence}));
|
||||
rv->Assign(5, val_mgr->GetCount(${ncm.status}));
|
||||
rv->Assign(6, val_mgr->GetCount(${ncm.association_id}));
|
||||
rv->Assign(4, val_mgr->Count(${ncm.sequence}));
|
||||
rv->Assign(5, val_mgr->Count(${ncm.status}));
|
||||
rv->Assign(6, val_mgr->Count(${ncm.association_id}));
|
||||
|
||||
if ( ${ncm.c} > 0 )
|
||||
rv->Assign(7, bytestring_to_val(${ncm.data}));
|
||||
|
||||
if ( ${ncm.has_control_mac} )
|
||||
{
|
||||
rv->Assign(8, val_mgr->GetCount(${ncm.mac.key_id}));
|
||||
rv->Assign(8, val_mgr->Count(${ncm.mac.key_id}));
|
||||
rv->Assign(9, bytestring_to_val(${ncm.mac.crypto_checksum}));
|
||||
}
|
||||
|
||||
|
|
@ -115,11 +115,11 @@ refine flow NTP_Flow += {
|
|||
%{
|
||||
RecordVal* rv = new RecordVal(BifType::Record::NTP::Mode7Message);
|
||||
|
||||
rv->Assign(0, val_mgr->GetCount(${m7.request_code}));
|
||||
rv->Assign(0, val_mgr->Count(${m7.request_code}));
|
||||
rv->Assign(1, val_mgr->Bool(${m7.auth_bit}));
|
||||
rv->Assign(2, val_mgr->GetCount(${m7.sequence}));
|
||||
rv->Assign(3, val_mgr->GetCount(${m7.implementation}));
|
||||
rv->Assign(4, val_mgr->GetCount(${m7.error_code}));
|
||||
rv->Assign(2, val_mgr->Count(${m7.sequence}));
|
||||
rv->Assign(3, val_mgr->Count(${m7.implementation}));
|
||||
rv->Assign(4, val_mgr->Count(${m7.error_code}));
|
||||
|
||||
if ( ${m7.data_len} > 0 )
|
||||
rv->Assign(5, bytestring_to_val(${m7.data}));
|
||||
|
|
@ -136,8 +136,8 @@ refine flow NTP_Flow += {
|
|||
return false;
|
||||
|
||||
RecordVal* rv = new RecordVal(BifType::Record::NTP::Message);
|
||||
rv->Assign(0, val_mgr->GetCount(${msg.version}));
|
||||
rv->Assign(1, val_mgr->GetCount(${msg.mode}));
|
||||
rv->Assign(0, val_mgr->Count(${msg.version}));
|
||||
rv->Assign(1, val_mgr->Count(${msg.mode}));
|
||||
|
||||
// The standard record
|
||||
if ( ${msg.mode} >=1 && ${msg.mode} <= 5 )
|
||||
|
|
|
|||
|
|
@ -8,19 +8,20 @@ refine flow RADIUS_Flow += {
|
|||
return false;
|
||||
|
||||
RecordVal* result = new RecordVal(BifType::Record::RADIUS::Message);
|
||||
result->Assign(0, val_mgr->GetCount(${msg.code}));
|
||||
result->Assign(1, val_mgr->GetCount(${msg.trans_id}));
|
||||
result->Assign(0, val_mgr->Count(${msg.code}));
|
||||
result->Assign(1, val_mgr->Count(${msg.trans_id}));
|
||||
result->Assign(2, bytestring_to_val(${msg.authenticator}));
|
||||
|
||||
if ( ${msg.attributes}->size() )
|
||||
{
|
||||
TableVal* attributes = new TableVal({NewRef{}, BifType::Table::RADIUS::Attributes});
|
||||
|
||||
for ( uint i = 0; i < ${msg.attributes}->size(); ++i ) {
|
||||
Val* index = val_mgr->GetCount(${msg.attributes[i].code});
|
||||
for ( uint i = 0; i < ${msg.attributes}->size(); ++i )
|
||||
{
|
||||
auto index = val_mgr->Count(${msg.attributes[i].code});
|
||||
|
||||
// Do we already have a vector of attributes for this type?
|
||||
auto current = attributes->Lookup(index);
|
||||
auto current = attributes->Lookup(index.get());
|
||||
Val* val = bytestring_to_val(${msg.attributes[i].value});
|
||||
|
||||
if ( current )
|
||||
|
|
@ -33,10 +34,8 @@ refine flow RADIUS_Flow += {
|
|||
{
|
||||
VectorVal* attribute_list = new VectorVal(BifType::Vector::RADIUS::AttributeList);
|
||||
attribute_list->Assign((unsigned int)0, val);
|
||||
attributes->Assign(index, attribute_list);
|
||||
attributes->Assign(index.get(), attribute_list);
|
||||
}
|
||||
|
||||
Unref(index);
|
||||
}
|
||||
|
||||
result->Assign(3, attributes);
|
||||
|
|
|
|||
|
|
@ -73,24 +73,24 @@ refine flow RDP_Flow += {
|
|||
ec_flags->Assign(8, val_mgr->Bool(${ccore.SUPPORT_HEARTBEAT_PDU}));
|
||||
|
||||
RecordVal* ccd = new RecordVal(BifType::Record::RDP::ClientCoreData);
|
||||
ccd->Assign(0, val_mgr->GetCount(${ccore.version_major}));
|
||||
ccd->Assign(1, val_mgr->GetCount(${ccore.version_minor}));
|
||||
ccd->Assign(2, val_mgr->GetCount(${ccore.desktop_width}));
|
||||
ccd->Assign(3, val_mgr->GetCount(${ccore.desktop_height}));
|
||||
ccd->Assign(4, val_mgr->GetCount(${ccore.color_depth}));
|
||||
ccd->Assign(5, val_mgr->GetCount(${ccore.sas_sequence}));
|
||||
ccd->Assign(6, val_mgr->GetCount(${ccore.keyboard_layout}));
|
||||
ccd->Assign(7, val_mgr->GetCount(${ccore.client_build}));
|
||||
ccd->Assign(0, val_mgr->Count(${ccore.version_major}));
|
||||
ccd->Assign(1, val_mgr->Count(${ccore.version_minor}));
|
||||
ccd->Assign(2, val_mgr->Count(${ccore.desktop_width}));
|
||||
ccd->Assign(3, val_mgr->Count(${ccore.desktop_height}));
|
||||
ccd->Assign(4, val_mgr->Count(${ccore.color_depth}));
|
||||
ccd->Assign(5, val_mgr->Count(${ccore.sas_sequence}));
|
||||
ccd->Assign(6, val_mgr->Count(${ccore.keyboard_layout}));
|
||||
ccd->Assign(7, val_mgr->Count(${ccore.client_build}));
|
||||
ccd->Assign(8, utf16_bytestring_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.client_name}));
|
||||
ccd->Assign(9, val_mgr->GetCount(${ccore.keyboard_type}));
|
||||
ccd->Assign(10, val_mgr->GetCount(${ccore.keyboard_sub}));
|
||||
ccd->Assign(11, val_mgr->GetCount(${ccore.keyboard_function_key}));
|
||||
ccd->Assign(9, val_mgr->Count(${ccore.keyboard_type}));
|
||||
ccd->Assign(10, val_mgr->Count(${ccore.keyboard_sub}));
|
||||
ccd->Assign(11, val_mgr->Count(${ccore.keyboard_function_key}));
|
||||
ccd->Assign(12, utf16_bytestring_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.ime_file_name}));
|
||||
ccd->Assign(13, val_mgr->GetCount(${ccore.post_beta2_color_depth}));
|
||||
ccd->Assign(14, val_mgr->GetCount(${ccore.client_product_id}));
|
||||
ccd->Assign(15, val_mgr->GetCount(${ccore.serial_number}));
|
||||
ccd->Assign(16, val_mgr->GetCount(${ccore.high_color_depth}));
|
||||
ccd->Assign(17, val_mgr->GetCount(${ccore.supported_color_depths}));
|
||||
ccd->Assign(13, val_mgr->Count(${ccore.post_beta2_color_depth}));
|
||||
ccd->Assign(14, val_mgr->Count(${ccore.client_product_id}));
|
||||
ccd->Assign(15, val_mgr->Count(${ccore.serial_number}));
|
||||
ccd->Assign(16, val_mgr->Count(${ccore.high_color_depth}));
|
||||
ccd->Assign(17, val_mgr->Count(${ccore.supported_color_depths}));
|
||||
ccd->Assign(18, ec_flags);
|
||||
ccd->Assign(19, utf16_bytestring_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.dig_product_id}));
|
||||
|
||||
|
|
@ -108,8 +108,8 @@ refine flow RDP_Flow += {
|
|||
return false;
|
||||
|
||||
RecordVal* csd = new RecordVal(BifType::Record::RDP::ClientSecurityData);
|
||||
csd->Assign(0, val_mgr->GetCount(${csec.encryption_methods}));
|
||||
csd->Assign(1, val_mgr->GetCount(${csec.ext_encryption_methods}));
|
||||
csd->Assign(0, val_mgr->Count(${csec.encryption_methods}));
|
||||
csd->Assign(1, val_mgr->Count(${csec.ext_encryption_methods}));
|
||||
|
||||
BifEvent::generate_rdp_client_security_data(connection()->bro_analyzer(),
|
||||
connection()->bro_analyzer()->Conn(),
|
||||
|
|
@ -131,7 +131,7 @@ refine flow RDP_Flow += {
|
|||
RecordVal* channel_def = new RecordVal(BifType::Record::RDP::ClientChannelDef);
|
||||
|
||||
channel_def->Assign(0, bytestring_to_val(${cnetwork.channel_def_array[i].name}));
|
||||
channel_def->Assign(1, val_mgr->GetCount(${cnetwork.channel_def_array[i].options}));
|
||||
channel_def->Assign(1, val_mgr->Count(${cnetwork.channel_def_array[i].options}));
|
||||
|
||||
channel_def->Assign(2, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED}));
|
||||
channel_def->Assign(3, val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP}));
|
||||
|
|
@ -162,10 +162,10 @@ refine flow RDP_Flow += {
|
|||
return false;
|
||||
|
||||
RecordVal* ccld = new RecordVal(BifType::Record::RDP::ClientClusterData);
|
||||
ccld->Assign(0, val_mgr->GetCount(${ccluster.flags}));
|
||||
ccld->Assign(1, val_mgr->GetCount(${ccluster.redir_session_id}));
|
||||
ccld->Assign(0, val_mgr->Count(${ccluster.flags}));
|
||||
ccld->Assign(1, val_mgr->Count(${ccluster.redir_session_id}));
|
||||
ccld->Assign(2, val_mgr->Bool(${ccluster.REDIRECTION_SUPPORTED}));
|
||||
ccld->Assign(3, val_mgr->GetCount(${ccluster.SERVER_SESSION_REDIRECTION_VERSION_MASK}));
|
||||
ccld->Assign(3, val_mgr->Count(${ccluster.SERVER_SESSION_REDIRECTION_VERSION_MASK}));
|
||||
ccld->Assign(4, val_mgr->Bool(${ccluster.REDIRECTED_SESSIONID_FIELD_VALID}));
|
||||
ccld->Assign(5, val_mgr->Bool(${ccluster.REDIRECTED_SMARTCARD}));
|
||||
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
|
|||
|
||||
for (size_t i = 0; i < c->AuxGIDs().size(); ++i)
|
||||
{
|
||||
auxgids->Assign(i, val_mgr->GetCount(c->AuxGIDs()[i]));
|
||||
auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i]));
|
||||
}
|
||||
|
||||
auto info = make_intrusive<RecordVal>(BifType::Record::MOUNT3::info_t);
|
||||
|
|
@ -204,13 +204,13 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
|
|||
info->Assign(1, BifType::Enum::MOUNT3::status_t->GetVal(mount_status));
|
||||
info->Assign(2, make_intrusive<Val>(c->StartTime(), TYPE_TIME));
|
||||
info->Assign(3, make_intrusive<Val>(c->LastTime() - c->StartTime(), TYPE_INTERVAL));
|
||||
info->Assign(4, val_mgr->GetCount(c->RPCLen()));
|
||||
info->Assign(4, val_mgr->Count(c->RPCLen()));
|
||||
info->Assign(5, make_intrusive<Val>(rep_start_time, TYPE_TIME));
|
||||
info->Assign(6, make_intrusive<Val>(rep_last_time - rep_start_time, TYPE_INTERVAL));
|
||||
info->Assign(7, val_mgr->GetCount(reply_len));
|
||||
info->Assign(8, val_mgr->GetCount(c->Uid()));
|
||||
info->Assign(9, val_mgr->GetCount(c->Gid()));
|
||||
info->Assign(10, val_mgr->GetCount(c->Stamp()));
|
||||
info->Assign(7, val_mgr->Count(reply_len));
|
||||
info->Assign(8, val_mgr->Count(c->Uid()));
|
||||
info->Assign(9, val_mgr->Count(c->Gid()));
|
||||
info->Assign(10, val_mgr->Count(c->Stamp()));
|
||||
info->Assign(11, make_intrusive<StringVal>(c->MachineName()));
|
||||
info->Assign(12, std::move(auxgids));
|
||||
|
||||
|
|
|
|||
|
|
@ -331,20 +331,20 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_
|
|||
auto auxgids = make_intrusive<VectorVal>(internal_type("index_vec")->AsVectorType());
|
||||
|
||||
for ( size_t i = 0; i < c->AuxGIDs().size(); ++i )
|
||||
auxgids->Assign(i, val_mgr->GetCount(c->AuxGIDs()[i]));
|
||||
auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i]));
|
||||
|
||||
auto info = make_intrusive<RecordVal>(BifType::Record::NFS3::info_t);
|
||||
info->Assign(0, BifType::Enum::rpc_status->GetVal(rpc_status));
|
||||
info->Assign(1, BifType::Enum::NFS3::status_t->GetVal(nfs_status));
|
||||
info->Assign(2, make_intrusive<Val>(c->StartTime(), TYPE_TIME));
|
||||
info->Assign(3, make_intrusive<Val>(c->LastTime()-c->StartTime(), TYPE_INTERVAL));
|
||||
info->Assign(4, val_mgr->GetCount(c->RPCLen()));
|
||||
info->Assign(4, val_mgr->Count(c->RPCLen()));
|
||||
info->Assign(5, make_intrusive<Val>(rep_start_time, TYPE_TIME));
|
||||
info->Assign(6, make_intrusive<Val>(rep_last_time-rep_start_time, TYPE_INTERVAL));
|
||||
info->Assign(7, val_mgr->GetCount(reply_len));
|
||||
info->Assign(8, val_mgr->GetCount(c->Uid()));
|
||||
info->Assign(9, val_mgr->GetCount(c->Gid()));
|
||||
info->Assign(10, val_mgr->GetCount(c->Stamp()));
|
||||
info->Assign(7, val_mgr->Count(reply_len));
|
||||
info->Assign(8, val_mgr->Count(c->Uid()));
|
||||
info->Assign(9, val_mgr->Count(c->Gid()));
|
||||
info->Assign(10, val_mgr->Count(c->Stamp()));
|
||||
info->Assign(11, make_intrusive<StringVal>(c->MachineName()));
|
||||
info->Assign(12, std::move(auxgids));
|
||||
|
||||
|
|
@ -577,7 +577,7 @@ RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3
|
|||
|
||||
rep->Assign(0, nfs3_post_op_attr(buf, n));
|
||||
bytes_read = extract_XDR_uint32(buf, n);
|
||||
rep->Assign(1, val_mgr->GetCount(bytes_read));
|
||||
rep->Assign(1, val_mgr->Count(bytes_read));
|
||||
rep->Assign(2, ExtractBool(buf, n));
|
||||
rep->Assign(3, nfs3_file_data(buf, n, offset, bytes_read));
|
||||
}
|
||||
|
|
@ -660,9 +660,9 @@ RecordVal *NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n)
|
|||
|
||||
writeargs->Assign(0, nfs3_fh(buf, n));
|
||||
offset = extract_XDR_uint64(buf, n);
|
||||
writeargs->Assign(1, val_mgr->GetCount(offset)); // offset
|
||||
writeargs->Assign(1, val_mgr->Count(offset)); // offset
|
||||
bytes = extract_XDR_uint32(buf, n);
|
||||
writeargs->Assign(2, val_mgr->GetCount(bytes)); // size
|
||||
writeargs->Assign(2, val_mgr->Count(bytes)); // size
|
||||
|
||||
writeargs->Assign(3, nfs3_stable_how(buf, n));
|
||||
writeargs->Assign(4, nfs3_file_data(buf, n, offset, bytes));
|
||||
|
|
@ -806,12 +806,12 @@ RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf,
|
|||
|
||||
Val* NFS_Interp::ExtractUint32(const u_char*& buf, int& n)
|
||||
{
|
||||
return val_mgr->GetCount(extract_XDR_uint32(buf, n));
|
||||
return val_mgr->Count(extract_XDR_uint32(buf, n)).release();
|
||||
}
|
||||
|
||||
Val* NFS_Interp::ExtractUint64(const u_char*& buf, int& n)
|
||||
{
|
||||
return val_mgr->GetCount(extract_XDR_uint64(buf, n));
|
||||
return val_mgr->Count(extract_XDR_uint64(buf, n)).release();
|
||||
}
|
||||
|
||||
Val* NFS_Interp::ExtractTime(const u_char*& buf, int& n)
|
||||
|
|
|
|||
|
|
@ -150,9 +150,8 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
|
|||
if ( ! m )
|
||||
break;
|
||||
|
||||
