From 9400b863ea0873cec56e734c8fc524805bb1af02 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Wed, 1 Jul 2020 18:21:38 -0700 Subject: [PATCH] Move all base analyzer classes to zeek::analyzer namespace --- auxil/bifcl | 2 +- src/Conn.cc | 22 +++++----- src/Conn.h | 33 +++++++------- src/Event.cc | 4 +- src/Event.h | 18 ++++---- src/Reporter.cc | 3 +- src/Reporter.h | 4 +- src/RuleAction.cc | 16 +++---- src/RuleAction.h | 8 ++-- src/RuleCondition.cc | 2 +- src/RuleMatcher.cc | 6 +-- src/RuleMatcher.h | 12 ++--- src/Sessions.cc | 2 +- src/analyzer/Analyzer.cc | 8 ++-- src/analyzer/Analyzer.h | 33 +++++++++----- src/analyzer/Component.cc | 4 +- src/analyzer/Component.h | 12 +++-- src/analyzer/Manager.cc | 44 +++++++++---------- src/analyzer/Manager.h | 13 +++++- src/analyzer/Tag.cc | 18 ++++---- src/analyzer/Tag.h | 12 +++-- src/analyzer/analyzer.bif | 14 +++--- src/analyzer/protocol/ayiya/AYIYA.h | 4 +- src/analyzer/protocol/ayiya/Plugin.cc | 2 +- src/analyzer/protocol/bittorrent/BitTorrent.h | 2 +- .../protocol/bittorrent/BitTorrentTracker.h | 2 +- src/analyzer/protocol/bittorrent/Plugin.cc | 4 +- src/analyzer/protocol/conn-size/ConnSize.h | 4 +- src/analyzer/protocol/conn-size/Plugin.cc | 2 +- src/analyzer/protocol/conn-size/functions.bif | 28 ++++++------ src/analyzer/protocol/dce-rpc/DCE_RPC.h | 2 +- src/analyzer/protocol/dce-rpc/Plugin.cc | 2 +- .../protocol/dce-rpc/dce_rpc-auth.pac | 8 ++-- src/analyzer/protocol/dhcp/DHCP.h | 4 +- src/analyzer/protocol/dhcp/Plugin.cc | 2 +- src/analyzer/protocol/dnp3/DNP3.cc | 2 +- src/analyzer/protocol/dnp3/DNP3.h | 8 ++-- src/analyzer/protocol/dnp3/Plugin.cc | 4 +- src/analyzer/protocol/dns/DNS.cc | 4 +- src/analyzer/protocol/dns/DNS.h | 6 +-- src/analyzer/protocol/dns/Plugin.cc | 4 +- src/analyzer/protocol/file/File.h | 2 +- src/analyzer/protocol/file/Plugin.cc | 4 +- src/analyzer/protocol/finger/Finger.h | 4 +- src/analyzer/protocol/finger/Plugin.cc | 2 +- src/analyzer/protocol/ftp/FTP.cc | 2 +- src/analyzer/protocol/ftp/FTP.h | 4 +- src/analyzer/protocol/ftp/Plugin.cc | 4 +- src/analyzer/protocol/gnutella/Gnutella.cc | 4 +- src/analyzer/protocol/gnutella/Gnutella.h | 2 +- src/analyzer/protocol/gnutella/Plugin.cc | 2 +- src/analyzer/protocol/gssapi/GSSAPI.h | 2 +- src/analyzer/protocol/gssapi/Plugin.cc | 2 +- .../protocol/gssapi/gssapi-analyzer.pac | 9 ++-- src/analyzer/protocol/gtpv1/GTPv1.h | 4 +- src/analyzer/protocol/gtpv1/Plugin.cc | 2 +- src/analyzer/protocol/http/HTTP.cc | 4 +- src/analyzer/protocol/http/HTTP.h | 4 +- src/analyzer/protocol/http/Plugin.cc | 2 +- src/analyzer/protocol/http/functions.bif | 6 +-- src/analyzer/protocol/icmp/ICMP.h | 4 +- src/analyzer/protocol/icmp/Plugin.cc | 2 +- src/analyzer/protocol/ident/Ident.h | 2 +- src/analyzer/protocol/ident/Plugin.cc | 2 +- src/analyzer/protocol/imap/IMAP.cc | 2 +- src/analyzer/protocol/imap/IMAP.h | 2 +- src/analyzer/protocol/imap/Plugin.cc | 2 +- src/analyzer/protocol/irc/IRC.cc | 2 +- src/analyzer/protocol/irc/IRC.h | 2 +- src/analyzer/protocol/irc/Plugin.cc | 2 +- src/analyzer/protocol/krb/KRB.h | 4 +- src/analyzer/protocol/krb/KRB_TCP.h | 2 +- src/analyzer/protocol/krb/Plugin.cc | 4 +- src/analyzer/protocol/login/Plugin.cc | 14 +++--- src/analyzer/protocol/login/RSH.h | 2 +- src/analyzer/protocol/login/Rlogin.h | 2 +- src/analyzer/protocol/login/Telnet.h | 4 +- src/analyzer/protocol/login/functions.bif | 8 ++-- src/analyzer/protocol/mime/MIME.cc | 4 +- src/analyzer/protocol/mime/MIME.h | 8 ++-- src/analyzer/protocol/modbus/Modbus.h | 4 +- src/analyzer/protocol/modbus/Plugin.cc | 2 +- src/analyzer/protocol/mqtt/MQTT.h | 2 +- src/analyzer/protocol/mqtt/Plugin.cc | 2 +- src/analyzer/protocol/mysql/MySQL.h | 2 +- src/analyzer/protocol/mysql/Plugin.cc | 2 +- src/analyzer/protocol/ncp/NCP.cc | 2 +- src/analyzer/protocol/ncp/NCP.h | 6 +-- src/analyzer/protocol/ncp/Plugin.cc | 4 +- src/analyzer/protocol/netbios/NetbiosSSN.cc | 4 +- src/analyzer/protocol/netbios/NetbiosSSN.h | 6 +-- src/analyzer/protocol/netbios/Plugin.cc | 4 +- src/analyzer/protocol/ntlm/NTLM.h | 2 +- src/analyzer/protocol/ntlm/Plugin.cc | 2 +- src/analyzer/protocol/ntp/NTP.cc | 2 +- src/analyzer/protocol/ntp/NTP.h | 4 +- src/analyzer/protocol/ntp/Plugin.cc | 2 +- src/analyzer/protocol/pia/PIA.cc | 18 ++++---- src/analyzer/protocol/pia/PIA.h | 30 ++++++------- src/analyzer/protocol/pia/Plugin.cc | 4 +- src/analyzer/protocol/pop3/POP3.cc | 2 +- src/analyzer/protocol/pop3/POP3.h | 2 +- src/analyzer/protocol/pop3/Plugin.cc | 2 +- src/analyzer/protocol/radius/Plugin.cc | 2 +- src/analyzer/protocol/radius/RADIUS.cc | 2 +- src/analyzer/protocol/radius/RADIUS.h | 4 +- src/analyzer/protocol/rdp/Plugin.cc | 4 +- src/analyzer/protocol/rdp/RDP.h | 2 +- src/analyzer/protocol/rdp/RDPEUDP.cc | 2 +- src/analyzer/protocol/rdp/RDPEUDP.h | 4 +- src/analyzer/protocol/rfb/Plugin.cc | 2 +- src/analyzer/protocol/rfb/RFB.h | 3 +- src/analyzer/protocol/rpc/MOUNT.h | 4 +- src/analyzer/protocol/rpc/NFS.h | 4 +- src/analyzer/protocol/rpc/Plugin.cc | 10 ++--- src/analyzer/protocol/rpc/Portmap.h | 4 +- src/analyzer/protocol/rpc/RPC.cc | 2 +- src/analyzer/protocol/rpc/RPC.h | 4 +- src/analyzer/protocol/sip/Plugin.cc | 4 +- src/analyzer/protocol/sip/SIP.cc | 2 +- src/analyzer/protocol/sip/SIP.h | 4 +- src/analyzer/protocol/sip/SIP_TCP.h | 2 +- src/analyzer/protocol/smb/Plugin.cc | 4 +- src/analyzer/protocol/smb/SMB.h | 2 +- src/analyzer/protocol/smb/smb-gssapi.pac | 8 ++-- src/analyzer/protocol/smb/smb-pipe.pac | 2 +- src/analyzer/protocol/smtp/Plugin.cc | 2 +- src/analyzer/protocol/smtp/SMTP.cc | 2 +- src/analyzer/protocol/smtp/SMTP.h | 2 +- src/analyzer/protocol/smtp/functions.bif | 4 +- src/analyzer/protocol/snmp/Plugin.cc | 2 +- src/analyzer/protocol/snmp/SNMP.h | 4 +- src/analyzer/protocol/socks/Plugin.cc | 2 +- src/analyzer/protocol/socks/SOCKS.h | 2 +- src/analyzer/protocol/ssh/Plugin.cc | 2 +- src/analyzer/protocol/ssh/SSH.h | 2 +- src/analyzer/protocol/ssl/DTLS.cc | 2 +- src/analyzer/protocol/ssl/DTLS.h | 4 +- src/analyzer/protocol/ssl/Plugin.cc | 4 +- src/analyzer/protocol/ssl/SSL.h | 2 +- src/analyzer/protocol/ssl/functions.bif | 4 +- .../protocol/stepping-stone/Plugin.cc | 2 +- .../protocol/stepping-stone/SteppingStone.h | 2 +- src/analyzer/protocol/syslog/Plugin.cc | 2 +- src/analyzer/protocol/syslog/Syslog.h | 8 ++-- src/analyzer/protocol/tcp/Plugin.cc | 8 ++-- src/analyzer/protocol/tcp/TCP.cc | 36 +++++++-------- src/analyzer/protocol/tcp/TCP.h | 24 +++++----- src/analyzer/protocol/tcp/TCP_Reassembler.cc | 8 ++-- src/analyzer/protocol/tcp/TCP_Reassembler.h | 15 +++---- src/analyzer/protocol/tcp/functions.bif | 8 ++-- src/analyzer/protocol/teredo/Plugin.cc | 2 +- src/analyzer/protocol/teredo/Teredo.h | 4 +- src/analyzer/protocol/udp/Plugin.cc | 2 +- src/analyzer/protocol/udp/UDP.cc | 2 +- src/analyzer/protocol/udp/UDP.h | 4 +- src/analyzer/protocol/vxlan/Plugin.cc | 2 +- src/analyzer/protocol/vxlan/VXLAN.h | 4 +- src/analyzer/protocol/xmpp/Plugin.cc | 2 +- src/analyzer/protocol/xmpp/XMPP.cc | 2 +- src/analyzer/protocol/xmpp/XMPP.h | 2 +- src/analyzer/protocol/zip/Plugin.cc | 2 +- src/binpac_bro.h | 8 +--- src/file_analysis/File.cc | 2 +- src/file_analysis/File.h | 2 +- src/file_analysis/Manager.cc | 24 +++++----- src/file_analysis/Manager.h | 25 +++++------ src/fuzzers/pop3-fuzzer.cc | 4 +- src/zeek-setup.cc | 21 +++++---- src/zeekygen/Target.cc | 8 ++-- zeek-config.h.in | 13 +++++- 171 files changed, 516 insertions(+), 486 deletions(-) diff --git a/auxil/bifcl b/auxil/bifcl index 20c91e2734..ddcb00d15c 160000 --- a/auxil/bifcl +++ b/auxil/bifcl @@ -1 +1 @@ -Subproject commit 20c91e27342eb1513897702bec47590ffbad5085 +Subproject commit ddcb00d15cab84f1b1d0e82dffa764f278e0c69c diff --git a/src/Conn.cc b/src/Conn.cc index a0f1fcaea0..1db0898f2f 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -411,17 +411,17 @@ const zeek::RecordValPtr& Connection::ConnVal() return conn_val; } -analyzer::Analyzer* Connection::FindAnalyzer(analyzer::ID id) +zeek::analyzer::Analyzer* Connection::FindAnalyzer(zeek::analyzer::ID id) { return root_analyzer ? root_analyzer->FindChild(id) : nullptr; } -analyzer::Analyzer* Connection::FindAnalyzer(const analyzer::Tag& tag) +zeek::analyzer::Analyzer* Connection::FindAnalyzer(const zeek::analyzer::Tag& tag) { return root_analyzer ? root_analyzer->FindChild(tag) : nullptr; } -analyzer::Analyzer* Connection::FindAnalyzer(const char* name) +zeek::analyzer::Analyzer* Connection::FindAnalyzer(const char* name) { return root_analyzer->FindChild(name); } @@ -464,7 +464,7 @@ void Connection::RemovalEvent() EnqueueEvent(successful_connection_remove, nullptr, ConnVal()); } -void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const char* name) +void Connection::Event(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, const char* name) { if ( ! f ) return; @@ -475,7 +475,7 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch EnqueueEvent(f, analyzer, ConnVal()); } -void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2) +void Connection::Event(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2) { if ( ! f ) { @@ -495,7 +495,7 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, zeek::Va zeek::IntrusivePtr{zeek::AdoptRef{}, v1}); } -void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl) +void Connection::ConnectionEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* a, val_list vl) { auto args = zeek::val_list_to_args(vl); @@ -508,14 +508,14 @@ void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_l mgr.Enqueue(f, std::move(args), SOURCE_LOCAL, a ? a->GetID() : 0, this); } -void Connection::ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl) +void Connection::ConnectionEventFast(EventHandlerPtr f, zeek::analyzer::Analyzer* a, val_list vl) { // "this" is passed as a cookie for the event mgr.Enqueue(f, zeek::val_list_to_args(vl), SOURCE_LOCAL, a ? a->GetID() : 0, this); } -void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl) +void Connection::ConnectionEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* a, val_list* vl) { auto args = zeek::val_list_to_args(*vl); delete vl; @@ -524,7 +524,7 @@ void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_l EnqueueEvent(f, a, std::move(args)); } -void Connection::EnqueueEvent(EventHandlerPtr f, analyzer::Analyzer* a, +void Connection::EnqueueEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* a, zeek::Args args) { // "this" is passed as a cookie for the event @@ -604,7 +604,7 @@ void Connection::FlipRoles() if ( root_analyzer ) root_analyzer->FlipRoles(); - analyzer_mgr->ApplyScheduledAnalyzers(this); + zeek::analyzer_mgr->ApplyScheduledAnalyzers(this); AddHistory('^'); } @@ -683,7 +683,7 @@ void Connection::IDString(ODesc* d) const d->Add(ntohs(resp_port)); } -void Connection::SetRootAnalyzer(analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia) +void Connection::SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia) { root_analyzer = analyzer; primary_PIA = pia; diff --git a/src/Conn.h b/src/Conn.h index a8f6864335..3fb7a02d1b 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -31,14 +31,15 @@ class RuleEndpointState; class EncapsulationStack; ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(TransportLayerAnalyzer, zeek, analyzer); +ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); namespace zeek { using ValPtr = zeek::IntrusivePtr; using RecordValPtr = zeek::IntrusivePtr; } -namespace analyzer { class TransportLayerAnalyzer; } - typedef enum { NUL_IN_LINE, SINGULAR_CR, @@ -62,8 +63,6 @@ static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1, return addr1 < addr2 || (addr1 == addr2 && p1 < p2); } -namespace analyzer { class Analyzer; } - class Connection final : public zeek::Obj { public: Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnID* id, @@ -119,9 +118,9 @@ public: void FlipRoles(); - analyzer::Analyzer* FindAnalyzer(analyzer::ID id); - analyzer::Analyzer* FindAnalyzer(const analyzer::Tag& tag); // find first in tree. - analyzer::Analyzer* FindAnalyzer(const char* name); // find first in tree. + zeek::analyzer::Analyzer* FindAnalyzer(zeek::analyzer::ID id); + zeek::analyzer::Analyzer* FindAnalyzer(const zeek::analyzer::Tag& tag); // find first in tree. + zeek::analyzer::Analyzer* FindAnalyzer(const char* name); // find first in tree. TransportProto ConnTransport() const { return proto; } @@ -192,20 +191,20 @@ public: // given that event's first argument will be it, and it's second will be // the connection value. If 'name' is null, then the event's first // argument is the connection value. - void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const char* name = nullptr); + void Event(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, const char* name = nullptr); // If a handler exists for 'f', an event will be generated. In any case, // 'v1' and 'v2' reference counts get decremented. The event's first // argument is the connection value, second argument is 'v1', and if 'v2' // is given that will be it's third argument. [[deprecated("Remove in v4.1. Use EnqueueEvent() instead (note it doesn't automatically add the connection argument).")]] - void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2 = nullptr); + void Event(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2 = nullptr); // If a handler exists for 'f', an event will be generated. In any case, // reference count for each element in the 'vl' list are decremented. The // arguments used for the event are whatevever is provided in 'vl'. [[deprecated("Remove in v4.1. Use EnqueueEvent() instead.")]] - void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, + void ConnectionEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, val_list vl); // Same as ConnectionEvent, except taking the event's argument list via a @@ -213,7 +212,7 @@ public: // memory pointed to by 'vl' and also for decrementing the reference count // of each of its elements. [[deprecated("Remove in v4.1. Use EnqueueEvent() instead.")]] - void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, + void ConnectionEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, val_list* vl); // Queues an event without first checking if there's any available event @@ -225,13 +224,13 @@ public: // it would be a waste of effort to construct all the event arguments when // there's no handlers to consume them). [[deprecated("Remove in v4.1. Use EnqueueEvent() instead.")]] - void ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* analyzer, + void ConnectionEventFast(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, val_list vl); /** * Enqueues an event associated with this connection and given analyzer. */ - void EnqueueEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, + void EnqueueEvent(EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, zeek::Args args); /** @@ -241,7 +240,7 @@ public: std::enable_if_t< std::is_convertible_v< std::tuple_element_t<0, std::tuple>, zeek::ValPtr>> - EnqueueEvent(EventHandlerPtr h, analyzer::Analyzer* analyzer, Args&&... args) + EnqueueEvent(EventHandlerPtr h, zeek::analyzer::Analyzer* analyzer, Args&&... args) { return EnqueueEvent(h, analyzer, zeek::Args{std::forward(args)...}); } void Weird(const char* name, const char* addl = ""); @@ -305,8 +304,8 @@ public: void DeleteTimer(double t); // Sets the root of the analyzer tree as well as the primary PIA. - void SetRootAnalyzer(analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia); - analyzer::TransportLayerAnalyzer* GetRootAnalyzer() { return root_analyzer; } + void SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia); + zeek::analyzer::TransportLayerAnalyzer* GetRootAnalyzer() { return root_analyzer; } analyzer::pia::PIA* GetPrimaryPIA() { return primary_PIA; } // Sets the transport protocol in use. @@ -383,7 +382,7 @@ protected: std::string history; uint32_t hist_seen; - analyzer::TransportLayerAnalyzer* root_analyzer; + zeek::analyzer::TransportLayerAnalyzer* root_analyzer; analyzer::pia::PIA* primary_PIA; Bro::UID uid; // Globally unique connection ID. diff --git a/src/Event.cc b/src/Event.cc index c9012f5ed5..a173215684 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -19,7 +19,7 @@ uint64_t num_events_queued = 0; uint64_t num_events_dispatched = 0; Event::Event(EventHandlerPtr arg_handler, zeek::Args arg_args, - SourceID arg_src, analyzer::ID arg_aid, Obj* arg_obj) + SourceID arg_src, zeek::analyzer::ID arg_aid, Obj* arg_obj) : handler(arg_handler), args(std::move(arg_args)), src(arg_src), @@ -122,7 +122,7 @@ void EventMgr::QueueEvent(const EventHandlerPtr &h, val_list* vl, } void EventMgr::Enqueue(const EventHandlerPtr& h, zeek::Args vl, - SourceID src, analyzer::ID aid, Obj* obj) + SourceID src, zeek::analyzer::ID aid, Obj* obj) { QueueEvent(new Event(h, std::move(vl), src, aid, obj)); } diff --git a/src/Event.h b/src/Event.h index 41620a906a..5028c90029 100644 --- a/src/Event.h +++ b/src/Event.h @@ -17,14 +17,14 @@ class EventMgr; class Event final : public zeek::Obj { public: Event(EventHandlerPtr handler, zeek::Args args, - SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0, zeek::Obj* obj = nullptr); void SetNext(Event* n) { next_event = n; } Event* NextEvent() const { return next_event; } SourceID Source() const { return src; } - analyzer::ID Analyzer() const { return aid; } + zeek::analyzer::ID Analyzer() const { return aid; } EventHandlerPtr Handler() const { return handler; } const zeek::Args& Args() const { return args; } @@ -40,7 +40,7 @@ protected: EventHandlerPtr handler; zeek::Args args; SourceID src; - analyzer::ID aid; + zeek::analyzer::ID aid; zeek::Obj* obj; Event* next_event; }; @@ -63,7 +63,7 @@ public: // arguments when there's no handlers to consume them). [[deprecated("Remove in v4.1. Use Enqueue() instead.")]] void QueueEventFast(const EventHandlerPtr &h, val_list vl, - SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0, TimerMgr* mgr = nullptr, zeek::Obj* obj = nullptr); // Queues an event if there's an event handler (or remote consumer). This @@ -74,7 +74,7 @@ public: // existence check. [[deprecated("Remove in v4.1. Use Enqueue() instead.")]] void QueueEvent(const EventHandlerPtr &h, val_list vl, - SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0, TimerMgr* mgr = nullptr, zeek::Obj* obj = nullptr); // Same as QueueEvent, except taking the event's argument list via a @@ -83,7 +83,7 @@ public: // each of its elements. [[deprecated("Remove in v4.1. Use Enqueue() instead.")]] void QueueEvent(const EventHandlerPtr &h, val_list* vl, - SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0, TimerMgr* mgr = nullptr, zeek::Obj* obj = nullptr); /** @@ -99,7 +99,7 @@ public: * reference to until dispatching the event. */ void Enqueue(const EventHandlerPtr& h, zeek::Args vl, - SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0, zeek::Obj* obj = nullptr); /** @@ -124,7 +124,7 @@ public: // Returns the ID of the analyzer which raised the last event, or 0 if // non-analyzer event. - analyzer::ID CurrentAnalyzer() const { return current_aid; } + zeek::analyzer::ID CurrentAnalyzer() const { return current_aid; } int Size() const { return num_events_queued - num_events_dispatched; } @@ -142,7 +142,7 @@ protected: Event* head; Event* tail; SourceID current_src; - analyzer::ID current_aid; + zeek::analyzer::ID current_aid; zeek::RecordVal* src_val; bool draining; zeek::detail::Flare queue_flare; diff --git a/src/Reporter.cc b/src/Reporter.cc index 893073fac7..3d37243f84 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -196,8 +196,7 @@ void Reporter::InternalError(const char* fmt, ...) abort(); } -void Reporter::AnalyzerError(analyzer::Analyzer* a, const char* fmt, - ...) +void Reporter::AnalyzerError(zeek::analyzer::Analyzer* a, const char* fmt, ...) { if ( a ) a->SetSkip(true); diff --git a/src/Reporter.h b/src/Reporter.h index d82e4d4ac9..9106619e6d 100644 --- a/src/Reporter.h +++ b/src/Reporter.h @@ -15,7 +15,7 @@ #include "BroList.h" #include "net_util.h" -namespace analyzer { class Analyzer; } +ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); namespace file_analysis { class File; } class Connection; class Reporter; @@ -120,7 +120,7 @@ public: // Report an analyzer error. That analyzer will be set to not process // any further input, but Bro otherwise continues normally. - void AnalyzerError(analyzer::Analyzer* a, const char* fmt, ...) __attribute__((format(printf, 3, 4)));; + void AnalyzerError(zeek::analyzer::Analyzer* a, const char* fmt, ...) __attribute__((format(printf, 3, 4)));; // Toggle whether non-fatal messages should be reported through the // scripting layer rather on standard output. Fatal errors are always diff --git a/src/RuleAction.cc b/src/RuleAction.cc index fde44ee464..b7770f60d9 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -49,7 +49,7 @@ RuleActionAnalyzer::RuleActionAnalyzer(const char* arg_analyzer) string str(arg_analyzer); string::size_type pos = str.find(':'); string arg = str.substr(0, pos); - analyzer = analyzer_mgr->GetComponentTag(arg.c_str()); + analyzer = zeek::analyzer_mgr->GetComponentTag(arg.c_str()); if ( ! analyzer ) reporter->Warning("unknown analyzer '%s' specified in rule", arg.c_str()); @@ -57,23 +57,23 @@ RuleActionAnalyzer::RuleActionAnalyzer(const char* arg_analyzer) if ( pos != string::npos ) { arg = str.substr(pos + 1); - child_analyzer = analyzer_mgr->GetComponentTag(arg.c_str()); + child_analyzer = zeek::analyzer_mgr->GetComponentTag(arg.c_str()); if ( ! child_analyzer ) reporter->Warning("unknown analyzer '%s' specified in rule", arg.c_str()); } else - child_analyzer = analyzer::Tag(); + child_analyzer = zeek::analyzer::Tag(); } void RuleActionAnalyzer::PrintDebug() { if ( ! child_analyzer ) - fprintf(stderr, "|%s|\n", analyzer_mgr->GetComponentName(analyzer).c_str()); + fprintf(stderr, "|%s|\n", zeek::analyzer_mgr->GetComponentName(analyzer).c_str()); else fprintf(stderr, "|%s:%s|\n", - analyzer_mgr->GetComponentName(analyzer).c_str(), - analyzer_mgr->GetComponentName(child_analyzer).c_str()); + zeek::analyzer_mgr->GetComponentName(analyzer).c_str(), + zeek::analyzer_mgr->GetComponentName(child_analyzer).c_str()); } @@ -82,7 +82,7 @@ void RuleActionEnable::DoAction(const Rule* parent, RuleEndpointState* state, { if ( ! ChildAnalyzer() ) { - if ( ! analyzer_mgr->IsEnabled(Analyzer()) ) + if ( ! zeek::analyzer_mgr->IsEnabled(Analyzer()) ) return; if ( state->PIA() ) @@ -90,7 +90,7 @@ void RuleActionEnable::DoAction(const Rule* parent, RuleEndpointState* state, } else { - if ( ! analyzer_mgr->IsEnabled(ChildAnalyzer()) ) + if ( ! zeek::analyzer_mgr->IsEnabled(ChildAnalyzer()) ) return; // This is ugly and works only if there exists only one diff --git a/src/RuleAction.h b/src/RuleAction.h index 4719fdea01..3d4fa9475e 100644 --- a/src/RuleAction.h +++ b/src/RuleAction.h @@ -69,12 +69,12 @@ public: void PrintDebug() override; - analyzer::Tag Analyzer() const { return analyzer; } - analyzer::Tag ChildAnalyzer() const { return child_analyzer; } + zeek::analyzer::Tag Analyzer() const { return analyzer; } + zeek::analyzer::Tag ChildAnalyzer() const { return child_analyzer; } private: - analyzer::Tag analyzer; - analyzer::Tag child_analyzer; + zeek::analyzer::Tag analyzer; + zeek::analyzer::Tag child_analyzer; }; class RuleActionEnable : public RuleActionAnalyzer { diff --git a/src/RuleCondition.cc b/src/RuleCondition.cc index bb68a25483..62aa14358c 100644 --- a/src/RuleCondition.cc +++ b/src/RuleCondition.cc @@ -23,7 +23,7 @@ static inline bool is_established(const analyzer::tcp::TCP_Endpoint* e) bool RuleConditionTCPState::DoMatch(Rule* rule, RuleEndpointState* state, const u_char* data, int len) { - analyzer::Analyzer* root = state->GetAnalyzer()->Conn()->GetRootAnalyzer(); + zeek::analyzer::Analyzer* root = state->GetAnalyzer()->Conn()->GetRootAnalyzer(); if ( ! root || ! root->IsAnalyzer("TCP") ) return false; diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 622cac36d6..13a75c141d 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -181,7 +181,7 @@ void RuleHdrTest::PrintDebug() fprintf(stderr, "\n"); } -RuleEndpointState::RuleEndpointState(analyzer::Analyzer* arg_analyzer, bool arg_is_orig, +RuleEndpointState::RuleEndpointState(zeek::analyzer::Analyzer* arg_analyzer, bool arg_is_orig, RuleEndpointState* arg_opposite, analyzer::pia::PIA* arg_PIA) { @@ -736,7 +736,7 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state, return rval; } -RuleEndpointState* RuleMatcher::InitEndpoint(analyzer::Analyzer* analyzer, +RuleEndpointState* RuleMatcher::InitEndpoint(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip, int caplen, RuleEndpointState* opposite, bool from_orig, analyzer::pia::PIA* pia) @@ -1417,7 +1417,7 @@ uint32_t id_to_uint(const char* id) return 0; } -void RuleMatcherState::InitEndpointMatcher(analyzer::Analyzer* analyzer, const IP_Hdr* ip, +void RuleMatcherState::InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip, int caplen, bool from_orig, analyzer::pia::PIA* pia) { if ( ! rule_matcher ) diff --git a/src/RuleMatcher.h b/src/RuleMatcher.h index bdbea606ce..18d0f2c308 100644 --- a/src/RuleMatcher.h +++ b/src/RuleMatcher.h @@ -37,10 +37,10 @@ class RuleMatcher; extern RuleMatcher* rule_matcher; ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); namespace analyzer { namespace pia { class PIA; } - class Analyzer; } // RuleHdrTest and associated things: @@ -139,7 +139,7 @@ class RuleEndpointState { public: ~RuleEndpointState(); - analyzer::Analyzer* GetAnalyzer() const { return analyzer; } + zeek::analyzer::Analyzer* GetAnalyzer() const { return analyzer; } bool IsOrig() { return is_orig; } // For flipping roles. @@ -158,7 +158,7 @@ private: // Constructor is private; use RuleMatcher::InitEndpoint() // for creating an instance. - RuleEndpointState(analyzer::Analyzer* arg_analyzer, bool arg_is_orig, + RuleEndpointState(zeek::analyzer::Analyzer* arg_analyzer, bool arg_is_orig, RuleEndpointState* arg_opposite, analyzer::pia::PIA* arg_PIA); struct Matcher { @@ -168,7 +168,7 @@ private: using matcher_list = zeek::PList; - analyzer::Analyzer* analyzer; + zeek::analyzer::Analyzer* analyzer; RuleEndpointState* opposite; analyzer::pia::PIA* pia; @@ -263,7 +263,7 @@ public: // the given packet (which should be the first packet encountered for // this endpoint). If the matching is triggered by an PIA, a pointer to // it needs to be given. - RuleEndpointState* InitEndpoint(analyzer::Analyzer* analyzer, const IP_Hdr* ip, + RuleEndpointState* InitEndpoint(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip, int caplen, RuleEndpointState* opposite, bool is_orig, analyzer::pia::PIA* pia); // Finish matching for this stream. @@ -372,7 +372,7 @@ public: { delete orig_match_state; delete resp_match_state; } // ip may be nil. - void InitEndpointMatcher(analyzer::Analyzer* analyzer, const IP_Hdr* ip, + void InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip, int caplen, bool from_orig, analyzer::pia::PIA* pia = nullptr); // bol/eol should be set to false for type Rule::PAYLOAD; they're diff --git a/src/Sessions.cc b/src/Sessions.cc index ec571f4bff..851fabc385 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -1206,7 +1206,7 @@ Connection* NetSessions::NewConn(const ConnIDKey& k, double t, const ConnID* id, if ( flip ) conn->FlipRoles(); - if ( ! analyzer_mgr->BuildInitialAnalyzerTree(conn) ) + if ( ! zeek::analyzer_mgr->BuildInitialAnalyzerTree(conn) ) { conn->Done(); Unref(conn); diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index 7971ea9eb6..a5ab18891b 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -10,7 +10,7 @@ #include "../ZeekString.h" #include "../Event.h" -namespace analyzer { +namespace zeek::analyzer { class AnalyzerTimer final : public Timer { public: @@ -31,9 +31,9 @@ protected: int do_expire; }; -} +} // namespace zeek::analyzer -using namespace analyzer; +using namespace zeek::analyzer; AnalyzerTimer::AnalyzerTimer(Analyzer* arg_analyzer, analyzer_timer_func arg_timer, double arg_t, int arg_do_expire, TimerType arg_type) @@ -72,7 +72,7 @@ void AnalyzerTimer::Init(Analyzer* arg_analyzer, analyzer_timer_func arg_timer, Ref(analyzer->Conn()); } -analyzer::ID Analyzer::id_counter = 0; +zeek::analyzer::ID Analyzer::id_counter = 0; const char* Analyzer::GetAnalyzerName() const { diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index 99ab5f3a20..54fb880aa3 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -28,9 +28,11 @@ using RecordValPtr = zeek::IntrusivePtr; } namespace analyzer { - namespace tcp { class TCP_ApplicationAnalyzer; } namespace pia { class PIA; } +} + +namespace zeek::analyzer { class Analyzer; class AnalyzerTimer; @@ -629,7 +631,7 @@ protected: friend class AnalyzerTimer; friend class Manager; friend class ::Connection; - friend class tcp::TCP_ApplicationAnalyzer; + friend class ::analyzer::tcp::TCP_ApplicationAnalyzer; /** * Return a string represantation of an analyzer, containing its name @@ -755,13 +757,13 @@ private: * Convenience macro to add a new timer. */ #define ADD_ANALYZER_TIMER(timer, t, do_expire, type) \ - AddTimer(analyzer::analyzer_timer_func(timer), (t), (do_expire), (type)) + AddTimer(zeek::analyzer::analyzer_timer_func(timer), (t), (do_expire), (type)) /** * Internal convenience macro to iterate over the list of child analyzers. */ #define LOOP_OVER_CHILDREN(var) \ - for ( analyzer::analyzer_list::iterator var = children.begin(); \ + for ( zeek::analyzer::analyzer_list::iterator var = children.begin(); \ var != children.end(); var++ ) /** @@ -769,14 +771,14 @@ private: * analyzers. */ #define LOOP_OVER_CONST_CHILDREN(var) \ - for ( analyzer::analyzer_list::const_iterator var = children.begin(); \ + for ( zeek::analyzer::analyzer_list::const_iterator var = children.begin(); \ var != children.end(); var++ ) /** * Convenience macro to iterate over a given list of child analyzers. */ #define LOOP_OVER_GIVEN_CHILDREN(var, the_kids) \ - for ( analyzer::analyzer_list::iterator var = the_kids.begin(); \ + for ( zeek::analyzer::analyzer_list::iterator var = the_kids.begin(); \ var != the_kids.end(); var++ ) /** @@ -784,7 +786,7 @@ private: * analyzers. */ #define LOOP_OVER_GIVEN_CONST_CHILDREN(var, the_kids) \ - for ( analyzer::analyzer_list::const_iterator var = the_kids.begin(); \ + for ( zeek::analyzer::analyzer_list::const_iterator var = the_kids.begin(); \ var != the_kids.end(); var++ ) /** @@ -934,13 +936,13 @@ public: * transport-layer input and determine which protocol analyzer(s) to * use for parsing it. */ - void SetPIA(pia::PIA* arg_PIA) { pia = arg_PIA; } + void SetPIA(::analyzer::pia::PIA* arg_PIA) { pia = arg_PIA; } /** * Returns the associated PIA, or null of none. Does not take * ownership. */ - pia::PIA* GetPIA() const { return pia; } + ::analyzer::pia::PIA* GetPIA() const { return pia; } /** * Helper to raise a \c packet_contents event. @@ -952,7 +954,18 @@ public: void PacketContents(const u_char* data, int len); private: - pia::PIA* pia; + ::analyzer::pia::PIA* pia; }; +} // namespace zeek::analyzer + +namespace analyzer { + using Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::Analyzer instead.")]] = zeek::analyzer::Analyzer; + using AnalyzerTimer [[deprecated("Remove in v4.1. Use zeek::analyzer::AnalyzerTimer instead.")]] = zeek::analyzer::AnalyzerTimer; + using SupportAnalyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::SupportAnalyzer instead.")]] = zeek::analyzer::SupportAnalyzer; + using OutputHandler [[deprecated("Remove in v4.1. Use zeek::analyzer::OutputHandler instead.")]] = zeek::analyzer::OutputHandler; + using TransportLayerAnalyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::TransportLayerAnalyzer instead.")]] = zeek::analyzer::TransportLayerAnalyzer; + + using analyzer_list [[deprecated("Remove in v4.1. Use zeek::analyzer::analyzer_list instead.")]] = zeek::analyzer::analyzer_list; + using ID [[deprecated("Remove in v4.1. Use zeek::analyzer::ID instead.")]] = zeek::analyzer::ID; } diff --git a/src/analyzer/Component.cc b/src/analyzer/Component.cc index 99f149ff88..1e0db4e105 100644 --- a/src/analyzer/Component.cc +++ b/src/analyzer/Component.cc @@ -6,7 +6,7 @@ #include "../Desc.h" #include "../util.h" -using namespace analyzer; +using namespace zeek::analyzer; Component::Component(const std::string& name, factory_callback arg_factory, Tag::subtype_t arg_subtype, bool arg_enabled, bool arg_partial) : zeek::plugin::Component(zeek::plugin::component::ANALYZER, name), @@ -20,7 +20,7 @@ Component::Component(const std::string& name, factory_callback arg_factory, Tag: void Component::Initialize() { InitializeTag(); - analyzer_mgr->RegisterComponent(this, "ANALYZER_"); + zeek::analyzer_mgr->RegisterComponent(this, "ANALYZER_"); } Component::~Component() diff --git a/src/analyzer/Component.h b/src/analyzer/Component.h index bfdb688df3..e27b4dd742 100644 --- a/src/analyzer/Component.h +++ b/src/analyzer/Component.h @@ -11,9 +11,9 @@ class Connection; -namespace analyzer { +ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); -class Analyzer; +namespace zeek::analyzer { /** * Component description for plugins providing analyzers. @@ -35,7 +35,7 @@ public: * * @param factory A factory function to instantiate instances of the * analyzer's class, which must be derived directly or indirectly - * from analyzer::Analyzer. This is typically a static \c + * from zeek::analyzer::Analyzer. This is typically a static \c * Instatiate() method inside the class that just allocates and * returns a new instance. * @@ -107,4 +107,8 @@ private: bool enabled; // True if the analyzer is enabled. }; -} +} // namespace zeek::analyzer + +namespace analyzer { + using Component [[deprecated("Remove in v4.1. Use zeek::analyzer::Component.")]] = zeek::analyzer::Component; +} // namespace analyzer diff --git a/src/analyzer/Manager.cc b/src/analyzer/Manager.cc index 6f19d07246..2c92936b74 100644 --- a/src/analyzer/Manager.cc +++ b/src/analyzer/Manager.cc @@ -17,7 +17,7 @@ #include "protocol/tcp/events.bif.h" -using namespace analyzer; +using namespace zeek::analyzer; Manager::ConnIndex::ConnIndex(const IPAddr& _orig, const IPAddr& _resp, uint16_t _resp_p, uint16_t _proto) @@ -109,7 +109,7 @@ void Manager::DumpDebug() std::list all_analyzers = GetComponents(); for ( std::list::const_iterator i = all_analyzers.begin(); i != all_analyzers.end(); ++i ) DBG_LOG(DBG_ANALYZER, " %s (%s)", (*i)->Name().c_str(), - IsEnabled((*i)->Tag()) ? "enabled" : "disabled"); + IsEnabled((*i)->Tag()) ? "enabled" : "disabled"); DBG_LOG(DBG_ANALYZER, " "); DBG_LOG(DBG_ANALYZER, "Analyzers by port:"); @@ -202,7 +202,7 @@ void Manager::DisableAllAnalyzers() (*i)->SetEnabled(false); } -analyzer::Tag Manager::GetAnalyzerTag(const char* name) +zeek::analyzer::Tag Manager::GetAnalyzerTag(const char* name) { return GetComponentTag(name); } @@ -360,31 +360,31 @@ Manager::tag_set* Manager::LookupPort(zeek::PortVal* val, bool add_if_not_found) bool Manager::BuildInitialAnalyzerTree(Connection* conn) { - tcp::TCP_Analyzer* tcp = nullptr; - udp::UDP_Analyzer* udp = nullptr; - icmp::ICMP_Analyzer* icmp = nullptr; + ::analyzer::tcp::TCP_Analyzer* tcp = nullptr; + ::analyzer::udp::UDP_Analyzer* udp = nullptr; + ::analyzer::icmp::ICMP_Analyzer* icmp = nullptr; TransportLayerAnalyzer* root = nullptr; - pia::PIA* pia = nullptr; + ::analyzer::pia::PIA* pia = nullptr; bool check_port = false; switch ( conn->ConnTransport() ) { case TRANSPORT_TCP: - root = tcp = new tcp::TCP_Analyzer(conn); - pia = new pia::PIA_TCP(conn); + root = tcp = new ::analyzer::tcp::TCP_Analyzer(conn); + pia = new ::analyzer::pia::PIA_TCP(conn); check_port = true; DBG_ANALYZER(conn, "activated TCP analyzer"); break; case TRANSPORT_UDP: - root = udp = new udp::UDP_Analyzer(conn); - pia = new pia::PIA_UDP(conn); + root = udp = new ::analyzer::udp::UDP_Analyzer(conn); + pia = new ::analyzer::pia::PIA_UDP(conn); check_port = true; DBG_ANALYZER(conn, "activated UDP analyzer"); break; case TRANSPORT_ICMP: { - root = icmp = new icmp::ICMP_Analyzer(conn); + root = icmp = new ::analyzer::icmp::ICMP_Analyzer(conn); DBG_ANALYZER(conn, "activated ICMP analyzer"); break; } @@ -410,14 +410,14 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn) { for ( tag_set::const_iterator j = ports->begin(); j != ports->end(); ++j ) { - Analyzer* analyzer = analyzer_mgr->InstantiateAnalyzer(*j, conn); + Analyzer* analyzer = zeek::analyzer_mgr->InstantiateAnalyzer(*j, conn); if ( ! analyzer ) continue; root->AddChildAnalyzer(analyzer, false); DBG_ANALYZER_ARGS(conn, "activated %s analyzer due to port %d", - analyzer_mgr->GetComponentName(*j).c_str(), resp_port); + zeek::analyzer_mgr->GetComponentName(*j).c_str(), resp_port); } } } @@ -466,25 +466,25 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn) auto src = zeek::make_intrusive(conn->OrigAddr()); if ( ! stp_skip_src->FindOrDefault(src) ) - tcp->AddChildAnalyzer(new stepping_stone::SteppingStone_Analyzer(conn), false); + tcp->AddChildAnalyzer(new ::analyzer::stepping_stone::SteppingStone_Analyzer(conn), false); } } if ( IsEnabled(analyzer_tcpstats) ) // Add TCPStats analyzer. This needs to see packets so // we cannot add it as a normal child. - tcp->AddChildPacketAnalyzer(new tcp::TCPStats_Analyzer(conn)); + tcp->AddChildPacketAnalyzer(new ::analyzer::tcp::TCPStats_Analyzer(conn)); if ( IsEnabled(analyzer_connsize) ) // Add ConnSize analyzer. Needs to see packets, not stream. - tcp->AddChildPacketAnalyzer(new conn_size::ConnSize_Analyzer(conn)); + tcp->AddChildPacketAnalyzer(new ::analyzer::conn_size::ConnSize_Analyzer(conn)); } else { if ( IsEnabled(analyzer_connsize) ) // Add ConnSize analyzer. Needs to see packets, not stream. - root->AddChildAnalyzer(new conn_size::ConnSize_Analyzer(conn)); + root->AddChildAnalyzer(new ::analyzer::conn_size::ConnSize_Analyzer(conn)); } if ( pia ) @@ -525,8 +525,8 @@ void Manager::ExpireScheduledAnalyzers() conns.erase(i); DBG_LOG(DBG_ANALYZER, "Expiring expected analyzer %s for connection %s", - analyzer_mgr->GetComponentName(a->analyzer).c_str(), - fmt_conn_id(a->conn.orig, 0, a->conn.resp, a->conn.resp_p)); + zeek::analyzer_mgr->GetComponentName(a->analyzer).c_str(), + fmt_conn_id(a->conn.orig, 0, a->conn.resp, a->conn.resp_p)); delete a; found = true; @@ -620,7 +620,7 @@ bool Manager::ApplyScheduledAnalyzers(Connection* conn, bool init, TransportLaye for ( tag_set::iterator it = expected.begin(); it != expected.end(); ++it ) { - Analyzer* analyzer = analyzer_mgr->InstantiateAnalyzer(*it, conn); + Analyzer* analyzer = zeek::analyzer_mgr->InstantiateAnalyzer(*it, conn); if ( ! analyzer ) continue; @@ -632,7 +632,7 @@ bool Manager::ApplyScheduledAnalyzers(Connection* conn, bool init, TransportLaye conn->ConnVal(), it->AsVal()); DBG_ANALYZER_ARGS(conn, "activated %s analyzer as scheduled", - analyzer_mgr->GetComponentName(*it).c_str()); + zeek::analyzer_mgr->GetComponentName(*it).c_str()); } return expected.size(); diff --git a/src/analyzer/Manager.h b/src/analyzer/Manager.h index 147534c692..d03b1b3b62 100644 --- a/src/analyzer/Manager.h +++ b/src/analyzer/Manager.h @@ -34,6 +34,7 @@ #include "analyzer/analyzer.bif.h" +namespace zeek { namespace analyzer { /** @@ -46,7 +47,7 @@ namespace analyzer { * respecting well-known ports, and tracking any analyzers specifically * scheduled for individidual connections. */ -class Manager : public plugin::ComponentManager { +class Manager : public zeek::plugin::ComponentManager { public: /** * Constructor. @@ -399,10 +400,18 @@ private: std::vector vxlan_ports; }; -} +} // namespace analyzer extern analyzer::Manager* analyzer_mgr; +} // namespace zeek + +namespace analyzer { + using Manager [[deprecated("Remove in v4.1. Use zeek::analyzer::Manager instead.")]] = zeek::analyzer::Manager; +} // namespace analyzer + +extern zeek::analyzer::Manager*& analyzer_mgr [[deprecated("Remove in v4.1. Use zeek::analyzer_mgr instead.")]]; + // Macros for anayzer debug logging which include the connection id into the // message. #ifdef DEBUG diff --git a/src/analyzer/Tag.cc b/src/analyzer/Tag.cc index 98740a2a78..3c3de9dcfb 100644 --- a/src/analyzer/Tag.cc +++ b/src/analyzer/Tag.cc @@ -3,33 +3,33 @@ #include "Tag.h" #include "Manager.h" -const analyzer::Tag analyzer::Tag::Error; +const zeek::analyzer::Tag zeek::analyzer::Tag::Error; -analyzer::Tag::Tag(type_t type, subtype_t subtype) - : zeek::Tag(analyzer_mgr->GetTagType(), type, subtype) +zeek::analyzer::Tag::Tag(type_t type, subtype_t subtype) + : zeek::Tag(zeek::analyzer_mgr->GetTagType(), type, subtype) { } -analyzer::Tag& analyzer::Tag::operator=(const analyzer::Tag& other) +zeek::analyzer::Tag& zeek::analyzer::Tag::operator=(const zeek::analyzer::Tag& other) { zeek::Tag::operator=(other); return *this; } -const zeek::EnumValPtr& analyzer::Tag::AsVal() const +const zeek::EnumValPtr& zeek::analyzer::Tag::AsVal() const { - return zeek::Tag::AsVal(analyzer_mgr->GetTagType()); + return zeek::Tag::AsVal(zeek::analyzer_mgr->GetTagType()); } -zeek::EnumVal* analyzer::Tag::AsEnumVal() const +zeek::EnumVal* zeek::analyzer::Tag::AsEnumVal() const { return AsVal().get(); } -analyzer::Tag::Tag(zeek::EnumValPtr val) +zeek::analyzer::Tag::Tag(zeek::EnumValPtr val) : zeek::Tag(std::move(val)) { } -analyzer::Tag::Tag(zeek::EnumVal* val) +zeek::analyzer::Tag::Tag(zeek::EnumVal* val) : zeek::Tag({zeek::NewRef{}, val}) { } diff --git a/src/analyzer/Tag.h b/src/analyzer/Tag.h index 2d7e2f45dd..3f9bd9ee6d 100644 --- a/src/analyzer/Tag.h +++ b/src/analyzer/Tag.h @@ -21,10 +21,10 @@ namespace plugin { zeek::plugin::ComponentManager; } -namespace analyzer { +ZEEK_FORWARD_DECLARE_NAMESPACED(Manager, zeek, analyzer); +ZEEK_FORWARD_DECLARE_NAMESPACED(Component, zeek, analyzer); -class Manager; -class Component; +namespace zeek::analyzer { /** * Class to identify a protocol analyzer type. @@ -125,4 +125,8 @@ protected: explicit Tag(zeek::EnumVal* val); }; -} +} // namespace zeek::analyzer + +namespace analyzer { + using Tag [[deprecated("Remove in v4.1. Use zeek::analyzer::Tag")]] = zeek::analyzer::Tag; +} // namespace analyzer diff --git a/src/analyzer/analyzer.bif b/src/analyzer/analyzer.bif index 058e0acc7b..dfa997676b 100644 --- a/src/analyzer/analyzer.bif +++ b/src/analyzer/analyzer.bif @@ -10,43 +10,43 @@ module Analyzer; function Analyzer::__enable_analyzer%(id: Analyzer::Tag%) : bool %{ - bool result = analyzer_mgr->EnableAnalyzer(id->AsEnumVal()); + bool result = zeek::analyzer_mgr->EnableAnalyzer(id->AsEnumVal()); return zeek::val_mgr->Bool(result); %} function Analyzer::__disable_analyzer%(id: Analyzer::Tag%) : bool %{ - bool result = analyzer_mgr->DisableAnalyzer(id->AsEnumVal()); + bool result = zeek::analyzer_mgr->DisableAnalyzer(id->AsEnumVal()); return zeek::val_mgr->Bool(result); %} function Analyzer::__disable_all_analyzers%(%) : any %{ - analyzer_mgr->DisableAllAnalyzers(); + zeek::analyzer_mgr->DisableAllAnalyzers(); return nullptr; %} function Analyzer::__register_for_port%(id: Analyzer::Tag, p: port%) : bool %{ - bool result = analyzer_mgr->RegisterAnalyzerForPort(id->AsEnumVal(), p); + bool result = zeek::analyzer_mgr->RegisterAnalyzerForPort(id->AsEnumVal(), p); return zeek::val_mgr->Bool(result); %} function Analyzer::__schedule_analyzer%(orig: addr, resp: addr, resp_p: port, analyzer: Analyzer::Tag, tout: interval%) : bool %{ - analyzer_mgr->ScheduleAnalyzer(orig->AsAddr(), resp->AsAddr(), resp_p, analyzer->AsEnumVal(), tout); + zeek::analyzer_mgr->ScheduleAnalyzer(orig->AsAddr(), resp->AsAddr(), resp_p, analyzer->AsEnumVal(), tout); return zeek::val_mgr->True(); %} function __name%(atype: Analyzer::Tag%) : string %{ - const auto& n = analyzer_mgr->GetComponentName(zeek::IntrusivePtr{zeek::NewRef{}, atype->AsEnumVal()}); + const auto& n = zeek::analyzer_mgr->GetComponentName(zeek::IntrusivePtr{zeek::NewRef{}, atype->AsEnumVal()}); return zeek::make_intrusive(n); %} function __tag%(name: string%) : Analyzer::Tag %{ - analyzer::Tag t = analyzer_mgr->GetComponentTag(name->CheckString()); + analyzer::Tag t = zeek::analyzer_mgr->GetComponentTag(name->CheckString()); return t.AsVal(); %} diff --git a/src/analyzer/protocol/ayiya/AYIYA.h b/src/analyzer/protocol/ayiya/AYIYA.h index a73e785c8c..f83df7edf5 100644 --- a/src/analyzer/protocol/ayiya/AYIYA.h +++ b/src/analyzer/protocol/ayiya/AYIYA.h @@ -4,7 +4,7 @@ namespace analyzer { namespace ayiya { -class AYIYA_Analyzer final : public analyzer::Analyzer { +class AYIYA_Analyzer final : public zeek::analyzer::Analyzer { public: explicit AYIYA_Analyzer(Connection* conn); virtual ~AYIYA_Analyzer(); @@ -13,7 +13,7 @@ public: virtual void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new AYIYA_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ayiya/Plugin.cc b/src/analyzer/protocol/ayiya/Plugin.cc index b16de5bf37..a89aea577f 100644 --- a/src/analyzer/protocol/ayiya/Plugin.cc +++ b/src/analyzer/protocol/ayiya/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("AYIYA", ::analyzer::ayiya::AYIYA_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("AYIYA", ::analyzer::ayiya::AYIYA_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::AYIYA"; diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.h b/src/analyzer/protocol/bittorrent/BitTorrent.h index 13a5e78707..e9771d6295 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.h +++ b/src/analyzer/protocol/bittorrent/BitTorrent.h @@ -18,7 +18,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new BitTorrent_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.h b/src/analyzer/protocol/bittorrent/BitTorrentTracker.h index f737a13c8a..473eab3f23 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.h +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.h @@ -53,7 +53,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new BitTorrentTracker_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/bittorrent/Plugin.cc b/src/analyzer/protocol/bittorrent/Plugin.cc index ea47b945ff..c651ba6061 100644 --- a/src/analyzer/protocol/bittorrent/Plugin.cc +++ b/src/analyzer/protocol/bittorrent/Plugin.cc @@ -12,8 +12,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("BitTorrent", ::analyzer::bittorrent::BitTorrent_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("BitTorrentTracker", ::analyzer::bittorrent::BitTorrentTracker_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("BitTorrent", ::analyzer::bittorrent::BitTorrent_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("BitTorrentTracker", ::analyzer::bittorrent::BitTorrentTracker_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::BitTorrent"; diff --git a/src/analyzer/protocol/conn-size/ConnSize.h b/src/analyzer/protocol/conn-size/ConnSize.h index a6360440a4..a2ab26b238 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.h +++ b/src/analyzer/protocol/conn-size/ConnSize.h @@ -8,7 +8,7 @@ namespace analyzer { namespace conn_size { -class ConnSize_Analyzer : public analyzer::Analyzer { +class ConnSize_Analyzer : public zeek::analyzer::Analyzer { public: explicit ConnSize_Analyzer(Connection* c); ~ConnSize_Analyzer() override; @@ -26,7 +26,7 @@ public: void SetDurationThreshold(double duration); double GetDurationThreshold() { return duration_thresh; }; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new ConnSize_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/conn-size/Plugin.cc b/src/analyzer/protocol/conn-size/Plugin.cc index 7068a27baf..c8c1fd8d2e 100644 --- a/src/analyzer/protocol/conn-size/Plugin.cc +++ b/src/analyzer/protocol/conn-size/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("ConnSize", ::analyzer::conn_size::ConnSize_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("ConnSize", ::analyzer::conn_size::ConnSize_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::ConnSize"; diff --git a/src/analyzer/protocol/conn-size/functions.bif b/src/analyzer/protocol/conn-size/functions.bif index e0e6e1c31f..c5f1e07433 100644 --- a/src/analyzer/protocol/conn-size/functions.bif +++ b/src/analyzer/protocol/conn-size/functions.bif @@ -3,13 +3,13 @@ #include "Reporter.h" #include "Sessions.h" -static analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid) +static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid) { Connection* c = sessions->FindConnection(cid); if ( ! c ) return nullptr; - analyzer::Analyzer* a = c->FindAnalyzer("CONNSIZE"); + zeek::analyzer::Analyzer* a = c->FindAnalyzer("CONNSIZE"); if ( ! a ) reporter->Error("connection does not have ConnSize analyzer"); @@ -33,11 +33,11 @@ static analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid) ## set_current_conn_duration_threshold get_current_conn_duration_threshold function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool %{ - analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); if ( ! a ) return zeek::val_mgr->False(); - static_cast(a)->SetByteAndPacketThreshold(threshold, true, is_orig); + static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, true, is_orig); return zeek::val_mgr->True(); %} @@ -57,11 +57,11 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or ## set_current_conn_duration_threshold get_current_conn_duration_threshold function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool %{ - analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); if ( ! a ) return zeek::val_mgr->False(); - static_cast(a)->SetByteAndPacketThreshold(threshold, false, is_orig); + static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, false, is_orig); return zeek::val_mgr->True(); %} @@ -79,11 +79,11 @@ function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_ ## get_current_conn_duration_threshold function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval%): bool %{ - analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); if ( ! a ) return zeek::val_mgr->False(); - static_cast(a)->SetDurationThreshold(threshold); + static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetDurationThreshold(threshold); return zeek::val_mgr->True(); %} @@ -101,11 +101,11 @@ function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval% ## get_current_conn_duration_threshold function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count %{ - analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); if ( ! a ) return zeek::val_mgr->Count(0); - return zeek::val_mgr->Count(static_cast(a)->GetByteAndPacketThreshold(true, is_orig)); + return zeek::val_mgr->Count(static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(true, is_orig)); %} ## Gets the current packet threshold size for a connection. @@ -120,11 +120,11 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count ## get_current_conn_bytes_threshold set_current_conn_duration_threshold get_current_conn_duration_threshold function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): count %{ - analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); if ( ! a ) return zeek::val_mgr->Count(0); - return zeek::val_mgr->Count(static_cast(a)->GetByteAndPacketThreshold(false, is_orig)); + return zeek::val_mgr->Count(static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(false, is_orig)); %} ## Gets the current duration threshold size for a connection. @@ -137,9 +137,9 @@ function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): coun ## get_current_conn_packets_threshold set_current_conn_duration_threshold function get_current_conn_duration_threshold%(cid: conn_id%): interval %{ - analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); if ( ! a ) return zeek::make_intrusive(0.0); - return zeek::make_intrusive(static_cast(a)->GetDurationThreshold()); + return zeek::make_intrusive(static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold()); %} diff --git a/src/analyzer/protocol/dce-rpc/DCE_RPC.h b/src/analyzer/protocol/dce-rpc/DCE_RPC.h index b15f80db1d..6e26ec7beb 100644 --- a/src/analyzer/protocol/dce-rpc/DCE_RPC.h +++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.h @@ -24,7 +24,7 @@ public: bool SetFileID(uint64_t fid_in) { interp->set_file_id(fid_in); return true; } - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new DCE_RPC_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/dce-rpc/Plugin.cc b/src/analyzer/protocol/dce-rpc/Plugin.cc index eb002174dc..3a81e88de6 100644 --- a/src/analyzer/protocol/dce-rpc/Plugin.cc +++ b/src/analyzer/protocol/dce-rpc/Plugin.cc @@ -12,7 +12,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("DCE_RPC", ::analyzer::dce_rpc::DCE_RPC_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("DCE_RPC", ::analyzer::dce_rpc::DCE_RPC_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::DCE_RPC"; diff --git a/src/analyzer/protocol/dce-rpc/dce_rpc-auth.pac b/src/analyzer/protocol/dce-rpc/dce_rpc-auth.pac index 44648e35f0..7175304349 100644 --- a/src/analyzer/protocol/dce-rpc/dce_rpc-auth.pac +++ b/src/analyzer/protocol/dce-rpc/dce_rpc-auth.pac @@ -4,8 +4,8 @@ refine connection DCE_RPC_Conn += { %member{ - analyzer::Analyzer *gssapi; - analyzer::Analyzer *ntlm; + zeek::analyzer::Analyzer *gssapi; + zeek::analyzer::Analyzer *ntlm; %} %init{ @@ -32,13 +32,13 @@ refine connection DCE_RPC_Conn += { { case 0x09: if ( ! gssapi ) - gssapi = analyzer_mgr->InstantiateAnalyzer("KRB", bro_analyzer()->Conn()); + gssapi = zeek::analyzer_mgr->InstantiateAnalyzer("KRB", bro_analyzer()->Conn()); if ( gssapi ) gssapi->DeliverStream(${auth.blob}.length(), ${auth.blob}.begin(), is_orig); break; case 0x0a: if ( ! ntlm ) - ntlm = analyzer_mgr->InstantiateAnalyzer("NTLM", bro_analyzer()->Conn()); + ntlm = zeek::analyzer_mgr->InstantiateAnalyzer("NTLM", bro_analyzer()->Conn()); if ( ntlm ) ntlm->DeliverStream(${auth.blob}.length(), ${auth.blob}.begin(), is_orig); break; diff --git a/src/analyzer/protocol/dhcp/DHCP.h b/src/analyzer/protocol/dhcp/DHCP.h index a89373ce52..405d12fb14 100644 --- a/src/analyzer/protocol/dhcp/DHCP.h +++ b/src/analyzer/protocol/dhcp/DHCP.h @@ -6,7 +6,7 @@ namespace analyzer { namespace dhcp { -class DHCP_Analyzer final : public analyzer::Analyzer { +class DHCP_Analyzer final : public zeek::analyzer::Analyzer { public: explicit DHCP_Analyzer(Connection* conn); ~DHCP_Analyzer() override; @@ -15,7 +15,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new DHCP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/dhcp/Plugin.cc b/src/analyzer/protocol/dhcp/Plugin.cc index 5d2b3f8939..b916f4b922 100644 --- a/src/analyzer/protocol/dhcp/Plugin.cc +++ b/src/analyzer/protocol/dhcp/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("DHCP", ::analyzer::dhcp::DHCP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("DHCP", ::analyzer::dhcp::DHCP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::DHCP"; diff --git a/src/analyzer/protocol/dnp3/DNP3.cc b/src/analyzer/protocol/dnp3/DNP3.cc index 9db5ecce47..cd106a3c94 100644 --- a/src/analyzer/protocol/dnp3/DNP3.cc +++ b/src/analyzer/protocol/dnp3/DNP3.cc @@ -113,7 +113,7 @@ bool DNP3_Base::crc_table_initialized = false; unsigned int DNP3_Base::crc_table[256]; -DNP3_Base::DNP3_Base(analyzer::Analyzer* arg_analyzer) +DNP3_Base::DNP3_Base(zeek::analyzer::Analyzer* arg_analyzer) { analyzer = arg_analyzer; interp = new binpac::DNP3::DNP3_Conn(analyzer); diff --git a/src/analyzer/protocol/dnp3/DNP3.h b/src/analyzer/protocol/dnp3/DNP3.h index 3f3700420f..fe261540f6 100644 --- a/src/analyzer/protocol/dnp3/DNP3.h +++ b/src/analyzer/protocol/dnp3/DNP3.h @@ -10,7 +10,7 @@ namespace analyzer { namespace dnp3 { class DNP3_Base { public: - explicit DNP3_Base(analyzer::Analyzer* analyzer); + explicit DNP3_Base(zeek::analyzer::Analyzer* analyzer); virtual ~DNP3_Base(); binpac::DNP3::DNP3_Conn* Interpreter() { return interp; } @@ -54,7 +54,7 @@ protected: static bool crc_table_initialized; static unsigned int crc_table[256]; - analyzer::Analyzer* analyzer; + zeek::analyzer::Analyzer* analyzer; binpac::DNP3::DNP3_Conn* interp; Endpoint orig_state; @@ -75,7 +75,7 @@ public: { return new DNP3_TCP_Analyzer(conn); } }; -class DNP3_UDP_Analyzer : public DNP3_Base, public analyzer::Analyzer { +class DNP3_UDP_Analyzer : public DNP3_Base, public zeek::analyzer::Analyzer { public: explicit DNP3_UDP_Analyzer(Connection* conn); ~DNP3_UDP_Analyzer() override; @@ -83,7 +83,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new DNP3_UDP_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/dnp3/Plugin.cc b/src/analyzer/protocol/dnp3/Plugin.cc index ad8639969e..58fdc5d6a8 100644 --- a/src/analyzer/protocol/dnp3/Plugin.cc +++ b/src/analyzer/protocol/dnp3/Plugin.cc @@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("DNP3_TCP", ::analyzer::dnp3::DNP3_TCP_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("DNP3_UDP", ::analyzer::dnp3::DNP3_UDP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("DNP3_TCP", ::analyzer::dnp3::DNP3_TCP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("DNP3_UDP", ::analyzer::dnp3::DNP3_UDP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::DNP3"; diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 6f05a60eee..f279e974de 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -19,7 +19,7 @@ using namespace analyzer::dns; -DNS_Interpreter::DNS_Interpreter(analyzer::Analyzer* arg_analyzer) +DNS_Interpreter::DNS_Interpreter(zeek::analyzer::Analyzer* arg_analyzer) { analyzer = arg_analyzer; first_message = true; @@ -1334,7 +1334,7 @@ bool DNS_Interpreter::ParseRR_HINFO(DNS_MsgInfo* msg, } static zeek::StringValPtr -extract_char_string(analyzer::Analyzer* analyzer, +extract_char_string(zeek::analyzer::Analyzer* analyzer, const u_char*& data, int& len, int& rdlen) { if ( rdlen <= 0 ) diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h index 26785c0a31..7b0fc4f239 100644 --- a/src/analyzer/protocol/dns/DNS.h +++ b/src/analyzer/protocol/dns/DNS.h @@ -248,7 +248,7 @@ public: class DNS_Interpreter { public: - explicit DNS_Interpreter(analyzer::Analyzer* analyzer); + explicit DNS_Interpreter(zeek::analyzer::Analyzer* analyzer); void ParseMessage(const u_char* data, int len, int is_query); @@ -343,7 +343,7 @@ protected: zeek::String* question_name, zeek::String* original_name); - analyzer::Analyzer* analyzer; + zeek::analyzer::Analyzer* analyzer; bool first_message; }; @@ -393,7 +393,7 @@ public: tcp::TCP_Endpoint* peer, bool gen_event) override; void ExpireTimer(double t); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new DNS_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/dns/Plugin.cc b/src/analyzer/protocol/dns/Plugin.cc index 7f6eba2376..0b6316db0c 100644 --- a/src/analyzer/protocol/dns/Plugin.cc +++ b/src/analyzer/protocol/dns/Plugin.cc @@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("DNS", ::analyzer::dns::DNS_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("Contents_DNS", nullptr)); + AddComponent(new zeek::analyzer::Component("DNS", ::analyzer::dns::DNS_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Contents_DNS", nullptr)); zeek::plugin::Configuration config; config.name = "Zeek::DNS"; diff --git a/src/analyzer/protocol/file/File.h b/src/analyzer/protocol/file/File.h index 504747718e..0e21394023 100644 --- a/src/analyzer/protocol/file/File.h +++ b/src/analyzer/protocol/file/File.h @@ -18,7 +18,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; -// static analyzer::Analyzer* Instantiate(Connection* conn) +// static zeek::analyzer::Analyzer* Instantiate(Connection* conn) // { return new File_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/file/Plugin.cc b/src/analyzer/protocol/file/Plugin.cc index 6f775cad33..87b0e05341 100644 --- a/src/analyzer/protocol/file/Plugin.cc +++ b/src/analyzer/protocol/file/Plugin.cc @@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("FTP_Data", ::analyzer::file::FTP_Data::Instantiate)); - AddComponent(new ::analyzer::Component("IRC_Data", ::analyzer::file::IRC_Data::Instantiate)); + AddComponent(new zeek::analyzer::Component("FTP_Data", ::analyzer::file::FTP_Data::Instantiate)); + AddComponent(new zeek::analyzer::Component("IRC_Data", ::analyzer::file::IRC_Data::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::File"; diff --git a/src/analyzer/protocol/finger/Finger.h b/src/analyzer/protocol/finger/Finger.h index ea3b55f5cd..a2369c1d7a 100644 --- a/src/analyzer/protocol/finger/Finger.h +++ b/src/analyzer/protocol/finger/Finger.h @@ -16,7 +16,7 @@ public: // Line-based input. void DeliverStream(int len, const u_char* data, bool orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new Finger_Analyzer(conn); } protected: @@ -25,4 +25,4 @@ protected: int did_deliver; }; -} } // namespace analyzer::* +} } // namespace analyzer::* diff --git a/src/analyzer/protocol/finger/Plugin.cc b/src/analyzer/protocol/finger/Plugin.cc index 36a8b6f218..5bc3201137 100644 --- a/src/analyzer/protocol/finger/Plugin.cc +++ b/src/analyzer/protocol/finger/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("Finger", ::analyzer::finger::Finger_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Finger", ::analyzer::finger::Finger_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Finger"; diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index f62b9a43f2..aab79cdaa7 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -166,7 +166,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) // Server wants to proceed with an ADAT exchange and we // know how to analyze the GSI mechanism, so attach analyzer // to look for that. - Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); + Analyzer* ssl = zeek::analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); if ( ssl ) { ssl->AddSupportAnalyzer(new FTP_ADAT_Analyzer(Conn(), true)); diff --git a/src/analyzer/protocol/ftp/FTP.h b/src/analyzer/protocol/ftp/FTP.h index ea769e9adb..be7685fc8e 100644 --- a/src/analyzer/protocol/ftp/FTP.h +++ b/src/analyzer/protocol/ftp/FTP.h @@ -15,7 +15,7 @@ public: void Done() override; void DeliverStream(int len, const u_char* data, bool orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new FTP_Analyzer(conn); } @@ -34,7 +34,7 @@ protected: * analyzer just decodes the tokens and passes them on to the parent, which must * be an SSL analyzer instance. */ -class FTP_ADAT_Analyzer final : public analyzer::SupportAnalyzer { +class FTP_ADAT_Analyzer final : public zeek::analyzer::SupportAnalyzer { public: FTP_ADAT_Analyzer(Connection* conn, bool arg_orig) : SupportAnalyzer("FTP_ADAT", conn, arg_orig), diff --git a/src/analyzer/protocol/ftp/Plugin.cc b/src/analyzer/protocol/ftp/Plugin.cc index 86dff3a911..b62ca8ea7c 100644 --- a/src/analyzer/protocol/ftp/Plugin.cc +++ b/src/analyzer/protocol/ftp/Plugin.cc @@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("FTP", ::analyzer::ftp::FTP_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("FTP_ADAT", nullptr)); + AddComponent(new zeek::analyzer::Component("FTP", ::analyzer::ftp::FTP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("FTP_ADAT", nullptr)); zeek::plugin::Configuration config; config.name = "Zeek::FTP"; diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index 089beaa3f9..bbbbe2ab9f 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -119,14 +119,14 @@ bool Gnutella_Analyzer::IsHTTP(std::string header) if ( gnutella_http_notify ) EnqueueConnEvent(gnutella_http_notify, ConnVal()); - analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn()); + zeek::analyzer::Analyzer* a = zeek::analyzer_mgr->InstantiateAnalyzer("HTTP", Conn()); if ( a && Parent()->AddChildAnalyzer(a) ) { if ( Parent()->IsAnalyzer("TCP") ) { // Replay buffered data. - pia::PIA* pia = static_cast(Parent())->GetPIA(); + pia::PIA* pia = static_cast(Parent())->GetPIA(); if ( pia ) static_cast(pia)->ReplayStreamBuffer(a); } diff --git a/src/analyzer/protocol/gnutella/Gnutella.h b/src/analyzer/protocol/gnutella/Gnutella.h index 416e6ccb59..2da0185f6a 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.h +++ b/src/analyzer/protocol/gnutella/Gnutella.h @@ -41,7 +41,7 @@ public: void Done () override; void DeliverStream(int len, const u_char* data, bool orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new Gnutella_Analyzer(conn); } private: diff --git a/src/analyzer/protocol/gnutella/Plugin.cc b/src/analyzer/protocol/gnutella/Plugin.cc index 380d43559e..476a8579ab 100644 --- a/src/analyzer/protocol/gnutella/Plugin.cc +++ b/src/analyzer/protocol/gnutella/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("Gnutella", ::analyzer::gnutella::Gnutella_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Gnutella", ::analyzer::gnutella::Gnutella_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Gnutella"; diff --git a/src/analyzer/protocol/gssapi/GSSAPI.h b/src/analyzer/protocol/gssapi/GSSAPI.h index feb1344ee5..ea361fb73c 100644 --- a/src/analyzer/protocol/gssapi/GSSAPI.h +++ b/src/analyzer/protocol/gssapi/GSSAPI.h @@ -24,7 +24,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new GSSAPI_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/gssapi/Plugin.cc b/src/analyzer/protocol/gssapi/Plugin.cc index fc478e29c9..8124f966e3 100644 --- a/src/analyzer/protocol/gssapi/Plugin.cc +++ b/src/analyzer/protocol/gssapi/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("GSSAPI", ::analyzer::gssapi::GSSAPI_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("GSSAPI", ::analyzer::gssapi::GSSAPI_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::GSSAPI"; diff --git a/src/analyzer/protocol/gssapi/gssapi-analyzer.pac b/src/analyzer/protocol/gssapi/gssapi-analyzer.pac index 48c3e086fd..9a01244455 100644 --- a/src/analyzer/protocol/gssapi/gssapi-analyzer.pac +++ b/src/analyzer/protocol/gssapi/gssapi-analyzer.pac @@ -1,8 +1,8 @@ refine connection GSSAPI_Conn += { %member{ - analyzer::Analyzer *ntlm; - analyzer::Analyzer *krb5; + zeek::analyzer::Analyzer *ntlm; + zeek::analyzer::Analyzer *krb5; %} %init{ @@ -34,7 +34,7 @@ refine connection GSSAPI_Conn += { { // ntlmssp if ( ! ntlm ) - ntlm = analyzer_mgr->InstantiateAnalyzer("NTLM", bro_analyzer()->Conn()); + ntlm = zeek::analyzer_mgr->InstantiateAnalyzer("NTLM", bro_analyzer()->Conn()); if ( ntlm ) ntlm->DeliverStream(${val.ntlm}.length(), @@ -44,7 +44,7 @@ refine connection GSSAPI_Conn += { else if ( ${val.has_krb} ) { if ( ! krb5 ) - krb5 = analyzer_mgr->InstantiateAnalyzer("KRB", bro_analyzer()->Conn()); + krb5 = zeek::analyzer_mgr->InstantiateAnalyzer("KRB", bro_analyzer()->Conn()); if ( krb5 ) // accepting all KRB types (REQ, REP, etc) { @@ -77,4 +77,3 @@ refine typeattr GSSAPI_NEG_TOKEN_MECH_TOKEN += &let { refine typeattr GSSAPI_NEG_TOKEN_RESP_Arg += &let { proc: bool = $context.connection.proc_gssapi_neg_result(this) &if(seq_meta.index==0); }; - diff --git a/src/analyzer/protocol/gtpv1/GTPv1.h b/src/analyzer/protocol/gtpv1/GTPv1.h index 3ea329f963..84202bd4b9 100644 --- a/src/analyzer/protocol/gtpv1/GTPv1.h +++ b/src/analyzer/protocol/gtpv1/GTPv1.h @@ -4,7 +4,7 @@ namespace analyzer { namespace gtpv1 { -class GTPv1_Analyzer final : public analyzer::Analyzer { +class GTPv1_Analyzer final : public zeek::analyzer::Analyzer { public: explicit GTPv1_Analyzer(Connection* conn); virtual ~GTPv1_Analyzer(); @@ -13,7 +13,7 @@ public: virtual void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new GTPv1_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/gtpv1/Plugin.cc b/src/analyzer/protocol/gtpv1/Plugin.cc index 94482bff96..34fb899d40 100644 --- a/src/analyzer/protocol/gtpv1/Plugin.cc +++ b/src/analyzer/protocol/gtpv1/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("GTPv1", ::analyzer::gtpv1::GTPv1_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("GTPv1", ::analyzer::gtpv1::GTPv1_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::GTPv1"; diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 13af97f264..5a60ec34f6 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -173,7 +173,7 @@ void HTTP_Entity::Deliver(int len, const char* data, bool trailing_CRLF) DeliverBody(len, data, trailing_CRLF); } -class HTTP_Entity::UncompressedOutput : public analyzer::OutputHandler { +class HTTP_Entity::UncompressedOutput : public zeek::analyzer::OutputHandler { public: UncompressedOutput(HTTP_Entity* e) { entity = e; } void DeliverStream(int len, const u_char* data, bool orig) override @@ -1712,7 +1712,7 @@ void analyzer::http::escape_URI_char(unsigned char ch, unsigned char*& p) } zeek::String* analyzer::http::unescape_URI(const u_char* line, const u_char* line_end, - analyzer::Analyzer* analyzer) + zeek::analyzer::Analyzer* analyzer) { zeek::byte_vec decoded_URI = new u_char[line_end - line + 1]; zeek::byte_vec URI_p = decoded_URI; diff --git a/src/analyzer/protocol/http/HTTP.h b/src/analyzer/protocol/http/HTTP.h index 5d243be1d6..55d014c7d5 100644 --- a/src/analyzer/protocol/http/HTTP.h +++ b/src/analyzer/protocol/http/HTTP.h @@ -195,7 +195,7 @@ public: int GetRequestOngoing() { return request_ongoing; }; int GetReplyOngoing() { return reply_ongoing; }; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new HTTP_Analyzer(conn); } static bool Available() @@ -282,6 +282,6 @@ extern bool is_reserved_URI_char(unsigned char ch); extern bool is_unreserved_URI_char(unsigned char ch); extern void escape_URI_char(unsigned char ch, unsigned char*& p); extern zeek::String* unescape_URI(const u_char* line, const u_char* line_end, - analyzer::Analyzer* analyzer); + zeek::analyzer::Analyzer* analyzer); } } // namespace analyzer::* diff --git a/src/analyzer/protocol/http/Plugin.cc b/src/analyzer/protocol/http/Plugin.cc index d75e5eaaae..1bf435ad8b 100644 --- a/src/analyzer/protocol/http/Plugin.cc +++ b/src/analyzer/protocol/http/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("HTTP", ::analyzer::http::HTTP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("HTTP", ::analyzer::http::HTTP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::HTTP"; diff --git a/src/analyzer/protocol/http/functions.bif b/src/analyzer/protocol/http/functions.bif index 3b950e26fc..671e2b8104 100644 --- a/src/analyzer/protocol/http/functions.bif +++ b/src/analyzer/protocol/http/functions.bif @@ -15,12 +15,12 @@ function skip_http_entity_data%(c: connection, is_orig: bool%): any analyzer::ID id = mgr.CurrentAnalyzer(); if ( id ) { - analyzer::Analyzer* ha = c->FindAnalyzer(id); + zeek::analyzer::Analyzer* ha = c->FindAnalyzer(id); if ( ha ) { if ( ha->IsAnalyzer("HTTP") ) - static_cast(ha)->SkipEntityData(is_orig); + static_cast<::analyzer::http::HTTP_Analyzer*>(ha)->SkipEntityData(is_orig); else reporter->Error("non-HTTP analyzer associated with connection record"); } @@ -52,5 +52,5 @@ function unescape_URI%(URI: string%): string const u_char* line = URI->Bytes(); const u_char* const line_end = line + URI->Len(); - return zeek::make_intrusive(analyzer::http::unescape_URI(line, line_end, 0)); + return zeek::make_intrusive(::analyzer::http::unescape_URI(line, line_end, 0)); %} diff --git a/src/analyzer/protocol/icmp/ICMP.h b/src/analyzer/protocol/icmp/ICMP.h index f6abf31ff0..f52c8bd8ad 100644 --- a/src/analyzer/protocol/icmp/ICMP.h +++ b/src/analyzer/protocol/icmp/ICMP.h @@ -20,13 +20,13 @@ typedef enum { // We do not have an PIA for ICMP (yet) and therefore derive from // RuleMatcherState to perform our own matching. -class ICMP_Analyzer final : public analyzer::TransportLayerAnalyzer { +class ICMP_Analyzer final : public zeek::analyzer::TransportLayerAnalyzer { public: explicit ICMP_Analyzer(Connection* conn); void UpdateConnVal(zeek::RecordVal *conn_val) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new ICMP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/icmp/Plugin.cc b/src/analyzer/protocol/icmp/Plugin.cc index ffa23f28ba..8690cf92e8 100644 --- a/src/analyzer/protocol/icmp/Plugin.cc +++ b/src/analyzer/protocol/icmp/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("ICMP", ::analyzer::icmp::ICMP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("ICMP", ::analyzer::icmp::ICMP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::ICMP"; diff --git a/src/analyzer/protocol/ident/Ident.h b/src/analyzer/protocol/ident/Ident.h index 3725f3bc91..214700abba 100644 --- a/src/analyzer/protocol/ident/Ident.h +++ b/src/analyzer/protocol/ident/Ident.h @@ -14,7 +14,7 @@ public: void DeliverStream(int length, const u_char* data, bool is_orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new Ident_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ident/Plugin.cc b/src/analyzer/protocol/ident/Plugin.cc index a338a00543..e53e8942f0 100644 --- a/src/analyzer/protocol/ident/Plugin.cc +++ b/src/analyzer/protocol/ident/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("Ident", ::analyzer::ident::Ident_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Ident", ::analyzer::ident::Ident_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Ident"; diff --git a/src/analyzer/protocol/imap/IMAP.cc b/src/analyzer/protocol/imap/IMAP.cc index 554a5c9a53..31dcbf231e 100644 --- a/src/analyzer/protocol/imap/IMAP.cc +++ b/src/analyzer/protocol/imap/IMAP.cc @@ -79,7 +79,7 @@ void IMAP_Analyzer::StartTLS() // TLS datastream. tls_active = true; - Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); + Analyzer* ssl = zeek::analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); if ( ssl ) AddChildAnalyzer(ssl); } diff --git a/src/analyzer/protocol/imap/IMAP.h b/src/analyzer/protocol/imap/IMAP.h index 4c2b1e1fd0..5733c306d9 100644 --- a/src/analyzer/protocol/imap/IMAP.h +++ b/src/analyzer/protocol/imap/IMAP.h @@ -24,7 +24,7 @@ public: void StartTLS(); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new IMAP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/imap/Plugin.cc b/src/analyzer/protocol/imap/Plugin.cc index 8851f821eb..900145a18f 100644 --- a/src/analyzer/protocol/imap/Plugin.cc +++ b/src/analyzer/protocol/imap/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("IMAP", ::analyzer::imap::IMAP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("IMAP", ::analyzer::imap::IMAP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::IMAP"; diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index 69c65bdc7e..ba969adc78 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -1178,7 +1178,7 @@ void IRC_Analyzer::StartTLS() RemoveSupportAnalyzer(cl_orig); RemoveSupportAnalyzer(cl_resp); - Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); + Analyzer* ssl = zeek::analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); if ( ssl ) AddChildAnalyzer(ssl); diff --git a/src/analyzer/protocol/irc/IRC.h b/src/analyzer/protocol/irc/IRC.h index b63d6f6bc8..852df06be1 100644 --- a/src/analyzer/protocol/irc/IRC.h +++ b/src/analyzer/protocol/irc/IRC.h @@ -32,7 +32,7 @@ public: */ void DeliverStream(int len, const u_char* data, bool orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new IRC_Analyzer(conn); } diff --git a/src/analyzer/protocol/irc/Plugin.cc b/src/analyzer/protocol/irc/Plugin.cc index d54ef4d9c6..abe10f2c37 100644 --- a/src/analyzer/protocol/irc/Plugin.cc +++ b/src/analyzer/protocol/irc/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("IRC", ::analyzer::irc::IRC_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("IRC", ::analyzer::irc::IRC_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::IRC"; diff --git a/src/analyzer/protocol/krb/KRB.h b/src/analyzer/protocol/krb/KRB.h index ff463b9f15..c12a889adc 100644 --- a/src/analyzer/protocol/krb/KRB.h +++ b/src/analyzer/protocol/krb/KRB.h @@ -12,7 +12,7 @@ namespace analyzer { namespace krb { -class KRB_Analyzer final : public analyzer::Analyzer { +class KRB_Analyzer final : public zeek::analyzer::Analyzer { public: explicit KRB_Analyzer(Connection* conn); @@ -22,7 +22,7 @@ public: virtual void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new KRB_Analyzer(conn); } zeek::StringValPtr GetAuthenticationInfo(const zeek::String* principal, diff --git a/src/analyzer/protocol/krb/KRB_TCP.h b/src/analyzer/protocol/krb/KRB_TCP.h index 6c534d192c..33ae9152c7 100644 --- a/src/analyzer/protocol/krb/KRB_TCP.h +++ b/src/analyzer/protocol/krb/KRB_TCP.h @@ -26,7 +26,7 @@ public: const bro_uint_t enctype) { return zeek::val_mgr->EmptyString(); } - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new KRB_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/krb/Plugin.cc b/src/analyzer/protocol/krb/Plugin.cc index cce65b797a..86aaeffa5f 100644 --- a/src/analyzer/protocol/krb/Plugin.cc +++ b/src/analyzer/protocol/krb/Plugin.cc @@ -12,8 +12,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("KRB", ::analyzer::krb::KRB_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("KRB_TCP", ::analyzer::krb_tcp::KRB_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("KRB", ::analyzer::krb::KRB_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("KRB_TCP", ::analyzer::krb_tcp::KRB_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::KRB"; config.description = "Kerberos analyzer"; diff --git a/src/analyzer/protocol/login/Plugin.cc b/src/analyzer/protocol/login/Plugin.cc index bc3a440537..553320c1f9 100644 --- a/src/analyzer/protocol/login/Plugin.cc +++ b/src/analyzer/protocol/login/Plugin.cc @@ -14,13 +14,13 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("Telnet", ::analyzer::login::Telnet_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("Rsh", ::analyzer::login::Rsh_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("Rlogin", ::analyzer::login::Rlogin_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("NVT", nullptr)); - AddComponent(new ::analyzer::Component("Login", nullptr)); - AddComponent(new ::analyzer::Component("Contents_Rsh", nullptr)); - AddComponent(new ::analyzer::Component("Contents_Rlogin", nullptr)); + AddComponent(new zeek::analyzer::Component("Telnet", ::analyzer::login::Telnet_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Rsh", ::analyzer::login::Rsh_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Rlogin", ::analyzer::login::Rlogin_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("NVT", nullptr)); + AddComponent(new zeek::analyzer::Component("Login", nullptr)); + AddComponent(new zeek::analyzer::Component("Contents_Rsh", nullptr)); + AddComponent(new zeek::analyzer::Component("Contents_Rlogin", nullptr)); zeek::plugin::Configuration config; config.name = "Zeek::Login"; diff --git a/src/analyzer/protocol/login/RSH.h b/src/analyzer/protocol/login/RSH.h index b790303008..0c107adcf3 100644 --- a/src/analyzer/protocol/login/RSH.h +++ b/src/analyzer/protocol/login/RSH.h @@ -48,7 +48,7 @@ public: void ClientUserName(const char* s); void ServerUserName(const char* s); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new Rsh_Analyzer(conn); } Contents_Rsh_Analyzer* contents_orig; diff --git a/src/analyzer/protocol/login/Rlogin.h b/src/analyzer/protocol/login/Rlogin.h index 21905ab138..657d476f2a 100644 --- a/src/analyzer/protocol/login/Rlogin.h +++ b/src/analyzer/protocol/login/Rlogin.h @@ -61,7 +61,7 @@ public: void ServerUserName(const char* s); void TerminalType(const char* s); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new Rlogin_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/login/Telnet.h b/src/analyzer/protocol/login/Telnet.h index e999042e1b..3ef6fc0803 100644 --- a/src/analyzer/protocol/login/Telnet.h +++ b/src/analyzer/protocol/login/Telnet.h @@ -11,8 +11,8 @@ public: explicit Telnet_Analyzer(Connection* conn); ~Telnet_Analyzer() override {} - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new Telnet_Analyzer(conn); } }; -} } // namespace analyzer::* +} } // namespace analyzer::* diff --git a/src/analyzer/protocol/login/functions.bif b/src/analyzer/protocol/login/functions.bif index 0abfeabdb2..af23c98005 100644 --- a/src/analyzer/protocol/login/functions.bif +++ b/src/analyzer/protocol/login/functions.bif @@ -30,11 +30,11 @@ function get_login_state%(cid: conn_id%): count if ( ! c ) return zeek::val_mgr->False(); - analyzer::Analyzer* la = c->FindAnalyzer("Login"); + zeek::analyzer::Analyzer* la = c->FindAnalyzer("Login"); if ( ! la ) return zeek::val_mgr->False(); - return zeek::val_mgr->Count(int(static_cast(la)->LoginState())); + return zeek::val_mgr->Count(int(static_cast<::analyzer::login::Login_Analyzer*>(la)->LoginState())); %} ## Sets the login state of a connection with a login analyzer. @@ -54,10 +54,10 @@ function set_login_state%(cid: conn_id, new_state: count%): bool if ( ! c ) return zeek::val_mgr->False(); - analyzer::Analyzer* la = c->FindAnalyzer("Login"); + zeek::analyzer::Analyzer* la = c->FindAnalyzer("Login"); if ( ! la ) return zeek::val_mgr->False(); - static_cast(la)->SetLoginState(analyzer::login::login_state(new_state)); + static_cast<::analyzer::login::Login_Analyzer*>(la)->SetLoginState(::analyzer::login::login_state(new_state)); return zeek::val_mgr->True(); %} diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index 8e2495ad16..1eda8ad4b7 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1154,7 +1154,7 @@ void MIME_Entity::StartDecodeBase64() delete base64_decoder; } - analyzer::Analyzer* analyzer = message->GetAnalyzer(); + zeek::analyzer::Analyzer* analyzer = message->GetAnalyzer(); if ( ! analyzer ) { @@ -1329,7 +1329,7 @@ zeek::TableValPtr MIME_Message::ToHeaderTable(MIME_HeaderList& hlist) return t; } -MIME_Mail::MIME_Mail(analyzer::Analyzer* mail_analyzer, bool orig, int buf_size) +MIME_Mail::MIME_Mail(zeek::analyzer::Analyzer* mail_analyzer, bool orig, int buf_size) : MIME_Message(mail_analyzer), md5_hash() { analyzer = mail_analyzer; diff --git a/src/analyzer/protocol/mime/MIME.h b/src/analyzer/protocol/mime/MIME.h index 5511ceae3d..dd0be98c9c 100644 --- a/src/analyzer/protocol/mime/MIME.h +++ b/src/analyzer/protocol/mime/MIME.h @@ -192,7 +192,7 @@ protected: class MIME_Message { public: - explicit MIME_Message(analyzer::Analyzer* arg_analyzer) + explicit MIME_Message(zeek::analyzer::Analyzer* arg_analyzer) { // Cannot initialize top_level entity because we do // not know its type yet (MIME_Entity / MIME_Mail / @@ -218,7 +218,7 @@ public: top_level->Deliver(len, data, trailing_CRLF); } - analyzer::Analyzer* GetAnalyzer() const { return analyzer; } + zeek::analyzer::Analyzer* GetAnalyzer() const { return analyzer; } // Events generated by MIME_Entity virtual void BeginEntity(MIME_Entity*) = 0; @@ -230,7 +230,7 @@ public: virtual void SubmitEvent(int event_type, const char* detail) = 0; protected: - analyzer::Analyzer* analyzer; + zeek::analyzer::Analyzer* analyzer; MIME_Entity* top_level; bool finished; @@ -246,7 +246,7 @@ protected: class MIME_Mail final : public MIME_Message { public: - MIME_Mail(analyzer::Analyzer* mail_conn, bool is_orig, int buf_size = 0); + MIME_Mail(zeek::analyzer::Analyzer* mail_conn, bool is_orig, int buf_size = 0); ~MIME_Mail() override; void Done() override; diff --git a/src/analyzer/protocol/modbus/Modbus.h b/src/analyzer/protocol/modbus/Modbus.h index bf5a966a0b..6cdc58eb20 100644 --- a/src/analyzer/protocol/modbus/Modbus.h +++ b/src/analyzer/protocol/modbus/Modbus.h @@ -16,11 +16,11 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new ModbusTCP_Analyzer(conn); } protected: binpac::ModbusTCP::ModbusTCP_Conn* interp; }; -} } // namespace analyzer::* +} } // namespace analyzer::* diff --git a/src/analyzer/protocol/modbus/Plugin.cc b/src/analyzer/protocol/modbus/Plugin.cc index e31bd4f89d..012603f80d 100644 --- a/src/analyzer/protocol/modbus/Plugin.cc +++ b/src/analyzer/protocol/modbus/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("MODBUS", ::analyzer::modbus::ModbusTCP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("MODBUS", ::analyzer::modbus::ModbusTCP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Modbus"; diff --git a/src/analyzer/protocol/mqtt/MQTT.h b/src/analyzer/protocol/mqtt/MQTT.h index a1c4e36a2d..85a4dba268 100644 --- a/src/analyzer/protocol/mqtt/MQTT.h +++ b/src/analyzer/protocol/mqtt/MQTT.h @@ -20,7 +20,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) + static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) { return new MQTT_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/mqtt/Plugin.cc b/src/analyzer/protocol/mqtt/Plugin.cc index ab820ecb44..26ae30ed5c 100644 --- a/src/analyzer/protocol/mqtt/Plugin.cc +++ b/src/analyzer/protocol/mqtt/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("MQTT", + AddComponent(new zeek::analyzer::Component("MQTT", ::analyzer::MQTT::MQTT_Analyzer::InstantiateAnalyzer)); zeek::plugin::Configuration config; diff --git a/src/analyzer/protocol/mysql/MySQL.h b/src/analyzer/protocol/mysql/MySQL.h index 226a5e16e1..5b38aa1f7c 100644 --- a/src/analyzer/protocol/mysql/MySQL.h +++ b/src/analyzer/protocol/mysql/MySQL.h @@ -24,7 +24,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new MySQL_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/mysql/Plugin.cc b/src/analyzer/protocol/mysql/Plugin.cc index 6a3d7d3ccc..93a99b4d54 100644 --- a/src/analyzer/protocol/mysql/Plugin.cc +++ b/src/analyzer/protocol/mysql/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("MySQL", ::analyzer::MySQL::MySQL_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("MySQL", ::analyzer::MySQL::MySQL_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::MySQL"; config.description = "MySQL analyzer"; diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index 615503870a..78c477cd57 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -23,7 +23,7 @@ using namespace analyzer::ncp; uint16(xbyte(bytes, 0)) | ((uint16(xbyte(bytes, 1))) << 8) : \ uint16(xbyte(bytes, 1)) | ((uint16(xbyte(bytes, 0))) << 8)) -NCP_Session::NCP_Session(analyzer::Analyzer* a) +NCP_Session::NCP_Session(zeek::analyzer::Analyzer* a) : analyzer(a) { req_frame_type = 0; diff --git a/src/analyzer/protocol/ncp/NCP.h b/src/analyzer/protocol/ncp/NCP.h index 22c9ef0a56..c360c05da8 100644 --- a/src/analyzer/protocol/ncp/NCP.h +++ b/src/analyzer/protocol/ncp/NCP.h @@ -30,7 +30,7 @@ namespace analyzer { namespace ncp { class NCP_Session { public: - explicit NCP_Session(analyzer::Analyzer* analyzer); + explicit NCP_Session(zeek::analyzer::Analyzer* analyzer); void Deliver(bool is_orig, int len, const u_char* data); @@ -42,7 +42,7 @@ public: protected: void DeliverFrame(const binpac::NCP::ncp_frame* frame); - analyzer::Analyzer* analyzer; + zeek::analyzer::Analyzer* analyzer; int req_frame_type; int req_func; }; @@ -104,7 +104,7 @@ public: explicit NCP_Analyzer(Connection* conn); ~NCP_Analyzer() override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new NCP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ncp/Plugin.cc b/src/analyzer/protocol/ncp/Plugin.cc index 24030935fc..91ee989458 100644 --- a/src/analyzer/protocol/ncp/Plugin.cc +++ b/src/analyzer/protocol/ncp/Plugin.cc @@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("NCP", ::analyzer::ncp::NCP_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("Contents_NCP", nullptr)); + AddComponent(new zeek::analyzer::Component("NCP", ::analyzer::ncp::NCP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Contents_NCP", nullptr)); zeek::plugin::Configuration config; config.name = "Zeek::NCP"; diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 3f2360ed09..7d654ada20 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -49,14 +49,14 @@ NetbiosDGM_RawMsgHdr::NetbiosDGM_RawMsgHdr(const u_char*& data, int& len) } -NetbiosSSN_Interpreter::NetbiosSSN_Interpreter(Analyzer* arg_analyzer) +NetbiosSSN_Interpreter::NetbiosSSN_Interpreter(zeek::analyzer::Analyzer* arg_analyzer) { analyzer = arg_analyzer; //smb_session = arg_smb_session; } void NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags, - const u_char* data, int len, bool is_query) + const u_char* data, int len, bool is_query) { if ( netbios_session_message ) analyzer->EnqueueConnEvent(netbios_session_message, diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.h b/src/analyzer/protocol/netbios/NetbiosSSN.h index 27d1be4ba9..6548bcf513 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.h +++ b/src/analyzer/protocol/netbios/NetbiosSSN.h @@ -63,7 +63,7 @@ struct NetbiosDGM_RawMsgHdr { class NetbiosSSN_Interpreter { public: - explicit NetbiosSSN_Interpreter(Analyzer* analyzer); + explicit NetbiosSSN_Interpreter(zeek::analyzer::Analyzer* analyzer); void ParseMessage(unsigned int type, unsigned int flags, const u_char* data, int len, bool is_query); @@ -98,7 +98,7 @@ protected: u_char*& xname, int& xlen); protected: - Analyzer* analyzer; + zeek::analyzer::Analyzer* analyzer; //SMB_Session* smb_session; }; @@ -148,7 +148,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new NetbiosSSN_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/netbios/Plugin.cc b/src/analyzer/protocol/netbios/Plugin.cc index d5d8671d4b..cc68192fcc 100644 --- a/src/analyzer/protocol/netbios/Plugin.cc +++ b/src/analyzer/protocol/netbios/Plugin.cc @@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("NetbiosSSN", ::analyzer::netbios_ssn::NetbiosSSN_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("Contents_NetbiosSSN", nullptr)); + AddComponent(new zeek::analyzer::Component("NetbiosSSN", ::analyzer::netbios_ssn::NetbiosSSN_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Contents_NetbiosSSN", nullptr)); zeek::plugin::Configuration config; config.name = "Zeek::NetBIOS"; diff --git a/src/analyzer/protocol/ntlm/NTLM.h b/src/analyzer/protocol/ntlm/NTLM.h index 0fe048ce40..1bdbe5a0ff 100644 --- a/src/analyzer/protocol/ntlm/NTLM.h +++ b/src/analyzer/protocol/ntlm/NTLM.h @@ -24,7 +24,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new NTLM_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ntlm/Plugin.cc b/src/analyzer/protocol/ntlm/Plugin.cc index 572d9b97c6..402665db59 100644 --- a/src/analyzer/protocol/ntlm/Plugin.cc +++ b/src/analyzer/protocol/ntlm/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("NTLM", ::analyzer::ntlm::NTLM_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("NTLM", ::analyzer::ntlm::NTLM_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::NTLM"; diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index d39e109775..3984f6429f 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -7,7 +7,7 @@ using namespace analyzer::NTP; NTP_Analyzer::NTP_Analyzer(Connection* c) - : analyzer::Analyzer("NTP", c) + : zeek::analyzer::Analyzer("NTP", c) { interp = new binpac::NTP::NTP_Conn(this); } diff --git a/src/analyzer/protocol/ntp/NTP.h b/src/analyzer/protocol/ntp/NTP.h index 494f8a6901..aea622340a 100644 --- a/src/analyzer/protocol/ntp/NTP.h +++ b/src/analyzer/protocol/ntp/NTP.h @@ -9,7 +9,7 @@ namespace analyzer { namespace NTP { -class NTP_Analyzer final : public analyzer::Analyzer { +class NTP_Analyzer final : public zeek::analyzer::Analyzer { public: explicit NTP_Analyzer(Connection* conn); ~NTP_Analyzer() override; @@ -19,7 +19,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new NTP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ntp/Plugin.cc b/src/analyzer/protocol/ntp/Plugin.cc index 0b03791e1a..4979d27eb1 100644 --- a/src/analyzer/protocol/ntp/Plugin.cc +++ b/src/analyzer/protocol/ntp/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("NTP", ::analyzer::NTP::NTP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("NTP", ::analyzer::NTP::NTP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::NTP"; diff --git a/src/analyzer/protocol/pia/PIA.cc b/src/analyzer/protocol/pia/PIA.cc index 8e0d7e9295..87be6e540f 100644 --- a/src/analyzer/protocol/pia/PIA.cc +++ b/src/analyzer/protocol/pia/PIA.cc @@ -10,7 +10,7 @@ using namespace analyzer::pia; -PIA::PIA(analyzer::Analyzer* arg_as_analyzer) +PIA::PIA(zeek::analyzer::Analyzer* arg_as_analyzer) : state(INIT), as_analyzer(arg_as_analyzer), conn(), current_packet() { } @@ -71,7 +71,7 @@ void PIA::AddToBuffer(Buffer* buffer, int len, const u_char* data, bool is_orig, AddToBuffer(buffer, -1, len, data, is_orig, ip); } -void PIA::ReplayPacketBuffer(analyzer::Analyzer* analyzer) +void PIA::ReplayPacketBuffer(zeek::analyzer::Analyzer* analyzer) { DBG_LOG(DBG_ANALYZER, "PIA replaying %d total packet bytes", pkt_buffer.size); @@ -145,7 +145,7 @@ void PIA::DoMatch(const u_char* data, int len, bool is_orig, bool bol, bool eol, bol, eol, clear_state); } -void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) +void PIA_UDP::ActivateAnalyzer(zeek::analyzer::Tag tag, const Rule* rule) { if ( pkt_buffer.state == MATCHING_ONLY ) { @@ -170,7 +170,7 @@ void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) if ( Parent()->HasChildAnalyzer(tag) ) return; - analyzer::Analyzer* a = Parent()->AddChildAnalyzer(tag); + zeek::analyzer::Analyzer* a = Parent()->AddChildAnalyzer(tag); if ( ! a ) return; @@ -179,7 +179,7 @@ void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) ReplayPacketBuffer(a); } -void PIA_UDP::DeactivateAnalyzer(analyzer::Tag tag) +void PIA_UDP::DeactivateAnalyzer(zeek::analyzer::Tag tag) { reporter->InternalError("PIA_UDP::Deact not implemented yet"); } @@ -292,7 +292,7 @@ void PIA_TCP::Undelivered(uint64_t seq, int len, bool is_orig) // No check for buffer overrun here. I think that's ok. } -void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) +void PIA_TCP::ActivateAnalyzer(zeek::analyzer::Tag tag, const Rule* rule) { if ( stream_buffer.state == MATCHING_ONLY ) { @@ -314,7 +314,7 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) return; } - analyzer::Analyzer* a = Parent()->AddChildAnalyzer(tag); + zeek::analyzer::Analyzer* a = Parent()->AddChildAnalyzer(tag); if ( ! a ) return; @@ -418,12 +418,12 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) tcp->SetReassembler(reass_orig, reass_resp); } -void PIA_TCP::DeactivateAnalyzer(analyzer::Tag tag) +void PIA_TCP::DeactivateAnalyzer(zeek::analyzer::Tag tag) { reporter->InternalError("PIA_TCP::Deact not implemented yet"); } -void PIA_TCP::ReplayStreamBuffer(analyzer::Analyzer* analyzer) +void PIA_TCP::ReplayStreamBuffer(zeek::analyzer::Analyzer* analyzer) { DBG_LOG(DBG_ANALYZER, "PIA_TCP replaying %d total stream bytes", stream_buffer.size); diff --git a/src/analyzer/protocol/pia/PIA.h b/src/analyzer/protocol/pia/PIA.h index 575cb89571..b101513c69 100644 --- a/src/analyzer/protocol/pia/PIA.h +++ b/src/analyzer/protocol/pia/PIA.h @@ -19,25 +19,25 @@ namespace analyzer { namespace pia { // PIAs and then each needs its own matching-state. class PIA : public RuleMatcherState { public: - explicit PIA(analyzer::Analyzer* as_analyzer); + explicit PIA(zeek::analyzer::Analyzer* as_analyzer); virtual ~PIA(); // Called when PIA wants to put an Analyzer in charge. rule is the // signature that triggered the activitation, if any. - virtual void ActivateAnalyzer(analyzer::Tag tag, + virtual void ActivateAnalyzer(zeek::analyzer::Tag tag, const Rule* rule = nullptr) = 0; // Called when PIA wants to remove an Analyzer. - virtual void DeactivateAnalyzer(analyzer::Tag tag) = 0; + virtual void DeactivateAnalyzer(zeek::analyzer::Tag tag) = 0; void Match(Rule::PatternType type, const u_char* data, int len, bool is_orig, bool bol, bool eol, bool clear_state); - void ReplayPacketBuffer(analyzer::Analyzer* analyzer); + void ReplayPacketBuffer(zeek::analyzer::Analyzer* analyzer); // Children are also derived from Analyzer. Return this object // as pointer to an Analyzer. - analyzer::Analyzer* AsAnalyzer() { return as_analyzer; } + zeek::analyzer::Analyzer* AsAnalyzer() { return as_analyzer; } protected: void PIA_Done(); @@ -82,20 +82,20 @@ protected: Buffer pkt_buffer; private: - analyzer::Analyzer* as_analyzer; + zeek::analyzer::Analyzer* as_analyzer; Connection* conn; DataBlock current_packet; }; // PIA for UDP. -class PIA_UDP : public PIA, public analyzer::Analyzer { +class PIA_UDP : public PIA, public zeek::analyzer::Analyzer { public: explicit PIA_UDP(Connection* conn) : PIA(this), Analyzer("PIA_UDP", conn) { SetConn(conn); } ~PIA_UDP() override { } - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new PIA_UDP(conn); } protected: @@ -112,8 +112,8 @@ protected: PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen, true); } - void ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) override; - void DeactivateAnalyzer(analyzer::Tag tag) override; + void ActivateAnalyzer(zeek::analyzer::Tag tag, const Rule* rule) override; + void DeactivateAnalyzer(zeek::analyzer::Tag tag) override; }; // PIA for TCP. Accepts both packet and stream input (and reassembles @@ -138,9 +138,9 @@ public: // to be unnecessary overhead.) void FirstPacket(bool is_orig, const IP_Hdr* ip); - void ReplayStreamBuffer(analyzer::Analyzer* analyzer); + void ReplayStreamBuffer(zeek::analyzer::Analyzer* analyzer); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new PIA_TCP(conn); } protected: @@ -160,9 +160,9 @@ protected: void DeliverStream(int len, const u_char* data, bool is_orig) override; void Undelivered(uint64_t seq, int len, bool is_orig) override; - void ActivateAnalyzer(analyzer::Tag tag, + void ActivateAnalyzer(zeek::analyzer::Tag tag, const Rule* rule = nullptr) override; - void DeactivateAnalyzer(analyzer::Tag tag) override; + void DeactivateAnalyzer(zeek::analyzer::Tag tag) override; private: // FIXME: Not sure yet whether we need both pkt_buffer and stream_buffer. @@ -172,4 +172,4 @@ private: bool stream_mode; }; -} } // namespace analyzer::* +} } // namespace analyzer::* diff --git a/src/analyzer/protocol/pia/Plugin.cc b/src/analyzer/protocol/pia/Plugin.cc index b3482f2913..90d444bd96 100644 --- a/src/analyzer/protocol/pia/Plugin.cc +++ b/src/analyzer/protocol/pia/Plugin.cc @@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("PIA_TCP", ::analyzer::pia::PIA_TCP::Instantiate)); - AddComponent(new ::analyzer::Component("PIA_UDP", ::analyzer::pia::PIA_UDP::Instantiate)); + AddComponent(new zeek::analyzer::Component("PIA_TCP", ::analyzer::pia::PIA_TCP::Instantiate)); + AddComponent(new zeek::analyzer::Component("PIA_UDP", ::analyzer::pia::PIA_UDP::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::PIA"; diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index 70998237ae..ba0e42434e 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -821,7 +821,7 @@ void POP3_Analyzer::StartTLS() RemoveSupportAnalyzer(cl_orig); RemoveSupportAnalyzer(cl_resp); - Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); + Analyzer* ssl = zeek::analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); if ( ssl ) AddChildAnalyzer(ssl); diff --git a/src/analyzer/protocol/pop3/POP3.h b/src/analyzer/protocol/pop3/POP3.h index 542e5e762a..c854ad7240 100644 --- a/src/analyzer/protocol/pop3/POP3.h +++ b/src/analyzer/protocol/pop3/POP3.h @@ -69,7 +69,7 @@ public: void Done() override; void DeliverStream(int len, const u_char* data, bool orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new POP3_Analyzer(conn); } diff --git a/src/analyzer/protocol/pop3/Plugin.cc b/src/analyzer/protocol/pop3/Plugin.cc index 1f287798f7..96a202c28d 100644 --- a/src/analyzer/protocol/pop3/Plugin.cc +++ b/src/analyzer/protocol/pop3/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("POP3", ::analyzer::pop3::POP3_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("POP3", ::analyzer::pop3::POP3_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::POP3"; diff --git a/src/analyzer/protocol/radius/Plugin.cc b/src/analyzer/protocol/radius/Plugin.cc index 5b765d2596..fb561d8002 100644 --- a/src/analyzer/protocol/radius/Plugin.cc +++ b/src/analyzer/protocol/radius/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("RADIUS", ::analyzer::RADIUS::RADIUS_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("RADIUS", ::analyzer::RADIUS::RADIUS_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::RADIUS"; diff --git a/src/analyzer/protocol/radius/RADIUS.cc b/src/analyzer/protocol/radius/RADIUS.cc index 7ff4733d62..6f75e3094c 100644 --- a/src/analyzer/protocol/radius/RADIUS.cc +++ b/src/analyzer/protocol/radius/RADIUS.cc @@ -9,7 +9,7 @@ using namespace analyzer::RADIUS; RADIUS_Analyzer::RADIUS_Analyzer(Connection* c) - : analyzer::Analyzer("RADIUS", c) + : zeek::analyzer::Analyzer("RADIUS", c) { interp = new binpac::RADIUS::RADIUS_Conn(this); } diff --git a/src/analyzer/protocol/radius/RADIUS.h b/src/analyzer/protocol/radius/RADIUS.h index 87a3ad8586..bf3d57a39e 100644 --- a/src/analyzer/protocol/radius/RADIUS.h +++ b/src/analyzer/protocol/radius/RADIUS.h @@ -11,7 +11,7 @@ namespace analyzer { namespace RADIUS { -class RADIUS_Analyzer final : public analyzer::Analyzer { +class RADIUS_Analyzer final : public zeek::analyzer::Analyzer { public: explicit RADIUS_Analyzer(Connection* conn); ~RADIUS_Analyzer() override; @@ -21,7 +21,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new RADIUS_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/rdp/Plugin.cc b/src/analyzer/protocol/rdp/Plugin.cc index 70145b109e..61f2a02832 100644 --- a/src/analyzer/protocol/rdp/Plugin.cc +++ b/src/analyzer/protocol/rdp/Plugin.cc @@ -10,8 +10,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("RDP", ::analyzer::rdp::RDP_Analyzer::InstantiateAnalyzer)); - AddComponent(new ::analyzer::Component("RDPEUDP", ::analyzer::rdpeudp::RDP_Analyzer::InstantiateAnalyzer)); + AddComponent(new zeek::analyzer::Component("RDP", ::analyzer::rdp::RDP_Analyzer::InstantiateAnalyzer)); + AddComponent(new zeek::analyzer::Component("RDPEUDP", ::analyzer::rdpeudp::RDP_Analyzer::InstantiateAnalyzer)); zeek::plugin::Configuration config; config.name = "Zeek::RDP"; diff --git a/src/analyzer/protocol/rdp/RDP.h b/src/analyzer/protocol/rdp/RDP.h index 42c93a15fe..5cb0850e60 100644 --- a/src/analyzer/protocol/rdp/RDP.h +++ b/src/analyzer/protocol/rdp/RDP.h @@ -19,7 +19,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) + static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) { return new RDP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/rdp/RDPEUDP.cc b/src/analyzer/protocol/rdp/RDPEUDP.cc index 3cedd1eaa2..6c4d840a3b 100644 --- a/src/analyzer/protocol/rdp/RDPEUDP.cc +++ b/src/analyzer/protocol/rdp/RDPEUDP.cc @@ -6,7 +6,7 @@ using namespace analyzer::rdpeudp; RDP_Analyzer::RDP_Analyzer(Connection* c) - : analyzer::Analyzer("RDPEUDP", c) + : zeek::analyzer::Analyzer("RDPEUDP", c) { interp = new binpac::RDPEUDP::RDPEUDP_Conn(this); } diff --git a/src/analyzer/protocol/rdp/RDPEUDP.h b/src/analyzer/protocol/rdp/RDPEUDP.h index c38cb00cdb..a83ad6909c 100644 --- a/src/analyzer/protocol/rdp/RDPEUDP.h +++ b/src/analyzer/protocol/rdp/RDPEUDP.h @@ -5,7 +5,7 @@ #include "rdpeudp_pac.h" namespace analyzer { namespace rdpeudp { -class RDP_Analyzer final : public analyzer::Analyzer { +class RDP_Analyzer final : public zeek::analyzer::Analyzer { public: explicit RDP_Analyzer(Connection* conn); @@ -14,7 +14,7 @@ public: void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override; - static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) + static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) { return new RDP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/rfb/Plugin.cc b/src/analyzer/protocol/rfb/Plugin.cc index 1bc665e25d..917135552b 100644 --- a/src/analyzer/protocol/rfb/Plugin.cc +++ b/src/analyzer/protocol/rfb/Plugin.cc @@ -9,7 +9,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("RFB", + AddComponent(new zeek::analyzer::Component("RFB", ::analyzer::rfb::RFB_Analyzer::InstantiateAnalyzer)); zeek::plugin::Configuration config; diff --git a/src/analyzer/protocol/rfb/RFB.h b/src/analyzer/protocol/rfb/RFB.h index 01da03c569..56626d508a 100644 --- a/src/analyzer/protocol/rfb/RFB.h +++ b/src/analyzer/protocol/rfb/RFB.h @@ -24,8 +24,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - - static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) + static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) { return new RFB_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/rpc/MOUNT.h b/src/analyzer/protocol/rpc/MOUNT.h index 888cc5b47e..345029c57d 100644 --- a/src/analyzer/protocol/rpc/MOUNT.h +++ b/src/analyzer/protocol/rpc/MOUNT.h @@ -8,7 +8,7 @@ namespace analyzer { namespace rpc { class MOUNT_Interp : public RPC_Interpreter { public: - explicit MOUNT_Interp(analyzer::Analyzer* arg_analyzer) : RPC_Interpreter(arg_analyzer) { } + explicit MOUNT_Interp(zeek::analyzer::Analyzer* arg_analyzer) : RPC_Interpreter(arg_analyzer) { } protected: bool RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) override; @@ -42,7 +42,7 @@ public: explicit MOUNT_Analyzer(Connection* conn); void Init() override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new MOUNT_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/rpc/NFS.h b/src/analyzer/protocol/rpc/NFS.h index c8b160e276..daf01d4e57 100644 --- a/src/analyzer/protocol/rpc/NFS.h +++ b/src/analyzer/protocol/rpc/NFS.h @@ -9,7 +9,7 @@ namespace analyzer { namespace rpc { class NFS_Interp : public RPC_Interpreter { public: - explicit NFS_Interp(analyzer::Analyzer* arg_analyzer) : RPC_Interpreter(arg_analyzer) { } + explicit NFS_Interp(zeek::analyzer::Analyzer* arg_analyzer) : RPC_Interpreter(arg_analyzer) { } protected: bool RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) override; @@ -84,7 +84,7 @@ public: explicit NFS_Analyzer(Connection* conn); void Init() override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new NFS_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/rpc/Plugin.cc b/src/analyzer/protocol/rpc/Plugin.cc index 21f44a247f..39ee57d14d 100644 --- a/src/analyzer/protocol/rpc/Plugin.cc +++ b/src/analyzer/protocol/rpc/Plugin.cc @@ -14,11 +14,11 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("NFS", ::analyzer::rpc::NFS_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("MOUNT", ::analyzer::rpc::MOUNT_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("Portmapper", ::analyzer::rpc::Portmapper_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("Contents_RPC", nullptr)); - AddComponent(new ::analyzer::Component("Contents_NFS", nullptr)); + AddComponent(new zeek::analyzer::Component("NFS", ::analyzer::rpc::NFS_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("MOUNT", ::analyzer::rpc::MOUNT_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Portmapper", ::analyzer::rpc::Portmapper_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Contents_RPC", nullptr)); + AddComponent(new zeek::analyzer::Component("Contents_NFS", nullptr)); zeek::plugin::Configuration config; config.name = "Zeek::RPC"; diff --git a/src/analyzer/protocol/rpc/Portmap.h b/src/analyzer/protocol/rpc/Portmap.h index 309f310d06..36579dc180 100644 --- a/src/analyzer/protocol/rpc/Portmap.h +++ b/src/analyzer/protocol/rpc/Portmap.h @@ -8,7 +8,7 @@ namespace analyzer { namespace rpc { class PortmapperInterp : public RPC_Interpreter { public: - explicit PortmapperInterp(analyzer::Analyzer* arg_analyzer) : RPC_Interpreter(arg_analyzer) { } + explicit PortmapperInterp(zeek::analyzer::Analyzer* arg_analyzer) : RPC_Interpreter(arg_analyzer) { } protected: bool RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) override; @@ -30,7 +30,7 @@ public: ~Portmapper_Analyzer() override; void Init() override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new Portmapper_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 6e16f5ce6c..5f04b40b7c 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -108,7 +108,7 @@ bool RPC_CallInfo::CompareRexmit(const u_char* buf, int n) const } -RPC_Interpreter::RPC_Interpreter(analyzer::Analyzer* arg_analyzer) +RPC_Interpreter::RPC_Interpreter(zeek::analyzer::Analyzer* arg_analyzer) { analyzer = arg_analyzer; } diff --git a/src/analyzer/protocol/rpc/RPC.h b/src/analyzer/protocol/rpc/RPC.h index b54062c413..924752c4f9 100644 --- a/src/analyzer/protocol/rpc/RPC.h +++ b/src/analyzer/protocol/rpc/RPC.h @@ -100,7 +100,7 @@ protected: class RPC_Interpreter { public: - explicit RPC_Interpreter(analyzer::Analyzer* analyzer); + explicit RPC_Interpreter(zeek::analyzer::Analyzer* analyzer); virtual ~RPC_Interpreter(); // Delivers the given RPC. Returns true if "len" bytes were @@ -123,7 +123,7 @@ protected: void Weird(const char* name, const char* addl = ""); std::map calls; - analyzer::Analyzer* analyzer; + zeek::analyzer::Analyzer* analyzer; }; diff --git a/src/analyzer/protocol/sip/Plugin.cc b/src/analyzer/protocol/sip/Plugin.cc index 4a6d253cbd..5332357877 100644 --- a/src/analyzer/protocol/sip/Plugin.cc +++ b/src/analyzer/protocol/sip/Plugin.cc @@ -12,10 +12,10 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("SIP", ::analyzer::SIP::SIP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SIP", ::analyzer::SIP::SIP_Analyzer::Instantiate)); // We don't fully support SIP-over-TCP yet, so we don't activate this component. - // AddComponent(new ::analyzer::Component("SIP_TCP", ::analyzer::sip_tcp::SIP_Analyzer::Instantiate)); + // AddComponent(new zeek::analyzer::Component("SIP_TCP", ::analyzer::sip_tcp::SIP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SIP"; diff --git a/src/analyzer/protocol/sip/SIP.cc b/src/analyzer/protocol/sip/SIP.cc index fb0753f0aa..6acd1126ac 100644 --- a/src/analyzer/protocol/sip/SIP.cc +++ b/src/analyzer/protocol/sip/SIP.cc @@ -5,7 +5,7 @@ using namespace analyzer::SIP; SIP_Analyzer::SIP_Analyzer(Connection* c) - : analyzer::Analyzer("SIP", c) + : zeek::analyzer::Analyzer("SIP", c) { interp = new binpac::SIP::SIP_Conn(this); } diff --git a/src/analyzer/protocol/sip/SIP.h b/src/analyzer/protocol/sip/SIP.h index c819d1d04f..f1a337563f 100644 --- a/src/analyzer/protocol/sip/SIP.h +++ b/src/analyzer/protocol/sip/SIP.h @@ -7,7 +7,7 @@ namespace analyzer { namespace SIP { -class SIP_Analyzer final : public analyzer::Analyzer { +class SIP_Analyzer final : public zeek::analyzer::Analyzer { public: explicit SIP_Analyzer(Connection* conn); ~SIP_Analyzer() override; @@ -18,7 +18,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new SIP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/sip/SIP_TCP.h b/src/analyzer/protocol/sip/SIP_TCP.h index d52c89cff1..ed64b22056 100644 --- a/src/analyzer/protocol/sip/SIP_TCP.h +++ b/src/analyzer/protocol/sip/SIP_TCP.h @@ -23,7 +23,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new SIP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/smb/Plugin.cc b/src/analyzer/protocol/smb/Plugin.cc index a4935fe204..ece3394433 100644 --- a/src/analyzer/protocol/smb/Plugin.cc +++ b/src/analyzer/protocol/smb/Plugin.cc @@ -11,8 +11,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("SMB", ::analyzer::smb::SMB_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("Contents_SMB", nullptr)); + AddComponent(new zeek::analyzer::Component("SMB", ::analyzer::smb::SMB_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Contents_SMB", nullptr)); zeek::plugin::Configuration config; config.name = "Zeek::SMB"; diff --git a/src/analyzer/protocol/smb/SMB.h b/src/analyzer/protocol/smb/SMB.h index a3c2c3e521..a076c1e429 100644 --- a/src/analyzer/protocol/smb/SMB.h +++ b/src/analyzer/protocol/smb/SMB.h @@ -18,7 +18,7 @@ public: bool HasSMBHeader(int len, const u_char* data); void NeedResync(); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new SMB_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/smb/smb-gssapi.pac b/src/analyzer/protocol/smb/smb-gssapi.pac index 2bde6e9e8f..38adb7adb4 100644 --- a/src/analyzer/protocol/smb/smb-gssapi.pac +++ b/src/analyzer/protocol/smb/smb-gssapi.pac @@ -1,8 +1,8 @@ refine connection SMB_Conn += { %member{ - analyzer::Analyzer *gssapi; - analyzer::Analyzer *ntlm; + zeek::analyzer::Analyzer *gssapi; + zeek::analyzer::Analyzer *ntlm; %} %init{ @@ -27,10 +27,10 @@ refine connection SMB_Conn += { function forward_gssapi(data: bytestring, is_orig: bool): bool %{ if ( ! gssapi ) - gssapi = analyzer_mgr->InstantiateAnalyzer("GSSAPI", bro_analyzer()->Conn()); + gssapi = zeek::analyzer_mgr->InstantiateAnalyzer("GSSAPI", bro_analyzer()->Conn()); if ( ! ntlm ) - ntlm = analyzer_mgr->InstantiateAnalyzer("NTLM", bro_analyzer()->Conn()); + ntlm = zeek::analyzer_mgr->InstantiateAnalyzer("NTLM", bro_analyzer()->Conn()); // SMB allows raw NTLM instead of GSSAPI in certain messages. // We check if this is the case and run the NTLM analyzer directly. diff --git a/src/analyzer/protocol/smb/smb-pipe.pac b/src/analyzer/protocol/smb/smb-pipe.pac index 4dd4c7e754..fe8bb9c9da 100644 --- a/src/analyzer/protocol/smb/smb-pipe.pac +++ b/src/analyzer/protocol/smb/smb-pipe.pac @@ -49,7 +49,7 @@ refine connection SMB_Conn += { if ( it == fid_to_analyzer_map.end() ) { - auto tmp_analyzer = analyzer_mgr->InstantiateAnalyzer("DCE_RPC", bro_analyzer()->Conn()); + auto tmp_analyzer = zeek::analyzer_mgr->InstantiateAnalyzer("DCE_RPC", bro_analyzer()->Conn()); pipe_dcerpc = static_cast(tmp_analyzer); if ( pipe_dcerpc ) diff --git a/src/analyzer/protocol/smtp/Plugin.cc b/src/analyzer/protocol/smtp/Plugin.cc index d1a28ddc02..1d472a6300 100644 --- a/src/analyzer/protocol/smtp/Plugin.cc +++ b/src/analyzer/protocol/smtp/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("SMTP", ::analyzer::smtp::SMTP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SMTP", ::analyzer::smtp::SMTP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SMTP"; diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index fbe584e2ae..177dcf9d1a 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -405,7 +405,7 @@ void SMTP_Analyzer::StartTLS() RemoveSupportAnalyzer(cl_orig); RemoveSupportAnalyzer(cl_resp); - Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); + Analyzer* ssl = zeek::analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); if ( ssl ) AddChildAnalyzer(ssl); diff --git a/src/analyzer/protocol/smtp/SMTP.h b/src/analyzer/protocol/smtp/SMTP.h index edc17e7d20..4bf39eb38f 100644 --- a/src/analyzer/protocol/smtp/SMTP.h +++ b/src/analyzer/protocol/smtp/SMTP.h @@ -47,7 +47,7 @@ public: void SkipData() { skip_data = 1; } // skip delivery of data lines - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new SMTP_Analyzer(conn); } diff --git a/src/analyzer/protocol/smtp/functions.bif b/src/analyzer/protocol/smtp/functions.bif index adbe58a424..efc577f2f6 100644 --- a/src/analyzer/protocol/smtp/functions.bif +++ b/src/analyzer/protocol/smtp/functions.bif @@ -10,8 +10,8 @@ ## .. zeek:see:: skip_http_entity_data function skip_smtp_data%(c: connection%): any %{ - analyzer::Analyzer* sa = c->FindAnalyzer("SMTP"); + zeek::analyzer::Analyzer* sa = c->FindAnalyzer("SMTP"); if ( sa ) - static_cast(sa)->SkipData(); + static_cast<::analyzer::smtp::SMTP_Analyzer*>(sa)->SkipData(); return nullptr; %} diff --git a/src/analyzer/protocol/snmp/Plugin.cc b/src/analyzer/protocol/snmp/Plugin.cc index 887b9a73ac..4100dc679c 100644 --- a/src/analyzer/protocol/snmp/Plugin.cc +++ b/src/analyzer/protocol/snmp/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("SNMP", ::analyzer::snmp::SNMP_Analyzer::InstantiateAnalyzer)); + AddComponent(new zeek::analyzer::Component("SNMP", ::analyzer::snmp::SNMP_Analyzer::InstantiateAnalyzer)); zeek::plugin::Configuration config; config.name = "Zeek::SNMP"; diff --git a/src/analyzer/protocol/snmp/SNMP.h b/src/analyzer/protocol/snmp/SNMP.h index 9328cd4970..e1a695aa3f 100644 --- a/src/analyzer/protocol/snmp/SNMP.h +++ b/src/analyzer/protocol/snmp/SNMP.h @@ -6,7 +6,7 @@ namespace analyzer { namespace snmp { -class SNMP_Analyzer final : public analyzer::Analyzer { +class SNMP_Analyzer final : public zeek::analyzer::Analyzer { public: @@ -17,7 +17,7 @@ public: virtual void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen); - static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) + static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) { return new SNMP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/socks/Plugin.cc b/src/analyzer/protocol/socks/Plugin.cc index da2375991c..7d4290a844 100644 --- a/src/analyzer/protocol/socks/Plugin.cc +++ b/src/analyzer/protocol/socks/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("SOCKS", ::analyzer::socks::SOCKS_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SOCKS", ::analyzer::socks::SOCKS_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SOCKS"; diff --git a/src/analyzer/protocol/socks/SOCKS.h b/src/analyzer/protocol/socks/SOCKS.h index 40ec1b8ea1..f97c544a30 100644 --- a/src/analyzer/protocol/socks/SOCKS.h +++ b/src/analyzer/protocol/socks/SOCKS.h @@ -25,7 +25,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new SOCKS_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ssh/Plugin.cc b/src/analyzer/protocol/ssh/Plugin.cc index 395192bb60..6040fcc213 100644 --- a/src/analyzer/protocol/ssh/Plugin.cc +++ b/src/analyzer/protocol/ssh/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("SSH", ::analyzer::SSH::SSH_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SSH", ::analyzer::SSH::SSH_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SSH"; diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h index 6d4ebf8044..b3a5b224d4 100644 --- a/src/analyzer/protocol/ssh/SSH.h +++ b/src/analyzer/protocol/ssh/SSH.h @@ -23,7 +23,7 @@ namespace analyzer { // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new SSH_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ssl/DTLS.cc b/src/analyzer/protocol/ssl/DTLS.cc index 6dfe4dc007..0f329bb857 100644 --- a/src/analyzer/protocol/ssl/DTLS.cc +++ b/src/analyzer/protocol/ssl/DTLS.cc @@ -11,7 +11,7 @@ using namespace analyzer::dtls; DTLS_Analyzer::DTLS_Analyzer(Connection* c) -: analyzer::Analyzer("DTLS", c) +: zeek::analyzer::Analyzer("DTLS", c) { interp = new binpac::DTLS::SSL_Conn(this); handshake_interp = new binpac::TLSHandshake::Handshake_Conn(this); diff --git a/src/analyzer/protocol/ssl/DTLS.h b/src/analyzer/protocol/ssl/DTLS.h index c260540ce1..9e7ce7dd40 100644 --- a/src/analyzer/protocol/ssl/DTLS.h +++ b/src/analyzer/protocol/ssl/DTLS.h @@ -10,7 +10,7 @@ namespace binpac { namespace TLSHandshake { class Handshake_Conn; } } namespace analyzer { namespace dtls { -class DTLS_Analyzer final : public analyzer::Analyzer { +class DTLS_Analyzer final : public zeek::analyzer::Analyzer { public: explicit DTLS_Analyzer(Connection* conn); ~DTLS_Analyzer() override; @@ -24,7 +24,7 @@ public: void SendHandshake(uint16_t raw_tls_version, uint8_t msg_type, uint32_t length, const u_char* begin, const u_char* end, bool orig); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new DTLS_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ssl/Plugin.cc b/src/analyzer/protocol/ssl/Plugin.cc index 72ea74dc7a..61adb16442 100644 --- a/src/analyzer/protocol/ssl/Plugin.cc +++ b/src/analyzer/protocol/ssl/Plugin.cc @@ -12,8 +12,8 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("SSL", ::analyzer::ssl::SSL_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("DTLS", ::analyzer::dtls::DTLS_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SSL", ::analyzer::ssl::SSL_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("DTLS", ::analyzer::dtls::DTLS_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SSL"; diff --git a/src/analyzer/protocol/ssl/SSL.h b/src/analyzer/protocol/ssl/SSL.h index b9ac0c3781..fa318c9b3f 100644 --- a/src/analyzer/protocol/ssl/SSL.h +++ b/src/analyzer/protocol/ssl/SSL.h @@ -28,7 +28,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new SSL_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ssl/functions.bif b/src/analyzer/protocol/ssl/functions.bif index 38b2330798..99112e3c19 100644 --- a/src/analyzer/protocol/ssl/functions.bif +++ b/src/analyzer/protocol/ssl/functions.bif @@ -11,8 +11,8 @@ ## c: The SSL connection. function set_ssl_established%(c: connection%): any %{ - analyzer::Analyzer* sa = c->FindAnalyzer("SSL"); + zeek::analyzer::Analyzer* sa = c->FindAnalyzer("SSL"); if ( sa ) - static_cast(sa)->StartEncryption(); + static_cast<::analyzer::ssl::SSL_Analyzer*>(sa)->StartEncryption(); return nullptr; %} diff --git a/src/analyzer/protocol/stepping-stone/Plugin.cc b/src/analyzer/protocol/stepping-stone/Plugin.cc index 61e408bfce..2cd972932a 100644 --- a/src/analyzer/protocol/stepping-stone/Plugin.cc +++ b/src/analyzer/protocol/stepping-stone/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("SteppingStone", ::analyzer::stepping_stone::SteppingStone_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SteppingStone", ::analyzer::stepping_stone::SteppingStone_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SteppingStone"; diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.h b/src/analyzer/protocol/stepping-stone/SteppingStone.h index 972778d2d7..ac9011dc82 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.h +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.h @@ -48,7 +48,7 @@ public: void Init() override; void Done() override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new SteppingStone_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/syslog/Plugin.cc b/src/analyzer/protocol/syslog/Plugin.cc index 80cbf2e974..4ae18015aa 100644 --- a/src/analyzer/protocol/syslog/Plugin.cc +++ b/src/analyzer/protocol/syslog/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("Syslog", ::analyzer::syslog::Syslog_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Syslog", ::analyzer::syslog::Syslog_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Syslog"; diff --git a/src/analyzer/protocol/syslog/Syslog.h b/src/analyzer/protocol/syslog/Syslog.h index befbcb3748..50bc8c0d83 100644 --- a/src/analyzer/protocol/syslog/Syslog.h +++ b/src/analyzer/protocol/syslog/Syslog.h @@ -8,7 +8,7 @@ namespace analyzer { namespace syslog { -class Syslog_Analyzer : public analyzer::Analyzer { +class Syslog_Analyzer : public zeek::analyzer::Analyzer { public: explicit Syslog_Analyzer(Connection* conn); ~Syslog_Analyzer() override; @@ -17,7 +17,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new Syslog_Analyzer(conn); } protected: @@ -38,11 +38,11 @@ protected: // virtual void Undelivered(uint64_t seq, int len, bool orig); // virtual void EndpointEOF(tcp::TCP_Reassembler* endp); // -// static analyzer::Analyzer* Instantiate(Connection* conn) +// static zeek::analyzer::Analyzer* Instantiate(Connection* conn) // { return new Syslog_tcp::TCP_Analyzer(conn); } // //protected: // binpac::Syslog_on_TCP::Syslog_TCP_Conn* interp; //}; // -} } // namespace analyzer::* +} } // namespace analyzer::* diff --git a/src/analyzer/protocol/tcp/Plugin.cc b/src/analyzer/protocol/tcp/Plugin.cc index a6dd74e460..be35d2a45f 100644 --- a/src/analyzer/protocol/tcp/Plugin.cc +++ b/src/analyzer/protocol/tcp/Plugin.cc @@ -11,10 +11,10 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("TCP", ::analyzer::tcp::TCP_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("TCPStats", ::analyzer::tcp::TCPStats_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("CONTENTLINE", nullptr)); - AddComponent(new ::analyzer::Component("Contents", nullptr)); + AddComponent(new zeek::analyzer::Component("TCP", ::analyzer::tcp::TCP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("TCPStats", ::analyzer::tcp::TCPStats_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("CONTENTLINE", nullptr)); + AddComponent(new zeek::analyzer::Component("Contents", nullptr)); zeek::plugin::Configuration config; config.name = "Zeek::TCP"; diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 24a4301ead..6a93907c24 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -179,16 +179,16 @@ void TCP_Analyzer::Done() finished = 1; } -analyzer::Analyzer* TCP_Analyzer::FindChild(ID arg_id) +zeek::analyzer::Analyzer* TCP_Analyzer::FindChild(zeek::analyzer::ID arg_id) { - analyzer::Analyzer* child = analyzer::TransportLayerAnalyzer::FindChild(arg_id); + zeek::analyzer::Analyzer* child = zeek::analyzer::TransportLayerAnalyzer::FindChild(arg_id); if ( child ) return child; LOOP_OVER_GIVEN_CHILDREN(i, packet_children) { - analyzer::Analyzer* child = (*i)->FindChild(arg_id); + zeek::analyzer::Analyzer* child = (*i)->FindChild(arg_id); if ( child ) return child; } @@ -196,16 +196,16 @@ analyzer::Analyzer* TCP_Analyzer::FindChild(ID arg_id) return nullptr; } -analyzer::Analyzer* TCP_Analyzer::FindChild(Tag arg_tag) +zeek::analyzer::Analyzer* TCP_Analyzer::FindChild(zeek::analyzer::Tag arg_tag) { - analyzer::Analyzer* child = analyzer::TransportLayerAnalyzer::FindChild(arg_tag); + zeek::analyzer::Analyzer* child = zeek::analyzer::TransportLayerAnalyzer::FindChild(arg_tag); if ( child ) return child; LOOP_OVER_GIVEN_CHILDREN(i, packet_children) { - analyzer::Analyzer* child = (*i)->FindChild(arg_tag); + zeek::analyzer::Analyzer* child = (*i)->FindChild(arg_tag); if ( child ) return child; } @@ -213,9 +213,9 @@ analyzer::Analyzer* TCP_Analyzer::FindChild(Tag arg_tag) return nullptr; } -bool TCP_Analyzer::RemoveChildAnalyzer(ID id) +bool TCP_Analyzer::RemoveChildAnalyzer(zeek::analyzer::ID id) { - auto rval = analyzer::TransportLayerAnalyzer::RemoveChildAnalyzer(id); + auto rval = zeek::analyzer::TransportLayerAnalyzer::RemoveChildAnalyzer(id); if ( rval ) return rval; @@ -232,7 +232,7 @@ void TCP_Analyzer::EnableReassembly() } void TCP_Analyzer::SetReassembler(TCP_Reassembler* rorig, - TCP_Reassembler* rresp) + TCP_Reassembler* rresp) { orig->AddReassembler(rorig); rorig->SetDstAnalyzer(this); @@ -1761,7 +1761,7 @@ bool TCP_Analyzer::HadGap(bool is_orig) const return endp && endp->HadGap(); } -void TCP_Analyzer::AddChildPacketAnalyzer(analyzer::Analyzer* a) +void TCP_Analyzer::AddChildPacketAnalyzer(zeek::analyzer::Analyzer* a) { DBG_LOG(DBG_ANALYZER, "%s added packet child %s", this->GetAnalyzerName(), a->GetAnalyzerName()); @@ -1918,7 +1918,7 @@ void TCP_ApplicationAnalyzer::SetEnv(bool /* is_orig */, char* name, char* val) void TCP_ApplicationAnalyzer::EndpointEOF(bool is_orig) { - analyzer::SupportAnalyzer* sa = is_orig ? orig_supporters : resp_supporters; + zeek::analyzer::SupportAnalyzer* sa = is_orig ? orig_supporters : resp_supporters; for ( ; sa; sa = sa->Sibling() ) static_cast(sa)->EndpointEOF(is_orig); } @@ -1926,7 +1926,7 @@ void TCP_ApplicationAnalyzer::EndpointEOF(bool is_orig) void TCP_ApplicationAnalyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer, bool gen_event) { - analyzer::SupportAnalyzer* sa = + zeek::analyzer::SupportAnalyzer* sa = endpoint->IsOrig() ? orig_supporters : resp_supporters; for ( ; sa; sa = sa->Sibling() ) @@ -1936,30 +1936,30 @@ void TCP_ApplicationAnalyzer::ConnectionClosed(TCP_Endpoint* endpoint, void TCP_ApplicationAnalyzer::ConnectionFinished(bool half_finished) { - for ( analyzer::SupportAnalyzer* sa = orig_supporters; sa; sa = sa->Sibling() ) + for ( zeek::analyzer::SupportAnalyzer* sa = orig_supporters; sa; sa = sa->Sibling() ) static_cast(sa) ->ConnectionFinished(half_finished); - for ( analyzer::SupportAnalyzer* sa = resp_supporters; sa; sa = sa->Sibling() ) + for ( zeek::analyzer::SupportAnalyzer* sa = resp_supporters; sa; sa = sa->Sibling() ) static_cast(sa) ->ConnectionFinished(half_finished); } void TCP_ApplicationAnalyzer::ConnectionReset() { - for ( analyzer::SupportAnalyzer* sa = orig_supporters; sa; sa = sa->Sibling() ) + for ( zeek::analyzer::SupportAnalyzer* sa = orig_supporters; sa; sa = sa->Sibling() ) static_cast(sa)->ConnectionReset(); - for ( analyzer::SupportAnalyzer* sa = resp_supporters; sa; sa = sa->Sibling() ) + for ( zeek::analyzer::SupportAnalyzer* sa = resp_supporters; sa; sa = sa->Sibling() ) static_cast(sa)->ConnectionReset(); } void TCP_ApplicationAnalyzer::PacketWithRST() { - for ( analyzer::SupportAnalyzer* sa = orig_supporters; sa; sa = sa->Sibling() ) + for ( zeek::analyzer::SupportAnalyzer* sa = orig_supporters; sa; sa = sa->Sibling() ) static_cast(sa)->PacketWithRST(); - for ( analyzer::SupportAnalyzer* sa = resp_supporters; sa; sa = sa->Sibling() ) + for ( zeek::analyzer::SupportAnalyzer* sa = resp_supporters; sa; sa = sa->Sibling() ) static_cast(sa)->PacketWithRST(); } diff --git a/src/analyzer/protocol/tcp/TCP.h b/src/analyzer/protocol/tcp/TCP.h index a1cfa69643..39246e0a71 100644 --- a/src/analyzer/protocol/tcp/TCP.h +++ b/src/analyzer/protocol/tcp/TCP.h @@ -21,7 +21,7 @@ class TCP_Endpoint; class TCP_ApplicationAnalyzer; class TCP_Reassembler; -class TCP_Analyzer final : public analyzer::TransportLayerAnalyzer { +class TCP_Analyzer final : public zeek::analyzer::TransportLayerAnalyzer { public: explicit TCP_Analyzer(Connection* conn); ~TCP_Analyzer() override; @@ -30,11 +30,11 @@ public: // Add a child analyzer that will always get the packets, // independently of whether we do any reassembly. - void AddChildPacketAnalyzer(analyzer::Analyzer* a); + void AddChildPacketAnalyzer(zeek::analyzer::Analyzer* a); - Analyzer* FindChild(ID id) override; - Analyzer* FindChild(Tag tag) override; - bool RemoveChildAnalyzer(ID id) override; + Analyzer* FindChild(zeek::analyzer::ID id) override; + Analyzer* FindChild(zeek::analyzer::Tag tag) override; + bool RemoveChildAnalyzer(zeek::analyzer::ID id) override; // True if the connection has closed in some sense, false otherwise. bool IsClosed() const { return orig->did_close || resp->did_close; } @@ -68,7 +68,7 @@ public: int ParseTCPOptions(const struct tcphdr* tcp, bool is_orig); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new TCP_Analyzer(conn); } protected: @@ -169,7 +169,7 @@ private: TCP_Endpoint* orig; TCP_Endpoint* resp; - using analyzer_list = std::list; + using analyzer_list = std::list; analyzer_list packet_children; unsigned int first_packet_seen: 2; @@ -189,7 +189,7 @@ private: unsigned int seen_first_ACK: 1; }; -class TCP_ApplicationAnalyzer : public analyzer::Analyzer { +class TCP_ApplicationAnalyzer : public zeek::analyzer::Analyzer { public: TCP_ApplicationAnalyzer(const char* name, Connection* conn) : Analyzer(name, conn), tcp(nullptr) { } @@ -243,10 +243,10 @@ private: TCP_Analyzer* tcp; }; -class TCP_SupportAnalyzer : public analyzer::SupportAnalyzer { +class TCP_SupportAnalyzer : public zeek::analyzer::SupportAnalyzer { public: TCP_SupportAnalyzer(const char* name, Connection* conn, bool arg_orig) - : analyzer::SupportAnalyzer(name, conn, arg_orig) { } + : zeek::analyzer::SupportAnalyzer(name, conn, arg_orig) { } ~TCP_SupportAnalyzer() override {} @@ -290,12 +290,12 @@ public: void Init() override; void Done() override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new TCPStats_Analyzer(conn); } protected: void DeliverPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const IP_Hdr* ip, int caplen) override; TCPStats_Endpoint* orig_stats; TCPStats_Endpoint* resp_stats; diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 62b39c4378..139180dd07 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -19,10 +19,10 @@ const bool DEBUG_tcp_contents = false; const bool DEBUG_tcp_connection_close = false; const bool DEBUG_tcp_match_undelivered = false; -TCP_Reassembler::TCP_Reassembler(analyzer::Analyzer* arg_dst_analyzer, - TCP_Analyzer* arg_tcp_analyzer, - TCP_Reassembler::Type arg_type, - TCP_Endpoint* arg_endp) +TCP_Reassembler::TCP_Reassembler(zeek::analyzer::Analyzer* arg_dst_analyzer, + TCP_Analyzer* arg_tcp_analyzer, + TCP_Reassembler::Type arg_type, + TCP_Endpoint* arg_endp) : Reassembler(1, REASSEM_TCP) { dst_analyzer = arg_dst_analyzer; diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.h b/src/analyzer/protocol/tcp/TCP_Reassembler.h index 7470e1b6bf..7906cff151 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.h +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.h @@ -7,11 +7,9 @@ class Connection; -namespace analyzer { +ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); -class Analyzer; - -namespace tcp { +namespace analyzer::tcp { class TCP_Analyzer; @@ -22,12 +20,13 @@ public: Forward, // forward to destination analyzer's children }; - TCP_Reassembler(Analyzer* arg_dst_analyzer, TCP_Analyzer* arg_tcp_analyzer, + TCP_Reassembler(zeek::analyzer::Analyzer* arg_dst_analyzer, + TCP_Analyzer* arg_tcp_analyzer, Type arg_type, TCP_Endpoint* arg_endp); void Done(); - void SetDstAnalyzer(Analyzer* analyzer) { dst_analyzer = analyzer; } + void SetDstAnalyzer(zeek::analyzer::Analyzer* analyzer) { dst_analyzer = analyzer; } void SetType(Type arg_type) { type = arg_type; } TCP_Analyzer* GetTCPAnalyzer() { return tcp_analyzer; } @@ -110,10 +109,10 @@ private: BroFilePtr record_contents_file; // file on which to reassemble contents - Analyzer* dst_analyzer; + zeek::analyzer::Analyzer* dst_analyzer; TCP_Analyzer* tcp_analyzer; Type type; }; -} } // namespace analyzer::* +} // namespace analyzer::tcp diff --git a/src/analyzer/protocol/tcp/functions.bif b/src/analyzer/protocol/tcp/functions.bif index 7b8c4fdbbc..fa2b535bf8 100644 --- a/src/analyzer/protocol/tcp/functions.bif +++ b/src/analyzer/protocol/tcp/functions.bif @@ -25,9 +25,9 @@ function get_orig_seq%(cid: conn_id%): count if ( c->ConnTransport() != TRANSPORT_TCP ) return zeek::val_mgr->Count(0); - analyzer::Analyzer* tc = c->FindAnalyzer("TCP"); + zeek::analyzer::Analyzer* tc = c->FindAnalyzer("TCP"); if ( tc ) - return zeek::val_mgr->Count(static_cast(tc)->OrigSeq()); + return zeek::val_mgr->Count(static_cast<::analyzer::tcp::TCP_Analyzer*>(tc)->OrigSeq()); else { reporter->Error("connection does not have TCP analyzer"); @@ -54,9 +54,9 @@ function get_resp_seq%(cid: conn_id%): count if ( c->ConnTransport() != TRANSPORT_TCP ) return zeek::val_mgr->Count(0); - analyzer::Analyzer* tc = c->FindAnalyzer("TCP"); + zeek::analyzer::Analyzer* tc = c->FindAnalyzer("TCP"); if ( tc ) - return zeek::val_mgr->Count(static_cast(tc)->RespSeq()); + return zeek::val_mgr->Count(static_cast<::analyzer::tcp::TCP_Analyzer*>(tc)->RespSeq()); else { reporter->Error("connection does not have TCP analyzer"); diff --git a/src/analyzer/protocol/teredo/Plugin.cc b/src/analyzer/protocol/teredo/Plugin.cc index 12d4fc66a3..02fbc94d31 100644 --- a/src/analyzer/protocol/teredo/Plugin.cc +++ b/src/analyzer/protocol/teredo/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("Teredo", ::analyzer::teredo::Teredo_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Teredo", ::analyzer::teredo::Teredo_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Teredo"; diff --git a/src/analyzer/protocol/teredo/Teredo.h b/src/analyzer/protocol/teredo/Teredo.h index b8b06c0db7..25c098378d 100644 --- a/src/analyzer/protocol/teredo/Teredo.h +++ b/src/analyzer/protocol/teredo/Teredo.h @@ -6,7 +6,7 @@ namespace analyzer { namespace teredo { -class Teredo_Analyzer final : public analyzer::Analyzer { +class Teredo_Analyzer final : public zeek::analyzer::Analyzer { public: explicit Teredo_Analyzer(Connection* conn) : Analyzer("TEREDO", conn), valid_orig(false), valid_resp(false) @@ -20,7 +20,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new Teredo_Analyzer(conn); } /** diff --git a/src/analyzer/protocol/udp/Plugin.cc b/src/analyzer/protocol/udp/Plugin.cc index 5eb42a867f..7117f8cffc 100644 --- a/src/analyzer/protocol/udp/Plugin.cc +++ b/src/analyzer/protocol/udp/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("UDP", ::analyzer::udp::UDP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("UDP", ::analyzer::udp::UDP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::UDP"; diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 8bb63ea360..25a2efd766 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -70,7 +70,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, len > ((int)sizeof(struct udphdr) + vxlan_len + eth_len) && (data[0] & 0x08) == 0x08 ) { - auto& vxlan_ports = analyzer_mgr->GetVxlanPorts(); + auto& vxlan_ports = zeek::analyzer_mgr->GetVxlanPorts(); if ( std::find(vxlan_ports.begin(), vxlan_ports.end(), ntohs(up->uh_dport)) != vxlan_ports.end() ) diff --git a/src/analyzer/protocol/udp/UDP.h b/src/analyzer/protocol/udp/UDP.h index d7df56f5e2..569471739d 100644 --- a/src/analyzer/protocol/udp/UDP.h +++ b/src/analyzer/protocol/udp/UDP.h @@ -12,7 +12,7 @@ typedef enum { UDP_ACTIVE, // packets seen } UDP_EndpointState; -class UDP_Analyzer final : public analyzer::TransportLayerAnalyzer { + class UDP_Analyzer final : public zeek::analyzer::TransportLayerAnalyzer { public: explicit UDP_Analyzer(Connection* conn); ~UDP_Analyzer() override; @@ -20,7 +20,7 @@ public: void Init() override; void UpdateConnVal(zeek::RecordVal *conn_val) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new UDP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/vxlan/Plugin.cc b/src/analyzer/protocol/vxlan/Plugin.cc index d199f4fe9d..370475444f 100644 --- a/src/analyzer/protocol/vxlan/Plugin.cc +++ b/src/analyzer/protocol/vxlan/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("VXLAN", ::analyzer::vxlan::VXLAN_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("VXLAN", ::analyzer::vxlan::VXLAN_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::VXLAN"; diff --git a/src/analyzer/protocol/vxlan/VXLAN.h b/src/analyzer/protocol/vxlan/VXLAN.h index 27c2538345..3ec3e10a41 100644 --- a/src/analyzer/protocol/vxlan/VXLAN.h +++ b/src/analyzer/protocol/vxlan/VXLAN.h @@ -6,7 +6,7 @@ namespace analyzer { namespace vxlan { -class VXLAN_Analyzer final : public analyzer::Analyzer { +class VXLAN_Analyzer final : public zeek::analyzer::Analyzer { public: explicit VXLAN_Analyzer(Connection* conn) : Analyzer("VXLAN", conn) @@ -17,7 +17,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override; - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new VXLAN_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/xmpp/Plugin.cc b/src/analyzer/protocol/xmpp/Plugin.cc index f7f89852d9..649cf97576 100644 --- a/src/analyzer/protocol/xmpp/Plugin.cc +++ b/src/analyzer/protocol/xmpp/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("XMPP", ::analyzer::xmpp::XMPP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("XMPP", ::analyzer::xmpp::XMPP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::XMPP"; diff --git a/src/analyzer/protocol/xmpp/XMPP.cc b/src/analyzer/protocol/xmpp/XMPP.cc index 22c711a350..f9132a7a65 100644 --- a/src/analyzer/protocol/xmpp/XMPP.cc +++ b/src/analyzer/protocol/xmpp/XMPP.cc @@ -79,7 +79,7 @@ void XMPP_Analyzer::StartTLS() tls_active = true; - Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); + Analyzer* ssl = zeek::analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); if ( ssl ) AddChildAnalyzer(ssl); } diff --git a/src/analyzer/protocol/xmpp/XMPP.h b/src/analyzer/protocol/xmpp/XMPP.h index bc1cd93a33..31b6ae9381 100644 --- a/src/analyzer/protocol/xmpp/XMPP.h +++ b/src/analyzer/protocol/xmpp/XMPP.h @@ -22,7 +22,7 @@ public: void StartTLS(); - static analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new XMPP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/zip/Plugin.cc b/src/analyzer/protocol/zip/Plugin.cc index 751797a55a..7ad3604a7d 100644 --- a/src/analyzer/protocol/zip/Plugin.cc +++ b/src/analyzer/protocol/zip/Plugin.cc @@ -11,7 +11,7 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::analyzer::Component("ZIP", nullptr)); + AddComponent(new zeek::analyzer::Component("ZIP", nullptr)); zeek::plugin::Configuration config; config.name = "Zeek::ZIP"; diff --git a/src/binpac_bro.h b/src/binpac_bro.h index 90b8ebcd58..6878d5511c 100644 --- a/src/binpac_bro.h +++ b/src/binpac_bro.h @@ -1,21 +1,17 @@ #pragma once -class Connection; - -namespace analyzer { class Analyzer; } - #include "util.h" #include "Val.h" #include "IntrusivePtr.h" -#include "event.bif.func_h" #include "analyzer/Analyzer.h" #include "file_analysis/Analyzer.h" +#include "event.bif.func_h" #include "binpac.h" namespace binpac { -using BroAnalyzer = analyzer::Analyzer*; +using BroAnalyzer = zeek::analyzer::Analyzer*; using BroFileAnalyzer = file_analysis::Analyzer; using BroVal = zeek::Val*; using BroPortVal = zeek::PortVal*; diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index af780815ef..dca84fdee1 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -81,7 +81,7 @@ void File::StaticInit() } File::File(const std::string& file_id, const std::string& source_name, Connection* conn, - analyzer::Tag tag, bool is_orig) + zeek::analyzer::Tag tag, bool is_orig) : id(file_id), val(nullptr), file_reassembler(nullptr), stream_offset(0), reassembly_max_buffer(0), did_metadata_inference(false), reassembly_enabled(false), postpone_timeout(false), done(false), diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h index 2af8def6b6..59469c20bf 100644 --- a/src/file_analysis/File.h +++ b/src/file_analysis/File.h @@ -254,7 +254,7 @@ protected: * direction. */ File(const std::string& file_id, const std::string& source_name, Connection* conn = nullptr, - analyzer::Tag tag = analyzer::Tag::Error, bool is_orig = false); + zeek::analyzer::Tag tag = zeek::analyzer::Tag::Error, bool is_orig = false); /** * Updates the "conn_ids" and "conn_uids" fields in #val record with the diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index da4b92d6c1..7d75bfb115 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -91,7 +91,7 @@ void Manager::SetHandle(const string& handle) } string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, - const analyzer::Tag& tag, Connection* conn, bool is_orig, + const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig, const string& precomputed_id, const string& mime_type) { string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id; @@ -120,7 +120,7 @@ string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, return id; } -string Manager::DataIn(const u_char* data, uint64_t len, const analyzer::Tag& tag, +string Manager::DataIn(const u_char* data, uint64_t len, const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig, const string& precomputed_id, const string& mime_type) { @@ -149,7 +149,7 @@ string Manager::DataIn(const u_char* data, uint64_t len, const analyzer::Tag& ta void Manager::DataIn(const u_char* data, uint64_t len, const string& file_id, const string& source) { - File* file = GetFile(file_id, nullptr, analyzer::Tag::Error, false, false, + File* file = GetFile(file_id, nullptr, zeek::analyzer::Tag::Error, false, false, source.c_str()); if ( ! file ) @@ -161,13 +161,13 @@ void Manager::DataIn(const u_char* data, uint64_t len, const string& file_id, RemoveFile(file->GetID()); } -void Manager::EndOfFile(const analyzer::Tag& tag, Connection* conn) +void Manager::EndOfFile(const zeek::analyzer::Tag& tag, Connection* conn) { EndOfFile(tag, conn, true); EndOfFile(tag, conn, false); } -void Manager::EndOfFile(const analyzer::Tag& tag, Connection* conn, bool is_orig) +void Manager::EndOfFile(const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig) { // Don't need to create a file if we're just going to remove it right away. RemoveFile(GetFileID(tag, conn, is_orig)); @@ -178,7 +178,7 @@ void Manager::EndOfFile(const string& file_id) RemoveFile(file_id); } -string Manager::Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, +string Manager::Gap(uint64_t offset, uint64_t len, const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig, const string& precomputed_id) { string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id; @@ -191,7 +191,7 @@ string Manager::Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, return id; } -string Manager::SetSize(uint64_t size, const analyzer::Tag& tag, Connection* conn, +string Manager::SetSize(uint64_t size, const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig, const string& precomputed_id) { string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id; @@ -304,7 +304,7 @@ bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& ta } File* Manager::GetFile(const string& file_id, Connection* conn, - const analyzer::Tag& tag, bool is_orig, bool update_conn, + const zeek::analyzer::Tag& tag, bool is_orig, bool update_conn, const char* source_name) { if ( file_id.empty() ) @@ -319,7 +319,7 @@ File* Manager::GetFile(const string& file_id, Connection* conn, { rval = new File(file_id, source_name ? source_name - : analyzer_mgr->GetComponentName(tag), + : zeek::analyzer_mgr->GetComponentName(tag), conn, tag, is_orig); id_map[file_id] = rval; @@ -420,7 +420,7 @@ bool Manager::IsIgnored(const string& file_id) return ignored.find(file_id) != ignored.end(); } -string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig) +string Manager::GetFileID(const zeek::analyzer::Tag& tag, Connection* c, bool is_orig) { current_file_id.clear(); @@ -431,7 +431,7 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig) return ""; DBG_LOG(DBG_FILE_ANALYSIS, "Raise get_file_handle() for protocol analyzer %s", - analyzer_mgr->GetComponentName(tag).c_str()); + zeek::analyzer_mgr->GetComponentName(tag).c_str()); const auto& tagval = tag.AsVal(); @@ -440,7 +440,7 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig) return current_file_id; } -bool Manager::IsDisabled(const analyzer::Tag& tag) +bool Manager::IsDisabled(const zeek::analyzer::Tag& tag) { if ( ! disabled ) disabled = zeek::id::find_const("Files::disable")->AsTableVal(); diff --git a/src/file_analysis/Manager.h b/src/file_analysis/Manager.h index 4b67d7d282..5f1843a37d 100644 --- a/src/file_analysis/Manager.h +++ b/src/file_analysis/Manager.h @@ -16,11 +16,8 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek); - -namespace analyzer { -class Analyzer; -class Tag; -} +ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); +ZEEK_FORWARD_DECLARE_NAMESPACED(Tag, zeek, analyzer); namespace file_analysis { @@ -107,7 +104,7 @@ public: * indicates the associate file is not going to be analyzed further. */ std::string DataIn(const u_char* data, uint64_t len, uint64_t offset, - const analyzer::Tag& tag, Connection* conn, bool is_orig, + const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig, const std::string& precomputed_file_id = "", const std::string& mime_type = ""); @@ -133,7 +130,7 @@ public: * the \c get_file_handle script-layer event). An empty string * indicates the associated file is not going to be analyzed further. */ - std::string DataIn(const u_char* data, uint64_t len, const analyzer::Tag& tag, + std::string DataIn(const u_char* data, uint64_t len, const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig, const std::string& precomputed_file_id = "", const std::string& mime_type = ""); @@ -156,7 +153,7 @@ public: * @param tag network protocol over which the file data is transferred. * @param conn network connection over which the file data is transferred. */ - void EndOfFile(const analyzer::Tag& tag, Connection* conn); + void EndOfFile(const zeek::analyzer::Tag& tag, Connection* conn); /** * Signal the end of file data being transferred over a connection in @@ -164,7 +161,7 @@ public: * @param tag network protocol over which the file data is transferred. * @param conn network connection over which the file data is transferred. */ - void EndOfFile(const analyzer::Tag& tag, Connection* conn, bool is_orig); + void EndOfFile(const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig); /** * Signal the end of file data being transferred using the file identifier. @@ -188,7 +185,7 @@ public: * the \c get_file_handle script-layer event). An empty string * indicates the associate file is not going to be analyzed further. */ - std::string Gap(uint64_t offset, uint64_t len, const analyzer::Tag& tag, + std::string Gap(uint64_t offset, uint64_t len, const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig, const std::string& precomputed_file_id = ""); @@ -207,7 +204,7 @@ public: * the \c get_file_handle script-layer event). An empty string * indicates the associate file is not going to be analyzed further. */ - std::string SetSize(uint64_t size, const analyzer::Tag& tag, Connection* conn, + std::string SetSize(uint64_t size, const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig, const std::string& precomputed_file_id = ""); /** @@ -372,7 +369,7 @@ protected: * connection-related fields. */ File* GetFile(const std::string& file_id, Connection* conn = nullptr, - const analyzer::Tag& tag = analyzer::Tag::Error, + const zeek::analyzer::Tag& tag = zeek::analyzer::Tag::Error, bool is_orig = false, bool update_conn = true, const char* source_name = nullptr); @@ -403,7 +400,7 @@ protected: * @return #current_file_id, which is a hash of a unique file handle string * set by a \c get_file_handle event handler. */ - std::string GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig); + std::string GetFileID(const zeek::analyzer::Tag& tag, Connection* c, bool is_orig); /** * Check if analysis is available for files transferred over a given @@ -413,7 +410,7 @@ protected: * @return whether file analysis is disabled for the analyzer given by * \a tag. */ - static bool IsDisabled(const analyzer::Tag& tag); + static bool IsDisabled(const zeek::analyzer::Tag& tag); private: typedef std::set TagSet; diff --git a/src/fuzzers/pop3-fuzzer.cc b/src/fuzzers/pop3-fuzzer.cc index 5cc4776aad..40a06dba6f 100644 --- a/src/fuzzers/pop3-fuzzer.cc +++ b/src/fuzzers/pop3-fuzzer.cc @@ -32,11 +32,11 @@ static Connection* add_connection() return conn; } -static analyzer::Analyzer* add_analyzer(Connection* conn) +static zeek::analyzer::Analyzer* add_analyzer(Connection* conn) { analyzer::tcp::TCP_Analyzer* tcp = new analyzer::tcp::TCP_Analyzer(conn); analyzer::pia::PIA* pia = new analyzer::pia::PIA_TCP(conn); - auto a = analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn); + auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn); tcp->AddChildAnalyzer(a); tcp->AddChildAnalyzer(pia->AsAnalyzer()); conn->SetRootAnalyzer(tcp, pia); diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc index 7000f2c859..9b29db49ce 100644 --- a/src/zeek-setup.cc +++ b/src/zeek-setup.cc @@ -85,15 +85,18 @@ int perftools_leaks = 0; int perftools_profile = 0; #endif -DNS_Mgr* dns_mgr; -TimerMgr* timer_mgr; zeek::ValManager* zeek::val_mgr = nullptr; zeek::ValManager*& val_mgr = zeek::val_mgr; +zeek::analyzer::Manager* zeek::analyzer_mgr = nullptr; +zeek::analyzer::Manager*& analyzer_mgr = zeek::analyzer_mgr; + +DNS_Mgr* dns_mgr; +TimerMgr* timer_mgr; + logging::Manager* log_mgr = nullptr; threading::Manager* thread_mgr = nullptr; input::Manager* input_mgr = nullptr; zeek::plugin::Manager* plugin_mgr = nullptr; -analyzer::Manager* analyzer_mgr = nullptr; file_analysis::Manager* file_mgr = nullptr; zeekygen::Manager* zeekygen_mgr = nullptr; iosource::Manager* iosource_mgr = nullptr; @@ -230,7 +233,7 @@ void done_with_network() terminating = true; - analyzer_mgr->Done(); + zeek::analyzer_mgr->Done(); timer_mgr->Expire(); dns_mgr->Flush(); mgr.Drain(); @@ -300,7 +303,7 @@ void terminate_bro() plugin_mgr->FinishPlugins(); delete zeekygen_mgr; - delete analyzer_mgr; + delete zeek::analyzer_mgr; delete file_mgr; // broker_mgr, timer_mgr, and supervisor are deleted via iosource_mgr delete iosource_mgr; @@ -564,7 +567,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, iosource_mgr = new iosource::Manager(); event_registry = new EventRegistry(); - analyzer_mgr = new analyzer::Manager(); + zeek::analyzer_mgr = new analyzer::Manager(); log_mgr = new logging::Manager(); input_mgr = new input::Manager(); file_mgr = new file_analysis::Manager(); @@ -573,7 +576,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, trigger_mgr = new zeek::detail::trigger::Manager(); plugin_mgr->InitPreScript(); - analyzer_mgr->InitPreScript(); + zeek::analyzer_mgr->InitPreScript(); file_mgr->InitPreScript(); zeekygen_mgr->InitPreScript(); @@ -659,7 +662,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, exit(success ? 0 : 1); } - analyzer_mgr->InitPostScript(); + zeek::analyzer_mgr->InitPostScript(); file_mgr->InitPostScript(); dns_mgr->InitPostScript(); @@ -859,7 +862,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, broker_mgr->ZeekInitDone(); reporter->ZeekInitDone(); - analyzer_mgr->DumpDebug(); + zeek::analyzer_mgr->DumpDebug(); have_pending_timers = ! reading_traces && timer_mgr->Size() > 0; diff --git a/src/zeekygen/Target.cc b/src/zeekygen/Target.cc index 71f4c7dfa8..bc81876bd7 100644 --- a/src/zeekygen/Target.cc +++ b/src/zeekygen/Target.cc @@ -33,9 +33,9 @@ static void write_plugin_section_heading(FILE* f, const zeek::plugin::Plugin* p) fprintf(f, "%s\n\n", p->Description().c_str()); } -static void write_analyzer_component(FILE* f, const analyzer::Component* c) +static void write_analyzer_component(FILE* f, const zeek::analyzer::Component* c) { - const auto& atag = analyzer_mgr->GetTagType(); + const auto& atag = zeek::analyzer_mgr->GetTagType(); string tag = fmt("ANALYZER_%s", c->CanonicalName().c_str()); if ( atag->Lookup("Analyzer", tag.c_str()) < 0 ) @@ -67,8 +67,8 @@ static void write_plugin_components(FILE* f, const zeek::plugin::Plugin* p) switch ( component->Type() ) { case zeek::plugin::component::ANALYZER: { - const analyzer::Component* c = - dynamic_cast(component); + const zeek::analyzer::Component* c = + dynamic_cast(component); if ( c ) write_analyzer_component(f, c); diff --git a/zeek-config.h.in b/zeek-config.h.in index 46971ac5a4..cc7f760f49 100644 --- a/zeek-config.h.in +++ b/zeek-config.h.in @@ -275,7 +275,16 @@ extern const char* BRO_VERSION_FUNCTION(); #define ZEEK_LSAN_DISABLE_SCOPE(x) #endif -// Note: macro for internal use only during deprecation/namespacing process. -#define ZEEK_FORWARD_DECLARE_NAMESPACED(cls, ns) \ +// Note: macros for internal use only during deprecation/namespacing process. +// This uses funny VA_ARGS tricks so that we can overload the name and have multiple macros for +// varying namespace lengths. +#define GET_MACRO(_0, _1, _2, _3, NAME, ...) NAME +#define ZEEK_FORWARD_DECLARE_NAMESPACED( ... ) GET_MACRO(_0, ##__VA_ARGS__, ZEEK_FDN_3, ZEEK_FDN_2, ZEEK_FDN_1, ZEEK_FDN_0)(__VA_ARGS__) +#define ZEEK_FDN_0() +#define ZEEK_FDN_1(cls) +#define ZEEK_FDN_2(cls, ns) \ namespace ns { class cls; } \ using cls [[deprecated("Remove in v4.1. Use " #ns "::" #cls " instead.")]] = ns::cls; +#define ZEEK_FDN_3(cls, ns1, ns2) \ + namespace ns1::ns2 { class cls; } \ + namespace ns2 { using cls [[deprecated("Remove in v4.1. Use " #ns1 "::" #ns2 "::" #cls " instead.")]] = ns1::ns2::cls; }