mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
Move NetVar from zeek to zeek::detail namespace
This commit is contained in:
Tim Wojtulewicz
parent
476e98b413
commit
a34e632eef
24 changed files with 236 additions and 234 deletions
|
|
@ -326,10 +326,10 @@ void Connection::SetInactivityTimeout(double timeout)
|
|||
|
||||
void Connection::EnableStatusUpdateTimer()
|
||||
{
|
||||
if ( connection_status_update && connection_status_update_interval )
|
||||
if ( connection_status_update && zeek::detail::connection_status_update_interval )
|
||||
{
|
||||
ADD_TIMER(&Connection::StatusUpdateTimer,
|
||||
zeek::net::network_time + connection_status_update_interval, 0,
|
||||
zeek::net::network_time + zeek::detail::connection_status_update_interval, 0,
|
||||
zeek::detail::TIMER_CONN_STATUS_UPDATE);
|
||||
installed_status_timer = 1;
|
||||
}
|
||||
|
|
@ -339,7 +339,7 @@ void Connection::StatusUpdateTimer(double t)
|
|||
{
|
||||
EnqueueEvent(connection_status_update, nullptr, ConnVal());
|
||||
ADD_TIMER(&Connection::StatusUpdateTimer,
|
||||
zeek::net::network_time + connection_status_update_interval, 0,
|
||||
zeek::net::network_time + zeek::detail::connection_status_update_interval, 0,
|
||||
zeek::detail::TIMER_CONN_STATUS_UPDATE);
|
||||
}
|
||||
|
||||
|
|
@ -389,7 +389,7 @@ const zeek::RecordValPtr& Connection::ConnVal()
|
|||
conn_val->Assign(6, zeek::val_mgr->EmptyString()); // history
|
||||
|
||||
if ( ! uid )
|
||||
uid.Set(bits_per_uid);
|
||||
uid.Set(zeek::detail::bits_per_uid);
|
||||
|
||||
conn_val->Assign(7, zeek::make_intrusive<zeek::StringVal>(uid.Base62("C").c_str()));
|
||||
|
||||
|
|
|
|||
|
|
@ -122,7 +122,7 @@ RETSIGTYPE watchdog(int /* signo */)
|
|||
|
||||
last_watchdog_proc_time = processing_start_time;
|
||||
|
||||
(void) alarm(watchdog_interval);
|
||||
(void) alarm(zeek::detail::watchdog_interval);
|
||||
return RETSIGVAL;
|
||||
}
|
||||
|
||||
|
|
@ -193,7 +193,7 @@ void net_init(const std::optional<std::string>& interface,
|
|||
{
|
||||
// Set up the watchdog to make sure we don't wedge.
|
||||
(void) setsignal(SIGALRM, watchdog);
|
||||
(void) alarm(watchdog_interval);
|
||||
(void) alarm(zeek::detail::watchdog_interval);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -203,7 +203,7 @@ void expire_timers(zeek::iosource::PktSrc* src_ps)
|
|||
|
||||
current_dispatched +=
|
||||
zeek::detail::timer_mgr->Advance(network_time,
|
||||
max_timer_expires - current_dispatched);
|
||||
zeek::detail::max_timer_expires - current_dispatched);
|
||||
}
|
||||
|
||||
void net_packet_dispatch(double t, const zeek::Packet* pkt, zeek::iosource::PktSrc* src_ps)
|
||||
|
|
@ -232,7 +232,7 @@ void net_packet_dispatch(double t, const zeek::Packet* pkt, zeek::iosource::PktS
|
|||
static uint32_t load_freq = 0;
|
||||
|
||||
if ( load_freq == 0 )
|
||||
load_freq = uint32_t(0xffffffff) / uint32_t(load_sample_freq);
|
||||
load_freq = uint32_t(0xffffffff) / uint32_t(zeek::detail::load_sample_freq);
|
||||
|
||||
if ( uint32_t(zeek::util::detail::random_number() & 0xffffffff) < load_freq )
|
||||
{
|
||||
|
|
|
|||
139
src/NetVar.cc
139
src/NetVar.cc
|
|
@ -106,7 +106,7 @@ zeek::StringVal* global_hash_seed;
|
|||
// these files need to be included separately before the namespace is opened below.
|
||||
|
||||
|
||||
namespace zeek {
|
||||
namespace zeek::detail {
|
||||
|
||||
int watchdog_interval;
|
||||
|
||||
|
|
@ -198,7 +198,7 @@ int record_all_packets;
|
|||
|
||||
bro_uint_t bits_per_uid;
|
||||
|
||||
} // namespace zeek. The namespace has be closed here before we include the netvar_def files.
|
||||
} // namespace zeek::detail. The namespace has be closed here before we include the netvar_def files.
|
||||
|
||||
static void bif_init_event_handlers()
|
||||
{
|
||||
|
|
@ -220,7 +220,7 @@ static void bif_init_net_var()
|
|||
#include "supervisor.bif.netvar_def"
|
||||
|
||||
// Re-open the namespace now that the bif headers are all included.
|
||||
namespace zeek {
|
||||
namespace zeek::detail {
|
||||
|
||||
void init_event_handlers()
|
||||
{
|
||||
|
|
@ -348,70 +348,71 @@ void init_net_var()
|
|||
timer_mgr_inactivity_timeout = zeek::id::find_val("timer_mgr_inactivity_timeout")->AsInterval();
|
||||
}
|
||||
|
||||
} // namespace zeek
|
||||
} // namespace zeek::detail
|
||||
|
||||
// Remove in v4.1.
|
||||
int& watchdog_interval = zeek::watchdog_interval;
|
||||
int& max_timer_expires = zeek::max_timer_expires;
|
||||
int& ignore_checksums = zeek::ignore_checksums;
|
||||
int& partial_connection_ok = zeek::partial_connection_ok;
|
||||
int& tcp_SYN_ack_ok = zeek::tcp_SYN_ack_ok;
|
||||
int& tcp_match_undelivered = zeek::tcp_match_undelivered;
|
||||
int& encap_hdr_size = zeek::encap_hdr_size;
|
||||
double& frag_timeout = zeek::frag_timeout;
|
||||
double& tcp_SYN_timeout = zeek::tcp_SYN_timeout;
|
||||
double& tcp_session_timer = zeek::tcp_session_timer;
|
||||
double& tcp_connection_linger = zeek::tcp_connection_linger;
|
||||
double& tcp_attempt_delay = zeek::tcp_attempt_delay;
|
||||
double& tcp_close_delay = zeek::tcp_close_delay;
|
||||
double& tcp_partial_close_delay = zeek::tcp_partial_close_delay;
|
||||
double& tcp_reset_delay = zeek::tcp_reset_delay;
|
||||
int& tcp_max_initial_window = zeek::tcp_max_initial_window;
|
||||
int& tcp_max_above_hole_without_any_acks = zeek::tcp_max_above_hole_without_any_acks;
|
||||
int& tcp_excessive_data_without_further_acks = zeek::tcp_excessive_data_without_further_acks;
|
||||
int& tcp_max_old_segments = zeek::tcp_max_old_segments;
|
||||
double& non_analyzed_lifetime = zeek::non_analyzed_lifetime;
|
||||
double& tcp_inactivity_timeout = zeek::tcp_inactivity_timeout;
|
||||
double& udp_inactivity_timeout = zeek::udp_inactivity_timeout;
|
||||
double& icmp_inactivity_timeout = zeek::icmp_inactivity_timeout;
|
||||
int& tcp_storm_thresh = zeek::tcp_storm_thresh;
|
||||
double& tcp_storm_interarrival_thresh = zeek::tcp_storm_interarrival_thresh;
|
||||
bool& tcp_content_deliver_all_orig = zeek::tcp_content_deliver_all_orig;
|
||||
bool& tcp_content_deliver_all_resp = zeek::tcp_content_deliver_all_resp;
|
||||
bool& udp_content_deliver_all_orig = zeek::udp_content_deliver_all_orig;
|
||||
bool& udp_content_deliver_all_resp = zeek::udp_content_deliver_all_resp;
|
||||
bool& udp_content_delivery_ports_use_resp = zeek::udp_content_delivery_ports_use_resp;
|
||||
double& dns_session_timeout = zeek::dns_session_timeout;
|
||||
double& rpc_timeout = zeek::rpc_timeout;
|
||||
int& mime_segment_length = zeek::mime_segment_length;
|
||||
int& mime_segment_overlap_length = zeek::mime_segment_overlap_length;
|
||||
int& http_entity_data_delivery_size = zeek::http_entity_data_delivery_size;
|
||||
int& truncate_http_URI = zeek::truncate_http_URI;
|
||||
int& dns_skip_all_auth = zeek::dns_skip_all_auth;
|
||||
int& dns_skip_all_addl = zeek::dns_skip_all_addl;
|
||||
int& dns_max_queries = zeek::dns_max_queries;
|
||||
double& stp_delta = zeek::stp_delta;
|
||||
double& stp_idle_min = zeek::stp_idle_min;
|
||||
double& table_expire_interval = zeek::table_expire_interval;
|
||||
double& table_expire_delay = zeek::table_expire_delay;
|
||||
int& table_incremental_step = zeek::table_incremental_step;
|
||||
int& orig_addr_anonymization = zeek::orig_addr_anonymization;
|
||||
int& resp_addr_anonymization = zeek::resp_addr_anonymization;
|
||||
int& other_addr_anonymization = zeek::other_addr_anonymization;