Val* index = val_mgr->GetCount(++nmap);
|
||||
mappings->Assign(index, m);
|
||||
Unref(index);
|
||||
auto index = val_mgr->Count(++nmap);
|
||||
mappings->Assign(index.get(), m);
|
||||
}
|
||||
|
||||
if ( ! buf )
|
||||
|
|
@ -197,8 +196,8 @@ Val* PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
|
|||
{
|
||||
RecordVal* mapping = new RecordVal(pm_mapping);
|
||||
|
||||
mapping->Assign(0, val_mgr->GetCount(extract_XDR_uint32(buf, len)));
|
||||
mapping->Assign(1, val_mgr->GetCount(extract_XDR_uint32(buf, len)));
|
||||
mapping->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
|
||||
mapping->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
|
||||
|
||||
bool is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP;
|
||||
uint32_t port = extract_XDR_uint32(buf, len);
|
||||
|
|
@ -218,8 +217,8 @@ Val* PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
|
|||
{
|
||||
RecordVal* pr = new RecordVal(pm_port_request);
|
||||
|
||||
pr->Assign(0, val_mgr->GetCount(extract_XDR_uint32(buf, len)));
|
||||
pr->Assign(1, val_mgr->GetCount(extract_XDR_uint32(buf, len)));
|
||||
pr->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
|
||||
pr->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
|
||||
|
||||
bool is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP;
|
||||
pr->Assign(2, val_mgr->Bool(is_tcp));
|
||||
|
|
@ -238,13 +237,13 @@ Val* PortmapperInterp::ExtractCallItRequest(const u_char*& buf, int& len)
|
|||
{
|
||||
RecordVal* c = new RecordVal(pm_callit_request);
|
||||
|
||||
c->Assign(0, val_mgr->GetCount(extract_XDR_uint32(buf, len)));
|
||||
c->Assign(1, val_mgr->GetCount(extract_XDR_uint32(buf, len)));
|
||||
c->Assign(2, val_mgr->GetCount(extract_XDR_uint32(buf, len)));
|
||||
c->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
|
||||
c->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
|
||||
c->Assign(2, val_mgr->Count(extract_XDR_uint32(buf, len)));
|
||||
|
||||
int arg_n;
|
||||
(void) extract_XDR_opaque(buf, len, arg_n);
|
||||
c->Assign(3, val_mgr->GetCount(arg_n));
|
||||
c->Assign(3, val_mgr->Count(arg_n));
|
||||
|
||||
if ( ! buf )
|
||||
{
|
||||
|
|
@ -263,7 +262,7 @@ uint32_t PortmapperInterp::CheckPort(uint32_t port)
|
|||
{
|
||||
analyzer->EnqueueConnEvent(pm_bad_port,
|
||||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(port)}
|
||||
val_mgr->Count(port)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -340,13 +340,13 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st
|
|||
if ( rpc_dialogue )
|
||||
analyzer->EnqueueConnEvent(rpc_dialogue,
|
||||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(c->Program())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(c->Version())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(c->Proc())},
|
||||
val_mgr->Count(c->Program()),
|
||||
val_mgr->Count(c->Version()),
|
||||
val_mgr->Count(c->Proc()),
|
||||
BifType::Enum::rpc_status->GetVal(status),
|
||||
make_intrusive<Val>(c->StartTime(), TYPE_TIME),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(c->CallLen())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(reply_len)}
|
||||
val_mgr->Count(c->CallLen()),
|
||||
val_mgr->Count(reply_len)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -355,11 +355,11 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c)
|
|||
if ( rpc_call )
|
||||
analyzer->EnqueueConnEvent(rpc_call,
|
||||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(c->XID())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(c->Program())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(c->Version())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(c->Proc())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(c->CallLen())}
|
||||
val_mgr->Count(c->XID()),
|
||||
val_mgr->Count(c->Program()),
|
||||
val_mgr->Count(c->Version()),
|
||||
val_mgr->Count(c->Proc()),
|
||||
val_mgr->Count(c->CallLen())
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -368,9 +368,9 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status,
|
|||
if ( rpc_reply )
|
||||
analyzer->EnqueueConnEvent(rpc_reply,
|
||||
IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(xid)},
|
||||
val_mgr->Count(xid),
|
||||
BifType::Enum::rpc_status->GetVal(status),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(reply_len)}
|
||||
val_mgr->Count(reply_len)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -69,9 +69,8 @@ refine flow SIP_Flow += {
|
|||
|
||||
for ( unsigned int i = 0; i < headers.size(); ++i )
|
||||
{ // index starting from 1
|
||||
Val* index = val_mgr->GetCount(i + 1);
|
||||
t->Assign(index, headers[i]);
|
||||
Unref(index);
|
||||
auto index = val_mgr->Count(i + 1);
|
||||
t->Assign(index.get(), headers[i]);
|
||||
}
|
||||
|
||||
return t;
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ refine connection SMB_Conn += {
|
|||
{
|
||||
case 0x01:
|
||||
core = new RecordVal(BifType::Record::SMB1::NegotiateResponseCore);
|
||||
core->Assign(0, val_mgr->GetCount(${val.dialect_index}));
|
||||
core->Assign(0, val_mgr->Count(${val.dialect_index}));
|
||||
|
||||
response->Assign(0, core);
|
||||
break;
|
||||
|
|
@ -61,15 +61,15 @@ refine connection SMB_Conn += {
|
|||
raw->Assign(1, val_mgr->Bool(${val.lanman.raw_write_supported}));
|
||||
|
||||
lanman = new RecordVal(BifType::Record::SMB1::NegotiateResponseLANMAN);
|
||||
lanman->Assign(0, val_mgr->GetCount(${val.word_count}));
|
||||
lanman->Assign(1, val_mgr->GetCount(${val.dialect_index}));
|
||||
lanman->Assign(0, val_mgr->Count(${val.word_count}));
|
||||
lanman->Assign(1, val_mgr->Count(${val.dialect_index}));
|
||||
lanman->Assign(2, security);
|
||||
lanman->Assign(3, val_mgr->GetCount(${val.lanman.max_buffer_size}));
|
||||
lanman->Assign(4, val_mgr->GetCount(${val.lanman.max_mpx_count}));
|
||||
lanman->Assign(3, val_mgr->Count(${val.lanman.max_buffer_size}));
|
||||
lanman->Assign(4, val_mgr->Count(${val.lanman.max_mpx_count}));
|
||||
|
||||
lanman->Assign(5, val_mgr->GetCount(${val.lanman.max_number_vcs}));
|
||||
lanman->Assign(5, val_mgr->Count(${val.lanman.max_number_vcs}));
|
||||
lanman->Assign(6, raw);
|
||||
lanman->Assign(7, val_mgr->GetCount(${val.lanman.session_key}));
|
||||
lanman->Assign(7, val_mgr->Count(${val.lanman.session_key}));
|
||||
lanman->Assign(8, time_from_lanman(${val.lanman.server_time}, ${val.lanman.server_date}, ${val.lanman.server_tz}));
|
||||
lanman->Assign(9, bytestring_to_val(${val.lanman.encryption_key}));
|
||||
|
||||
|
|
@ -109,15 +109,15 @@ refine connection SMB_Conn += {
|
|||
capabilities->Assign(17, val_mgr->Bool(${val.ntlm.capabilities_extended_security}));
|
||||
|
||||
ntlm = new RecordVal(BifType::Record::SMB1::NegotiateResponseNTLM);
|
||||
ntlm->Assign(0, val_mgr->GetCount(${val.word_count}));
|
||||
ntlm->Assign(1, val_mgr->GetCount(${val.dialect_index}));
|
||||
ntlm->Assign(0, val_mgr->Count(${val.word_count}));
|
||||
ntlm->Assign(1, val_mgr->Count(${val.dialect_index}));
|
||||
ntlm->Assign(2, security);
|
||||
ntlm->Assign(3, val_mgr->GetCount(${val.ntlm.max_buffer_size}));
|
||||
ntlm->Assign(4, val_mgr->GetCount(${val.ntlm.max_mpx_count}));
|
||||
ntlm->Assign(3, val_mgr->Count(${val.ntlm.max_buffer_size}));
|
||||
ntlm->Assign(4, val_mgr->Count(${val.ntlm.max_mpx_count}));
|
||||
|
||||
ntlm->Assign(5, val_mgr->GetCount(${val.ntlm.max_number_vcs}));
|
||||
ntlm->Assign(6, val_mgr->GetCount(${val.ntlm.max_raw_size}));
|
||||
ntlm->Assign(7, val_mgr->GetCount(${val.ntlm.session_key}));
|
||||
ntlm->Assign(5, val_mgr->Count(${val.ntlm.max_number_vcs}));
|
||||
ntlm->Assign(6, val_mgr->Count(${val.ntlm.max_raw_size}));
|
||||
ntlm->Assign(7, val_mgr->Count(${val.ntlm.session_key}));
|
||||
ntlm->Assign(8, capabilities);
|
||||
ntlm->Assign(9, filetime2brotime(${val.ntlm.server_time}));
|
||||
|
||||
|
|
|
|||
|
|
@ -15,13 +15,13 @@ refine connection SMB_Conn += {
|
|||
RecordVal* request = new RecordVal(BifType::Record::SMB1::SessionSetupAndXRequest);
|
||||
RecordVal* capabilities;
|
||||
|
||||
request->Assign(0, val_mgr->GetCount(${val.word_count}));
|
||||
request->Assign(0, val_mgr->Count(${val.word_count}));
|
||||
switch ( ${val.word_count} ) {
|
||||
case 10: // pre NT LM 0.12
|
||||
request->Assign(1, val_mgr->GetCount(${val.lanman.max_buffer_size}));
|
||||
request->Assign(2, val_mgr->GetCount(${val.lanman.max_mpx_count}));
|
||||
request->Assign(3, val_mgr->GetCount(${val.lanman.vc_number}));
|
||||
request->Assign(4, val_mgr->GetCount(${val.lanman.session_key}));
|
||||
request->Assign(1, val_mgr->Count(${val.lanman.max_buffer_size}));
|
||||
request->Assign(2, val_mgr->Count(${val.lanman.max_mpx_count}));
|
||||
request->Assign(3, val_mgr->Count(${val.lanman.vc_number}));
|
||||
request->Assign(4, val_mgr->Count(${val.lanman.session_key}));
|
||||
|
||||
request->Assign(5, smb_string2stringval(${val.lanman.native_os}));
|
||||
request->Assign(6, smb_string2stringval(${val.lanman.native_lanman}));
|
||||
|
|
@ -39,10 +39,10 @@ refine connection SMB_Conn += {
|
|||
capabilities->Assign(4, val_mgr->Bool(${val.ntlm_extended_security.capabilities.level_2_oplocks}));
|
||||
capabilities->Assign(5, val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_find}));
|
||||
|
||||
request->Assign(1, val_mgr->GetCount(${val.ntlm_extended_security.max_buffer_size}));
|
||||
request->Assign(2, val_mgr->GetCount(${val.ntlm_extended_security.max_mpx_count}));
|
||||
request->Assign(3, val_mgr->GetCount(${val.ntlm_extended_security.vc_number}));
|
||||
request->Assign(4, val_mgr->GetCount(${val.ntlm_extended_security.session_key}));
|
||||
request->Assign(1, val_mgr->Count(${val.ntlm_extended_security.max_buffer_size}));
|
||||
request->Assign(2, val_mgr->Count(${val.ntlm_extended_security.max_mpx_count}));
|
||||
request->Assign(3, val_mgr->Count(${val.ntlm_extended_security.vc_number}));
|
||||
request->Assign(4, val_mgr->Count(${val.ntlm_extended_security.session_key}));
|
||||
|
||||
request->Assign(5, smb_string2stringval(${val.ntlm_extended_security.native_os}));
|
||||
request->Assign(6, smb_string2stringval(${val.ntlm_extended_security.native_lanman}));
|
||||
|
|
@ -59,10 +59,10 @@ refine connection SMB_Conn += {
|
|||
capabilities->Assign(4, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.level_2_oplocks}));
|
||||
capabilities->Assign(5, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_find}));
|
||||
|
||||
request->Assign(1, val_mgr->GetCount(${val.ntlm_nonextended_security.max_buffer_size}));
|
||||
request->Assign(2, val_mgr->GetCount(${val.ntlm_nonextended_security.max_mpx_count}));
|
||||
request->Assign(3, val_mgr->GetCount(${val.ntlm_nonextended_security.vc_number}));
|
||||
request->Assign(4, val_mgr->GetCount(${val.ntlm_nonextended_security.session_key}));
|
||||
request->Assign(1, val_mgr->Count(${val.ntlm_nonextended_security.max_buffer_size}));
|
||||
request->Assign(2, val_mgr->Count(${val.ntlm_nonextended_security.max_mpx_count}));
|
||||
request->Assign(3, val_mgr->Count(${val.ntlm_nonextended_security.vc_number}));
|
||||
request->Assign(4, val_mgr->Count(${val.ntlm_nonextended_security.session_key}));
|
||||
|
||||
request->Assign(5, smb_string2stringval(${val.ntlm_nonextended_security.native_os}));
|
||||
request->Assign(6, smb_string2stringval(${val.ntlm_nonextended_security.native_lanman}));
|
||||
|
|
@ -86,7 +86,7 @@ refine connection SMB_Conn += {
|
|||
{
|
||||
RecordVal* response = new RecordVal(BifType::Record::SMB1::SessionSetupAndXResponse);
|
||||
|
||||
response->Assign(0, val_mgr->GetCount(${val.word_count}));
|
||||
response->Assign(0, val_mgr->Count(${val.word_count}));
|
||||
switch ( ${val.word_count} )
|
||||
{
|
||||
case 3: // pre NT LM 0.12
|
||||
|
|
|
|||
|
|
@ -6,14 +6,14 @@ refine connection SMB_Conn += {
|
|||
return false;
|
||||
|
||||
RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans_Sec_Args);
|
||||
args->Assign(0, val_mgr->GetCount(${val.total_param_count}));
|
||||
args->Assign(1, val_mgr->GetCount(${val.total_data_count}));
|
||||
args->Assign(2, val_mgr->GetCount(${val.param_count}));
|
||||
args->Assign(3, val_mgr->GetCount(${val.param_offset}));
|
||||
args->Assign(4, val_mgr->GetCount(${val.param_displacement}));
|
||||
args->Assign(5, val_mgr->GetCount(${val.data_count}));
|
||||
args->Assign(6, val_mgr->GetCount(${val.data_offset}));
|
||||
args->Assign(7, val_mgr->GetCount(${val.data_displacement}));
|
||||
args->Assign(0, val_mgr->Count(${val.total_param_count}));
|
||||
args->Assign(1, val_mgr->Count(${val.total_data_count}));
|
||||
args->Assign(2, val_mgr->Count(${val.param_count}));
|
||||
args->Assign(3, val_mgr->Count(${val.param_offset}));
|
||||
args->Assign(4, val_mgr->Count(${val.param_displacement}));
|
||||
args->Assign(5, val_mgr->Count(${val.data_count}));
|
||||
args->Assign(6, val_mgr->Count(${val.data_offset}));
|
||||
args->Assign(7, val_mgr->Count(${val.data_displacement}));
|
||||
|
||||
StringVal* parameters = new StringVal(${val.parameters}.length(),
|
||||
(const char*)${val.parameters}.data());
|
||||
|
|
|
|||
|
|
@ -6,15 +6,15 @@ refine connection SMB_Conn += {
|
|||
return false;
|
||||
|
||||
RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans2_Sec_Args);
|
||||
args->Assign(0, val_mgr->GetCount(${val.total_param_count}));
|
||||
args->Assign(1, val_mgr->GetCount(${val.total_data_count}));
|
||||
args->Assign(2, val_mgr->GetCount(${val.param_count}));
|
||||
args->Assign(3, val_mgr->GetCount(${val.param_offset}));
|
||||
args->Assign(4, val_mgr->GetCount(${val.param_displacement}));
|
||||
args->Assign(5, val_mgr->GetCount(${val.data_count}));
|
||||
args->Assign(6, val_mgr->GetCount(${val.data_offset}));
|
||||
args->Assign(7, val_mgr->GetCount(${val.data_displacement}));
|
||||
args->Assign(8, val_mgr->GetCount(${val.FID}));
|
||||
args->Assign(0, val_mgr->Count(${val.total_param_count}));
|
||||
args->Assign(1, val_mgr->Count(${val.total_data_count}));
|
||||
args->Assign(2, val_mgr->Count(${val.param_count}));
|
||||
args->Assign(3, val_mgr->Count(${val.param_offset}));
|
||||
args->Assign(4, val_mgr->Count(${val.param_displacement}));
|
||||
args->Assign(5, val_mgr->Count(${val.data_count}));
|
||||
args->Assign(6, val_mgr->Count(${val.data_offset}));
|
||||
args->Assign(7, val_mgr->Count(${val.data_displacement}));
|
||||
args->Assign(8, val_mgr->Count(${val.FID}));
|
||||
|
||||
StringVal* parameters = new StringVal(${val.parameters}.length(), (const char*)${val.parameters}.data());
|
||||
StringVal* payload = new StringVal(${val.data}.length(), (const char*)${val.data}.data());
|
||||
|
|
|
|||
|
|
@ -25,18 +25,18 @@ refine connection SMB_Conn += {
|
|||
if ( smb1_transaction2_request )
|
||||
{
|
||||
RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans2_Args);
|
||||
args->Assign(0, val_mgr->GetCount(${val.total_param_count}));
|
||||
args->Assign(1, val_mgr->GetCount(${val.total_data_count}));
|
||||
args->Assign(2, val_mgr->GetCount(${val.max_param_count}));
|
||||
args->Assign(3, val_mgr->GetCount(${val.max_data_count}));
|
||||
args->Assign(4, val_mgr->GetCount(${val.max_setup_count}));
|
||||
args->Assign(5, val_mgr->GetCount(${val.flags}));
|
||||
args->Assign(6, val_mgr->GetCount(${val.timeout}));
|
||||
args->Assign(7, val_mgr->GetCount(${val.param_count}));
|
||||
args->Assign(8, val_mgr->GetCount(${val.param_offset}));
|
||||
args->Assign(9, val_mgr->GetCount(${val.data_count}));
|
||||
args->Assign(10, val_mgr->GetCount(${val.data_offset}));
|
||||
args->Assign(11, val_mgr->GetCount(${val.setup_count}));
|
||||
args->Assign(0, val_mgr->Count(${val.total_param_count}));
|
||||
args->Assign(1, val_mgr->Count(${val.total_data_count}));
|
||||
args->Assign(2, val_mgr->Count(${val.max_param_count}));
|
||||
args->Assign(3, val_mgr->Count(${val.max_data_count}));
|
||||
args->Assign(4, val_mgr->Count(${val.max_setup_count}));
|
||||
args->Assign(5, val_mgr->Count(${val.flags}));
|
||||
args->Assign(6, val_mgr->Count(${val.timeout}));
|
||||
args->Assign(7, val_mgr->Count(${val.param_count}));
|
||||
args->Assign(8, val_mgr->Count(${val.param_offset}));
|
||||
args->Assign(9, val_mgr->Count(${val.data_count}));
|
||||
args->Assign(10, val_mgr->Count(${val.data_offset}));
|
||||
args->Assign(11, val_mgr->Count(${val.setup_count}));
|
||||
|
||||
BifEvent::generate_smb1_transaction2_request(bro_analyzer(), bro_analyzer()->Conn(), BuildHeaderVal(header), args, ${val.sub_cmd});
|
||||
}
|
||||
|
|
@ -128,11 +128,11 @@ refine connection SMB_Conn += {
|
|||
if ( smb1_trans2_find_first2_request )
|
||||
{
|
||||
RecordVal* result = new RecordVal(BifType::Record::SMB1::Find_First2_Request_Args);
|
||||
result->Assign(0, val_mgr->GetCount(${val.search_attrs}));
|
||||
result->Assign(1, val_mgr->GetCount(${val.search_count}));
|
||||
result->Assign(2, val_mgr->GetCount(${val.flags}));
|
||||
result->Assign(3, val_mgr->GetCount(${val.info_level}));
|
||||
result->Assign(4, val_mgr->GetCount(${val.search_storage_type}));
|
||||
result->Assign(0, val_mgr->Count(${val.search_attrs}));
|
||||
result->Assign(1, val_mgr->Count(${val.search_count}));
|
||||
result->Assign(2, val_mgr->Count(${val.flags}));
|
||||
result->Assign(3, val_mgr->Count(${val.info_level}));
|
||||
result->Assign(4, val_mgr->Count(${val.search_storage_type}));
|
||||
result->Assign(5, smb_string2stringval(${val.file_name}));
|
||||
BifEvent::generate_smb1_trans2_find_first2_request(bro_analyzer(), bro_analyzer()->Conn(), \
|
||||
BuildHeaderVal(header), result);
|
||||
|
|
|
|||
|
|
@ -21,14 +21,14 @@ refine connection SMB_Conn += {
|
|||
// { // do nothing
|
||||
// }
|
||||
|
||||
r->Assign(0, val_mgr->GetCount(${hdr.command}));
|
||||
r->Assign(1, val_mgr->GetCount(${hdr.status}));
|
||||
r->Assign(2, val_mgr->GetCount(${hdr.flags}));
|
||||
r->Assign(3, val_mgr->GetCount(${hdr.flags2}));
|
||||
r->Assign(4, val_mgr->GetCount(${hdr.tid}));
|
||||
r->Assign(5, val_mgr->GetCount(${hdr.pid}));
|
||||
r->Assign(6, val_mgr->GetCount(${hdr.uid}));
|
||||
r->Assign(7, val_mgr->GetCount(${hdr.mid}));
|
||||
r->Assign(0, val_mgr->Count(${hdr.command}));
|
||||
r->Assign(1, val_mgr->Count(${hdr.status}));
|
||||
r->Assign(2, val_mgr->Count(${hdr.flags}));
|
||||
r->Assign(3, val_mgr->Count(${hdr.flags2}));
|
||||
r->Assign(4, val_mgr->Count(${hdr.tid}));
|
||||
r->Assign(5, val_mgr->Count(${hdr.pid}));
|
||||
r->Assign(6, val_mgr->Count(${hdr.uid}));
|
||||
r->Assign(7, val_mgr->Count(${hdr.mid}));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
|
|||
|
|
@ -22,8 +22,8 @@ refine connection SMB_Conn += {
|
|||
{
|
||||
RecordVal* resp = new RecordVal(BifType::Record::SMB2::CloseResponse);
|
||||
|
||||
resp->Assign(0, val_mgr->GetCount(${val.alloc_size}));
|
||||
resp->Assign(1, val_mgr->GetCount(${val.eof}));
|
||||
resp->Assign(0, val_mgr->Count(${val.alloc_size}));
|
||||
resp->Assign(1, val_mgr->Count(${val.eof}));
|
||||
resp->Assign(2, SMB_BuildMACTimes(${val.last_write_time},
|
||||
${val.last_access_time},
|
||||
${val.creation_time},
|
||||
|
|
|
|||
|
|
@ -17,8 +17,8 @@ refine connection SMB_Conn += {
|
|||
{
|
||||
RecordVal* requestinfo = new RecordVal(BifType::Record::SMB2::CreateRequest);
|
||||
requestinfo->Assign(0, filename);
|
||||
requestinfo->Assign(1, val_mgr->GetCount(${val.disposition}));
|
||||
requestinfo->Assign(2, val_mgr->GetCount(${val.create_options}));
|
||||
requestinfo->Assign(1, val_mgr->Count(${val.disposition}));
|
||||
requestinfo->Assign(2, val_mgr->Count(${val.create_options}));
|
||||
BifEvent::generate_smb2_create_request(bro_analyzer(),
|
||||
bro_analyzer()->Conn(),
|
||||
BuildSMB2HeaderVal(h),
|
||||
|
|
@ -38,13 +38,13 @@ refine connection SMB_Conn += {
|
|||
{
|
||||
RecordVal* responseinfo = new RecordVal(BifType::Record::SMB2::CreateResponse);
|
||||
responseinfo->Assign(0, BuildSMB2GUID(${val.file_id}));
|
||||
responseinfo->Assign(1, val_mgr->GetCount(${val.eof}));
|
||||
responseinfo->Assign(1, val_mgr->Count(${val.eof}));
|
||||
responseinfo->Assign(2, SMB_BuildMACTimes(${val.last_write_time},
|
||||
${val.last_access_time},
|
||||
${val.creation_time},
|
||||
${val.change_time}));
|
||||
responseinfo->Assign(3, smb2_file_attrs_to_bro(${val.file_attrs}));
|
||||
responseinfo->Assign(4, val_mgr->GetCount(${val.create_action}));
|
||||
responseinfo->Assign(4, val_mgr->Count(${val.create_action}));
|
||||
BifEvent::generate_smb2_create_response(bro_analyzer(),
|
||||
bro_analyzer()->Conn(),
|
||||
BuildSMB2HeaderVal(h),
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ refine connection SMB_Conn += {
|
|||
VectorVal* dialects = new VectorVal(index_vec);
|
||||
for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i )
|
||||
{
|
||||
dialects->Assign(i, val_mgr->GetCount((*${val.dialects})[i]));
|
||||
dialects->Assign(i, val_mgr->Count((*${val.dialects})[i]));
|
||||
}
|
||||
BifEvent::generate_smb2_negotiate_request(bro_analyzer(), bro_analyzer()->Conn(),
|
||||
BuildSMB2HeaderVal(h),
|
||||
|
|
@ -41,12 +41,12 @@ refine connection SMB_Conn += {
|
|||
{
|
||||
RecordVal* nr = new RecordVal(BifType::Record::SMB2::NegotiateResponse);
|
||||
|
||||
nr->Assign(0, val_mgr->GetCount(${val.dialect_revision}));
|
||||
nr->Assign(1, val_mgr->GetCount(${val.security_mode}));
|
||||
nr->Assign(0, val_mgr->Count(${val.dialect_revision}));
|
||||
nr->Assign(1, val_mgr->Count(${val.security_mode}));
|
||||
nr->Assign(2, BuildSMB2GUID(${val.server_guid}));
|
||||
nr->Assign(3, filetime2brotime(${val.system_time}));
|
||||
nr->Assign(4, filetime2brotime(${val.server_start_time}));
|
||||
nr->Assign(5, val_mgr->GetCount(${val.negotiate_context_count}));
|
||||
nr->Assign(5, val_mgr->Count(${val.negotiate_context_count}));
|
||||
|
||||
VectorVal* cv = new VectorVal(BifType::Vector::SMB2::NegotiateContextValues);
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ refine connection SMB_Conn += {
|
|||
if ( smb2_session_setup_request )
|
||||
{
|
||||
RecordVal* req = new RecordVal(BifType::Record::SMB2::SessionSetupRequest);
|
||||
req->Assign(0, val_mgr->GetCount(${val.security_mode}));
|
||||
req->Assign(0, val_mgr->Count(${val.security_mode}));
|
||||
|
||||
BifEvent::generate_smb2_session_setup_request(bro_analyzer(),
|
||||
bro_analyzer()->Conn(),
|
||||
|
|
|
|||
|
|
@ -196,9 +196,9 @@ refine connection SMB_Conn += {
|
|||
r->Assign(0, val_mgr->Int(${val.free_space_start_filtering}));
|
||||
r->Assign(1, val_mgr->Int(${val.free_space_start_threshold}));
|
||||
r->Assign(2, val_mgr->Int(${val.free_space_stop_filtering}));
|
||||
r->Assign(3, val_mgr->GetCount(${val.default_quota_threshold}));
|
||||
r->Assign(4, val_mgr->GetCount(${val.default_quota_limit}));
|
||||
r->Assign(5, val_mgr->GetCount(${val.file_system_control_flags}));
|
||||
r->Assign(3, val_mgr->Count(${val.default_quota_threshold}));
|
||||
r->Assign(4, val_mgr->Count(${val.default_quota_limit}));
|
||||
r->Assign(5, val_mgr->Count(${val.file_system_control_flags}));
|
||||
|
||||
BifEvent::generate_smb2_file_fscontrol(bro_analyzer(),
|
||||
bro_analyzer()->Conn(),
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@ refine connection SMB_Conn += {
|
|||
|
||||
r->Assign(0, bytestring_to_val(${hdr.signature}));
|
||||
r->Assign(1, bytestring_to_val(${hdr.nonce}));
|
||||
r->Assign(2, val_mgr->GetCount(${hdr.orig_msg_size}));
|
||||
r->Assign(3, val_mgr->GetCount(${hdr.flags}));
|
||||
r->Assign(4, val_mgr->GetCount(${hdr.session_id}));
|
||||
r->Assign(2, val_mgr->Count(${hdr.orig_msg_size}));
|
||||
r->Assign(3, val_mgr->Count(${hdr.flags}));
|
||||
r->Assign(4, val_mgr->Count(${hdr.session_id}));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ refine connection SMB_Conn += {
|
|||
if ( smb2_tree_connect_response )
|
||||
{
|
||||
RecordVal* resp = new RecordVal(BifType::Record::SMB2::TreeConnectResponse);
|
||||
resp->Assign(0, val_mgr->GetCount(${val.share_type}));
|
||||
resp->Assign(0, val_mgr->Count(${val.share_type}));
|
||||
|
||||
BifEvent::generate_smb2_tree_connect_response(bro_analyzer(),
|
||||
bro_analyzer()->Conn(),
|
||||
|
|
|
|||
|
|
@ -104,20 +104,20 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
RecordVal* r = new RecordVal(BifType::Record::SMB2::NegotiateContextValue);
|
||||
|
||||
r->Assign(0, val_mgr->GetCount(${ncv.context_type}));
|
||||
r->Assign(1, val_mgr->GetCount(${ncv.data_length}));
|
||||
r->Assign(0, val_mgr->Count(${ncv.context_type}));
|
||||
r->Assign(1, val_mgr->Count(${ncv.data_length}));
|
||||
|
||||
switch ( ${ncv.context_type} ) {
|
||||
case SMB2_PREAUTH_INTEGRITY_CAPABILITIES:
|
||||
{
|
||||
RecordVal* rpreauth = new RecordVal(BifType::Record::SMB2::PreAuthIntegrityCapabilities);
|
||||
rpreauth->Assign(0, val_mgr->GetCount(${ncv.preauth_integrity_capabilities.hash_alg_count}));
|
||||
rpreauth->Assign(1, val_mgr->GetCount(${ncv.preauth_integrity_capabilities.salt_length}));
|
||||
rpreauth->Assign(0, val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg_count}));
|
||||
rpreauth->Assign(1, val_mgr->Count(${ncv.preauth_integrity_capabilities.salt_length}));
|
||||
|
||||
VectorVal* ha = new VectorVal(internal_type("index_vec")->AsVectorType());
|
||||
|
||||
for ( int i = 0; i < (${ncv.preauth_integrity_capabilities.hash_alg_count}); ++i )
|
||||
ha->Assign(i, val_mgr->GetCount(${ncv.preauth_integrity_capabilities.hash_alg[i]}));
|
||||
ha->Assign(i, val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg[i]}));
|
||||
|
||||
rpreauth->Assign(2, ha);
|
||||
rpreauth->Assign(3, bytestring_to_val(${ncv.preauth_integrity_capabilities.salt}));
|
||||
|
|
@ -128,12 +128,12 @@ refine connection SMB_Conn += {
|
|||
case SMB2_ENCRYPTION_CAPABILITIES:
|
||||
{
|
||||
RecordVal* rencr = new RecordVal(BifType::Record::SMB2::EncryptionCapabilities);
|
||||
rencr->Assign(0, val_mgr->GetCount(${ncv.encryption_capabilities.cipher_count}));
|
||||
rencr->Assign(0, val_mgr->Count(${ncv.encryption_capabilities.cipher_count}));
|
||||
|
||||
VectorVal* c = new VectorVal(internal_type("index_vec")->AsVectorType());
|
||||
|
||||
for ( int i = 0; i < (${ncv.encryption_capabilities.cipher_count}); ++i )
|
||||
c->Assign(i, val_mgr->GetCount(${ncv.encryption_capabilities.ciphers[i]}));
|
||||
c->Assign(i, val_mgr->Count(${ncv.encryption_capabilities.ciphers[i]}));
|
||||
|
||||
rencr->Assign(1, c);
|
||||
r->Assign(3, rencr);
|
||||
|
|
@ -143,12 +143,12 @@ refine connection SMB_Conn += {
|
|||
case SMB2_COMPRESSION_CAPABILITIES:
|
||||
{
|
||||
RecordVal* rcomp = new RecordVal(BifType::Record::SMB2::CompressionCapabilities);
|
||||
rcomp->Assign(0, val_mgr->GetCount(${ncv.compression_capabilities.alg_count}));
|
||||
rcomp->Assign(0, val_mgr->Count(${ncv.compression_capabilities.alg_count}));
|
||||
|
||||
VectorVal* c = new VectorVal(internal_type("index_vec")->AsVectorType());
|
||||
|
||||
for ( int i = 0; i < (${ncv.compression_capabilities.alg_count}); ++i )
|
||||
c->Assign(i, val_mgr->GetCount(${ncv.compression_capabilities.algs[i]}));
|
||||
c->Assign(i, val_mgr->Count(${ncv.compression_capabilities.algs[i]}));
|
||||
|
||||
rcomp->Assign(1, c);
|
||||
r->Assign(4, rcomp);
|
||||
|
|
@ -172,15 +172,15 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
RecordVal* r = new RecordVal(BifType::Record::SMB2::Header);
|
||||
|
||||
r->Assign(0, val_mgr->GetCount(${hdr.credit_charge}));
|
||||
r->Assign(1, val_mgr->GetCount(${hdr.status}));
|
||||
r->Assign(2, val_mgr->GetCount(${hdr.command}));
|
||||
r->Assign(3, val_mgr->GetCount(${hdr.credits}));
|
||||
r->Assign(4, val_mgr->GetCount(${hdr.flags}));
|
||||
r->Assign(5, val_mgr->GetCount(${hdr.message_id}));
|
||||
r->Assign(6, val_mgr->GetCount(${hdr.process_id}));
|
||||
r->Assign(7, val_mgr->GetCount(${hdr.tree_id}));
|
||||
r->Assign(8, val_mgr->GetCount(${hdr.session_id}));
|
||||
r->Assign(0, val_mgr->Count(${hdr.credit_charge}));
|
||||
r->Assign(1, val_mgr->Count(${hdr.status}));
|
||||
r->Assign(2, val_mgr->Count(${hdr.command}));
|
||||
r->Assign(3, val_mgr->Count(${hdr.credits}));
|
||||
r->Assign(4, val_mgr->Count(${hdr.flags}));
|
||||
r->Assign(5, val_mgr->Count(${hdr.message_id}));
|
||||
r->Assign(6, val_mgr->Count(${hdr.process_id}));
|
||||
r->Assign(7, val_mgr->Count(${hdr.tree_id}));
|
||||
r->Assign(8, val_mgr->Count(${hdr.session_id}));
|
||||
r->Assign(9, bytestring_to_val(${hdr.signature}));
|
||||
|
||||
return r;
|
||||
|
|
@ -190,8 +190,8 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
RecordVal* r = new RecordVal(BifType::Record::SMB2::GUID);
|
||||
|
||||
r->Assign(0, val_mgr->GetCount(${file_id.persistent}));
|
||||
r->Assign(1, val_mgr->GetCount(${file_id._volatile}));
|
||||
r->Assign(0, val_mgr->Count(${file_id.persistent}));
|
||||
r->Assign(1, val_mgr->Count(${file_id._volatile}));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
|
|||
|
|
@ -352,7 +352,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
|
|||
EnqueueConnEvent(smtp_reply,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
val_mgr->Bool(orig),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(reply_code)},
|
||||
val_mgr->Count(reply_code),
|
||||
make_intrusive<StringVal>(cmd),
|
||||
make_intrusive<StringVal>(end_of_line - line, line),
|
||||
val_mgr->Bool((pending_reply > 0))
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ Val* asn1_obj_to_val(const ASN1Encoding* obj)
|
|||
RecordVal* rval = new RecordVal(BifType::Record::SNMP::ObjectValue);
|
||||
uint8 tag = obj->meta()->tag();
|
||||
|
||||
rval->Assign(0, val_mgr->GetCount(tag));
|
||||
rval->Assign(0, val_mgr->Count(tag));
|
||||
|
||||
switch ( tag ) {
|
||||
case VARBIND_UNSPECIFIED_TAG:
|
||||
|
|
@ -93,7 +93,7 @@ Val* time_ticks_to_val(const TimeTicks* tt)
|
|||
RecordVal* build_hdr(const Header* header)
|
||||
{
|
||||
RecordVal* rv = new RecordVal(BifType::Record::SNMP::Header);
|
||||
rv->Assign(0, val_mgr->GetCount(header->version()));
|
||||
rv->Assign(0, val_mgr->Count(header->version()));
|
||||
|
||||
switch ( header->version() ) {
|
||||
case SNMPV1_TAG:
|
||||
|
|
@ -133,7 +133,7 @@ RecordVal* build_hdrV3(const Header* header)
|
|||
v3->Assign(0, asn1_integer_to_val(global_data->id(), TYPE_COUNT));
|
||||
v3->Assign(1, asn1_integer_to_val(global_data->max_size(),
|
||||
TYPE_COUNT));
|
||||
v3->Assign(2, val_mgr->GetCount(flags_byte));
|
||||
v3->Assign(2, val_mgr->Count(flags_byte));
|
||||
v3->Assign(3, val_mgr->Bool(flags_byte & 0x01));
|
||||
v3->Assign(4, val_mgr->Bool(flags_byte & 0x02));
|
||||
v3->Assign(5, val_mgr->Bool(flags_byte & 0x04));
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
VectorVal* cipher_vec = new VectorVal(internal_type("index_vec")->AsVectorType());
|
||||
for ( unsigned int i = 0; i < cipher_suites->size(); ++i )
|
||||
{
|
||||
Val* ciph = val_mgr->GetCount((*cipher_suites)[i]);
|
||||
auto ciph = val_mgr->Count((*cipher_suites)[i]);
|
||||
cipher_vec->Assign(i, ciph);
|
||||
}
|
||||
|
||||
|
|
@ -34,7 +34,7 @@
|
|||
{
|
||||
for ( unsigned int i = 0; i < compression_methods->size(); ++i )
|
||||
{
|
||||
Val* comp = val_mgr->GetCount((*compression_methods)[i]);
|
||||
auto comp = val_mgr->Count((*compression_methods)[i]);
|
||||
comp_vec->Assign(i, comp);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ refine connection Handshake_Conn += {
|
|||
if ( point_format_list )
|
||||
{
|
||||
for ( unsigned int i = 0; i < point_format_list->size(); ++i )
|
||||
points->Assign(i, val_mgr->GetCount((*point_format_list)[i]));
|
||||
points->Assign(i, val_mgr->Count((*point_format_list)[i]));
|
||||
}
|
||||
|
||||
BifEvent::generate_ssl_extension_ec_point_formats(bro_analyzer(), bro_analyzer()->Conn(),
|
||||
|
|
@ -99,7 +99,7 @@ refine connection Handshake_Conn += {
|
|||
if ( list )
|
||||
{
|
||||
for ( unsigned int i = 0; i < list->size(); ++i )
|
||||
curves->Assign(i, val_mgr->GetCount((*list)[i]));
|
||||
curves->Assign(i, val_mgr->Count((*list)[i]));
|
||||
}
|
||||
|
||||
BifEvent::generate_ssl_extension_elliptic_curves(bro_analyzer(), bro_analyzer()->Conn(),
|
||||
|
|
@ -118,7 +118,7 @@ refine connection Handshake_Conn += {
|
|||
if ( keyshare )
|
||||
{
|
||||
for ( unsigned int i = 0; i < keyshare->size(); ++i )
|
||||
nglist->Assign(i, val_mgr->GetCount((*keyshare)[i]->namedgroup()));
|
||||
nglist->Assign(i, val_mgr->Count((*keyshare)[i]->namedgroup()));
|
||||
}
|
||||
|
||||
BifEvent::generate_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, nglist);
|
||||
|
|
@ -133,7 +133,7 @@ refine connection Handshake_Conn += {
|
|||
|
||||
VectorVal* nglist = new VectorVal(internal_type("index_vec")->AsVectorType());
|
||||
|
||||
nglist->Assign(0u, val_mgr->GetCount(keyshare->namedgroup()));
|
||||
nglist->Assign(0u, val_mgr->Count(keyshare->namedgroup()));
|
||||
BifEvent::generate_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, nglist);
|
||||
return true;
|
||||
%}
|
||||
|
|
@ -145,7 +145,7 @@ refine connection Handshake_Conn += {
|
|||
|
||||
VectorVal* nglist = new VectorVal(internal_type("index_vec")->AsVectorType());
|
||||
|
||||
nglist->Assign(0u, val_mgr->GetCount(namedgroup));
|
||||
nglist->Assign(0u, val_mgr->Count(namedgroup));
|
||||
BifEvent::generate_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, nglist);
|
||||
return true;
|
||||
%}
|
||||
|
|
@ -162,8 +162,8 @@ refine connection Handshake_Conn += {
|
|||
for ( unsigned int i = 0; i < supported_signature_algorithms->size(); ++i )
|
||||
{
|
||||
RecordVal* el = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
el->Assign(0, val_mgr->GetCount((*supported_signature_algorithms)[i]->HashAlgorithm()));
|
||||
el->Assign(1, val_mgr->GetCount((*supported_signature_algorithms)[i]->SignatureAlgorithm()));
|
||||
el->Assign(0, val_mgr->Count((*supported_signature_algorithms)[i]->HashAlgorithm()));
|
||||
el->Assign(1, val_mgr->Count((*supported_signature_algorithms)[i]->SignatureAlgorithm()));
|
||||
slist->Assign(i, el);
|
||||
}
|
||||
}
|
||||
|
|
@ -233,7 +233,7 @@ refine connection Handshake_Conn += {
|
|||
if ( versions_list )
|
||||
{
|
||||
for ( unsigned int i = 0; i < versions_list->size(); ++i )
|
||||
versions->Assign(i, val_mgr->GetCount((*versions_list)[i]));
|
||||
versions->Assign(i, val_mgr->Count((*versions_list)[i]));
|
||||
}
|
||||
|
||||
BifEvent::generate_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
|
||||
|
|
@ -248,7 +248,7 @@ refine connection Handshake_Conn += {
|
|||
return true;
|
||||
|
||||
VectorVal* versions = new VectorVal(internal_type("index_vec")->AsVectorType());
|
||||
versions->Assign(0u, val_mgr->GetCount(version));
|
||||
versions->Assign(0u, val_mgr->Count(version));
|
||||
|
||||
BifEvent::generate_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
|
||||
${rec.is_orig}, versions);
|
||||
|
|
@ -266,7 +266,7 @@ refine connection Handshake_Conn += {
|
|||
if ( mode_list )
|
||||
{
|
||||
for ( unsigned int i = 0; i < mode_list->size(); ++i )
|
||||
modes->Assign(i, val_mgr->GetCount((*mode_list)[i]));
|
||||
modes->Assign(i, val_mgr->Count((*mode_list)[i]));
|
||||
}
|
||||
|
||||
BifEvent::generate_ssl_extension_psk_key_exchange_modes(bro_analyzer(), bro_analyzer()->Conn(),
|
||||
|
|
@ -345,14 +345,14 @@ refine connection Handshake_Conn += {
|
|||
RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
if ( ${kex.signed_params.uses_signature_and_hashalgorithm} )
|
||||
{
|
||||
ha->Assign(0, val_mgr->GetCount(${kex.signed_params.algorithm.HashAlgorithm}));
|
||||
ha->Assign(1, val_mgr->GetCount(${kex.signed_params.algorithm.SignatureAlgorithm}));
|
||||
ha->Assign(0, val_mgr->Count(${kex.signed_params.algorithm.HashAlgorithm}));
|
||||
ha->Assign(1, val_mgr->Count(${kex.signed_params.algorithm.SignatureAlgorithm}));
|
||||
}
|
||||
else
|
||||
{
|
||||
// set to impossible value
|
||||
ha->Assign(0, val_mgr->GetCount(256));
|
||||
ha->Assign(1, val_mgr->GetCount(256));
|
||||
ha->Assign(0, val_mgr->Count(256));
|
||||
ha->Assign(1, val_mgr->Count(256));
|
||||
}
|
||||
|
||||
BifEvent::generate_ssl_server_signature(bro_analyzer(),
|
||||
|
|
@ -404,8 +404,8 @@ refine connection Handshake_Conn += {
|
|||
return true;
|
||||
|
||||
RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
ha->Assign(0, val_mgr->GetCount(digitally_signed_algorithms->HashAlgorithm()));
|
||||
ha->Assign(1, val_mgr->GetCount(digitally_signed_algorithms->SignatureAlgorithm()));
|
||||
ha->Assign(0, val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()));
|
||||
ha->Assign(1, val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()));
|
||||
|
||||
BifEvent::generate_ssl_extension_signed_certificate_timestamp(bro_analyzer(),
|
||||
bro_analyzer()->Conn(), ${rec.is_orig},
|
||||
|
|
@ -434,14 +434,14 @@ refine connection Handshake_Conn += {
|
|||
RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
if ( ${signed_params.uses_signature_and_hashalgorithm} )
|
||||
{
|
||||
ha->Assign(0, val_mgr->GetCount(${signed_params.algorithm.HashAlgorithm}));
|
||||
ha->Assign(1, val_mgr->GetCount(${signed_params.algorithm.SignatureAlgorithm}));
|
||||
ha->Assign(0, val_mgr->Count(${signed_params.algorithm.HashAlgorithm}));
|
||||
ha->Assign(1, val_mgr->Count(${signed_params.algorithm.SignatureAlgorithm}));
|
||||
}
|
||||
else
|
||||
{
|
||||
// set to impossible value
|
||||
ha->Assign(0, val_mgr->GetCount(256));
|
||||
ha->Assign(1, val_mgr->GetCount(256));
|
||||
ha->Assign(0, val_mgr->Count(256));
|
||||
ha->Assign(1, val_mgr->Count(256));
|
||||
}
|
||||
|
||||
BifEvent::generate_ssl_server_signature(bro_analyzer(),
|
||||
|
|
@ -488,7 +488,7 @@ refine connection Handshake_Conn += {
|
|||
{
|
||||
RecordVal* el = new RecordVal(BifType::Record::SSL::PSKIdentity);
|
||||
el->Assign(0, make_intrusive<StringVal>(identity->identity().length(), (const char*) identity->identity().data()));
|
||||
el->Assign(1, val_mgr->GetCount(identity->obfuscated_ticket_age()));
|
||||
el->Assign(1, val_mgr->Count(identity->obfuscated_ticket_age()));
|
||||
slist->Assign(slist->Size(), el);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -111,11 +111,11 @@ static RecordVal* build_syn_packet_val(bool is_orig, const IP_Hdr* ip,
|
|||
|
||||
v->Assign(0, val_mgr->Bool(is_orig));
|
||||
v->Assign(1, val_mgr->Bool(int(ip->DF())));
|
||||
v->Assign(2, val_mgr->GetCount((ip->TTL())));
|
||||
v->Assign(3, val_mgr->GetCount((ip->TotalLen())));
|
||||
v->Assign(4, val_mgr->GetCount(ntohs(tcp->th_win)));
|
||||
v->Assign(2, val_mgr->Count((ip->TTL())));
|
||||
v->Assign(3, val_mgr->Count((ip->TotalLen())));
|
||||
v->Assign(4, val_mgr->Count(ntohs(tcp->th_win)));
|
||||
v->Assign(5, val_mgr->Int(winscale));
|
||||
v->Assign(6, val_mgr->GetCount(MSS));
|
||||
v->Assign(6, val_mgr->Count(MSS));
|
||||
v->Assign(7, val_mgr->Bool(SACK));
|
||||
|
||||
return v;
|
||||
|
|
@ -789,9 +789,9 @@ void TCP_Analyzer::GeneratePacketEvent(
|
|||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
val_mgr->Bool(is_orig),
|
||||
make_intrusive<StringVal>(flags.AsString()),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(rel_seq)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(flags.ACK() ? rel_ack : 0)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(len)},
|
||||
val_mgr->Count(rel_seq),
|
||||
val_mgr->Count(flags.ACK() ? rel_ack : 0),
|
||||
val_mgr->Count(len),
|
||||
// We need the min() here because Ethernet padding can lead to
|
||||
// caplen > len.
|
||||
make_intrusive<StringVal>(std::min(caplen, len), (const char*) data)
|
||||
|
|
@ -1289,10 +1289,10 @@ void TCP_Analyzer::UpdateConnVal(RecordVal *conn_val)
|
|||
RecordVal *orig_endp_val = conn_val->Lookup("orig")->AsRecordVal();
|
||||
RecordVal *resp_endp_val = conn_val->Lookup("resp")->AsRecordVal();
|
||||
|
||||
orig_endp_val->Assign(0, val_mgr->GetCount(orig->Size()));
|
||||
orig_endp_val->Assign(1, val_mgr->GetCount(int(orig->state)));
|
||||
resp_endp_val->Assign(0, val_mgr->GetCount(resp->Size()));
|
||||
resp_endp_val->Assign(1, val_mgr->GetCount(int(resp->state)));
|
||||
orig_endp_val->Assign(0, val_mgr->Count(orig->Size()));
|
||||
orig_endp_val->Assign(1, val_mgr->Count(int(orig->state)));
|
||||
resp_endp_val->Assign(0, val_mgr->Count(resp->Size()));
|
||||
resp_endp_val->Assign(1, val_mgr->Count(int(resp->state)));
|
||||
|
||||
// Call children's UpdateConnVal
|
||||
Analyzer::UpdateConnVal(conn_val);
|
||||
|
|
@ -1348,8 +1348,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
|
|||
EnqueueConnEvent(tcp_option,
|
||||
IntrusivePtr{AdoptRef{}, BuildConnVal()},
|
||||
val_mgr->Bool(is_orig),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(kind)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(length)}
|
||||
val_mgr->Count(kind),
|
||||
val_mgr->Count(length)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -1373,8 +1373,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
|
|||
auto length = kind < 2 ? 1 : o[1];
|
||||
auto option_record = new RecordVal(BifType::Record::TCP::Option);
|
||||
option_list->Assign(option_list->Size(), option_record);
|
||||
option_record->Assign(0, val_mgr->GetCount(kind));
|
||||
option_record->Assign(1, val_mgr->GetCount(length));
|
||||
option_record->Assign(0, val_mgr->Count(kind));
|
||||
option_record->Assign(1, val_mgr->Count(length));
|
||||
|
||||
switch ( kind ) {
|
||||
case 2:
|
||||
|
|
@ -1382,7 +1382,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
|
|||
if ( length == 4 )
|
||||
{
|
||||
auto mss = ntohs(*reinterpret_cast<const uint16_t*>(o + 2));
|
||||
option_record->Assign(3, val_mgr->GetCount(mss));
|
||||
option_record->Assign(3, val_mgr->Count(mss));
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -1396,7 +1396,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
|
|||
if ( length == 3 )
|
||||
{
|
||||
auto scale = o[2];
|
||||
option_record->Assign(4, val_mgr->GetCount(scale));
|
||||
option_record->Assign(4, val_mgr->Count(scale));
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -1425,7 +1425,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
|
|||
auto sack = new VectorVal(vt);
|
||||
|
||||
for ( auto i = 0; i < num_pointers; ++i )
|
||||
sack->Assign(sack->Size(), val_mgr->GetCount(ntohl(p[i])));
|
||||
sack->Assign(sack->Size(), val_mgr->Count(ntohl(p[i])));
|
||||
|
||||
option_record->Assign(5, sack);
|
||||
}
|
||||
|
|
@ -1442,8 +1442,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
|
|||
{
|
||||
auto send = ntohl(*reinterpret_cast<const uint32_t*>(o + 2));
|
||||
auto echo = ntohl(*reinterpret_cast<const uint32_t*>(o + 6));
|
||||
option_record->Assign(6, val_mgr->GetCount(send));
|
||||
option_record->Assign(7, val_mgr->GetCount(echo));
|
||||
option_record->Assign(6, val_mgr->Count(send));
|
||||
option_record->Assign(7, val_mgr->Count(echo));
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -2063,10 +2063,10 @@ bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int capl
|
|||
endp->TCP()->EnqueueConnEvent(tcp_rexmit,
|
||||
IntrusivePtr{AdoptRef{}, endp->TCP()->BuildConnVal()},
|
||||
val_mgr->Bool(endp->IsOrig()),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(seq)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(len)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(data_in_flight)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(endp->peer->window)}
|
||||
val_mgr->Count(seq),
|
||||
val_mgr->Count(len),
|
||||
val_mgr->Count(data_in_flight),
|
||||
val_mgr->Count(endp->peer->window)
|
||||
);
|
||||
}
|
||||
else
|
||||
|
|
@ -2079,13 +2079,13 @@ RecordVal* TCPStats_Endpoint::BuildStats()
|
|||
{
|
||||
RecordVal* stats = new RecordVal(endpoint_stats);
|
||||
|
||||
stats->Assign(0, val_mgr->GetCount(num_pkts));
|
||||
stats->Assign(1, val_mgr->GetCount(num_rxmit));
|
||||
stats->Assign(2, val_mgr->GetCount(num_rxmit_bytes));
|
||||
stats->Assign(3, val_mgr->GetCount(num_in_order));
|
||||
stats->Assign(4, val_mgr->GetCount(num_OO));
|
||||
stats->Assign(5, val_mgr->GetCount(num_repl));
|
||||
stats->Assign(6, val_mgr->GetCount(endian_type));
|
||||
stats->Assign(0, val_mgr->Count(num_pkts));
|
||||
stats->Assign(1, val_mgr->Count(num_rxmit));
|
||||
stats->Assign(2, val_mgr->Count(num_rxmit_bytes));
|
||||
stats->Assign(3, val_mgr->Count(num_in_order));
|
||||
stats->Assign(4, val_mgr->Count(num_OO));
|
||||
stats->Assign(5, val_mgr->Count(num_repl));
|
||||
stats->Assign(6, val_mgr->Count(endian_type));
|
||||
|
||||
return stats;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -154,8 +154,8 @@ void TCP_Reassembler::Gap(uint64_t seq, uint64_t len)
|
|||
dst_analyzer->EnqueueConnEvent(content_gap,
|
||||
IntrusivePtr{AdoptRef{}, dst_analyzer->BuildConnVal()},
|
||||
val_mgr->Bool(IsOrig()),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(seq)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(len)}
|
||||
val_mgr->Count(seq),
|
||||
val_mgr->Count(len)
|
||||
);
|
||||
|
||||
if ( type == Direct )
|
||||
|
|
@ -615,7 +615,7 @@ void TCP_Reassembler::DeliverBlock(uint64_t seq, int len, const u_char* data)
|
|||
tcp_analyzer->EnqueueConnEvent(tcp_contents,
|
||||
IntrusivePtr{AdoptRef{}, tcp_analyzer->BuildConnVal()},
|
||||
val_mgr->Bool(IsOrig()),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(seq)},
|
||||
val_mgr->Count(seq),
|
||||
make_intrusive<StringVal>(len, (const char*) data)
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -20,18 +20,18 @@ function get_orig_seq%(cid: conn_id%): count
|
|||
%{
|
||||
Connection* c = sessions->FindConnection(cid);
|
||||
if ( ! c )
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
|
||||
if ( c->ConnTransport() != TRANSPORT_TCP )
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
|
||||
analyzer::Analyzer* tc = c->FindAnalyzer("TCP");
|
||||
if ( tc )
|
||||
return val_mgr->GetCount(static_cast<analyzer::tcp::TCP_Analyzer*>(tc)->OrigSeq());
|
||||
return val_mgr->Count(static_cast<analyzer::tcp::TCP_Analyzer*>(tc)->OrigSeq());
|
||||
else
|
||||
{
|
||||
reporter->Error("connection does not have TCP analyzer");
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
}
|
||||
%}
|
||||
|
||||
|
|
@ -49,18 +49,18 @@ function get_resp_seq%(cid: conn_id%): count
|
|||
%{
|
||||
Connection* c = sessions->FindConnection(cid);
|
||||
if ( ! c )
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
|
||||
if ( c->ConnTransport() != TRANSPORT_TCP )
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
|
||||
analyzer::Analyzer* tc = c->FindAnalyzer("TCP");
|
||||
if ( tc )
|
||||
return val_mgr->GetCount(static_cast<analyzer::tcp::TCP_Analyzer*>(tc)->RespSeq());
|
||||
return val_mgr->Count(static_cast<analyzer::tcp::TCP_Analyzer*>(tc)->RespSeq());
|
||||
else
|
||||
{
|
||||
reporter->Error("connection does not have TCP analyzer");
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
}
|
||||
%}
|
||||
|
||||
|
|
|
|||
|
|
@ -122,8 +122,8 @@ RecordVal* TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
|
|||
new BroString(auth + 4, id_len, true)));
|
||||
teredo_auth->Assign(1, make_intrusive<StringVal>(
|
||||
new BroString(auth + 4 + id_len, au_len, true)));
|
||||
teredo_auth->Assign(2, val_mgr->GetCount(nonce));
|
||||
teredo_auth->Assign(3, val_mgr->GetCount(conf));
|
||||
teredo_auth->Assign(2, val_mgr->Count(nonce));
|
||||
teredo_auth->Assign(3, val_mgr->Count(conf));
|
||||
teredo_hdr->Assign(0, teredo_auth);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -228,14 +228,14 @@ void UDP_Analyzer::UpdateEndpointVal(RecordVal* endp, bool is_orig)
|
|||
bro_int_t size = is_orig ? request_len : reply_len;
|
||||
if ( size < 0 )
|
||||
{
|
||||
endp->Assign(0, val_mgr->GetCount(0));
|
||||
endp->Assign(1, val_mgr->GetCount(int(UDP_INACTIVE)));
|
||||
endp->Assign(0, val_mgr->Count(0));
|
||||
endp->Assign(1, val_mgr->Count(int(UDP_INACTIVE)));
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
endp->Assign(0, val_mgr->GetCount(size));
|
||||
endp->Assign(1, val_mgr->GetCount(int(UDP_ACTIVE)));
|
||||
endp->Assign(0, val_mgr->Count(size));
|
||||
endp->Assign(1, val_mgr->Count(int(UDP_ACTIVE)));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
|
|||
|
||||
if ( vxlan_packet )
|
||||
Conn()->Event(vxlan_packet, nullptr, inner->BuildPktHdrVal(),
|
||||
val_mgr->GetCount(vni));
|
||||
val_mgr->Count(vni).release());
|
||||
|
||||
EncapsulatingConn ec(Conn(), BifEnum::Tunnel::VXLAN);
|
||||
sessions->DoNextInnerPacket(network_time, &pkt, inner, estack, ec);
|
||||
|
|
|
|||
|
|
@ -97,9 +97,9 @@ struct val_converter {
|
|||
result_type operator()(uint64_t a)
|
||||
{
|
||||
if ( type->Tag() == TYPE_COUNT )
|
||||
return val_mgr->GetCount(a);
|
||||
return val_mgr->Count(a).release();
|
||||
if ( type->Tag() == TYPE_COUNTER )
|
||||
return val_mgr->GetCount(a);
|
||||
return val_mgr->Count(a).release();
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ function Broker::__set_size%(s: Broker::Data%): count
|
|||
%{
|
||||
auto& v = bro_broker::require_data_type<broker::set>(s->AsRecordVal(),
|
||||
TYPE_TABLE, frame);
|
||||
return val_mgr->GetCount(static_cast<uint64_t>(v.size()));
|
||||
return val_mgr->Count(static_cast<uint64_t>(v.size()));
|
||||
%}
|
||||
|
||||
function Broker::__set_contains%(s: Broker::Data, key: any%): bool
|
||||
|
|
@ -175,7 +175,7 @@ function Broker::__table_size%(t: Broker::Data%): count
|
|||
%{
|
||||
auto& v = bro_broker::require_data_type<broker::table>(t->AsRecordVal(),
|
||||
TYPE_TABLE, frame);
|
||||
return val_mgr->GetCount(static_cast<uint64_t>(v.size()));
|
||||
return val_mgr->Count(static_cast<uint64_t>(v.size()));
|
||||
%}
|
||||
|
||||
function Broker::__table_contains%(t: Broker::Data, key: any%): bool
|
||||
|
|
@ -334,7 +334,7 @@ function Broker::__vector_size%(v: Broker::Data%): count
|
|||
%{
|
||||
auto& vec = bro_broker::require_data_type<broker::vector>(v->AsRecordVal(),
|
||||
TYPE_VECTOR, frame);
|
||||
return val_mgr->GetCount(static_cast<uint64_t>(vec.size()));
|
||||
return val_mgr->Count(static_cast<uint64_t>(vec.size()));
|
||||
%}
|
||||
|
||||
function Broker::__vector_insert%(v: Broker::Data, idx:count, d: any%): bool
|
||||
|
|
@ -444,7 +444,7 @@ function Broker::__record_size%(r: Broker::Data%): count
|
|||
%{
|
||||
auto& v = bro_broker::require_data_type<broker::vector>(r->AsRecordVal(),
|
||||
TYPE_RECORD, frame);
|
||||
return val_mgr->GetCount(static_cast<uint64_t>(v.size()));
|
||||
return val_mgr->Count(static_cast<uint64_t>(v.size()));
|
||||
%}
|
||||
|
||||
function Broker::__record_assign%(r: Broker::Data, idx: count, d: any%): bool
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ function Broker::publish%(topic: string, ...%): bool
|
|||
function Broker::__flush_logs%(%): count
|
||||
%{
|
||||
auto rval = broker_mgr->FlushLogBuffers();
|
||||
return val_mgr->GetCount(static_cast<uint64_t>(rval));
|
||||
return val_mgr->Count(static_cast<uint64_t>(rval));
|
||||
%}
|
||||
|
||||
function Broker::__publish_id%(topic: string, id: string%): bool
|
||||
|
|
|
|||
|
|
@ -226,13 +226,13 @@ bool File::SetExtractionLimit(RecordVal* args, uint64_t bytes)
|
|||
void File::IncrementByteCount(uint64_t size, int field_idx)
|
||||
{
|
||||
uint64_t old = LookupFieldDefaultCount(field_idx);
|
||||
val->Assign(field_idx, val_mgr->GetCount(old + size));
|
||||
val->Assign(field_idx, val_mgr->Count(old + size));
|
||||
}
|
||||
|
||||
void File::SetTotalBytes(uint64_t size)
|
||||
{
|
||||
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Total bytes %" PRIu64, id.c_str(), size);
|
||||
val->Assign(total_bytes_idx, val_mgr->GetCount(size));
|
||||
val->Assign(total_bytes_idx, val_mgr->Count(size));
|
||||
}
|
||||
|
||||
bool File::IsComplete() const
|
||||
|
|
@ -455,8 +455,8 @@ void File::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
|
|||
{
|
||||
FileEvent(file_reassembly_overflow, {
|
||||
IntrusivePtr{NewRef{}, val},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(current_offset)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(gap_bytes)}
|
||||
val_mgr->Count(current_offset),
|
||||
val_mgr->Count(gap_bytes)
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
@ -600,8 +600,8 @@ void File::Gap(uint64_t offset, uint64_t len)
|
|||
{
|
||||
FileEvent(file_gap, {
|
||||
IntrusivePtr{NewRef{}, val},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(offset)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(len)}
|
||||
val_mgr->Count(offset),
|
||||
val_mgr->Count(len)
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -448,9 +448,8 @@ bool Manager::IsDisabled(const analyzer::Tag& tag)
|
|||
if ( ! disabled )
|
||||
disabled = internal_const_val("Files::disable")->AsTableVal();
|
||||
|
||||
Val* index = val_mgr->GetCount(bool(tag));
|
||||
auto yield = disabled->Lookup(index);
|
||||
Unref(index);
|
||||
auto index = val_mgr->Count(bool(tag));
|
||||
auto yield = disabled->Lookup(index.get());
|
||||
|
||||
if ( ! yield )
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
|
|||
mgr.Enqueue(chunk_event,
|
||||
IntrusivePtr{NewRef{}, GetFile()->GetVal()},
|
||||
make_intrusive<StringVal>(new BroString(data, len, false)),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(offset)}
|
||||
val_mgr->Count(offset)
|
||||
);
|
||||
|
||||
return true;
|
||||
|
|
|
|||
|
|
@ -94,8 +94,8 @@ bool Extract::DeliverStream(const u_char* data, uint64_t len)
|
|||
f->FileEvent(file_extraction_limit, {
|
||||
IntrusivePtr{NewRef{}, f->GetVal()},
|
||||
IntrusivePtr{NewRef{}, Args()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(limit)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(len)}
|
||||
val_mgr->Count(limit),
|
||||
val_mgr->Count(len)
|
||||
});
|
||||
|
||||
// Limit may have been modified by a BIF, re-check it.
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ VectorVal* process_rvas(const RVAS* rva_table)
|
|||
{
|
||||
VectorVal* rvas = new VectorVal(internal_type("index_vec")->AsVectorType());
|
||||
for ( uint16 i=0; i < rva_table->rvas()->size(); ++i )
|
||||
rvas->Assign(i, val_mgr->GetCount((*rva_table->rvas())[i]->size()));
|
||||
rvas->Assign(i, val_mgr->Count((*rva_table->rvas())[i]->size()));
|
||||
|
||||
return rvas;
|
||||
}
|
||||
|
|
@ -30,9 +30,8 @@ refine flow File += {
|
|||
{
|
||||
if ( ((c >> i) & 0x1) == 1 )
|
||||
{
|
||||
Val *ch = val_mgr->GetCount((1<<i)&mask);
|
||||
char_set->Assign(ch, 0);
|
||||
Unref(ch);
|
||||
auto ch = val_mgr->Count((1<<i)&mask);
|
||||
char_set->Assign(ch.get(), 0);
|
||||
}
|
||||
}
|
||||
return char_set;
|
||||
|
|
@ -44,22 +43,22 @@ refine flow File += {
|
|||
{
|
||||
auto dh = make_intrusive<RecordVal>(BifType::Record::PE::DOSHeader);
|
||||
dh->Assign(0, make_intrusive<StringVal>(${h.signature}.length(), (const char*) ${h.signature}.data()));
|
||||
dh->Assign(1, val_mgr->GetCount(${h.UsedBytesInTheLastPage}));
|
||||
dh->Assign(2, val_mgr->GetCount(${h.FileSizeInPages}));
|
||||
dh->Assign(3, val_mgr->GetCount(${h.NumberOfRelocationItems}));
|
||||
dh->Assign(4, val_mgr->GetCount(${h.HeaderSizeInParagraphs}));
|
||||
dh->Assign(5, val_mgr->GetCount(${h.MinimumExtraParagraphs}));
|
||||
dh->Assign(6, val_mgr->GetCount(${h.MaximumExtraParagraphs}));
|
||||
dh->Assign(7, val_mgr->GetCount(${h.InitialRelativeSS}));
|
||||
dh->Assign(8, val_mgr->GetCount(${h.InitialSP}));
|
||||
dh->Assign(9, val_mgr->GetCount(${h.Checksum}));
|
||||
dh->Assign(10, val_mgr->GetCount(${h.InitialIP}));
|
||||
dh->Assign(11, val_mgr->GetCount(${h.InitialRelativeCS}));
|
||||
dh->Assign(12, val_mgr->GetCount(${h.AddressOfRelocationTable}));
|
||||
dh->Assign(13, val_mgr->GetCount(${h.OverlayNumber}));
|
||||
dh->Assign(14, val_mgr->GetCount(${h.OEMid}));
|
||||
dh->Assign(15, val_mgr->GetCount(${h.OEMinfo}));
|
||||
dh->Assign(16, val_mgr->GetCount(${h.AddressOfNewExeHeader}));
|
||||
dh->Assign(1, val_mgr->Count(${h.UsedBytesInTheLastPage}));
|
||||
dh->Assign(2, val_mgr->Count(${h.FileSizeInPages}));
|
||||
dh->Assign(3, val_mgr->Count(${h.NumberOfRelocationItems}));
|
||||
dh->Assign(4, val_mgr->Count(${h.HeaderSizeInParagraphs}));
|
||||
dh->Assign(5, val_mgr->Count(${h.MinimumExtraParagraphs}));
|
||||
dh->Assign(6, val_mgr->Count(${h.MaximumExtraParagraphs}));
|
||||
dh->Assign(7, val_mgr->Count(${h.InitialRelativeSS}));
|
||||
dh->Assign(8, val_mgr->Count(${h.InitialSP}));
|
||||
dh->Assign(9, val_mgr->Count(${h.Checksum}));
|
||||
dh->Assign(10, val_mgr->Count(${h.InitialIP}));
|
||||
dh->Assign(11, val_mgr->Count(${h.InitialRelativeCS}));
|
||||
dh->Assign(12, val_mgr->Count(${h.AddressOfRelocationTable}));
|
||||
dh->Assign(13, val_mgr->Count(${h.OverlayNumber}));
|
||||
dh->Assign(14, val_mgr->Count(${h.OEMid}));
|
||||
dh->Assign(15, val_mgr->Count(${h.OEMinfo}));
|
||||
dh->Assign(16, val_mgr->Count(${h.AddressOfNewExeHeader}));
|
||||
|
||||
mgr.Enqueue(pe_dos_header,
|
||||
IntrusivePtr{NewRef{}, connection()->bro_analyzer()->GetFile()->GetVal()},
|
||||
|
|
@ -93,11 +92,11 @@ refine flow File += {
|
|||
if ( pe_file_header )
|
||||
{
|
||||
auto fh = make_intrusive<RecordVal>(BifType::Record::PE::FileHeader);
|
||||
fh->Assign(0, val_mgr->GetCount(${h.Machine}));
|
||||
fh->Assign(0, val_mgr->Count(${h.Machine}));
|
||||
fh->Assign(1, make_intrusive<Val>(static_cast<double>(${h.TimeDateStamp}), TYPE_TIME));
|
||||
fh->Assign(2, val_mgr->GetCount(${h.PointerToSymbolTable}));
|
||||
fh->Assign(3, val_mgr->GetCount(${h.NumberOfSymbols}));
|
||||
fh->Assign(4, val_mgr->GetCount(${h.SizeOfOptionalHeader}));
|
||||
fh->Assign(2, val_mgr->Count(${h.PointerToSymbolTable}));
|
||||
fh->Assign(3, val_mgr->Count(${h.NumberOfSymbols}));
|
||||
fh->Assign(4, val_mgr->Count(${h.SizeOfOptionalHeader}));
|
||||
fh->Assign(5, characteristics_to_bro(${h.Characteristics}, 16));
|
||||
|
||||
mgr.Enqueue(pe_file_header,
|
||||
|
|
@ -122,31 +121,31 @@ refine flow File += {
|
|||
{
|
||||
auto oh = make_intrusive<RecordVal>(BifType::Record::PE::OptionalHeader);
|
||||
|
||||
oh->Assign(0, val_mgr->GetCount(${h.magic}));
|
||||
oh->Assign(1, val_mgr->GetCount(${h.major_linker_version}));
|
||||
oh->Assign(2, val_mgr->GetCount(${h.minor_linker_version}));
|
||||
oh->Assign(3, val_mgr->GetCount(${h.size_of_code}));
|
||||
oh->Assign(4, val_mgr->GetCount(${h.size_of_init_data}));
|
||||
oh->Assign(5, val_mgr->GetCount(${h.size_of_uninit_data}));
|
||||
oh->Assign(6, val_mgr->GetCount(${h.addr_of_entry_point}));
|
||||
oh->Assign(7, val_mgr->GetCount(${h.base_of_code}));
|
||||
oh->Assign(0, val_mgr->Count(${h.magic}));
|
||||
oh->Assign(1, val_mgr->Count(${h.major_linker_version}));
|
||||
oh->Assign(2, val_mgr->Count(${h.minor_linker_version}));
|
||||
oh->Assign(3, val_mgr->Count(${h.size_of_code}));
|
||||
oh->Assign(4, val_mgr->Count(${h.size_of_init_data}));
|
||||
oh->Assign(5, val_mgr->Count(${h.size_of_uninit_data}));
|
||||
oh->Assign(6, val_mgr->Count(${h.addr_of_entry_point}));
|
||||
oh->Assign(7, val_mgr->Count(${h.base_of_code}));
|
||||
|
||||
if ( ${h.pe_format} != PE32_PLUS )
|
||||
oh->Assign(8, val_mgr->GetCount(${h.base_of_data}));
|
||||
oh->Assign(8, val_mgr->Count(${h.base_of_data}));
|
||||
|
||||
oh->Assign(9, val_mgr->GetCount(${h.image_base}));
|
||||
oh->Assign(10, val_mgr->GetCount(${h.section_alignment}));
|
||||
oh->Assign(11, val_mgr->GetCount(${h.file_alignment}));
|
||||
oh->Assign(12, val_mgr->GetCount(${h.os_version_major}));
|
||||
oh->Assign(13, val_mgr->GetCount(${h.os_version_minor}));
|
||||
oh->Assign(14, val_mgr->GetCount(${h.major_image_version}));
|
||||
oh->Assign(15, val_mgr->GetCount(${h.minor_image_version}));
|
||||
oh->Assign(16, val_mgr->GetCount(${h.minor_subsys_version}));
|
||||
oh->Assign(17, val_mgr->GetCount(${h.minor_subsys_version}));
|
||||
oh->Assign(18, val_mgr->GetCount(${h.size_of_image}));
|
||||
oh->Assign(19, val_mgr->GetCount(${h.size_of_headers}));
|
||||
oh->Assign(20, val_mgr->GetCount(${h.checksum}));
|
||||
oh->Assign(21, val_mgr->GetCount(${h.subsystem}));
|
||||
oh->Assign(9, val_mgr->Count(${h.image_base}));
|
||||
oh->Assign(10, val_mgr->Count(${h.section_alignment}));
|
||||
oh->Assign(11, val_mgr->Count(${h.file_alignment}));
|
||||
oh->Assign(12, val_mgr->Count(${h.os_version_major}));
|
||||
oh->Assign(13, val_mgr->Count(${h.os_version_minor}));
|
||||
oh->Assign(14, val_mgr->Count(${h.major_image_version}));
|
||||
oh->Assign(15, val_mgr->Count(${h.minor_image_version}));
|
||||
oh->Assign(16, val_mgr->Count(${h.minor_subsys_version}));
|
||||
oh->Assign(17, val_mgr->Count(${h.minor_subsys_version}));
|
||||
oh->Assign(18, val_mgr->Count(${h.size_of_image}));
|
||||
oh->Assign(19, val_mgr->Count(${h.size_of_headers}));
|
||||
oh->Assign(20, val_mgr->Count(${h.checksum}));
|
||||
oh->Assign(21, val_mgr->Count(${h.subsystem}));
|
||||
oh->Assign(22, characteristics_to_bro(${h.dll_characteristics}, 16));
|
||||
|
||||
oh->Assign(23, process_rvas(${h.rvas}));
|
||||
|
|
@ -173,14 +172,14 @@ refine flow File += {
|
|||
name_len = first_null - ${h.name}.data();
|
||||
section_header->Assign(0, make_intrusive<StringVal>(name_len, (const char*) ${h.name}.data()));
|
||||
|
||||
section_header->Assign(1, val_mgr->GetCount(${h.virtual_size}));
|
||||
section_header->Assign(2, val_mgr->GetCount(${h.virtual_addr}));
|
||||
section_header->Assign(3, val_mgr->GetCount(${h.size_of_raw_data}));
|
||||
section_header->Assign(4, val_mgr->GetCount(${h.ptr_to_raw_data}));
|
||||
section_header->Assign(5, val_mgr->GetCount(${h.non_used_ptr_to_relocs}));
|
||||
section_header->Assign(6, val_mgr->GetCount(${h.non_used_ptr_to_line_nums}));
|
||||
section_header->Assign(7, val_mgr->GetCount(${h.non_used_num_of_relocs}));
|
||||
section_header->Assign(8, val_mgr->GetCount(${h.non_used_num_of_line_nums}));
|
||||
section_header->Assign(1, val_mgr->Count(${h.virtual_size}));
|
||||
section_header->Assign(2, val_mgr->Count(${h.virtual_addr}));
|
||||
section_header->Assign(3, val_mgr->Count(${h.size_of_raw_data}));
|
||||
section_header->Assign(4, val_mgr->Count(${h.ptr_to_raw_data}));
|
||||
section_header->Assign(5, val_mgr->Count(${h.non_used_ptr_to_relocs}));
|
||||
section_header->Assign(6, val_mgr->Count(${h.non_used_ptr_to_line_nums}));
|
||||
section_header->Assign(7, val_mgr->Count(${h.non_used_num_of_relocs}));
|
||||
section_header->Assign(8, val_mgr->Count(${h.non_used_num_of_line_nums}));
|
||||
section_header->Assign(9, characteristics_to_bro(${h.characteristics}, 32));
|
||||
|
||||
mgr.Enqueue(pe_section_header,
|
||||
|
|
|
|||
|
|
@ -67,19 +67,19 @@ refine flow Flow += {
|
|||
if ( ::unified2_event )
|
||||
{
|
||||
auto ids_event = make_intrusive<RecordVal>(BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, val_mgr->GetCount(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->GetCount(${ev.event_id}));
|
||||
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
|
||||
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
ids_event->Assign(3, val_mgr->GetCount(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->GetCount(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->GetCount(${ev.signature_revision}));
|
||||
ids_event->Assign(6, val_mgr->GetCount(${ev.classification_id}));
|
||||
ids_event->Assign(7, val_mgr->GetCount(${ev.priority_id}));
|
||||
ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
|
||||
ids_event->Assign(6, val_mgr->Count(${ev.classification_id}));
|
||||
ids_event->Assign(7, val_mgr->Count(${ev.priority_id}));
|
||||
ids_event->Assign(8, unified2_addr_to_bro_addr(${ev.src_ip}));
|
||||
ids_event->Assign(9, unified2_addr_to_bro_addr(${ev.dst_ip}));
|
||||
ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
|
||||
ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
|
||||
ids_event->Assign(17, val_mgr->GetCount(${ev.packet_action}));
|
||||
ids_event->Assign(17, val_mgr->Count(${ev.packet_action}));
|
||||
|
||||
mgr.Enqueue(::unified2_event,
|
||||
IntrusivePtr{NewRef{}, connection()->bro_analyzer()->GetFile()->GetVal()},
|
||||
|
|
@ -93,23 +93,23 @@ refine flow Flow += {
|
|||
if ( ::unified2_event )
|
||||
{
|
||||
auto ids_event = make_intrusive<RecordVal>(BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, val_mgr->GetCount(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->GetCount(${ev.event_id}));
|
||||
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
|
||||
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
ids_event->Assign(3, val_mgr->GetCount(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->GetCount(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->GetCount(${ev.signature_revision}));
|
||||
ids_event->Assign(6, val_mgr->GetCount(${ev.classification_id}));
|
||||
ids_event->Assign(7, val_mgr->GetCount(${ev.priority_id}));
|
||||
ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
|
||||
ids_event->Assign(6, val_mgr->Count(${ev.classification_id}));
|
||||
ids_event->Assign(7, val_mgr->Count(${ev.priority_id}));
|
||||
ids_event->Assign(8, unified2_addr_to_bro_addr(${ev.src_ip}));
|
||||
ids_event->Assign(9, unified2_addr_to_bro_addr(${ev.dst_ip}));
|
||||
ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
|
||||
ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
|
||||
ids_event->Assign(12, val_mgr->GetCount(${ev.impact_flag}));
|
||||
ids_event->Assign(13, val_mgr->GetCount(${ev.impact}));
|
||||
ids_event->Assign(14, val_mgr->GetCount(${ev.blocked}));
|
||||
ids_event->Assign(15, val_mgr->GetCount(${ev.mpls_label}));
|
||||
ids_event->Assign(16, val_mgr->GetCount(${ev.vlan_id}));
|
||||
ids_event->Assign(12, val_mgr->Count(${ev.impact_flag}));
|
||||
ids_event->Assign(13, val_mgr->Count(${ev.impact}));
|
||||
ids_event->Assign(14, val_mgr->Count(${ev.blocked}));
|
||||
ids_event->Assign(15, val_mgr->Count(${ev.mpls_label}));
|
||||
ids_event->Assign(16, val_mgr->Count(${ev.vlan_id}));
|
||||
|
||||
mgr.Enqueue(::unified2_event,
|
||||
IntrusivePtr{NewRef{}, connection()->bro_analyzer()->GetFile()->GetVal()},
|
||||
|
|
@ -124,11 +124,11 @@ refine flow Flow += {
|
|||
if ( ::unified2_packet )
|
||||
{
|
||||
auto packet = make_intrusive<RecordVal>(BifType::Record::Unified2::Packet);
|
||||
packet->Assign(0, val_mgr->GetCount(${pkt.sensor_id}));
|
||||
packet->Assign(1, val_mgr->GetCount(${pkt.event_id}));
|
||||
packet->Assign(2, val_mgr->GetCount(${pkt.event_second}));
|
||||
packet->Assign(0, val_mgr->Count(${pkt.sensor_id}));
|
||||
packet->Assign(1, val_mgr->Count(${pkt.event_id}));
|
||||
packet->Assign(2, val_mgr->Count(${pkt.event_second}));
|
||||
packet->Assign(3, make_intrusive<Val>(ts_to_double(${pkt.packet_ts}), TYPE_TIME));
|
||||
packet->Assign(4, val_mgr->GetCount(${pkt.link_type}));
|
||||
packet->Assign(4, val_mgr->Count(${pkt.link_type}));
|
||||
packet->Assign(5, bytestring_to_val(${pkt.packet_data}));
|
||||
|
||||
mgr.Enqueue(::unified2_packet,
|
||||
|
|
|
|||
|
|
@ -288,7 +288,7 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
|
|||
return rval;
|
||||
}
|
||||
|
||||
static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
||||
static IntrusivePtr<Val> parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
||||
{
|
||||
int der_basic_resp_len = 0;
|
||||
unsigned char* der_basic_resp_dat = nullptr;
|
||||
|
|
@ -296,7 +296,7 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
|||
der_basic_resp_len = i2d_OCSP_BASICRESP(basic_resp, &der_basic_resp_dat);
|
||||
|
||||
if ( der_basic_resp_len <= 0 )
|
||||
return val_mgr->GetCount(-1);
|
||||
return val_mgr->Count(-1);
|
||||
|
||||
const unsigned char* const_der_basic_resp_dat = der_basic_resp_dat;
|
||||
|
||||
|
|
@ -305,13 +305,13 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
|||
if ( ! bseq )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetCount(-1);
|
||||
return val_mgr->Count(-1);
|
||||
}
|
||||
|
||||
if ( sk_ASN1_TYPE_num(bseq) < 3 )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetCount(-1);
|
||||
return val_mgr->Count(-1);
|
||||
}
|
||||
|
||||
auto constexpr resp_data_idx = 0u;
|
||||
|
|
@ -320,7 +320,7 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
|||
if ( ASN1_TYPE_get(dseq_type) != V_ASN1_SEQUENCE )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetCount(-1);
|
||||
return val_mgr->Count(-1);
|
||||
}
|
||||
|
||||
auto dseq_str = dseq_type->value.asn1_string;
|
||||
|
|
@ -332,13 +332,13 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
|||
if ( ! dseq )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetEmptyString();
|
||||
return val_mgr->Count(-1);
|
||||
}
|
||||
|
||||
if ( sk_ASN1_TYPE_num(dseq) < 1 )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetEmptyString();
|
||||
return val_mgr->Count(-1);
|
||||
}
|
||||
|
||||
/*- ResponseData ::= SEQUENCE {
|
||||
|
|
@ -356,12 +356,12 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
|||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
// Not present, use default value.
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
}
|
||||
|
||||
uint64_t asn1_int = ASN1_INTEGER_get(version_type->value.integer);
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetCount(asn1_int);
|
||||
return val_mgr->Count(asn1_int);
|
||||
}
|
||||
|
||||
static uint64_t parse_request_version(OCSP_REQUEST* req)
|
||||
|
|
@ -422,7 +422,7 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req)
|
|||
if ( ocsp_request )
|
||||
mgr.Enqueue(ocsp_request,
|
||||
IntrusivePtr{NewRef{}, GetFile()->GetVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(version)}
|
||||
val_mgr->Count(version)
|
||||
);
|
||||
|
||||
BIO *bio = BIO_new(BIO_s_mem());
|
||||
|
|
@ -506,9 +506,9 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
|
|||
vl.emplace_back(AdoptRef{}, status_val);
|
||||
|
||||
#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
vl.emplace_back(AdoptRef{}, val_mgr->GetCount((uint64_t)ASN1_INTEGER_get(resp_data->version)));
|
||||
vl.emplace_back(val_mgr->Count((uint64_t)ASN1_INTEGER_get(resp_data->version)));
|
||||
#else
|
||||
vl.emplace_back(AdoptRef{}, parse_basic_resp_data_version(basic_resp));
|
||||
vl.emplace_back(parse_basic_resp_data_version(basic_resp));
|
||||
#endif
|
||||
|
||||
// responderID
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
|
|||
RecordVal* pX509Cert = new RecordVal(BifType::Record::X509::Certificate);
|
||||
BIO *bio = BIO_new(BIO_s_mem());
|
||||
|
||||
pX509Cert->Assign(0, val_mgr->GetCount((uint64_t) X509_get_version(ssl_cert) + 1));
|
||||
pX509Cert->Assign(0, val_mgr->Count((uint64_t) X509_get_version(ssl_cert) + 1));
|
||||
i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
|
||||
int len = BIO_read(bio, buf, sizeof(buf));
|
||||
pX509Cert->Assign(1, make_intrusive<StringVal>(len, buf));
|
||||
|
|
@ -229,7 +229,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
|
|||
|
||||
unsigned int length = KeyLength(pkey);
|
||||
if ( length > 0 )
|
||||
pX509Cert->Assign(10, val_mgr->GetCount(length));
|
||||
pX509Cert->Assign(10, val_mgr->Count(length));
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
|
|
@ -293,7 +293,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
|
|||
pBasicConstraint->Assign(0, val_mgr->Bool(constr->ca));
|
||||
|
||||
if ( constr->pathlen )
|
||||
pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen)));
|
||||
pBasicConstraint->Assign(1, val_mgr->Count((int32_t) ASN1_INTEGER_get(constr->pathlen)));
|
||||
|
||||
mgr.Enqueue(x509_ext_basic_constraints,
|
||||
IntrusivePtr{NewRef{}, GetFile()->GetVal()},
|
||||
|
|
|
|||
|
|
@ -40,11 +40,11 @@ refine connection MockConnection += {
|
|||
|
||||
mgr.Enqueue(x509_ocsp_ext_signed_certificate_timestamp,
|
||||
IntrusivePtr{NewRef{}, bro_analyzer()->GetFile()->GetVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(version)},
|
||||
val_mgr->Count(version),
|
||||
make_intrusive<StringVal>(logid.length(), reinterpret_cast<const char*>(logid.begin())),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(timestamp)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(digitally_signed_algorithms->HashAlgorithm())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(digitally_signed_algorithms->SignatureAlgorithm())},
|
||||
val_mgr->Count(timestamp),
|
||||
val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()),
|
||||
val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()),
|
||||
make_intrusive<StringVal>(digitally_signed_signature.length(), reinterpret_cast<const char*>(digitally_signed_signature.begin()))
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -2266,7 +2266,7 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ
|
|||
|
||||
case TYPE_COUNT:
|
||||
case TYPE_COUNTER:
|
||||
return val_mgr->GetCount(val->val.int_val);
|
||||
return val_mgr->Count(val->val.int_val).release();
|
||||
|
||||
case TYPE_DOUBLE:
|
||||
case TYPE_TIME:
|
||||
|
|
@ -2414,7 +2414,7 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, bool& have_error) co
|
|||
|
||||
case TYPE_COUNT:
|
||||
case TYPE_COUNTER:
|
||||
return val_mgr->GetCount(val->val.int_val);
|
||||
return val_mgr->Count(val->val.int_val).release();
|
||||
|
||||
case TYPE_DOUBLE:
|
||||
case TYPE_TIME:
|
||||
|
|
|
|||
|
|
@ -628,12 +628,12 @@ RecordVal* Packet::BuildPktHdrVal() const
|
|||
l2_hdr->Assign(4, FmtEUI48(data)); // dst
|
||||
|
||||
if ( vlan )
|
||||
l2_hdr->Assign(5, val_mgr->GetCount(vlan));
|
||||
l2_hdr->Assign(5, val_mgr->Count(vlan));
|
||||
|
||||
if ( inner_vlan )
|
||||
l2_hdr->Assign(6, val_mgr->GetCount(inner_vlan));
|
||||
l2_hdr->Assign(6, val_mgr->Count(inner_vlan));
|
||||
|
||||
l2_hdr->Assign(7, val_mgr->GetCount(eth_type));
|
||||
l2_hdr->Assign(7, val_mgr->Count(eth_type));
|
||||
|
||||
if ( eth_type == ETHERTYPE_ARP || eth_type == ETHERTYPE_REVARP )
|
||||
// We also identify ARP for L3 over ethernet
|
||||
|
|
@ -642,8 +642,8 @@ RecordVal* Packet::BuildPktHdrVal() const
|
|||
else
|
||||
l2_hdr->Assign(0, BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN));
|
||||
|
||||
l2_hdr->Assign(1, val_mgr->GetCount(len));
|
||||
l2_hdr->Assign(2, val_mgr->GetCount(cap_len));
|
||||
l2_hdr->Assign(1, val_mgr->Count(len));
|
||||
l2_hdr->Assign(2, val_mgr->Count(cap_len));
|
||||
|
||||
l2_hdr->Assign(8, BifType::Enum::layer3_proto->GetVal(l3));
|
||||
|
||||
|
|
|
|||
|
|
@ -875,7 +875,7 @@ int main(int argc, char** argv)
|
|||
|
||||
mgr.Enqueue(zeek_script_loaded,
|
||||
make_intrusive<StringVal>(i->name.c_str()),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(i->include_level)}
|
||||
val_mgr->Count(i->include_level)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1319,8 +1319,7 @@ index_slice:
|
|||
set_location(@1, @6);
|
||||
|
||||
auto low = $3 ? IntrusivePtr<Expr>{AdoptRef{}, $3} :
|
||||
make_intrusive<ConstExpr>(
|
||||
IntrusivePtr<Val>{AdoptRef{}, val_mgr->GetCount(0)});
|
||||
make_intrusive<ConstExpr>(val_mgr->Count(0));
|
||||
|
||||
auto high = $5 ? IntrusivePtr<Expr>{AdoptRef{}, $5} :
|
||||
make_intrusive<SizeExpr>(
|
||||
|
|
|
|||
|
|
@ -180,9 +180,9 @@ function bloomfilter_lookup%(bf: opaque of bloomfilter, x: any%): count
|
|||
reporter->Error("incompatible Bloom filter types");
|
||||
|
||||
else
|
||||
return val_mgr->GetCount(static_cast<uint64_t>(bfv->Count(x)));
|
||||
return val_mgr->Count(static_cast<uint64_t>(bfv->Count(x)));
|
||||
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
%}
|
||||
|
||||
## Removes all elements from a Bloom filter. This function resets all bits in
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ function topk_count%(handle: opaque of topk, value: any%): count
|
|||
%{
|
||||
assert(handle);
|
||||
probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle;
|
||||
return val_mgr->GetCount(h->GetCount(value));
|
||||
return val_mgr->Count(h->GetCount(value));
|
||||
%}
|
||||
|
||||
## Get the maximal overestimation for count.
|
||||
|
|
@ -94,7 +94,7 @@ function topk_epsilon%(handle: opaque of topk, value: any%): count
|
|||
%{
|
||||
assert(handle);
|
||||
probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle;
|
||||
return val_mgr->GetCount(h->GetEpsilon(value));
|
||||
return val_mgr->Count(h->GetEpsilon(value));
|
||||
%}
|
||||
|
||||
## Get the number of elements this data structure is supposed to track (given
|
||||
|
|
@ -113,7 +113,7 @@ function topk_size%(handle: opaque of topk%): count
|
|||
%{
|
||||
assert(handle);
|
||||
probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle;
|
||||
return val_mgr->GetCount(h->GetSize());
|
||||
return val_mgr->Count(h->GetSize());
|
||||
%}
|
||||
|
||||
## Get the sum of all counts of all elements in the data structure.
|
||||
|
|
@ -133,7 +133,7 @@ function topk_sum%(handle: opaque of topk%): count
|
|||
%{
|
||||
assert(handle);
|
||||
probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle;
|
||||
return val_mgr->GetCount(h->GetSum());
|
||||
return val_mgr->Count(h->GetSum());
|
||||
%}
|
||||
|
||||
## Merge the second top-k data structure into the first.
|
||||
|
|
|
|||
|
|
@ -193,7 +193,7 @@ function Reporter::set_weird_sampling_whitelist%(weird_sampling_whitelist: strin
|
|||
## Returns: current weird sampling threshold.
|
||||
function Reporter::get_weird_sampling_threshold%(%) : count
|
||||
%{
|
||||
return val_mgr->GetCount(reporter->GetWeirdSamplingThreshold());
|
||||
return val_mgr->Count(reporter->GetWeirdSamplingThreshold());
|
||||
%}
|
||||
|
||||
## Sets the current weird sampling threshold
|
||||
|
|
@ -213,7 +213,7 @@ function Reporter::set_weird_sampling_threshold%(weird_sampling_threshold: count
|
|||
## Returns: weird sampling rate.
|
||||
function Reporter::get_weird_sampling_rate%(%) : count
|
||||
%{
|
||||
return val_mgr->GetCount(reporter->GetWeirdSamplingRate());
|
||||
return val_mgr->Count(reporter->GetWeirdSamplingRate());
|
||||
%}
|
||||
|
||||
## Sets the weird sampling rate.
|
||||
|
|
|
|||
|
|
@ -476,7 +476,7 @@ F RET_CONST(val_mgr->False()->Ref())
|
|||
}
|
||||
|
||||
{D} {
|
||||
RET_CONST(val_mgr->GetCount(static_cast<bro_uint_t>(strtoull(yytext, (char**) NULL, 10))))
|
||||
RET_CONST(val_mgr->Count(static_cast<bro_uint_t>(strtoull(yytext, (char**) NULL, 10))).release())
|
||||
}
|
||||
{FLOAT} RET_CONST(new Val(atof(yytext), TYPE_DOUBLE))
|
||||
|
||||
|
|
@ -524,7 +524,7 @@ F RET_CONST(val_mgr->False()->Ref())
|
|||
{FLOAT}{OWS}msec(s?) RET_CONST(new IntervalVal(atof(yytext),Milliseconds))
|
||||
{FLOAT}{OWS}usec(s?) RET_CONST(new IntervalVal(atof(yytext),Microseconds))
|
||||
|
||||
"0x"{HEX}+ RET_CONST(val_mgr->GetCount(static_cast<bro_uint_t>(strtoull(yytext, 0, 16))))
|
||||
"0x"{HEX}+ RET_CONST(val_mgr->Count(static_cast<bro_uint_t>(strtoull(yytext, 0, 16))).release())
|
||||
|
||||
{H}("."{H})+ RET_CONST(dns_mgr->LookupHost(yytext).release())
|
||||
|
||||
|
|
|
|||
118
src/stats.bif
118
src/stats.bif
|
|
@ -57,10 +57,10 @@ function get_net_stats%(%): NetStats
|
|||
RecordVal* r = new RecordVal(NetStats);
|
||||
int n = 0;
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(recv));
|
||||
r->Assign(n++, val_mgr->GetCount(drop));
|
||||
r->Assign(n++, val_mgr->GetCount(link));
|
||||
r->Assign(n++, val_mgr->GetCount(bytes_recv));
|
||||
r->Assign(n++, val_mgr->Count(recv));
|
||||
r->Assign(n++, val_mgr->Count(drop));
|
||||
r->Assign(n++, val_mgr->Count(link));
|
||||
r->Assign(n++, val_mgr->Count(bytes_recv));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -86,16 +86,16 @@ function get_conn_stats%(%): ConnStats
|
|||
RecordVal* r = new RecordVal(ConnStats);
|
||||
int n = 0;
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(Connection::TotalConnections()));
|
||||
r->Assign(n++, val_mgr->GetCount(Connection::CurrentConnections()));
|
||||
r->Assign(n++, val_mgr->GetCount(sessions->CurrentConnections()));
|
||||
r->Assign(n++, val_mgr->Count(Connection::TotalConnections()));
|
||||
r->Assign(n++, val_mgr->Count(Connection::CurrentConnections()));
|
||||
r->Assign(n++, val_mgr->Count(sessions->CurrentConnections()));
|
||||
|
||||
SessionStats s;
|
||||
if ( sessions )
|
||||
sessions->GetStats(s);
|
||||
|
||||
#define ADD_STAT(x) \
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(sessions ? x : 0)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(sessions ? x : 0)));
|
||||
|
||||
ADD_STAT(s.num_packets);
|
||||
ADD_STAT(s.num_fragments);
|
||||
|
|
@ -110,7 +110,7 @@ function get_conn_stats%(%): ConnStats
|
|||
ADD_STAT(s.max_ICMP_conns);
|
||||
ADD_STAT(s.cumulative_ICMP_conns);
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(killed_by_inactivity));
|
||||
r->Assign(n++, val_mgr->Count(killed_by_inactivity));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -147,9 +147,9 @@ function get_proc_stats%(%): ProcStats
|
|||
double(ru.ru_stime.tv_sec) + double(ru.ru_stime.tv_usec) / 1e6;
|
||||
|
||||
#ifdef DEBUG
|
||||
r->Assign(n++, val_mgr->GetCount(1));
|
||||
r->Assign(n++, val_mgr->Count(1));
|
||||
#else
|
||||
r->Assign(n++, val_mgr->GetCount(0));
|
||||
r->Assign(n++, val_mgr->Count(0));
|
||||
#endif
|
||||
|
||||
r->Assign(n++, make_intrusive<Val>(bro_start_time, TYPE_TIME));
|
||||
|
|
@ -160,14 +160,14 @@ function get_proc_stats%(%): ProcStats
|
|||
|
||||
uint64_t total_mem;
|
||||
get_memory_usage(&total_mem, NULL);
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(total_mem)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(total_mem)));
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_minflt)));
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_majflt)));
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_nswap)));
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_inblock)));
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_oublock)));
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_nivcsw)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(ru.ru_minflt)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(ru.ru_majflt)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(ru.ru_nswap)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(ru.ru_inblock)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(ru.ru_oublock)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(ru.ru_nivcsw)));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -193,8 +193,8 @@ function get_event_stats%(%): EventStats
|
|||
RecordVal* r = new RecordVal(EventStats);
|
||||
int n = 0;
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(num_events_queued));
|
||||
r->Assign(n++, val_mgr->GetCount(num_events_dispatched));
|
||||
r->Assign(n++, val_mgr->Count(num_events_queued));
|
||||
r->Assign(n++, val_mgr->Count(num_events_dispatched));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -220,10 +220,10 @@ function get_reassembler_stats%(%): ReassemblerStats
|
|||
RecordVal* r = new RecordVal(ReassemblerStats);
|
||||
int n = 0;
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(Reassembler::MemoryAllocation(REASSEM_FILE)));
|
||||
r->Assign(n++, val_mgr->GetCount(Reassembler::MemoryAllocation(REASSEM_FRAG)));
|
||||
r->Assign(n++, val_mgr->GetCount(Reassembler::MemoryAllocation(REASSEM_TCP)));
|
||||
r->Assign(n++, val_mgr->GetCount(Reassembler::MemoryAllocation(REASSEM_UNKNOWN)));
|
||||
r->Assign(n++, val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_FILE)));
|
||||
r->Assign(n++, val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_FRAG)));
|
||||
r->Assign(n++, val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_TCP)));
|
||||
r->Assign(n++, val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_UNKNOWN)));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -252,12 +252,12 @@ function get_dns_stats%(%): DNSStats
|
|||
DNS_Mgr::Stats dstats;
|
||||
dns_mgr->GetStats(&dstats);
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(dstats.requests)));
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(dstats.successful)));
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(dstats.failed)));
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(dstats.pending)));
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(dstats.cached_hosts)));
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(dstats.cached_addresses)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(dstats.requests)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(dstats.successful)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(dstats.failed)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(dstats.pending)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(dstats.cached_hosts)));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(dstats.cached_addresses)));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -283,9 +283,9 @@ function get_timer_stats%(%): TimerStats
|
|||
RecordVal* r = new RecordVal(TimerStats);
|
||||
int n = 0;
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(timer_mgr->Size())));
|
||||
r->Assign(n++, val_mgr->GetCount(unsigned(timer_mgr->PeakSize())));
|
||||
r->Assign(n++, val_mgr->GetCount(timer_mgr->CumulativeNum()));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(timer_mgr->Size())));
|
||||
r->Assign(n++, val_mgr->Count(unsigned(timer_mgr->PeakSize())));
|
||||
r->Assign(n++, val_mgr->Count(timer_mgr->CumulativeNum()));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -311,9 +311,9 @@ function get_file_analysis_stats%(%): FileAnalysisStats
|
|||
RecordVal* r = new RecordVal(FileAnalysisStats);
|
||||
int n = 0;
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(file_mgr->CurrentFiles()));
|
||||
r->Assign(n++, val_mgr->GetCount(file_mgr->MaxFiles()));
|
||||
r->Assign(n++, val_mgr->GetCount(file_mgr->CumulativeFiles()));
|
||||
r->Assign(n++, val_mgr->Count(file_mgr->CurrentFiles()));
|
||||
r->Assign(n++, val_mgr->Count(file_mgr->MaxFiles()));
|
||||
r->Assign(n++, val_mgr->Count(file_mgr->CumulativeFiles()));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -339,7 +339,7 @@ function get_thread_stats%(%): ThreadStats
|
|||
RecordVal* r = new RecordVal(ThreadStats);
|
||||
int n = 0;
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(thread_mgr->NumThreads()));
|
||||
r->Assign(n++, val_mgr->Count(thread_mgr->NumThreads()));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -365,10 +365,10 @@ function get_gap_stats%(%): GapStats
|
|||
RecordVal* r = new RecordVal(GapStats);
|
||||
int n = 0;
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(tot_ack_events));
|
||||
r->Assign(n++, val_mgr->GetCount(tot_ack_bytes));
|
||||
r->Assign(n++, val_mgr->GetCount(tot_gap_events));
|
||||
r->Assign(n++, val_mgr->GetCount(tot_gap_bytes));
|
||||
r->Assign(n++, val_mgr->Count(tot_ack_events));
|
||||
r->Assign(n++, val_mgr->Count(tot_ack_bytes));
|
||||
r->Assign(n++, val_mgr->Count(tot_gap_events));
|
||||
r->Assign(n++, val_mgr->Count(tot_gap_bytes));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -402,13 +402,13 @@ function get_matcher_stats%(%): MatcherStats
|
|||
if ( rule_matcher )
|
||||
rule_matcher->GetStats(&s);
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(s.matchers));
|
||||
r->Assign(n++, val_mgr->GetCount(s.nfa_states));
|
||||
r->Assign(n++, val_mgr->GetCount(s.dfa_states));
|
||||
r->Assign(n++, val_mgr->GetCount(s.computed));
|
||||
r->Assign(n++, val_mgr->GetCount(s.mem));
|
||||
r->Assign(n++, val_mgr->GetCount(s.hits));
|
||||
r->Assign(n++, val_mgr->GetCount(s.misses));
|
||||
r->Assign(n++, val_mgr->Count(s.matchers));
|
||||
r->Assign(n++, val_mgr->Count(s.nfa_states));
|
||||
r->Assign(n++, val_mgr->Count(s.dfa_states));
|
||||
r->Assign(n++, val_mgr->Count(s.computed));
|
||||
r->Assign(n++, val_mgr->Count(s.mem));
|
||||
r->Assign(n++, val_mgr->Count(s.hits));
|
||||
r->Assign(n++, val_mgr->Count(s.misses));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -436,15 +436,15 @@ function get_broker_stats%(%): BrokerStats
|
|||
int n = 0;
|
||||
|
||||
auto cs = broker_mgr->GetStatistics();
|
||||
r->Assign(n++, val_mgr->GetCount(static_cast<uint64_t>(cs.num_peers)));
|
||||
r->Assign(n++, val_mgr->GetCount(static_cast<uint64_t>(cs.num_stores)));
|
||||
r->Assign(n++, val_mgr->GetCount(static_cast<uint64_t>(cs.num_pending_queries)));
|
||||
r->Assign(n++, val_mgr->GetCount(static_cast<uint64_t>(cs.num_events_incoming)));
|
||||
r->Assign(n++, val_mgr->GetCount(static_cast<uint64_t>(cs.num_events_outgoing)));
|
||||
r->Assign(n++, val_mgr->GetCount(static_cast<uint64_t>(cs.num_logs_incoming)));
|
||||
r->Assign(n++, val_mgr->GetCount(static_cast<uint64_t>(cs.num_logs_outgoing)));
|
||||
r->Assign(n++, val_mgr->GetCount(static_cast<uint64_t>(cs.num_ids_incoming)));
|
||||
r->Assign(n++, val_mgr->GetCount(static_cast<uint64_t>(cs.num_ids_outgoing)));
|
||||
r->Assign(n++, val_mgr->Count(static_cast<uint64_t>(cs.num_peers)));
|
||||
r->Assign(n++, val_mgr->Count(static_cast<uint64_t>(cs.num_stores)));
|
||||
r->Assign(n++, val_mgr->Count(static_cast<uint64_t>(cs.num_pending_queries)));
|
||||
r->Assign(n++, val_mgr->Count(static_cast<uint64_t>(cs.num_events_incoming)));
|
||||
r->Assign(n++, val_mgr->Count(static_cast<uint64_t>(cs.num_events_outgoing)));
|
||||
r->Assign(n++, val_mgr->Count(static_cast<uint64_t>(cs.num_logs_incoming)));
|
||||
r->Assign(n++, val_mgr->Count(static_cast<uint64_t>(cs.num_logs_outgoing)));
|
||||
r->Assign(n++, val_mgr->Count(static_cast<uint64_t>(cs.num_ids_incoming)));
|
||||
r->Assign(n++, val_mgr->Count(static_cast<uint64_t>(cs.num_ids_outgoing)));
|
||||
|
||||
return r;
|
||||
%}
|
||||
|
|
@ -475,11 +475,11 @@ function get_reporter_stats%(%): ReporterStats
|
|||
for ( auto& kv : reporter->GetWeirdsByType() )
|
||||
{
|
||||
Val* weird = new StringVal(kv.first);
|
||||
weirds_by_type->Assign(weird, val_mgr->GetCount(kv.second));
|
||||
weirds_by_type->Assign(weird, val_mgr->Count(kv.second));
|
||||
Unref(weird);
|
||||
}
|
||||
|
||||
r->Assign(n++, val_mgr->GetCount(reporter->GetWeirdCount()));
|
||||
r->Assign(n++, val_mgr->Count(reporter->GetWeirdCount()));
|
||||
r->Assign(n++, weirds_by_type);
|
||||
|
||||
return r;
|
||||
|
|
|
|||
|
|
@ -25,10 +25,10 @@ function levenshtein_distance%(s1: string, s2: string%): count
|
|||
unsigned int m = s2->Len();
|
||||
|
||||
if ( ! n )
|
||||
return val_mgr->GetCount(m);
|
||||
return val_mgr->Count(m);
|
||||
|
||||
if ( ! m )
|
||||
return val_mgr->GetCount(n);
|
||||
return val_mgr->Count(n);
|
||||
|
||||
vector<vector<unsigned int> > d(n + 1, vector<unsigned int>(m + 1));
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ function levenshtein_distance%(s1: string, s2: string%): count
|
|||
d[i-1][j-1] + (s1->Bytes()[i-1] == s2->Bytes()[j-1] ? 0 : 1));
|
||||
}
|
||||
|
||||
return val_mgr->GetCount(d[n][m]);
|
||||
return val_mgr->Count(d[n][m]);
|
||||
%}
|
||||
|
||||
## Concatenates all arguments into a single string. The function takes a
|
||||
|
|
@ -285,9 +285,8 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, int incl_sep, int max_num_sep)
|
|||
n=0;
|
||||
}
|
||||
|
||||
Val* ind = val_mgr->GetCount(++num);
|
||||
a->Assign(ind, make_intrusive<StringVal>(offset, (const char*) s));
|
||||
Unref(ind);
|
||||
auto ind = val_mgr->Count(++num);
|
||||
a->Assign(ind.get(), make_intrusive<StringVal>(offset, (const char*) s));
|
||||
|
||||
// No more separators will be needed if this is the end of string.
|
||||
if ( n <= 0 )
|
||||
|
|
@ -295,9 +294,8 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, int incl_sep, int max_num_sep)
|
|||
|
||||
if ( incl_sep )
|
||||
{ // including the part that matches the pattern
|
||||
ind = val_mgr->GetCount(++num);
|
||||
a->Assign(ind, make_intrusive<StringVal>(end_of_match, (const char*) s+offset));
|
||||
Unref(ind);
|
||||
ind = val_mgr->Count(++num);
|
||||
a->Assign(ind.get(), make_intrusive<StringVal>(end_of_match, (const char*) s+offset));
|
||||
}
|
||||
|
||||
if ( max_num_sep && num_sep >= max_num_sep )
|
||||
|
|
@ -459,7 +457,7 @@ function strcmp%(s1: string, s2: string%): int
|
|||
## .. zeek:see:: find_all find_last
|
||||
function strstr%(big: string, little: string%): count
|
||||
%{
|
||||
return val_mgr->GetCount(
|
||||
return val_mgr->Count(
|
||||
1 + big->AsString()->FindSubstring(little->AsString()));
|
||||
%}
|
||||
|
||||
|
|
|
|||
76
src/zeek.bif
76
src/zeek.bif
|
|
@ -885,7 +885,7 @@ function fnv1a32%(input: any%): count
|
|||
rval *= prime32;
|
||||
}
|
||||
|
||||
return val_mgr->GetCount(rval);
|
||||
return val_mgr->Count(rval);
|
||||
%}
|
||||
|
||||
## Calculates a weight value for use in a Rendezvous Hashing algorithm.
|
||||
|
|
@ -912,7 +912,7 @@ function hrw_weight%(key_digest: count, site_id: count%): count
|
|||
|
||||
uint32_t rval = (a * ((a * si + b) ^ d) + b) % m;
|
||||
|
||||
return val_mgr->GetCount(rval);
|
||||
return val_mgr->Count(rval);
|
||||
%}
|
||||
|
||||
## Generates a random number.
|
||||
|
|
@ -930,7 +930,7 @@ function hrw_weight%(key_digest: count, site_id: count%): count
|
|||
function rand%(max: count%): count
|
||||
%{
|
||||
auto result = bro_uint_t(double(max) * double(bro_random()) / (RAND_MAX + 1.0));
|
||||
return val_mgr->GetCount(result);
|
||||
return val_mgr->Count(result);
|
||||
%}
|
||||
|
||||
## Sets the seed for subsequent :zeek:id:`rand` calls.
|
||||
|
|
@ -1248,7 +1248,7 @@ function same_object%(o1: any, o2: any%): bool
|
|||
## Returns: The number of bytes that *v* occupies.
|
||||
function val_size%(v: any%): count
|
||||
%{
|
||||
return val_mgr->GetCount(v->MemoryAllocation());
|
||||
return val_mgr->Count(v->MemoryAllocation());
|
||||
%}
|
||||
|
||||
## Resizes a vector.
|
||||
|
|
@ -1266,7 +1266,7 @@ function resize%(aggr: any, newsize: count%) : count
|
|||
return 0;
|
||||
}
|
||||
|
||||
return val_mgr->GetCount(aggr->AsVectorVal()->Resize(newsize));
|
||||
return val_mgr->Count(aggr->AsVectorVal()->Resize(newsize));
|
||||
%}
|
||||
|
||||
## Tests whether a boolean vector (``vector of bool``) has *any* true
|
||||
|
|
@ -1541,7 +1541,7 @@ function order%(v: any, ...%) : index_vec
|
|||
for ( i = 0; i < n; ++i )
|
||||
{
|
||||
int ind = ind_vv[i];
|
||||
result_v->Assign(i, val_mgr->GetCount(ind));
|
||||
result_v->Assign(i, val_mgr->Count(ind));
|
||||
}
|
||||
|
||||
return result_v;
|
||||
|
|
@ -1791,7 +1791,7 @@ function log10%(d: double%): double
|
|||
## none.
|
||||
function current_analyzer%(%) : count
|
||||
%{
|
||||
return val_mgr->GetCount(mgr.CurrentAnalyzer());
|
||||
return val_mgr->Count(mgr.CurrentAnalyzer());
|
||||
%}
|
||||
|
||||
## Returns Zeek's process ID.
|
||||
|
|
@ -1799,7 +1799,7 @@ function current_analyzer%(%) : count
|
|||
## Returns: Zeek's process ID.
|
||||
function getpid%(%) : count
|
||||
%{
|
||||
return val_mgr->GetCount(getpid());
|
||||
return val_mgr->Count(getpid());
|
||||
%}
|
||||
|
||||
%%{
|
||||
|
|
@ -1902,7 +1902,7 @@ function packet_source%(%): PacketSource
|
|||
r->Assign(0, val_mgr->Bool(ps->IsLive()));
|
||||
r->Assign(1, make_intrusive<StringVal>(ps->Path()));
|
||||
r->Assign(2, val_mgr->Int(ps->LinkType()));
|
||||
r->Assign(3, val_mgr->GetCount(ps->Netmask()));
|
||||
r->Assign(3, val_mgr->Count(ps->Netmask()));
|
||||
}
|
||||
|
||||
return r.release();
|
||||
|
|
@ -1925,8 +1925,8 @@ function global_sizes%(%): var_sizes
|
|||
if ( id->HasVal() )
|
||||
{
|
||||
Val* id_name = new StringVal(id->Name());
|
||||
Val* id_size = val_mgr->GetCount(id->ID_Val()->MemoryAllocation());
|
||||
sizes->Assign(id_name, id_size);
|
||||
auto id_size = val_mgr->Count(id->ID_Val()->MemoryAllocation());
|
||||
sizes->Assign(id_name, std::move(id_size));
|
||||
Unref(id_name);
|
||||
}
|
||||
}
|
||||
|
|
@ -2228,7 +2228,7 @@ function addr_to_counts%(a: addr%): index_vec
|
|||
int len = a->AsAddr().GetBytes(&bytes);
|
||||
|
||||
for ( int i = 0; i < len; ++i )
|
||||
rval->Assign(i, val_mgr->GetCount(ntohl(bytes[i])));
|
||||
rval->Assign(i, val_mgr->Count(ntohl(bytes[i])));
|
||||
|
||||
return rval;
|
||||
%}
|
||||
|
|
@ -2316,7 +2316,7 @@ function int_to_count%(n: int%): count
|
|||
builtin_error("bad conversion to count", @ARG@[0]);
|
||||
n = 0;
|
||||
}
|
||||
return val_mgr->GetCount(n);
|
||||
return val_mgr->Count(n);
|
||||
%}
|
||||
|
||||
## Converts a :zeek:type:`double` to a :zeek:type:`count`.
|
||||
|
|
@ -2331,7 +2331,7 @@ function double_to_count%(d: double%): count
|
|||
if ( d < 0.0 )
|
||||
builtin_error("bad conversion to count", @ARG@[0]);
|
||||
|
||||
return val_mgr->GetCount(bro_uint_t(rint(d)));
|
||||
return val_mgr->Count(bro_uint_t(rint(d)));
|
||||
%}
|
||||
|
||||
## Converts a :zeek:type:`string` to a :zeek:type:`count`.
|
||||
|
|
@ -2355,7 +2355,7 @@ function to_count%(str: string%): count
|
|||
u = 0;
|
||||
}
|
||||
|
||||
return val_mgr->GetCount(u);
|
||||
return val_mgr->Count(u);
|
||||
%}
|
||||
|
||||
## Converts an :zeek:type:`interval` to a :zeek:type:`double`.
|
||||
|
|
@ -2415,7 +2415,7 @@ function double_to_interval%(d: double%): interval
|
|||
## .. zeek:see:: count_to_port
|
||||
function port_to_count%(p: port%): count
|
||||
%{
|
||||
return val_mgr->GetCount(p->Port());
|
||||
return val_mgr->Count(p->Port());
|
||||
%}
|
||||
|
||||
## Converts a :zeek:type:`count` and ``transport_proto`` to a :zeek:type:`port`.
|
||||
|
|
@ -2529,7 +2529,7 @@ function subnet_to_addr%(sn: subnet%): addr
|
|||
## .. zeek:see:: to_subnet
|
||||
function subnet_width%(sn: subnet%): count
|
||||
%{
|
||||
return val_mgr->GetCount(sn->Width());
|
||||
return val_mgr->Count(sn->Width());
|
||||
%}
|
||||
|
||||
## Converts a :zeek:type:`string` to a :zeek:type:`double`.
|
||||
|
|
@ -2673,7 +2673,7 @@ function bytestring_to_count%(s: string, is_le: bool &default=F%): count
|
|||
{
|
||||
uint8_t value = 0;
|
||||
memcpy(&value, p, sizeof(uint8_t));
|
||||
return val_mgr->GetCount(value);
|
||||
return val_mgr->Count(value);
|
||||
}
|
||||
|
||||
case sizeof(uint16_t):
|
||||
|
|
@ -2693,7 +2693,7 @@ function bytestring_to_count%(s: string, is_le: bool &default=F%): count
|
|||
else
|
||||
memcpy(&value, p, sizeof(uint16_t));
|
||||
|
||||
return val_mgr->GetCount(value);
|
||||
return val_mgr->Count(value);
|
||||
}
|
||||
|
||||
case sizeof(uint32_t):
|
||||
|
|
@ -2713,7 +2713,7 @@ function bytestring_to_count%(s: string, is_le: bool &default=F%): count
|
|||
else
|
||||
memcpy(&value, p, sizeof(uint32_t));
|
||||
|
||||
return val_mgr->GetCount(value);
|
||||
return val_mgr->Count(value);
|
||||
}
|
||||
|
||||
case sizeof(uint64_t):
|
||||
|
|
@ -2733,12 +2733,12 @@ function bytestring_to_count%(s: string, is_le: bool &default=F%): count
|
|||
else
|
||||
memcpy(&value, p, sizeof(uint64_t));
|
||||
|
||||
return val_mgr->GetCount(value);
|
||||
return val_mgr->Count(value);
|
||||
}
|
||||
}
|
||||
|
||||
builtin_error("unsupported byte length for bytestring_to_count");
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
%}
|
||||
|
||||
## Converts a reverse pointer name to an address. For example,
|
||||
|
|
@ -3314,12 +3314,12 @@ function lookup_connection%(cid: conn_id%): connection
|
|||
c->Assign(0, id_val);
|
||||
|
||||
auto orig_endp = make_intrusive<RecordVal>(endpoint);
|
||||
orig_endp->Assign(0, val_mgr->GetCount(0));
|
||||
orig_endp->Assign(1, val_mgr->GetCount(int(0)));
|
||||
orig_endp->Assign(0, val_mgr->Count(0));
|
||||
orig_endp->Assign(1, val_mgr->Count(int(0)));
|
||||
|
||||
auto resp_endp = make_intrusive<RecordVal>(endpoint);
|
||||
resp_endp->Assign(0, val_mgr->GetCount(0));
|
||||
resp_endp->Assign(1, val_mgr->GetCount(int(0)));
|
||||
resp_endp->Assign(0, val_mgr->Count(0));
|
||||
resp_endp->Assign(1, val_mgr->Count(int(0)));
|
||||
|
||||
c->Assign(1, std::move(orig_endp));
|
||||
c->Assign(2, std::move(resp_endp));
|
||||
|
|
@ -3394,19 +3394,19 @@ function get_current_packet%(%) : pcap_packet
|
|||
if ( ! current_pktsrc ||
|
||||
! current_pktsrc->GetCurrentPacket(&p) )
|
||||
{
|
||||
pkt->Assign(0, val_mgr->GetCount(0));
|
||||
pkt->Assign(1, val_mgr->GetCount(0));
|
||||
pkt->Assign(2, val_mgr->GetCount(0));
|
||||
pkt->Assign(3, val_mgr->GetCount(0));
|
||||
pkt->Assign(0, val_mgr->Count(0));
|
||||
pkt->Assign(1, val_mgr->Count(0));
|
||||
pkt->Assign(2, val_mgr->Count(0));
|
||||
pkt->Assign(3, val_mgr->Count(0));
|
||||
pkt->Assign(4, val_mgr->GetEmptyString());
|
||||
pkt->Assign(5, BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN));
|
||||
return pkt;
|
||||
}
|
||||
|
||||
pkt->Assign(0, val_mgr->GetCount(uint32_t(p->ts.tv_sec)));
|
||||
pkt->Assign(1, val_mgr->GetCount(uint32_t(p->ts.tv_usec)));
|
||||
pkt->Assign(2, val_mgr->GetCount(p->cap_len));
|
||||
pkt->Assign(3, val_mgr->GetCount(p->len));
|
||||
pkt->Assign(0, val_mgr->Count(uint32_t(p->ts.tv_sec)));
|
||||
pkt->Assign(1, val_mgr->Count(uint32_t(p->ts.tv_usec)));
|
||||
pkt->Assign(2, val_mgr->Count(p->cap_len));
|
||||
pkt->Assign(3, val_mgr->Count(p->len));
|
||||
pkt->Assign(4, make_intrusive<StringVal>(p->cap_len, (const char*)p->data));
|
||||
pkt->Assign(5, BifType::Enum::link_encap->GetVal(p->link_type));
|
||||
|
||||
|
|
@ -3860,7 +3860,7 @@ static Val* mmdb_getvalue(MMDB_entry_data_s* entry_data, int status,
|
|||
break;
|
||||
|
||||
case MMDB_DATA_TYPE_UINT32:
|
||||
return val_mgr->GetCount(entry_data->uint32);
|
||||
return val_mgr->Count(entry_data->uint32);
|
||||
|
||||
default:
|
||||
break;
|
||||
|
|
@ -4072,7 +4072,7 @@ function lookup_asn%(a: addr%) : count
|
|||
builtin_error("Failed to open GeoIP ASN database");
|
||||
}
|
||||
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -4087,7 +4087,7 @@ function lookup_asn%(a: addr%) : count
|
|||
status = MMDB_get_value(&result.entry, &entry_data,
|
||||
"autonomous_system_number", nullptr);
|
||||
Val* asn = mmdb_getvalue(&entry_data, status, MMDB_DATA_TYPE_UINT32);
|
||||
return asn == nullptr ? val_mgr->GetCount(0) : asn;
|
||||
return asn == nullptr ? val_mgr->Count(0) : asn;
|
||||
}
|
||||
|
||||
#else // not USE_GEOIP
|
||||
|
|
@ -4103,7 +4103,7 @@ function lookup_asn%(a: addr%) : count
|
|||
// We can get here even if we have GeoIP support, if we weren't
|
||||
// able to initialize it or it didn't return any information for
|
||||
// the address.
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
%}
|
||||
|
||||
## Calculates distance between two geographic locations using the haversine
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue