Merge remote-tracking branch 'origin/topic/seth/pcap_findalldevs'

- Minor adjustments to whitespace/formatting

* origin/topic/seth/pcap_findalldevs:
  Finishing changes from code review.
  Update src/iosource/pcap/pcap.bif
  Update src/iosource/pcap/pcap.bif
  Update scripts/base/init-bare.zeek
  Update src/iosource/pcap/pcap.bif
  I accidentally missed a paren
  New bif to wrap pcap_findalldevs

CHANGES

@@ -1,4 +1,14 @@
 
+3.3.0-dev.403 | 2020-10-13 10:50:12 -0700
+
+  * Add new Pcap::findalldevs() BIF (Seth Hall, Corelight)
+
+  * Remove superfluous RuleCondition destructors (Jon Siwek, Corelight)
+
+  * Silence Clang's warning about ignoring GCC's maybe-uninitialized warning (Jon Siwek, Corelight)
+
+  * Add reference to network_time_init from zeek_init docs (Jon Siwek, Corelight)
+
 3.3.0-dev.390 | 2020-10-12 17:43:15 -0700
 
   * Improve documentation for zeek_init event scheduling pitfalls (Jon Siwek, Corelight)

VERSION

@@ -1 +1 @@
-3.3.0-dev.390
+3.3.0-dev.403

scripts/base/init-bare.zeek

@@ -4976,6 +4976,26 @@ export {
 	## Number of Mbytes to provide as buffer space when capturing from live
 	## interfaces.
 	const bufsize = 128 &redef;
+
+	## The definition of a "pcap interface".
+	type Interface: record {
+		## The interface/device name.
+		name: string;
+		## A human-readable description of the device.
+		description: string &optional;
+		## The network addresses associated with the device.
+		addrs: set[addr];
+		## Whether the device is a loopback interface.  E.g. addresses
+		## of ``127.0.0.1`` or ``[::1]`` are used by loopback interfaces.
+		is_loopback: bool;
+
+		## Whether the device is up.  Not set when that info is unavailable.
+		is_up: bool &optional;
+		## Whether the device is running.  Not set when that info is unavailable.
+		is_running: bool &optional;
+	};
+
+	type Interfaces: set[Pcap::Interface];
 } # end export
 
 module DCE_RPC;

src/iosource/pcap/pcap.bif

@@ -1,10 +1,13 @@
 
 module Pcap;
 
+
 const snaplen: count;
 const bufsize: count;
 
 %%{
+#include "pcap.h"
+
 #include "iosource/Manager.h"
 %%}
 
@@ -102,3 +105,57 @@ function error%(%): string
 
 	return zeek::make_intrusive<zeek::StringVal>("no error");
 	%}
+
+function findalldevs%(%): Pcap::Interfaces
+	%{
+	pcap_if_t* alldevs;
+	char errbuf[PCAP_ERRBUF_SIZE];
+
+	static auto ifaces_type = id::find_type<TableType>("Pcap::Interfaces");
+	auto pcap_interfaces = make_intrusive<TableVal>(ifaces_type);
+
+	int ret = pcap_findalldevs(&alldevs, errbuf);
+	if ( ret == PCAP_ERROR )
+		{
+		emit_builtin_error(util::fmt("Error calling pcap_findalldevs: %s", errbuf));
+		// Return an empty set in case of failure.
+		return pcap_interfaces;
+		}
+
+	static auto iface_type = id::find_type<RecordType>("Pcap::Interface");
+	for ( auto d = alldevs; d; d = d->next )
+		{
+		auto r = make_intrusive<RecordVal>(iface_type);
+
+		r->Assign(0, make_intrusive<StringVal>(d->name));
+		if ( d->description )
+			r->Assign(1, make_intrusive<StringVal>(d->description));
+
+		auto addrs = make_intrusive<ListVal>(TYPE_ADDR);
+		for ( auto addr = d->addresses; addr != NULL; addr = addr->next )
+			{
+			if ( addr->addr->sa_family == AF_INET )
+				{
+				IPAddr a(reinterpret_cast<struct sockaddr_in *>(addr->addr)->sin_addr);
+				addrs->Append(make_intrusive<AddrVal>(a));
+				}
+			else if ( addr->addr->sa_family == AF_INET6 )
+				{
+				IPAddr a(reinterpret_cast<struct sockaddr_in6 *>(addr->addr)->sin6_addr);
+				addrs->Append(make_intrusive<AddrVal>(a));
+				}
+			}
+		r->Assign(2, addrs->ToSetVal());
+		r->Assign(3, val_mgr->Bool(d->flags & PCAP_IF_LOOPBACK));
+#ifdef PCAP_IF_UP
+		// These didn't become available until libpcap 1.6.1
+		r->Assign(4, val_mgr->Bool(d->flags & PCAP_IF_UP));
+		r->Assign(5, val_mgr->Bool(d->flags & PCAP_IF_RUNNING));
+#endif
+
+		pcap_interfaces->Assign(std::move(r), nullptr);
+		}
+
+	pcap_freealldevs(alldevs);
+	return pcap_interfaces;
+	%}