|
||||
double& connection_status_update_interval = zeek::connection_status_update_interval;
|
||||
double& profiling_interval = zeek::profiling_interval;
|
||||
int& expensive_profiling_multiple = zeek::expensive_profiling_multiple;
|
||||
int& segment_profiling = zeek::segment_profiling;
|
||||
int& pkt_profile_mode = zeek::pkt_profile_mode;
|
||||
double& pkt_profile_freq = zeek::pkt_profile_freq;
|
||||
int& load_sample_freq = zeek::load_sample_freq;
|
||||
int& packet_filter_default = zeek::packet_filter_default;
|
||||
int& sig_max_group_size = zeek::sig_max_group_size;
|
||||
int& dpd_reassemble_first_packets = zeek::dpd_reassemble_first_packets;
|
||||
int& dpd_buffer_size = zeek::dpd_buffer_size;
|
||||
int& dpd_match_only_beginning = zeek::dpd_match_only_beginning;
|
||||
int& dpd_late_match_stop = zeek::dpd_late_match_stop;
|
||||
int& dpd_ignore_ports = zeek::dpd_ignore_ports;
|
||||
int& check_for_unused_event_handlers = zeek::check_for_unused_event_handlers;
|
||||
double& timer_mgr_inactivity_timeout = zeek::timer_mgr_inactivity_timeout;
|
||||
int& record_all_packets = zeek::record_all_packets;
|
||||
bro_uint_t& bits_per_uid = zeek::bits_per_uid;
|
||||
int& watchdog_interval = zeek::detail::watchdog_interval;
|
||||
int& max_timer_expires = zeek::detail::max_timer_expires;
|
||||
int& ignore_checksums = zeek::detail::ignore_checksums;
|
||||
int& partial_connection_ok = zeek::detail::partial_connection_ok;
|
||||
int& tcp_SYN_ack_ok = zeek::detail::tcp_SYN_ack_ok;
|
||||
int& tcp_match_undelivered = zeek::detail::tcp_match_undelivered;
|
||||
int& encap_hdr_size = zeek::detail::encap_hdr_size;
|
||||
double& frag_timeout = zeek::detail::frag_timeout;
|
||||
double& tcp_SYN_timeout = zeek::detail::tcp_SYN_timeout;
|
||||
double& tcp_session_timer = zeek::detail::tcp_session_timer;
|
||||
double& tcp_connection_linger = zeek::detail::tcp_connection_linger;
|
||||
double& tcp_attempt_delay = zeek::detail::tcp_attempt_delay;
|
||||
double& tcp_close_delay = zeek::detail::tcp_close_delay;
|
||||
double& tcp_partial_close_delay = zeek::detail::tcp_partial_close_delay;
|
||||
double& tcp_reset_delay = zeek::detail::tcp_reset_delay;
|
||||
int& tcp_max_initial_window = zeek::detail::tcp_max_initial_window;
|
||||
int& tcp_max_above_hole_without_any_acks = zeek::detail::tcp_max_above_hole_without_any_acks;
|
||||
int& tcp_excessive_data_without_further_acks = zeek::detail::tcp_excessive_data_without_further_acks;
|
||||
int& tcp_max_old_segments = zeek::detail::tcp_max_old_segments;
|
||||
double& non_analyzed_lifetime = zeek::detail::non_analyzed_lifetime;
|
||||
double& tcp_inactivity_timeout = zeek::detail::tcp_inactivity_timeout;
|
||||
double& udp_inactivity_timeout = zeek::detail::udp_inactivity_timeout;
|
||||
double& icmp_inactivity_timeout = zeek::detail::icmp_inactivity_timeout;
|
||||
int& tcp_storm_thresh = zeek::detail::tcp_storm_thresh;
|
||||
double& tcp_storm_interarrival_thresh = zeek::detail::tcp_storm_interarrival_thresh;
|
||||
bool& tcp_content_deliver_all_orig = zeek::detail::tcp_content_deliver_all_orig;
|
||||
bool& tcp_content_deliver_all_resp = zeek::detail::tcp_content_deliver_all_resp;
|
||||
bool& udp_content_deliver_all_orig = zeek::detail::udp_content_deliver_all_orig;
|
||||
bool& udp_content_deliver_all_resp = zeek::detail::udp_content_deliver_all_resp;
|
||||
bool& udp_content_delivery_ports_use_resp = zeek::detail::udp_content_delivery_ports_use_resp;
|
||||
double& dns_session_timeout = zeek::detail::dns_session_timeout;
|
||||
double& rpc_timeout = zeek::detail::rpc_timeout;
|
||||
int& mime_segment_length = zeek::detail::mime_segment_length;
|
||||
int& mime_segment_overlap_length = zeek::detail::mime_segment_overlap_length;
|
||||
int& http_entity_data_delivery_size = zeek::detail::http_entity_data_delivery_size;
|
||||
int& truncate_http_URI = zeek::detail::truncate_http_URI;
|
||||
int& dns_skip_all_auth = zeek::detail::dns_skip_all_auth;
|
||||
int& dns_skip_all_addl = zeek::detail::dns_skip_all_addl;
|
||||
int& dns_max_queries = zeek::detail::dns_max_queries;
|
||||
double& stp_delta = zeek::detail::stp_delta;
|
||||
double& stp_idle_min = zeek::detail::stp_idle_min;
|
||||
double& table_expire_interval = zeek::detail::table_expire_interval;
|
||||
double& table_expire_delay = zeek::detail::table_expire_delay;
|
||||
int& table_incremental_step = zeek::detail::table_incremental_step;
|
||||
int& orig_addr_anonymization = zeek::detail::orig_addr_anonymization;
|
||||
int& resp_addr_anonymization = zeek::detail::resp_addr_anonymization;
|
||||
int& other_addr_anonymization = zeek::detail::other_addr_anonymization;
|
||||
double& connection_status_update_interval = zeek::detail::connection_status_update_interval;
|
||||
double& profiling_interval = zeek::detail::profiling_interval;
|
||||
int& expensive_profiling_multiple = zeek::detail::expensive_profiling_multiple;
|
||||
int& segment_profiling = zeek::detail::segment_profiling;
|
||||
int& pkt_profile_mode = zeek::detail::pkt_profile_mode;
|
||||
double& pkt_profile_freq = zeek::detail::pkt_profile_freq;
|
||||
int& load_sample_freq = zeek::detail::load_sample_freq;
|
||||
int& packet_filter_default = zeek::detail::packet_filter_default;
|
||||
int& sig_max_group_size = zeek::detail::sig_max_group_size;
|
||||
int& dpd_reassemble_first_packets = zeek::detail::dpd_reassemble_first_packets;
|
||||
int& dpd_buffer_size = zeek::detail::dpd_buffer_size;
|
||||
int& dpd_match_only_beginning = zeek::detail::dpd_match_only_beginning;
|
||||
int& dpd_late_match_stop = zeek::detail::dpd_late_match_stop;
|
||||
int& dpd_ignore_ports = zeek::detail::dpd_ignore_ports;
|
||||
int& check_for_unused_event_handlers = zeek::detail::check_for_unused_event_handlers;
|
||||
double& timer_mgr_inactivity_timeout = zeek::detail::timer_mgr_inactivity_timeout;
|
||||
int& record_all_packets = zeek::detail::record_all_packets;
|
||||
bro_uint_t& bits_per_uid = zeek::detail::bits_per_uid;
|
||||
|
|
|
|||
141
src/NetVar.h
141
src/NetVar.h
|
|
@ -6,7 +6,7 @@
|
|||
#include "EventRegistry.h"
|
||||
#include "Stats.h"
|
||||
|
||||
namespace zeek {
|
||||
namespace zeek::detail {
|
||||
|
||||
extern int watchdog_interval;
|
||||
|
||||
|
|
@ -104,78 +104,77 @@ extern void init_general_global_var();
|
|||
extern void init_event_handlers();
|
||||
extern void init_net_var();
|
||||
|
||||
} // namespace zeek
|
||||
} // namespace zeek::detail
|
||||
|
||||
constexpr auto init_general_global_var [[deprecated("Remove in v4.1. Use zeek::init_general_global_var.")]] = zeek::init_general_global_var;
|
||||
constexpr auto init_event_handlers [[deprecated("Remove in v4.1. Use zeek::init_event_handlers.")]] = zeek::init_event_handlers;
|
||||
constexpr auto init_net_var [[deprecated("Remove in v4.1. Use zeek::init_net_var.")]] = zeek::init_net_var;
|
||||
|
||||
extern int& watchdog_interval [[deprecated("Remove in v4.1. Use zeek::watchdog_interval.")]];
|
||||
extern int& max_timer_expires [[deprecated("Remove in v4.1. Use zeek::max_timer_expires.")]];
|
||||
extern int& ignore_checksums [[deprecated("Remove in v4.1. Use zeek::ignore_checksums.")]];
|
||||
extern int& partial_connection_ok [[deprecated("Remove in v4.1. Use zeek::partial_connection_ok.")]];
|
||||
extern int& tcp_SYN_ack_ok [[deprecated("Remove in v4.1. Use zeek::tcp_SYN_ack_ok.")]];
|
||||
extern int& tcp_match_undelivered [[deprecated("Remove in v4.1. Use zeek::tcp_match_undelivered.")]];
|
||||
extern int& encap_hdr_size [[deprecated("Remove in v4.1. Use zeek::encap_hdr_size.")]];
|
||||
extern double& frag_timeout [[deprecated("Remove in v4.1. Use zeek::frag_timeout.")]];
|
||||
extern double& tcp_SYN_timeout [[deprecated("Remove in v4.1. Use zeek::tcp_SYN_timeout.")]];
|
||||
extern double& tcp_session_timer [[deprecated("Remove in v4.1. Use zeek::tcp_session_timer.")]];
|
||||
extern double& tcp_connection_linger [[deprecated("Remove in v4.1. Use zeek::tcp_connection_linger.")]];
|
||||
extern double& tcp_attempt_delay [[deprecated("Remove in v4.1. Use zeek::tcp_attempt_delay.")]];
|
||||
extern double& tcp_close_delay [[deprecated("Remove in v4.1. Use zeek::tcp_close_delay.")]];
|
||||
extern double& tcp_partial_close_delay [[deprecated("Remove in v4.1. Use zeek::tcp_partial_close_delay.")]];
|
||||
extern double& tcp_reset_delay [[deprecated("Remove in v4.1. Use zeek::tcp_reset_delay.")]];
|
||||
extern int& tcp_max_initial_window [[deprecated("Remove in v4.1. Use zeek::tcp_max_initial_window.")]];
|
||||
extern int& tcp_max_above_hole_without_any_acks [[deprecated("Remove in v4.1. Use zeek::tcp_max_above_hole_without_any_acks.")]];
|
||||
extern int& tcp_excessive_data_without_further_acks [[deprecated("Remove in v4.1. Use zeek::tcp_excessive_data_without_further_acks.")]];
|
||||
extern int& tcp_max_old_segments [[deprecated("Remove in v4.1. Use zeek::tcp_max_old_segments.")]];
|
||||
extern double& non_analyzed_lifetime [[deprecated("Remove in v4.1. Use zeek::non_analyzed_lifetime.")]];
|
||||
extern double& tcp_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::tcp_inactivity_timeout.")]];
|
||||
extern double& udp_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::udp_inactivity_timeout.")]];
|
||||
extern double& icmp_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::icmp_inactivity_timeout.")]];
|
||||
extern int& tcp_storm_thresh [[deprecated("Remove in v4.1. Use zeek::tcp_storm_thresh.")]];
|
||||
extern double& tcp_storm_interarrival_thresh [[deprecated("Remove in v4.1. Use zeek::tcp_storm_interarrival_thresh.")]];
|
||||
extern bool& tcp_content_deliver_all_orig [[deprecated("Remove in v4.1. Use zeek::tcp_content_deliver_all_orig.")]];
|
||||
extern bool& tcp_content_deliver_all_resp [[deprecated("Remove in v4.1. Use zeek::tcp_content_deliver_all_resp.")]];
|
||||
extern bool& udp_content_deliver_all_orig [[deprecated("Remove in v4.1. Use zeek::udp_content_deliver_all_orig.")]];
|
||||
extern bool& udp_content_deliver_all_resp [[deprecated("Remove in v4.1. Use zeek::udp_content_deliver_all_resp.")]];
|
||||
extern bool& udp_content_delivery_ports_use_resp [[deprecated("Remove in v4.1. Use zeek::udp_content_delivery_ports_use_resp.")]];
|
||||
extern double& dns_session_timeout [[deprecated("Remove in v4.1. Use zeek::dns_session_timeout.")]];
|
||||
extern double& rpc_timeout [[deprecated("Remove in v4.1. Use zeek::rpc_timeout.")]];
|
||||
extern int& mime_segment_length [[deprecated("Remove in v4.1. Use zeek::mime_segment_length.")]];
|
||||
extern int& mime_segment_overlap_length [[deprecated("Remove in v4.1. Use zeek::mime_segment_overlap_length.")]];
|
||||
extern int& http_entity_data_delivery_size [[deprecated("Remove in v4.1. Use zeek::http_entity_data_delivery_size.")]];
|
||||
extern int& truncate_http_URI [[deprecated("Remove in v4.1. Use zeek::truncate_http_URI.")]];
|
||||
extern int& dns_skip_all_auth [[deprecated("Remove in v4.1. Use zeek::dns_skip_all_auth.")]];
|
||||
extern int& dns_skip_all_addl [[deprecated("Remove in v4.1. Use zeek::dns_skip_all_addl.")]];
|
||||
extern int& dns_max_queries [[deprecated("Remove in v4.1. Use zeek::dns_max_queries.")]];
|
||||
extern double& stp_delta [[deprecated("Remove in v4.1. Use zeek::stp_delta.")]];
|
||||
extern double& stp_idle_min [[deprecated("Remove in v4.1. Use zeek::stp_idle_min.")]];
|
||||
extern double& table_expire_interval [[deprecated("Remove in v4.1. Use zeek::table_expire_interval.")]];
|
||||
extern double& table_expire_delay [[deprecated("Remove in v4.1. Use zeek::table_expire_delay.")]];
|
||||
extern int& table_incremental_step [[deprecated("Remove in v4.1. Use zeek::table_incremental_step.")]];
|
||||
extern int& orig_addr_anonymization [[deprecated("Remove in v4.1. Use zeek::orig_addr_anonymization.")]];
|
||||
extern int& resp_addr_anonymization [[deprecated("Remove in v4.1. Use zeek::resp_addr_anonymization.")]];
|
||||
extern int& other_addr_anonymization [[deprecated("Remove in v4.1. Use zeek::other_addr_anonymization.")]];
|
||||
extern double& connection_status_update_interval [[deprecated("Remove in v4.1. Use zeek::connection_status_update_interval.")]];
|
||||
extern double& profiling_interval [[deprecated("Remove in v4.1. Use zeek::profiling_interval.")]];
|
||||
extern int& expensive_profiling_multiple [[deprecated("Remove in v4.1. Use zeek::expensive_profiling_multiple.")]];
|
||||
extern int& segment_profiling [[deprecated("Remove in v4.1. Use zeek::segment_profiling.")]];
|
||||
extern int& pkt_profile_mode [[deprecated("Remove in v4.1. Use zeek::pkt_profile_mode.")]];
|
||||
extern double& pkt_profile_freq [[deprecated("Remove in v4.1. Use zeek::pkt_profile_freq.")]];
|
||||
extern int& load_sample_freq [[deprecated("Remove in v4.1. Use zeek::load_sample_freq.")]];
|
||||
extern int& packet_filter_default [[deprecated("Remove in v4.1. Use zeek::packet_filter_default.")]];
|
||||
extern int& sig_max_group_size [[deprecated("Remove in v4.1. Use zeek::sig_max_group_size.")]];
|
||||
extern int& dpd_reassemble_first_packets [[deprecated("Remove in v4.1. Use zeek::dpd_reassemble_first_packets.")]];
|
||||
extern int& dpd_buffer_size [[deprecated("Remove in v4.1. Use zeek::dpd_buffer_size.")]];
|
||||
extern int& dpd_match_only_beginning [[deprecated("Remove in v4.1. Use zeek::dpd_match_only_beginning.")]];
|
||||
extern int& dpd_late_match_stop [[deprecated("Remove in v4.1. Use zeek::dpd_late_match_stop.")]];
|
||||
extern int& dpd_ignore_ports [[deprecated("Remove in v4.1. Use zeek::dpd_ignore_ports.")]];
|
||||
extern int& check_for_unused_event_handlers [[deprecated("Remove in v4.1. Use zeek::check_for_unused_event_handlers.")]];
|
||||
extern double& timer_mgr_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::timer_mgr_inactivity_timeout.")]];
|
||||
extern int& record_all_packets [[deprecated("Remove in v4.1. Use zeek::record_all_packets.")]];
|
||||
extern bro_uint_t& bits_per_uid [[deprecated("Remove in v4.1. Use zeek::bits_per_uid.")]];
|
||||
constexpr auto init_general_global_var [[deprecated("Remove in v4.1. Use zeek::detail::init_general_global_var.")]] = zeek::detail::init_general_global_var;
|
||||
constexpr auto init_event_handlers [[deprecated("Remove in v4.1. Use zeek::detail::init_event_handlers.")]] = zeek::detail::init_event_handlers;
|
||||
constexpr auto init_net_var [[deprecated("Remove in v4.1. Use zeek::detail::init_net_var.")]] = zeek::detail::init_net_var;
|
||||
|
||||
extern int& watchdog_interval [[deprecated("Remove in v4.1. Use zeek::detail::watchdog_interval.")]];
|
||||
extern int& max_timer_expires [[deprecated("Remove in v4.1. Use zeek::detail::max_timer_expires.")]];
|
||||
extern int& ignore_checksums [[deprecated("Remove in v4.1. Use zeek::detail::ignore_checksums.")]];
|
||||
extern int& partial_connection_ok [[deprecated("Remove in v4.1. Use zeek::detail::partial_connection_ok.")]];
|
||||
extern int& tcp_SYN_ack_ok [[deprecated("Remove in v4.1. Use zeek::detail::tcp_SYN_ack_ok.")]];
|
||||
extern int& tcp_match_undelivered [[deprecated("Remove in v4.1. Use zeek::detail::tcp_match_undelivered.")]];
|
||||
extern int& encap_hdr_size [[deprecated("Remove in v4.1. Use zeek::detail::encap_hdr_size.")]];
|
||||
extern double& frag_timeout [[deprecated("Remove in v4.1. Use zeek::detail::frag_timeout.")]];
|
||||
extern double& tcp_SYN_timeout [[deprecated("Remove in v4.1. Use zeek::detail::tcp_SYN_timeout.")]];
|
||||
extern double& tcp_session_timer [[deprecated("Remove in v4.1. Use zeek::detail::tcp_session_timer.")]];
|
||||
extern double& tcp_connection_linger [[deprecated("Remove in v4.1. Use zeek::detail::tcp_connection_linger.")]];
|
||||
extern double& tcp_attempt_delay [[deprecated("Remove in v4.1. Use zeek::detail::tcp_attempt_delay.")]];
|
||||
extern double& tcp_close_delay [[deprecated("Remove in v4.1. Use zeek::detail::tcp_close_delay.")]];
|
||||
extern double& tcp_partial_close_delay [[deprecated("Remove in v4.1. Use zeek::detail::tcp_partial_close_delay.")]];
|
||||
extern double& tcp_reset_delay [[deprecated("Remove in v4.1. Use zeek::detail::tcp_reset_delay.")]];
|
||||
extern int& tcp_max_initial_window [[deprecated("Remove in v4.1. Use zeek::detail::tcp_max_initial_window.")]];
|
||||
extern int& tcp_max_above_hole_without_any_acks [[deprecated("Remove in v4.1. Use zeek::detail::tcp_max_above_hole_without_any_acks.")]];
|
||||
extern int& tcp_excessive_data_without_further_acks [[deprecated("Remove in v4.1. Use zeek::detail::tcp_excessive_data_without_further_acks.")]];
|
||||
extern int& tcp_max_old_segments [[deprecated("Remove in v4.1. Use zeek::detail::tcp_max_old_segments.")]];
|
||||
extern double& non_analyzed_lifetime [[deprecated("Remove in v4.1. Use zeek::detail::non_analyzed_lifetime.")]];
|
||||
extern double& tcp_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::detail::tcp_inactivity_timeout.")]];
|
||||
extern double& udp_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::detail::udp_inactivity_timeout.")]];
|
||||
extern double& icmp_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::detail::icmp_inactivity_timeout.")]];
|
||||
extern int& tcp_storm_thresh [[deprecated("Remove in v4.1. Use zeek::detail::tcp_storm_thresh.")]];
|
||||
extern double& tcp_storm_interarrival_thresh [[deprecated("Remove in v4.1. Use zeek::detail::tcp_storm_interarrival_thresh.")]];
|
||||
extern bool& tcp_content_deliver_all_orig [[deprecated("Remove in v4.1. Use zeek::detail::tcp_content_deliver_all_orig.")]];
|
||||
extern bool& tcp_content_deliver_all_resp [[deprecated("Remove in v4.1. Use zeek::detail::tcp_content_deliver_all_resp.")]];
|
||||
extern bool& udp_content_deliver_all_orig [[deprecated("Remove in v4.1. Use zeek::detail::udp_content_deliver_all_orig.")]];
|
||||
extern bool& udp_content_deliver_all_resp [[deprecated("Remove in v4.1. Use zeek::detail::udp_content_deliver_all_resp.")]];
|
||||
extern bool& udp_content_delivery_ports_use_resp [[deprecated("Remove in v4.1. Use zeek::detail::udp_content_delivery_ports_use_resp.")]];
|
||||
extern double& dns_session_timeout [[deprecated("Remove in v4.1. Use zeek::detail::dns_session_timeout.")]];
|
||||
extern double& rpc_timeout [[deprecated("Remove in v4.1. Use zeek::detail::rpc_timeout.")]];
|
||||
extern int& mime_segment_length [[deprecated("Remove in v4.1. Use zeek::detail::mime_segment_length.")]];
|
||||
extern int& mime_segment_overlap_length [[deprecated("Remove in v4.1. Use zeek::detail::mime_segment_overlap_length.")]];
|
||||
extern int& http_entity_data_delivery_size [[deprecated("Remove in v4.1. Use zeek::detail::http_entity_data_delivery_size.")]];
|
||||
extern int& truncate_http_URI [[deprecated("Remove in v4.1. Use zeek::detail::truncate_http_URI.")]];
|
||||
extern int& dns_skip_all_auth [[deprecated("Remove in v4.1. Use zeek::detail::dns_skip_all_auth.")]];
|
||||
extern int& dns_skip_all_addl [[deprecated("Remove in v4.1. Use zeek::detail::dns_skip_all_addl.")]];
|
||||
extern int& dns_max_queries [[deprecated("Remove in v4.1. Use zeek::detail::dns_max_queries.")]];
|
||||
extern double& stp_delta [[deprecated("Remove in v4.1. Use zeek::detail::stp_delta.")]];
|
||||
extern double& stp_idle_min [[deprecated("Remove in v4.1. Use zeek::detail::stp_idle_min.")]];
|
||||
extern double& table_expire_interval [[deprecated("Remove in v4.1. Use zeek::detail::table_expire_interval.")]];
|
||||
extern double& table_expire_delay [[deprecated("Remove in v4.1. Use zeek::detail::table_expire_delay.")]];
|
||||
extern int& table_incremental_step [[deprecated("Remove in v4.1. Use zeek::detail::table_incremental_step.")]];
|
||||
extern int& orig_addr_anonymization [[deprecated("Remove in v4.1. Use zeek::detail::orig_addr_anonymization.")]];
|
||||
extern int& resp_addr_anonymization [[deprecated("Remove in v4.1. Use zeek::detail::resp_addr_anonymization.")]];
|
||||
extern int& other_addr_anonymization [[deprecated("Remove in v4.1. Use zeek::detail::other_addr_anonymization.")]];
|
||||
extern double& connection_status_update_interval [[deprecated("Remove in v4.1. Use zeek::detail::connection_status_update_interval.")]];
|
||||
extern double& profiling_interval [[deprecated("Remove in v4.1. Use zeek::detail::profiling_interval.")]];
|
||||
extern int& expensive_profiling_multiple [[deprecated("Remove in v4.1. Use zeek::detail::expensive_profiling_multiple.")]];
|
||||
extern int& segment_profiling [[deprecated("Remove in v4.1. Use zeek::detail::segment_profiling.")]];
|
||||
extern int& pkt_profile_mode [[deprecated("Remove in v4.1. Use zeek::detail::pkt_profile_mode.")]];
|
||||
extern double& pkt_profile_freq [[deprecated("Remove in v4.1. Use zeek::detail::pkt_profile_freq.")]];
|
||||
extern int& load_sample_freq [[deprecated("Remove in v4.1. Use zeek::detail::load_sample_freq.")]];
|
||||
extern int& packet_filter_default [[deprecated("Remove in v4.1. Use zeek::detail::packet_filter_default.")]];
|
||||
extern int& sig_max_group_size [[deprecated("Remove in v4.1. Use zeek::detail::sig_max_group_size.")]];
|
||||
extern int& dpd_reassemble_first_packets [[deprecated("Remove in v4.1. Use zeek::detail::dpd_reassemble_first_packets.")]];
|
||||
extern int& dpd_buffer_size [[deprecated("Remove in v4.1. Use zeek::detail::dpd_buffer_size.")]];
|
||||
extern int& dpd_match_only_beginning [[deprecated("Remove in v4.1. Use zeek::detail::dpd_match_only_beginning.")]];
|
||||
extern int& dpd_late_match_stop [[deprecated("Remove in v4.1. Use zeek::detail::dpd_late_match_stop.")]];
|
||||
extern int& dpd_ignore_ports [[deprecated("Remove in v4.1. Use zeek::detail::dpd_ignore_ports.")]];
|
||||
extern int& check_for_unused_event_handlers [[deprecated("Remove in v4.1. Use zeek::detail::check_for_unused_event_handlers.")]];
|
||||
extern double& timer_mgr_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::detail::timer_mgr_inactivity_timeout.")]];
|
||||
extern int& record_all_packets [[deprecated("Remove in v4.1. Use zeek::detail::record_all_packets.")]];
|
||||
extern bro_uint_t& bits_per_uid [[deprecated("Remove in v4.1. Use zeek::detail::bits_per_uid.")]];
|
||||
|
||||
[[deprecated("Remove in v4.1. Use zeek::id::conn_id.")]]
|
||||
extern zeek::RecordType* conn_id;
|
||||
|
|
|
|||
|
|
@ -89,9 +89,10 @@ NetSessions::NetSessions()
|
|||
num_packets_processed = 0;
|
||||
static auto pkt_profile_file = zeek::id::find_val("pkt_profile_file");
|
||||
|
||||
if ( pkt_profile_mode && pkt_profile_freq > 0 && pkt_profile_file )
|
||||
pkt_profiler = new zeek::detail::PacketProfiler(pkt_profile_mode,
|
||||
pkt_profile_freq, pkt_profile_file->AsFile());
|
||||
if ( zeek::detail::pkt_profile_mode && zeek::detail::pkt_profile_freq > 0 && pkt_profile_file )
|
||||
pkt_profiler = new zeek::detail::PacketProfiler(zeek::detail::pkt_profile_mode,
|
||||
zeek::detail::pkt_profile_freq,
|
||||
pkt_profile_file->AsFile());
|
||||
else
|
||||
pkt_profiler = nullptr;
|
||||
|
||||
|
|
@ -139,7 +140,7 @@ void NetSessions::NextPacket(double t, const zeek::Packet* pkt)
|
|||
|
||||
dump_this_packet = false;
|
||||
|
||||
if ( record_all_packets )
|
||||
if ( zeek::detail::record_all_packets )
|
||||
DumpPacket(pkt);
|
||||
|
||||
if ( pkt->hdr_size > pkt->cap_len )
|
||||
|
|
@ -188,7 +189,7 @@ void NetSessions::NextPacket(double t, const zeek::Packet* pkt)
|
|||
}
|
||||
|
||||
|
||||
if ( dump_this_packet && ! record_all_packets )
|
||||
if ( dump_this_packet && ! zeek::detail::record_all_packets )
|
||||
DumpPacket(pkt);
|
||||
}
|
||||
|
||||
|
|
@ -275,7 +276,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP
|
|||
if ( packet_filter && packet_filter->Match(ip_hdr, len, caplen) )
|
||||
return;
|
||||
|
||||
if ( ! pkt->l2_checksummed && ! ignore_checksums && ip4 &&
|
||||
if ( ! pkt->l2_checksummed && ! zeek::detail::ignore_checksums && ip4 &&
|
||||
ones_complement_checksum((void*) ip4, ip_hdr_len, 0) != 0xffff )
|
||||
{
|
||||
Weird("bad_IP_checksum", pkt, encapsulation);
|
||||
|
|
@ -1273,10 +1274,10 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port,
|
|||
{
|
||||
// The new connection is starting either without a SYN,
|
||||
// or with a SYN ack. This means it's a partial connection.
|
||||
if ( ! partial_connection_ok )
|
||||
if ( ! zeek::detail::partial_connection_ok )
|
||||
return false;
|
||||
|
||||
if ( tcp_flags & TH_SYN && ! tcp_SYN_ack_ok )
|
||||
if ( tcp_flags & TH_SYN && ! zeek::detail::tcp_SYN_ack_ok )
|
||||
return false;
|
||||
|
||||
// Try to guess true responder by the port numbers.
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ public:
|
|||
zeek::detail::PacketFilter* GetPacketFilter()
|
||||
{
|
||||
if ( ! packet_filter )
|
||||
packet_filter = new zeek::detail::PacketFilter(packet_filter_default);
|
||||
packet_filter = new zeek::detail::PacketFilter(detail::packet_filter_default);
|
||||
return packet_filter;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ EncapsulatingConn::EncapsulatingConn(Connection* c, BifEnum::Tunnel::Type t)
|
|||
{
|
||||
if ( ! uid )
|
||||
{
|
||||
uid.Set(bits_per_uid);
|
||||
uid.Set(zeek::detail::bits_per_uid);
|
||||
c->SetUID(uid);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ public:
|
|||
BifEnum::Tunnel::Type t = BifEnum::Tunnel::IP)
|
||||
: src_addr(s), dst_addr(d), src_port(0), dst_port(0),
|
||||
proto(TRANSPORT_UNKNOWN), type(t),
|
||||
uid(zeek::UID(bits_per_uid))
|
||||
uid(zeek::UID(detail::bits_per_uid))
|
||||
{
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2557,7 +2557,7 @@ void TableVal::DoExpire(double t)
|
|||
TableEntryVal* v_saved = nullptr;
|
||||
bool modified = false;
|
||||
|
||||
for ( int i = 0; i < table_incremental_step &&
|
||||
for ( int i = 0; i < zeek::detail::table_incremental_step &&
|
||||
(v = tbl->NextEntry(k, expire_cookie)); ++i )
|
||||
{
|
||||
if ( v->ExpireAccessTime() == 0 )
|
||||
|
|
@ -2632,10 +2632,10 @@ void TableVal::DoExpire(double t)
|
|||
if ( ! v )
|
||||
{
|
||||
expire_cookie = nullptr;
|
||||
InitTimer(table_expire_interval);
|
||||
InitTimer(zeek::detail::table_expire_interval);
|
||||
}
|
||||
else
|
||||
InitTimer(table_expire_delay);
|
||||
InitTimer(zeek::detail::table_expire_delay);
|
||||
}
|
||||
|
||||
double TableVal::GetExpireTime()
|
||||
|
|
|
|||
|
|
@ -399,7 +399,7 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
|
|||
// the scheduled ones.
|
||||
if ( ! scheduled )
|
||||
{ // Let's see if it's a port we know.
|
||||
if ( check_port && ! dpd_ignore_ports )
|
||||
if ( check_port && ! zeek::detail::dpd_ignore_ports )
|
||||
{
|
||||
int resp_port = ntohs(conn->RespPort());
|
||||
tag_set* ports = LookupPort(conn->ConnTransport(), resp_port, false);
|
||||
|
|
@ -430,9 +430,9 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
|
|||
// be turned on later by the TCP PIA.
|
||||
|
||||
bool reass = root->GetChildren().size() ||
|
||||
dpd_reassemble_first_packets ||
|
||||
tcp_content_deliver_all_orig ||
|
||||
tcp_content_deliver_all_resp;
|
||||
zeek::detail::dpd_reassemble_first_packets ||
|
||||
zeek::detail::tcp_content_deliver_all_orig ||
|
||||
zeek::detail::tcp_content_deliver_all_resp;
|
||||
|
||||
if ( tcp_contents && ! reass )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
|
|||
|
||||
// There is a great deal of non-DNS traffic that runs on port 53.
|
||||
// This should weed out most of it.
|
||||
if ( dns_max_queries > 0 && msg.qdcount > dns_max_queries )
|
||||
if ( zeek::detail::dns_max_queries > 0 && msg.qdcount > zeek::detail::dns_max_queries )
|
||||
{
|
||||
analyzer->ProtocolViolation("DNS_Conn_count_too_large");
|
||||
analyzer->Weird("DNS_Conn_count_too_large");
|
||||
|
|
@ -87,8 +87,8 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
|
|||
|
||||
analyzer->ProtocolConfirmation();
|
||||
|
||||
int skip_auth = dns_skip_all_auth;
|
||||
int skip_addl = dns_skip_all_addl;
|
||||
int skip_auth = zeek::detail::dns_skip_all_auth;
|
||||
int skip_addl = zeek::detail::dns_skip_all_addl;
|
||||
if ( msg.ancount > 0 )
|
||||
{ // We did an answer, so can potentially skip auth/addl.
|
||||
static auto dns_skip_auth = zeek::id::find_val<zeek::TableVal>("dns_skip_auth");
|
||||
|
|
@ -1908,7 +1908,7 @@ DNS_Analyzer::DNS_Analyzer(zeek::Connection* conn)
|
|||
else
|
||||
{
|
||||
ADD_ANALYZER_TIMER(&DNS_Analyzer::ExpireTimer,
|
||||
zeek::net::network_time + dns_session_timeout, true,
|
||||
zeek::net::network_time + zeek::detail::dns_session_timeout, true,
|
||||
zeek::detail::TIMER_DNS_EXPIRE);
|
||||
}
|
||||
}
|
||||
|
|
@ -1956,14 +1956,14 @@ void DNS_Analyzer::ExpireTimer(double t)
|
|||
// The - 1.0 in the following is to allow 1 second for the
|
||||
// common case of a single request followed by a single reply,
|
||||
// so we don't needlessly set the timer twice in that case.
|
||||
if ( t - Conn()->LastTime() >= dns_session_timeout - 1.0 || zeek::net::terminating )
|
||||
if ( t - Conn()->LastTime() >= zeek::detail::dns_session_timeout - 1.0 || zeek::net::terminating )
|
||||
{
|
||||
Event(connection_timeout);
|
||||
zeek::sessions->Remove(Conn());
|
||||
}
|
||||
else
|
||||
ADD_ANALYZER_TIMER(&DNS_Analyzer::ExpireTimer,
|
||||
t + dns_session_timeout, true,
|
||||
t + zeek::detail::dns_session_timeout, true,
|
||||
zeek::detail::TIMER_DNS_EXPIRE);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -779,9 +779,9 @@ void HTTP_Message::SubmitData(int len, const char* buf)
|
|||
bool HTTP_Message::RequestBuffer(int* plen, char** pbuf)
|
||||
{
|
||||
if ( ! entity_data_buffer )
|
||||
entity_data_buffer = new char[http_entity_data_delivery_size];
|
||||
entity_data_buffer = new char[zeek::detail::http_entity_data_delivery_size];
|
||||
|
||||
*plen = http_entity_data_delivery_size;
|
||||
*plen = zeek::detail::http_entity_data_delivery_size;
|
||||
*pbuf = entity_data_buffer;
|
||||
return true;
|
||||
}
|
||||
|
|
@ -1381,12 +1381,12 @@ HTTP_Analyzer::TruncateURI(const zeek::StringValPtr& uri)
|
|||
{
|
||||
const zeek::String* str = uri->AsString();
|
||||
|
||||
if ( truncate_http_URI >= 0 && str->Len() > truncate_http_URI )
|
||||
if ( zeek::detail::truncate_http_URI >= 0 && str->Len() > zeek::detail::truncate_http_URI )
|
||||
{
|
||||
u_char* s = new u_char[truncate_http_URI + 4];
|
||||
memcpy(s, str->Bytes(), truncate_http_URI);
|
||||
memcpy(s + truncate_http_URI, "...", 4);
|
||||
return zeek::make_intrusive<zeek::StringVal>(new zeek::String(true, s, truncate_http_URI+3));
|
||||
u_char* s = new u_char[zeek::detail::truncate_http_URI + 4];
|
||||
memcpy(s, str->Bytes(), zeek::detail::truncate_http_URI);
|
||||
memcpy(s + zeek::detail::truncate_http_URI, "...", 4);
|
||||
return zeek::make_intrusive<zeek::StringVal>(new zeek::String(true, s, zeek::detail::truncate_http_URI+3));
|
||||
}
|
||||
else
|
||||
return uri;
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ ICMP_Analyzer::ICMP_Analyzer(zeek::Connection* c)
|
|||
: TransportLayerAnalyzer("ICMP", c),
|
||||
icmp_conn_val(), type(), code(), request_len(-1), reply_len(-1)
|
||||
{
|
||||
c->SetInactivityTimeout(icmp_inactivity_timeout);
|
||||
c->SetInactivityTimeout(zeek::detail::icmp_inactivity_timeout);
|
||||
}
|
||||
|
||||
void ICMP_Analyzer::Done()
|
||||
|
|
@ -49,7 +49,7 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data,
|
|||
|
||||
const struct icmp* icmpp = (const struct icmp*) data;
|
||||
|
||||
if ( ! ignore_checksums && caplen >= len )
|
||||
if ( ! zeek::detail::ignore_checksums && caplen >= len )
|
||||
{
|
||||
int chksum = 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -1329,8 +1329,8 @@ MIME_Mail::MIME_Mail(zeek::analyzer::Analyzer* mail_analyzer, bool orig, int buf
|
|||
{
|
||||
analyzer = mail_analyzer;
|
||||
|
||||
min_overlap_length = mime_segment_overlap_length;
|
||||
max_chunk_length = mime_segment_length;
|
||||
min_overlap_length = zeek::detail::mime_segment_overlap_length;
|
||||
max_chunk_length = zeek::detail::mime_segment_length;
|
||||
is_orig = orig;
|
||||
|
||||
int length = buf_size;
|
||||
|
|
|
|||
|
|
@ -104,8 +104,8 @@ void PIA::PIA_DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t
|
|||
len > 0 )
|
||||
{
|
||||
AddToBuffer(&pkt_buffer, seq, len, data, is_orig, ip);
|
||||
if ( pkt_buffer.size > dpd_buffer_size )
|
||||
new_state = dpd_match_only_beginning ?
|
||||
if ( pkt_buffer.size > zeek::detail::dpd_buffer_size )
|
||||
new_state = zeek::detail::dpd_match_only_beginning ?
|
||||
SKIPPING : MATCHING_ONLY;
|
||||
}
|
||||
|
||||
|
|
@ -163,7 +163,7 @@ void PIA_UDP::ActivateAnalyzer(zeek::analyzer::Tag tag, const zeek::detail::Rule
|
|||
zeek::event_mgr.Enqueue(protocol_late_match, ConnVal(), tval);
|
||||
}
|
||||
|
||||
pkt_buffer.state = dpd_late_match_stop ? SKIPPING : MATCHING_ONLY;
|
||||
pkt_buffer.state = zeek::detail::dpd_late_match_stop ? SKIPPING : MATCHING_ONLY;
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -271,8 +271,8 @@ void PIA_TCP::DeliverStream(int len, const u_char* data, bool is_orig)
|
|||
if ( stream_buffer.state == BUFFERING || new_state == BUFFERING )
|
||||
{
|
||||
AddToBuffer(&stream_buffer, len, data, is_orig);
|
||||
if ( stream_buffer.size > dpd_buffer_size )
|
||||
new_state = dpd_match_only_beginning ?
|
||||
if ( stream_buffer.size > zeek::detail::dpd_buffer_size )
|
||||
new_state = zeek::detail::dpd_match_only_beginning ?
|
||||
SKIPPING : MATCHING_ONLY;
|
||||
}
|
||||
|
||||
|
|
@ -310,7 +310,7 @@ void PIA_TCP::ActivateAnalyzer(zeek::analyzer::Tag tag, const zeek::detail::Rule
|
|||
zeek::event_mgr.Enqueue(protocol_late_match, ConnVal(), tval);
|
||||
}
|
||||
|
||||
stream_buffer.state = dpd_late_match_stop ? SKIPPING : MATCHING_ONLY;
|
||||
stream_buffer.state = zeek::detail::dpd_late_match_stop ? SKIPPING : MATCHING_ONLY;
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -729,7 +729,7 @@ RPC_Analyzer::RPC_Analyzer(const char* name, zeek::Connection* conn,
|
|||
{
|
||||
if ( Conn()->ConnTransport() == TRANSPORT_UDP )
|
||||
ADD_ANALYZER_TIMER(&RPC_Analyzer::ExpireTimer,
|
||||
zeek::net::network_time + rpc_timeout, true,
|
||||
zeek::net::network_time + zeek::detail::rpc_timeout, true,
|
||||
zeek::detail::TIMER_RPC_EXPIRE);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ bool SteppingStoneEndpoint::DataSent(double t, uint64_t seq, int len, int caplen
|
|||
if ( len <= 0 )
|
||||
return false;
|
||||
|
||||
double tmin = t - stp_delta;
|
||||
double tmin = t - zeek::detail::stp_delta;
|
||||
|
||||
while ( stp_manager->OrderedEndpoints().length() > 0 )
|
||||
{
|
||||
|
|
@ -95,7 +95,7 @@ bool SteppingStoneEndpoint::DataSent(double t, uint64_t seq, int len, int caplen
|
|||
|
||||
stp_max_top_seq = top_seq;
|
||||
|
||||
if ( stp_last_time && t <= stp_last_time + stp_idle_min )
|
||||
if ( stp_last_time && t <= stp_last_time + zeek::detail::stp_idle_min )
|
||||
{
|
||||
stp_last_time = t;
|
||||
return true;
|
||||
|
|
|
|||
|
|
@ -127,7 +127,7 @@ TCP_Analyzer::TCP_Analyzer(zeek::Connection* conn)
|
|||
{
|
||||
// Set a timer to eventually time out this connection.
|
||||
ADD_ANALYZER_TIMER(&TCP_Analyzer::ExpireTimer,
|
||||
zeek::net::network_time + tcp_SYN_timeout, false,
|
||||
zeek::net::network_time + zeek::detail::tcp_SYN_timeout, false,
|
||||
zeek::detail::TIMER_TCP_EXPIRE);
|
||||
|
||||
deferred_gen_event = close_deferred = 0;
|
||||
|
|
@ -275,7 +275,7 @@ const struct tcphdr* TCP_Analyzer::ExtractTCP_Header(const u_char*& data,
|
|||
bool TCP_Analyzer::ValidateChecksum(const struct tcphdr* tp,
|
||||
TCP_Endpoint* endpoint, int len, int caplen)
|
||||
{
|
||||
if ( ! zeek::net::current_pkt->l3_checksummed && ! ignore_checksums && caplen >= len &&
|
||||
if ( ! zeek::net::current_pkt->l3_checksummed && ! zeek::detail::ignore_checksums && caplen >= len &&
|
||||
! endpoint->ValidChecksum(tp, len) )
|
||||
{
|
||||
Weird("bad_TCP_checksum");
|
||||
|
|
@ -493,9 +493,9 @@ void TCP_Analyzer::UpdateInactiveState(double t,
|
|||
else
|
||||
endpoint->SetState(TCP_ENDPOINT_SYN_SENT);
|
||||
|
||||
if ( tcp_attempt_delay )
|
||||
if ( zeek::detail::tcp_attempt_delay )
|
||||
ADD_ANALYZER_TIMER(&TCP_Analyzer::AttemptTimer,
|
||||
t + tcp_attempt_delay, true,
|
||||
t + zeek::detail::tcp_attempt_delay, true,
|
||||
zeek::detail::TIMER_TCP_ATTEMPT);
|
||||
}
|
||||
else
|
||||
|
|
@ -725,7 +725,7 @@ void TCP_Analyzer::UpdateClosedState(double t, TCP_Endpoint* endpoint,
|
|||
|
||||
if ( connection_reset )
|
||||
ADD_ANALYZER_TIMER(&TCP_Analyzer::ResetTimer,
|
||||
t + tcp_reset_delay, true,
|
||||
t + zeek::detail::tcp_reset_delay, true,
|
||||
zeek::detail::TIMER_TCP_RESET);
|
||||
}
|
||||
}
|
||||
|
|
@ -1113,8 +1113,8 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
|
|||
{
|
||||
++endpoint->FIN_cnt;
|
||||
|
||||
if ( endpoint->FIN_cnt >= tcp_storm_thresh && zeek::net::current_timestamp <
|
||||
endpoint->last_time + tcp_storm_interarrival_thresh )
|
||||
if ( endpoint->FIN_cnt >= zeek::detail::tcp_storm_thresh && zeek::net::current_timestamp <
|
||||
endpoint->last_time + zeek::detail::tcp_storm_interarrival_thresh )
|
||||
Weird("FIN_storm");
|
||||
|
||||
endpoint->FIN_seq = rel_seq + seg_len;
|
||||
|
|
@ -1124,8 +1124,8 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
|
|||
{
|
||||
++endpoint->RST_cnt;
|
||||
|
||||
if ( endpoint->RST_cnt >= tcp_storm_thresh && zeek::net::current_timestamp <
|
||||
endpoint->last_time + tcp_storm_interarrival_thresh )
|
||||
if ( endpoint->RST_cnt >= zeek::detail::tcp_storm_thresh && zeek::net::current_timestamp <
|
||||
endpoint->last_time + zeek::detail::tcp_storm_interarrival_thresh )
|
||||
Weird("RST_storm");
|
||||
|
||||
// This now happens often enough that it's
|
||||
|
|
@ -1513,7 +1513,7 @@ void TCP_Analyzer::ExpireTimer(double t)
|
|||
if ( ! is_active )
|
||||
return;
|
||||
|
||||
if ( Conn()->LastTime() + tcp_connection_linger < t )
|
||||
if ( Conn()->LastTime() + zeek::detail::tcp_connection_linger < t )
|
||||
{
|
||||
if ( orig->did_close || resp->did_close )
|
||||
{
|
||||
|
|
@ -1558,7 +1558,7 @@ void TCP_Analyzer::ExpireTimer(double t)
|
|||
// Connection still active, so reschedule timer.
|
||||
// ### if PQ_Element's were Obj's, could just Ref the timer
|
||||
// and adjust its value here, instead of creating a new timer.
|
||||
ADD_ANALYZER_TIMER(&TCP_Analyzer::ExpireTimer, t + tcp_session_timer,
|
||||
ADD_ANALYZER_TIMER(&TCP_Analyzer::ExpireTimer, t + zeek::detail::tcp_session_timer,
|
||||
false, zeek::detail::TIMER_TCP_EXPIRE);
|
||||
}
|
||||
|
||||
|
|
@ -1664,7 +1664,8 @@ void TCP_Analyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer,
|
|||
if ( DEBUG_tcp_connection_close )
|
||||
{
|
||||
DEBUG_MSG("%.6f close_complete=%d tcp_close_delay=%f\n",
|
||||
zeek::net::network_time, close_complete, tcp_close_delay);
|
||||
zeek::net::network_time, close_complete,
|
||||
zeek::detail::tcp_close_delay);
|
||||
}
|
||||
|
||||
if ( close_complete )
|
||||
|
|
@ -1697,9 +1698,9 @@ void TCP_Analyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer,
|
|||
//
|
||||
// here, because that would cause the object to be
|
||||
// deleted out from under us.
|
||||
if ( tcp_close_delay != 0.0 )
|
||||
if ( zeek::detail::tcp_close_delay != 0.0 )
|
||||
ADD_ANALYZER_TIMER(&TCP_Analyzer::ConnDeleteTimer,
|
||||
Conn()->LastTime() + tcp_close_delay, false,
|
||||
Conn()->LastTime() + zeek::detail::tcp_close_delay, false,
|
||||
zeek::detail::TIMER_CONN_DELETE);
|
||||
else
|
||||
ADD_ANALYZER_TIMER(&TCP_Analyzer::DeleteTimer, Conn()->LastTime(), false,
|
||||
|
|
@ -1712,7 +1713,7 @@ void TCP_Analyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer,
|
|||
{ // First time we've seen anything from this side.
|
||||
if ( connection_partial_close )
|
||||
ADD_ANALYZER_TIMER(&TCP_Analyzer::PartialCloseTimer,
|
||||
Conn()->LastTime() + tcp_partial_close_delay, false,
|
||||
Conn()->LastTime() + zeek::detail::tcp_partial_close_delay, false,
|
||||
zeek::detail::TIMER_TCP_PARTIAL_CLOSE );
|
||||
}
|
||||
|
||||
|
|
@ -1721,7 +1722,7 @@ void TCP_Analyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer,
|
|||
// Create a timer to look for the other side closing,
|
||||
// too.
|
||||
ADD_ANALYZER_TIMER(&TCP_Analyzer::ExpireTimer,
|
||||
Conn()->LastTime() + tcp_session_timer, false,
|
||||
Conn()->LastTime() + zeek::detail::tcp_session_timer, false,
|
||||
zeek::detail::TIMER_TCP_EXPIRE);
|
||||
}
|
||||
}
|
||||
|
|
@ -1869,7 +1870,7 @@ bool TCP_Analyzer::IsReuse(double t, const u_char* pkt)
|
|||
resp->state != TCP_ENDPOINT_RESET )
|
||||
Weird("active_connection_reuse");
|
||||
|
||||
else if ( t - Conn()->LastTime() < tcp_connection_linger &&
|
||||
else if ( t - Conn()->LastTime() < zeek::detail::tcp_connection_linger &&
|
||||
orig->state != TCP_ENDPOINT_RESET &&
|
||||
resp->state != TCP_ENDPOINT_RESET )
|
||||
Weird("premature_connection_reuse");
|
||||
|
|
|
|||
|
|
@ -151,7 +151,7 @@ void TCP_Endpoint::SetState(EndpointState new_state)
|
|||
// handshake.
|
||||
if ( ! is_handshake(new_state) )
|
||||
if ( is_handshake(state) && is_handshake(peer->state) )
|
||||
Conn()->SetInactivityTimeout(tcp_inactivity_timeout);
|
||||
Conn()->SetInactivityTimeout(zeek::detail::tcp_inactivity_timeout);
|
||||
|
||||
prev_state = state;
|
||||
state = new_state;
|
||||
|
|
|
|||
|
|
@ -36,8 +36,8 @@ TCP_Reassembler::TCP_Reassembler(zeek::analyzer::Analyzer* arg_dst_analyzer,
|
|||
seq_to_skip = 0;
|
||||
in_delivery = false;
|
||||
|
||||
if ( tcp_max_old_segments )
|
||||
SetMaxOldBlocks(tcp_max_old_segments);
|
||||
if ( zeek::detail::tcp_max_old_segments )
|
||||
SetMaxOldBlocks(zeek::detail::tcp_max_old_segments);
|
||||
|
||||
if ( ::tcp_contents )
|
||||
{
|
||||
|
|
@ -50,8 +50,8 @@ TCP_Reassembler::TCP_Reassembler(zeek::analyzer::Analyzer* arg_dst_analyzer,
|
|||
tcp_content_delivery_ports_resp;
|
||||
auto result = ports->FindOrDefault(dst_port_val);
|
||||
|
||||
if ( (IsOrig() && tcp_content_deliver_all_orig) ||
|
||||
(! IsOrig() && tcp_content_deliver_all_resp) ||
|
||||
if ( (IsOrig() && zeek::detail::tcp_content_deliver_all_orig) ||
|
||||
(! IsOrig() && zeek::detail::tcp_content_deliver_all_resp) ||
|
||||
(result && result->AsBool()) )
|
||||
deliver_tcp_contents = true;
|
||||
}
|
||||
|
|
@ -272,7 +272,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq)
|
|||
if ( record_contents_file )
|
||||
RecordToSeq(last_reassem_seq, up_to_seq, record_contents_file);
|
||||
|
||||
if ( tcp_match_undelivered )
|
||||
if ( zeek::detail::tcp_match_undelivered )
|
||||
MatchUndelivered(up_to_seq, false);
|
||||
|
||||
// But we need to re-adjust last_reassem_seq in either case.
|
||||
|
|
@ -422,8 +422,8 @@ void TCP_Reassembler::BlockInserted(zeek::DataBlockMap::const_iterator it)
|
|||
// the now-delivered data.
|
||||
TrimToSeq(last_reassem_seq);
|
||||
|
||||
else if ( e->NoDataAcked() && tcp_max_initial_window &&
|
||||
e->Size() > static_cast<uint64_t>(tcp_max_initial_window) )
|
||||
else if ( e->NoDataAcked() && zeek::detail::tcp_max_initial_window &&
|
||||
e->Size() > static_cast<uint64_t>(zeek::detail::tcp_max_initial_window) )
|
||||
// We've sent quite a bit of data, yet none of it has
|
||||
// been acked. Presume that we're not seeing the peer's
|
||||
// acks (perhaps due to filtering or split routing) and
|
||||
|
|
@ -504,16 +504,16 @@ bool TCP_Reassembler::DataSent(double t, uint64_t seq, int len,
|
|||
NewBlock(t, seq, len, data);
|
||||
flags = TCP_Flags();
|
||||
|
||||
if ( Endpoint()->NoDataAcked() && tcp_max_above_hole_without_any_acks &&
|
||||
NumUndeliveredBytes() > static_cast<uint64_t>(tcp_max_above_hole_without_any_acks) )
|
||||
if ( Endpoint()->NoDataAcked() && zeek::detail::tcp_max_above_hole_without_any_acks &&
|
||||
NumUndeliveredBytes() > static_cast<uint64_t>(zeek::detail::tcp_max_above_hole_without_any_acks) )
|
||||
{
|
||||
tcp_analyzer->Weird("above_hole_data_without_any_acks");
|
||||
ClearBlocks();
|
||||
skip_deliveries = true;
|
||||
}
|
||||
|
||||
if ( tcp_excessive_data_without_further_acks &&
|
||||
block_list.DataSize() > static_cast<uint64_t>(tcp_excessive_data_without_further_acks) )
|
||||
if ( zeek::detail::tcp_excessive_data_without_further_acks &&
|
||||
block_list.DataSize() > static_cast<uint64_t>(zeek::detail::tcp_excessive_data_without_further_acks) )
|
||||
{
|
||||
tcp_analyzer->Weird("excessive_data_without_further_acks");
|
||||
ClearBlocks();
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ UDP_Analyzer::UDP_Analyzer(zeek::Connection* conn)
|
|||
: zeek::analyzer::TransportLayerAnalyzer("UDP", conn)
|
||||
{
|
||||
conn->EnableStatusUpdateTimer();
|
||||
conn->SetInactivityTimeout(udp_inactivity_timeout);
|
||||
conn->SetInactivityTimeout(zeek::detail::udp_inactivity_timeout);
|
||||
request_len = reply_len = -1; // -1 means "haven't seen any activity"
|
||||
|
||||
req_chk_cnt = rep_chk_cnt = 0;
|
||||
|
|
@ -62,7 +62,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
|
|||
|
||||
int chksum = up->uh_sum;
|
||||
|
||||
auto validate_checksum = ! zeek::net::current_pkt->l3_checksummed && ! ignore_checksums && caplen >=len;
|
||||
auto validate_checksum = ! zeek::net::current_pkt->l3_checksummed && ! zeek::detail::ignore_checksums && caplen >=len;
|
||||
constexpr auto vxlan_len = 8;
|
||||
constexpr auto eth_len = 14;
|
||||
|
||||
|
|
@ -146,7 +146,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
|
|||
do_udp_contents = true;
|
||||
else
|
||||
{
|
||||
uint16_t p = udp_content_delivery_ports_use_resp ? Conn()->RespPort()
|
||||
uint16_t p = zeek::detail::udp_content_delivery_ports_use_resp ? Conn()->RespPort()
|
||||
: up->uh_dport;
|
||||
const auto& port_val = zeek::val_mgr->Port(ntohs(p), TRANSPORT_UDP);
|
||||
|
||||
|
|
@ -154,14 +154,14 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
|
|||
{
|
||||
auto result = udp_content_delivery_ports_orig->FindOrDefault(port_val);
|
||||
|
||||
if ( udp_content_deliver_all_orig || (result && result->AsBool()) )
|
||||
if ( zeek::detail::udp_content_deliver_all_orig || (result && result->AsBool()) )
|
||||
do_udp_contents = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
auto result = udp_content_delivery_ports_resp->FindOrDefault(port_val);
|
||||
|
||||
if ( udp_content_deliver_all_resp || (result && result->AsBool()) )
|
||||
if ( zeek::detail::udp_content_deliver_all_resp || (result && result->AsBool()) )
|
||||
do_udp_contents = true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ string Manager::HashHandle(const string& handle) const
|
|||
zeek::detail::hash128_t hash;
|
||||
zeek::detail::KeyedHash::StaticHash128(handle.data(), handle.size(), &hash);
|
||||
|
||||
return zeek::UID(bits_per_uid, hash, 2).Base62("F");
|
||||
return zeek::UID(zeek::detail::bits_per_uid, hash, 2).Base62("F");
|
||||
}
|
||||
|
||||
void Manager::SetHandle(const string& handle)
|
||||
|
|
|
|||
|
|
@ -560,16 +560,16 @@ void Packet::ProcessLayer2()
|
|||
}
|
||||
}
|
||||
|
||||
else if ( encap_hdr_size )
|
||||
else if ( zeek::detail::encap_hdr_size )
|
||||
{
|
||||
// Blanket encapsulation. We assume that what remains is IP.
|
||||
if ( pdata + encap_hdr_size + sizeof(struct ip) >= end_of_data )
|
||||
if ( pdata + zeek::detail::encap_hdr_size + sizeof(struct ip) >= end_of_data )
|
||||
{
|
||||
Weird("no_ip_left_after_encap");
|
||||
return;
|
||||
}
|
||||
|
||||
pdata += encap_hdr_size;
|
||||
pdata += zeek::detail::encap_hdr_size;
|
||||
|
||||
const struct ip* ip = (const struct ip *)pdata;
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
#include "ID.h"
|
||||
#include "Scope.h"
|
||||
|
||||
namespace zeek {
|
||||
namespace zeek::detail {
|
||||
|
||||
// Compiled separately to avoid deprecation warnings at the assignment sites.
|
||||
void zeek_legacy_netvar_init()
|
||||
|
|
@ -95,4 +95,4 @@ void zeek_legacy_netvar_init()
|
|||
preserve_other_addr = anon_id->GetVal()->AsTableVal();
|
||||
}
|
||||
|
||||
} // namespace zeek
|
||||
} // namespace zeek::detail
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue