Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Move various elements into ID.h and zeek::id namespace

Browse source 
* A handful of generic/useful/common global type pointers that used
  to be in NetVar.h

* Lookup functions that used to be Var.h
This commit is contained in:
Jon Siwek 2020-05-12 18:08:52 -07:00
parent 9210d443d3
commit a5762c12cc
84 changed files with 578 additions and 568 deletions
Download patch file Download diff file Expand all files Collapse all files

8
NEWS
View file

@ -159,15 +159,15 @@ Deprecated Functionality
- ``ID::ID_Val()`` is deprecated, use ``ID::GetVal()``.
- ``internal_type()`` is deprecated, use ``zeek::lookup_type()``.
- ``internal_type()`` is deprecated, use ``zeek::id::lookup_type()``.
- ``internal_val()`` and ``internal_const_val()`` are deprecated, use
``zeek::lookup_val()`` or ``zeek::lookup_const()``.
``zeek::id::lookup_val()`` or ``zeek::id::lookup_const()``.
- ``internal_func()`` is deprecated, use ``zeek::lookup_func()``.
- ``internal_func()`` is deprecated, use ``zeek::id::lookup_func()``.
- ``opt_internal_val()`` is deprecated, use ``lookup_ID()`` or
``zeek::lookup_val()``.
``zeek::id::lookup_val()``.
- ``Val::Type()`` is deprecated, use ``Val::GetType``.

2
aux/bifcl

@ -1 +1 @@
Subproject commit 883d7174c8d80a44910855b05482fe107a60e55c
Subproject commit 071a1517a73bde131da42fe35cac05a3503340be

5
src/BroString.cc
View file

@ -8,10 +8,9 @@
#include <ctype.h>
#include "Val.h"
#include "Var.h"
#include "ID.h"
#include "Reporter.h"
#include "util.h"
#include "ZeekVars.h"
#ifdef DEBUG
#define DEBUG_STR(msg) DBG_LOG(DBG_STRING, msg)
@ -341,7 +340,7 @@ BroString::Vec* BroString::Split(const BroString::IdxVec& indices) const
VectorVal* BroString:: VecToPolicy(Vec* vec)
{
auto result = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto result = make_intrusive<VectorVal>(zeek::id::string_vec);
for ( unsigned int i = 0; i < vec->size(); ++i )
{

4
src/CMakeLists.txt
View file

@ -205,7 +205,7 @@ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
set_source_files_properties(nb_dns.c PROPERTIES COMPILE_FLAGS
-fno-strict-aliasing)
set_source_files_properties(ZeekVars.cc PROPERTIES COMPILE_FLAGS
set_source_files_properties(legacy-netvar-init.cc PROPERTIES COMPILE_FLAGS
-Wno-deprecated-declarations)
set(MAIN_SRCS
@ -289,7 +289,7 @@ set(MAIN_SRCS
Var.cc
WeirdState.cc
ZeekArgs.cc
ZeekVars.cc
legacy-netvar-init.cc
bsd-getopt-long.c
bro_inet_ntop.c
patricia.c

10
src/Conn.cc
View file

@ -346,17 +346,17 @@ const IntrusivePtr<RecordVal>& Connection::ConnVal()
{
if ( ! conn_val )
{
conn_val = make_intrusive<RecordVal>(zeek::vars::connection);
conn_val = make_intrusive<RecordVal>(zeek::id::connection);
TransportProto prot_type = ConnTransport();
auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
auto id_val = make_intrusive<RecordVal>(zeek::id::conn_id);
id_val->Assign(0, make_intrusive<AddrVal>(orig_addr));
id_val->Assign(1, val_mgr->Port(ntohs(orig_port), prot_type));
id_val->Assign(2, make_intrusive<AddrVal>(resp_addr));
id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type));
auto orig_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
auto orig_endp = make_intrusive<RecordVal>(zeek::id::endpoint);
orig_endp->Assign(0, val_mgr->Count(0));
orig_endp->Assign(1, val_mgr->Count(0));
orig_endp->Assign(4, val_mgr->Count(orig_flow_label));
@ -367,7 +367,7 @@ const IntrusivePtr<RecordVal>& Connection::ConnVal()
if ( memcmp(&orig_l2_addr, &null, l2_len) != 0 )
orig_endp->Assign(5, make_intrusive<StringVal>(fmt_mac(orig_l2_addr, l2_len)));
auto resp_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
auto resp_endp = make_intrusive<RecordVal>(zeek::id::endpoint);
resp_endp->Assign(0, val_mgr->Count(0));
resp_endp->Assign(1, val_mgr->Count(0));
resp_endp->Assign(4, val_mgr->Count(resp_flow_label));
@ -379,7 +379,7 @@ const IntrusivePtr<RecordVal>& Connection::ConnVal()
conn_val->Assign(1, std::move(orig_endp));
conn_val->Assign(2, std::move(resp_endp));
// 3 and 4 are set below.
conn_val->Assign(5, make_intrusive<TableVal>(zeek::vars::string_set)); // service
conn_val->Assign(5, make_intrusive<TableVal>(zeek::id::string_set)); // service
conn_val->Assign(6, val_mgr->EmptyString()); // history
if ( ! uid )

2
src/DNS_Mgr.cc
View file

@ -462,7 +462,7 @@ void DNS_Mgr::InitPostScript()
dns_mapping_name_changed = internal_handler("dns_mapping_name_changed");
dns_mapping_altered = internal_handler("dns_mapping_altered");
dm_rec = zeek::lookup_type("dns_mapping")->AsRecordType();
dm_rec = zeek::id::lookup_type("dns_mapping")->AsRecordType();
// Registering will call Init()
iosource_mgr->Register(this, true);

8
src/Discard.cc
View file

@ -16,10 +16,10 @@
Discarder::Discarder()
{
check_ip = zeek::lookup_func("discarder_check_ip");
check_tcp = zeek::lookup_func("discarder_check_tcp");
check_udp = zeek::lookup_func("discarder_check_udp");
check_icmp = zeek::lookup_func("discarder_check_icmp");
check_ip = zeek::id::lookup_func("discarder_check_ip");
check_tcp = zeek::id::lookup_func("discarder_check_tcp");
check_udp = zeek::id::lookup_func("discarder_check_udp");
check_icmp = zeek::id::lookup_func("discarder_check_icmp");
discarder_maxlen = static_cast<int>(opt_internal_int("discarder_maxlen"));
}

4
src/EventHandler.cc
View file

@ -128,7 +128,7 @@ void EventHandler::NewEvent(const zeek::Args& vl)
return;
RecordType* args = FType()->Args();
static auto call_argument_vector = zeek::lookup_type<VectorType>("call_argument_vector");
static auto call_argument_vector = zeek::id::lookup_type<VectorType>("call_argument_vector");
auto vargs = make_intrusive<VectorVal>(call_argument_vector);
for ( int i = 0; i < args->NumFields(); i++ )
@ -137,7 +137,7 @@ void EventHandler::NewEvent(const zeek::Args& vl)
const auto& ftype = args->GetFieldType(i);
auto fdefault = args->FieldDefault(i);
static auto call_argument = zeek::lookup_type<RecordType>("call_argument");
static auto call_argument = zeek::id::lookup_type<RecordType>("call_argument");
auto rec = make_intrusive<RecordVal>(call_argument);
rec->Assign(0, make_intrusive<StringVal>(fname));

2
src/File.cc
View file

@ -278,7 +278,7 @@ RecordVal* BroFile::Rotate()
if ( f == stdin || f == stdout || f == stderr )
return nullptr;
static auto rotate_info = zeek::lookup_type<RecordType>("rotate_info");
static auto rotate_info = zeek::id::lookup_type<RecordType>("rotate_info");
RecordVal* info = new RecordVal(rotate_info);
FILE* newf = rotate_file(name, info);

30
src/Func.cc
View file

@ -54,8 +54,6 @@
#include "iosource/PktSrc.h"
#include "iosource/PktDumper.h"
using namespace zeek;
extern RETSIGTYPE sig_handler(int signo);
std::vector<CallInfo> call_stack;
@ -750,21 +748,21 @@ void builtin_error(const char* msg, BroObj* arg)
void init_builtin_funcs()
{
ProcStats = lookup_type("ProcStats")->AsRecordType();
NetStats = lookup_type("NetStats")->AsRecordType();
MatcherStats = lookup_type("MatcherStats")->AsRecordType();
ConnStats = lookup_type("ConnStats")->AsRecordType();
ReassemblerStats = lookup_type("ReassemblerStats")->AsRecordType();
DNSStats = lookup_type("DNSStats")->AsRecordType();
GapStats = lookup_type("GapStats")->AsRecordType();
EventStats = lookup_type("EventStats")->AsRecordType();
TimerStats = lookup_type("TimerStats")->AsRecordType();
FileAnalysisStats = lookup_type("FileAnalysisStats")->AsRecordType();
ThreadStats = lookup_type("ThreadStats")->AsRecordType();
BrokerStats = lookup_type("BrokerStats")->AsRecordType();
ReporterStats = lookup_type("ReporterStats")->AsRecordType();
ProcStats = zeek::id::lookup_type("ProcStats")->AsRecordType();
NetStats = zeek::id::lookup_type("NetStats")->AsRecordType();
MatcherStats = zeek::id::lookup_type("MatcherStats")->AsRecordType();
ConnStats = zeek::id::lookup_type("ConnStats")->AsRecordType();
ReassemblerStats = zeek::id::lookup_type("ReassemblerStats")->AsRecordType();
DNSStats = zeek::id::lookup_type("DNSStats")->AsRecordType();
GapStats = zeek::id::lookup_type("GapStats")->AsRecordType();
EventStats = zeek::id::lookup_type("EventStats")->AsRecordType();
TimerStats = zeek::id::lookup_type("TimerStats")->AsRecordType();
FileAnalysisStats = zeek::id::lookup_type("FileAnalysisStats")->AsRecordType();
ThreadStats = zeek::id::lookup_type("ThreadStats")->AsRecordType();
BrokerStats = zeek::id::lookup_type("BrokerStats")->AsRecordType();
ReporterStats = zeek::id::lookup_type("ReporterStats")->AsRecordType();
var_sizes = lookup_type("var_sizes")->AsTableType();
var_sizes = zeek::id::lookup_type("var_sizes")->AsTableType();
#include "zeek.bif.func_init"
#include "stats.bif.func_init"

83
src/ID.cc
View file

@ -19,6 +19,89 @@
#include "zeekygen/ScriptInfo.h"
#include "module_util.h"
IntrusivePtr<RecordType> zeek::id::conn_id;
IntrusivePtr<RecordType> zeek::id::endpoint;
IntrusivePtr<RecordType> zeek::id::connection;
IntrusivePtr<RecordType> zeek::id::fa_file;
IntrusivePtr<RecordType> zeek::id::fa_metadata;
IntrusivePtr<EnumType> zeek::id::transport_proto;
IntrusivePtr<TableType> zeek::id::string_set;
IntrusivePtr<TableType> zeek::id::string_array;
IntrusivePtr<TableType> zeek::id::count_set;
IntrusivePtr<VectorType> zeek::id::string_vec;
IntrusivePtr<VectorType> zeek::id::index_vec;
IntrusivePtr<ID> zeek::id::lookup(const char* name)
{
auto id = global_scope()->Lookup(name);
if ( ! id )
return nullptr;
return {NewRef{}, id};
}
const IntrusivePtr<BroType>& zeek::id::lookup_type(const char* name)
{
auto id = zeek::id::lookup(name);
if ( ! id )
reporter->InternalError("Failed to find type named: %s", name);
return id->GetType();
}
const IntrusivePtr<Val>& zeek::id::lookup_val(const char* name)
{
auto id = zeek::id::lookup(name);
if ( ! id )
reporter->InternalError("Failed to find variable named: %s", name);
return id->GetVal();
}
const IntrusivePtr<Val>& zeek::id::lookup_const(const char* name)
{
auto id = zeek::id::lookup(name);
if ( ! id )
reporter->InternalError("Failed to find variable named: %s", name);
if ( ! id->IsConst() )
reporter->InternalError("Variable is not 'const', but expected to be: %s", name);
return id->GetVal();
}
IntrusivePtr<Func> zeek::id::lookup_func(const char* name)
{
const auto& v = zeek::id::lookup_val(name);
if ( ! v )
return nullptr;
if ( ! IsFunc(v->GetType()->Tag()) )
reporter->InternalError("Expected variable '%s' to be a function", name);
return {NewRef{}, v->AsFunc()};
}
void zeek::id::detail::init()
{
conn_id = lookup_type<RecordType>("conn_id");
endpoint = lookup_type<RecordType>("endpoint");
connection = lookup_type<RecordType>("connection");
fa_file = lookup_type<RecordType>("fa_file");
fa_metadata = lookup_type<RecordType>("fa_metadata");
transport_proto = lookup_type<EnumType>("transport_proto");
string_set = lookup_type<TableType>("string_set");
string_array = lookup_type<TableType>("string_array");
count_set = lookup_type<TableType>("count_set");
string_vec = lookup_type<VectorType>("string_vec");
index_vec = lookup_type<VectorType>("index_vec");
}
ID::ID(const char* arg_name, IDScope arg_scope, bool arg_is_export)
{
name = copy_string(arg_name);

86
src/ID.h
View file

@ -16,6 +16,10 @@ class Val;
class Expr;
class Func;
class BroType;
class RecordType;
class TableType;
class VectorType;
class EnumType;
class Attributes;
typedef enum { INIT_NONE, INIT_FULL, INIT_EXTRA, INIT_REMOVE, } init_class;
@ -152,3 +156,85 @@ protected:
std::multimap<int, IntrusivePtr<Func>> option_handlers;
};
namespace zeek { namespace id {
/**
* Lookup an ID in the global module and return it, if one exists;
* @param name The identifier name to lookup.
* @return The identifier, which may reference a nil object if no such
* name exists.
*/
IntrusivePtr<ID> lookup(const char* name);
/**
* Lookup an ID by its name and return its type. A fatal occurs if the ID
* does not exist.
* @param name The identifier name to lookup
* @return The type of the identifier.
*/
const IntrusivePtr<BroType>& lookup_type(const char* name);
/**
* Lookup an ID by its name and return its type (as cast to @c T).
* A fatal occurs if the ID does not exist.
* @param name The identifier name to lookup
* @return The type of the identifier.
*/
template<class T>
IntrusivePtr<T> lookup_type(const char* name)
{ return cast_intrusive<T>(lookup_type(name)); }
/**
* Lookup an ID by its name and return its value. A fatal occurs if the ID
* does not exist.
* @param name The identifier name to lookup
* @return The current value of the identifier
*/
const IntrusivePtr<Val>& lookup_val(const char* name);
/**
* Lookup an ID by its name and return its value (as cast to @c T).
* A fatal occurs if the ID does not exist.
* @param name The identifier name to lookup
* @return The current value of the identifier.
*/
template<class T>
IntrusivePtr<T> lookup_val(const char* name)
{ return cast_intrusive<T>(lookup_val(name)); }
/**
* Lookup an ID by its name and return its value. A fatal occurs if the ID
* does not exist or if it is not "const".
* @param name The identifier name to lookup
* @return The current value of the identifier
*/
const IntrusivePtr<Val>& lookup_const(const char* name);
/**
* Lookup an ID by its name and return the function it references.
* A fatal occurs if the ID does not exist or if it is not a function.
* @param name The identifier name to lookup
* @return The current function value the identifier references.
*/
IntrusivePtr<Func> lookup_func(const char* name);
extern IntrusivePtr<RecordType> conn_id;
extern IntrusivePtr<RecordType> endpoint;
extern IntrusivePtr<RecordType> connection;
extern IntrusivePtr<RecordType> fa_file;
extern IntrusivePtr<RecordType> fa_metadata;
extern IntrusivePtr<EnumType> transport_proto;
extern IntrusivePtr<TableType> string_set;
extern IntrusivePtr<TableType> string_array;
extern IntrusivePtr<TableType> count_set;
extern IntrusivePtr<VectorType> string_vec;
extern IntrusivePtr<VectorType> index_vec;
namespace detail {
void init();
} // namespace zeek::id::detail
}} // namespace zeek::id

34
src/IP.cc
View file

@ -13,8 +13,6 @@
#include "BroString.h"
#include "Reporter.h"
using namespace zeek;
static RecordType* ip4_hdr_type = nullptr;
static RecordType* ip6_hdr_type = nullptr;
static RecordType* ip6_ext_hdr_type = nullptr;
@ -39,14 +37,14 @@ static RecordType* ip6_mob_be_type = nullptr;
static inline RecordType* hdrType(RecordType*& type, const char* name)
{
if ( ! type )
type = lookup_type(name)->AsRecordType();
type = zeek::id::lookup_type(name)->AsRecordType();
return type;
}
static IntrusivePtr<VectorVal> BuildOptionsVal(const u_char* data, int len)
{
auto vv = make_intrusive<VectorVal>(lookup_type<VectorType>("ip6_options"));
auto vv = make_intrusive<VectorVal>(zeek::id::lookup_type<VectorType>("ip6_options"));
while ( len > 0 )
{
@ -97,7 +95,7 @@ IntrusivePtr<RecordVal> IPv6_Hdr::ToVal(IntrusivePtr<VectorVal> chain) const
rv->Assign(6, make_intrusive<AddrVal>(IPAddr(ip6->ip6_dst)));
if ( ! chain )
chain = make_intrusive<VectorVal>(
lookup_type<VectorType>("ip6_ext_hdr_chain"));
zeek::id::lookup_type<VectorType>("ip6_ext_hdr_chain"));
rv->Assign(7, std::move(chain));
}
break;
@ -369,7 +367,7 @@ IntrusivePtr<RecordVal> IP_Hdr::ToPktHdrVal() const
static RecordType* pkt_hdr_type = nullptr;
if ( ! pkt_hdr_type )
pkt_hdr_type = lookup_type("pkt_hdr")->AsRecordType();
pkt_hdr_type = zeek::id::lookup_type("pkt_hdr")->AsRecordType();
return ToPktHdrVal(make_intrusive<RecordVal>(pkt_hdr_type), 0);
}
@ -387,9 +385,9 @@ IntrusivePtr<RecordVal> IP_Hdr::ToPktHdrVal(IntrusivePtr<RecordVal> pkt_hdr, int
if ( ! tcp_hdr_type )
{
tcp_hdr_type = lookup_type("tcp_hdr")->AsRecordType();
udp_hdr_type = lookup_type("udp_hdr")->AsRecordType();
icmp_hdr_type = lookup_type("icmp_hdr")->AsRecordType();
tcp_hdr_type = zeek::id::lookup_type("tcp_hdr")->AsRecordType();
udp_hdr_type = zeek::id::lookup_type("udp_hdr")->AsRecordType();
icmp_hdr_type = zeek::id::lookup_type("icmp_hdr")->AsRecordType();
}
if ( ip4 )
@ -699,18 +697,18 @@ IntrusivePtr<VectorVal> IPv6_Hdr_Chain::ToVal() const
{
if ( ! ip6_ext_hdr_type )
{
ip6_ext_hdr_type = lookup_type("ip6_ext_hdr")->AsRecordType();
ip6_hopopts_type = lookup_type("ip6_hopopts")->AsRecordType();
ip6_dstopts_type = lookup_type("ip6_dstopts")->AsRecordType();
ip6_routing_type = lookup_type("ip6_routing")->AsRecordType();
ip6_fragment_type = lookup_type("ip6_fragment")->AsRecordType();
ip6_ah_type = lookup_type("ip6_ah")->AsRecordType();
ip6_esp_type = lookup_type("ip6_esp")->AsRecordType();
ip6_mob_type = lookup_type("ip6_mobility_hdr")->AsRecordType();
ip6_ext_hdr_type = zeek::id::lookup_type("ip6_ext_hdr")->AsRecordType();
ip6_hopopts_type = zeek::id::lookup_type("ip6_hopopts")->AsRecordType();
ip6_dstopts_type = zeek::id::lookup_type("ip6_dstopts")->AsRecordType();
ip6_routing_type = zeek::id::lookup_type("ip6_routing")->AsRecordType();
ip6_fragment_type = zeek::id::lookup_type("ip6_fragment")->AsRecordType();
ip6_ah_type = zeek::id::lookup_type("ip6_ah")->AsRecordType();
ip6_esp_type = zeek::id::lookup_type("ip6_esp")->AsRecordType();
ip6_mob_type = zeek::id::lookup_type("ip6_mobility_hdr")->AsRecordType();
}
auto rval = make_intrusive<VectorVal>(
lookup_type<VectorType>("ip6_ext_hdr_chain"));
zeek::id::lookup_type<VectorType>("ip6_ext_hdr_chain"));
for ( size_t i = 1; i < chain.size(); ++i )
{

16
src/NetVar.cc
View file

@ -6,6 +6,7 @@
#include "Var.h"
#include "EventHandler.h"
#include "Val.h"
#include "ID.h"
RecordType* conn_id;
RecordType* endpoint;
@ -219,6 +220,8 @@ void init_general_global_var()
bits_per_uid = opt_internal_unsigned("bits_per_uid");
}
extern void zeek_legacy_netvar_init();
void init_net_var()
{
#include "const.bif.netvar_init"
@ -226,7 +229,8 @@ void init_net_var()
#include "reporter.bif.netvar_init"
#include "supervisor.bif.netvar_init"
zeek::vars::detail::init();
zeek::id::detail::init();
zeek_legacy_netvar_init();
ignore_checksums = opt_internal_int("ignore_checksums");
partial_connection_ok = opt_internal_int("partial_connection_ok");
@ -262,16 +266,16 @@ void init_net_var()
opt_internal_double("tcp_storm_interarrival_thresh");
tcp_content_deliver_all_orig =
bool(zeek::lookup_val("tcp_content_deliver_all_orig")->AsBool());
bool(zeek::id::lookup_val("tcp_content_deliver_all_orig")->AsBool());
tcp_content_deliver_all_resp =
bool(zeek::lookup_val("tcp_content_deliver_all_resp")->AsBool());
bool(zeek::id::lookup_val("tcp_content_deliver_all_resp")->AsBool());
udp_content_deliver_all_orig =
bool(zeek::lookup_val("udp_content_deliver_all_orig")->AsBool());
bool(zeek::id::lookup_val("udp_content_deliver_all_orig")->AsBool());
udp_content_deliver_all_resp =
bool(zeek::lookup_val("udp_content_deliver_all_resp")->AsBool());
bool(zeek::id::lookup_val("udp_content_deliver_all_resp")->AsBool());
udp_content_delivery_ports_use_resp =
bool(zeek::lookup_val("udp_content_delivery_ports_use_resp")->AsBool());
bool(zeek::id::lookup_val("udp_content_delivery_ports_use_resp")->AsBool());
dns_session_timeout = opt_internal_double("dns_session_timeout");
rpc_timeout = opt_internal_double("rpc_timeout");

23
src/NetVar.h
View file

@ -6,19 +6,18 @@
#include "Func.h"
#include "EventRegistry.h"
#include "Stats.h"
#include "ZeekVars.h"
[[deprecated("Remove in v4.1. Use zeek::vars::conn_id.")]]
[[deprecated("Remove in v4.1. Use zeek::id::conn_id.")]]
extern RecordType* conn_id;
[[deprecated("Remove in v4.1. Use zeek::vars::endpoint.")]]
[[deprecated("Remove in v4.1. Use zeek::id::endpoint.")]]
extern RecordType* endpoint;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern RecordType* endpoint_stats;
[[deprecated("Remove in v4.1. Use zeek::vars::connection.")]]
[[deprecated("Remove in v4.1. Use zeek::id::connection.")]]
extern RecordType* connection_type;
[[deprecated("Remove in v4.1. Use zeek::vars::fa_file.")]]
[[deprecated("Remove in v4.1. Use zeek::id::fa_file.")]]
extern RecordType* fa_file_type;
[[deprecated("Remove in v4.1. Use zeek::vars::fa_metadata.")]]
[[deprecated("Remove in v4.1. Use zeek::id::fa_metadata.")]]
extern RecordType* fa_metadata_type;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern RecordType* icmp_conn;
@ -34,17 +33,17 @@ extern RecordType* pcap_packet;
extern RecordType* raw_pkt_hdr_type;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern RecordType* l2_hdr_type;
[[deprecated("Remove in v4.1. Use zeek::vars::transport_proto.")]]
[[deprecated("Remove in v4.1. Use zeek::id::transport_proto.")]]
extern EnumType* transport_proto;
[[deprecated("Remove in v4.1. Use zeek::vars::string_set.")]]
[[deprecated("Remove in v4.1. Use zeek::id::string_set.")]]
extern TableType* string_set;
[[deprecated("Remove in v4.1. Use zeek::vars::string_array.")]]
[[deprecated("Remove in v4.1. Use zeek::id::string_array.")]]
extern TableType* string_array;
[[deprecated("Remove in v4.1. Use zeek::vars::count_set.")]]
[[deprecated("Remove in v4.1. Use zeek::id::count_set.")]]
extern TableType* count_set;
[[deprecated("Remove in v4.1. Use zeek::vars::string_vec.")]]
[[deprecated("Remove in v4.1. Use zeek::id::string_vec.")]]
extern VectorType* string_vec;
[[deprecated("Remove in v4.1. Use zeek::vars::index_vec.")]]
[[deprecated("Remove in v4.1. Use zeek::id::index_vec.")]]
extern VectorType* index_vec;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern VectorType* mime_matches;

2
src/OpaqueVal.cc
View file

@ -981,7 +981,7 @@ ParaglobVal::ParaglobVal(std::unique_ptr<paraglob::Paraglob> p)
IntrusivePtr<VectorVal> ParaglobVal::Get(StringVal* &pattern)
{
auto rval = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto rval = make_intrusive<VectorVal>(zeek::id::string_vec);
std::string string_pattern (reinterpret_cast<const char*>(pattern->Bytes()), pattern->Len());
std::vector<std::string> matches = this->internal_paraglob->get(string_pattern);

16
src/Reporter.cc
View file

@ -15,7 +15,7 @@
#include "Net.h"
#include "Conn.h"
#include "Timer.h"
#include "Var.h"
#include "ID.h"
#include "EventHandler.h"
#include "plugin/Plugin.h"
#include "plugin/Manager.h"
@ -63,13 +63,13 @@ Reporter::~Reporter()
void Reporter::InitOptions()
{
info_to_stderr = zeek::lookup_val("Reporter::info_to_stderr")->AsBool();
warnings_to_stderr = zeek::lookup_val("Reporter::warnings_to_stderr")->AsBool();
errors_to_stderr = zeek::lookup_val("Reporter::errors_to_stderr")->AsBool();
weird_sampling_rate = zeek::lookup_val("Weird::sampling_rate")->AsCount();
weird_sampling_threshold = zeek::lookup_val("Weird::sampling_threshold")->AsCount();
weird_sampling_duration = zeek::lookup_val("Weird::sampling_duration")->AsInterval();
auto wl_val = zeek::lookup_val("Weird::sampling_whitelist")->AsTableVal();
info_to_stderr = zeek::id::lookup_val("Reporter::info_to_stderr")->AsBool();
warnings_to_stderr = zeek::id::lookup_val("Reporter::warnings_to_stderr")->AsBool();
errors_to_stderr = zeek::id::lookup_val("Reporter::errors_to_stderr")->AsBool();
weird_sampling_rate = zeek::id::lookup_val("Weird::sampling_rate")->AsCount();
weird_sampling_threshold = zeek::id::lookup_val("Weird::sampling_threshold")->AsCount();
weird_sampling_duration = zeek::id::lookup_val("Weird::sampling_duration")->AsInterval();
auto wl_val = zeek::id::lookup_val("Weird::sampling_whitelist")->AsTableVal();
auto wl_table = wl_val->AsTable();
HashKey* k;

5
src/RuleCondition.cc
View file

@ -6,9 +6,8 @@
#include "Reporter.h"
#include "Scope.h"
#include "Func.h"
#include "ID.h"
#include "Val.h"
#include "Var.h"
#include "ZeekVars.h"
static inline bool is_established(const analyzer::tcp::TCP_Endpoint* e)
{
@ -145,7 +144,7 @@ RuleConditionEval::RuleConditionEval(const char* func)
if ( f->Yield()->Tag() != TYPE_BOOL )
rules_error("eval function type must yield a 'bool'", func);
static auto signature_state = zeek::lookup_type<RecordType>("signature_state");
static auto signature_state = zeek::id::lookup_type<RecordType>("signature_state");
TypeList tl;
tl.Append(signature_state);
tl.Append(base_type(TYPE_STRING));

2
src/RuleMatcher.cc
View file

@ -80,7 +80,7 @@ RuleHdrTest::RuleHdrTest(Prot arg_prot, Comp arg_comp, vector<IPPrefix> arg_v)
Val* RuleMatcher::BuildRuleStateValue(const Rule* rule,
const RuleEndpointState* state) const
{
static auto signature_state = zeek::lookup_type<RecordType>("signature_state");
static auto signature_state = zeek::id::lookup_type<RecordType>("signature_state");
RecordVal* val = new RecordVal(signature_state);
val->Assign(0, make_intrusive<StringVal>(rule->ID()));
val->Assign(1, state->GetAnalyzer()->ConnVal());

6
src/Sessions.cc
View file

@ -81,7 +81,7 @@ NetSessions::NetSessions()
dump_this_packet = false;
num_packets_processed = 0;
static auto pkt_profile_file = zeek::lookup_val("pkt_profile_file");
static auto pkt_profile_file = zeek::id::lookup_val("pkt_profile_file");
if ( pkt_profile_mode && pkt_profile_freq > 0 && pkt_profile_file )
pkt_profiler = new PacketProfiler(pkt_profile_mode,
@ -915,7 +915,7 @@ Connection* NetSessions::FindConnection(Val* v)
int orig_h, orig_p; // indices into record's value list
int resp_h, resp_p;
if ( vr == zeek::vars::conn_id )
if ( vr == zeek::id::conn_id )
{
orig_h = 0;
orig_p = 1;
@ -1219,7 +1219,7 @@ bool NetSessions::IsLikelyServerPort(uint32_t port, TransportProto proto) const
if ( ! have_cache )
{
auto likely_server_ports = zeek::lookup_val<TableVal>("likely_server_ports");
auto likely_server_ports = zeek::id::lookup_val<TableVal>("likely_server_ports");
auto lv = likely_server_ports->ToPureListVal();
for ( int i = 0; i < lv->Length(); i++ )
port_cache.insert(lv->Idx(i)->InternalUnsigned());

8
src/SmithWaterman.cc
View file

@ -59,19 +59,19 @@ bool BroSubstring::DoesCover(const BroSubstring* bst) const
VectorVal* BroSubstring::VecToPolicy(Vec* vec)
{
RecordType* sw_substring_type =
zeek::lookup_type("sw_substring")->AsRecordType();
zeek::id::lookup_type("sw_substring")->AsRecordType();
if ( ! sw_substring_type )
return nullptr;
RecordType* sw_align_type =
zeek::lookup_type("sw_align")->AsRecordType();
zeek::id::lookup_type("sw_align")->AsRecordType();
if ( ! sw_align_type )
return nullptr;
auto sw_align_vec_type = zeek::lookup_type<VectorType>("sw_align_vec");
auto sw_align_vec_type = zeek::id::lookup_type<VectorType>("sw_align_vec");
auto result =
make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("sw_substring_vec"));
make_intrusive<VectorVal>(zeek::id::lookup_type<VectorType>("sw_substring_vec"));
if ( vec )
{

4
src/Stats.cc
View file

@ -5,7 +5,7 @@
#include "Event.h"
#include "Net.h"
#include "NetVar.h"
#include "Var.h"
#include "ID.h"
#include "Sessions.h"
#include "Scope.h"
#include "DNS_Mgr.h"
@ -342,7 +342,7 @@ SampleLogger::SampleLogger()
static TableType* load_sample_info = nullptr;
if ( ! load_sample_info )
load_sample_info = zeek::lookup_type("load_sample_info")->AsTableType();
load_sample_info = zeek::id::lookup_type("load_sample_info")->AsTableType();
load_samples = new TableVal({NewRef{}, load_sample_info});
}

6
src/Stmt.cc
View file

@ -201,8 +201,8 @@ static IntrusivePtr<EnumVal> lookup_enum_val(const char* module_name, const char
static void print_log(const std::vector<IntrusivePtr<Val>>& vals)
{
auto plval = lookup_enum_val("Log", "PRINTLOG");
auto record = make_intrusive<RecordVal>(zeek::lookup_type("Log::PrintLogInfo")->AsRecordType());
auto vec = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto record = make_intrusive<RecordVal>(zeek::id::lookup_type("Log::PrintLogInfo")->AsRecordType());
auto vec = make_intrusive<VectorVal>(zeek::id::string_vec);
for ( const auto& val : vals )
{
@ -237,7 +237,7 @@ IntrusivePtr<Val> PrintStmt::DoExec(std::vector<IntrusivePtr<Val>> vals,
}
static auto print_log_type = static_cast<BifEnum::Log::PrintLogType>(
zeek::lookup_val("Log::print_to_log")->AsEnum());
zeek::id::lookup_val("Log::print_to_log")->AsEnum());
switch ( print_log_type ) {
case BifEnum::Log::REDIRECT_NONE:

2
src/TunnelEncapsulation.cc
View file

@ -20,7 +20,7 @@ IntrusivePtr<RecordVal> EncapsulatingConn::ToVal() const
{
auto rv = make_intrusive<RecordVal>(BifType::Record::Tunnel::EncapsulatingConn);
auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
auto id_val = make_intrusive<RecordVal>(zeek::id::conn_id);
id_val->Assign(0, make_intrusive<AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(ntohs(src_port), proto));
id_val->Assign(2, make_intrusive<AddrVal>(dst_addr));

4
src/TunnelEncapsulation.h
View file

@ -6,7 +6,7 @@
#include "IntrusivePtr.h"
#include "NetVar.h"
#include "IPAddr.h"
#include "Var.h"
#include "ID.h"
#include "UID.h"
#include <vector>
@ -198,7 +198,7 @@ public:
IntrusivePtr<VectorVal> ToVal() const
{
auto vv = make_intrusive<VectorVal>(
zeek::lookup_type<VectorType>("EncapsulatingConnVector"));
zeek::id::lookup_type<VectorType>("EncapsulatingConnVector"));
if ( conns )
{

4
src/Type.cc
View file

@ -796,8 +796,8 @@ static string container_type_name(const BroType* ft)
IntrusivePtr<TableVal> RecordType::GetRecordFieldsVal(const RecordVal* rv) const
{
static auto record_field = zeek::lookup_type<RecordType>("record_field");
static auto record_field_table = zeek::lookup_type<TableType>("record_field_table");
static auto record_field = zeek::id::lookup_type<RecordType>("record_field");
static auto record_field_table = zeek::id::lookup_type<TableType>("record_field_table");
auto rval = make_intrusive<TableVal>(record_field_table);
for ( int i = 0; i < NumFields(); ++i )

6
src/Val.cc
View file

@ -34,7 +34,7 @@
#include "Conn.h"
#include "Reporter.h"
#include "IPAddr.h"
#include "Var.h"
#include "ID.h"
#include "broker/Data.h"
@ -411,7 +411,7 @@ bool Val::WouldOverflow(const BroType* from_type, const BroType* to_type, const
IntrusivePtr<TableVal> Val::GetRecordFields()
{
static auto record_field_table = zeek::lookup_type<TableType>("record_field_table");
static auto record_field_table = zeek::id::lookup_type<TableType>("record_field_table");
auto t = GetType().get();
if ( t->Tag() != TYPE_RECORD && t->Tag() != TYPE_TYPE )
@ -1931,7 +1931,7 @@ IntrusivePtr<VectorVal> TableVal::LookupSubnets(const SubNetVal* search)
if ( ! subnets )
reporter->InternalError("LookupSubnets called on wrong table type");
auto result = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("subnet_vec"));
auto result = make_intrusive<VectorVal>(zeek::id::lookup_type<VectorType>("subnet_vec"));
auto matches = subnets->FindAll(search);
for ( auto element : matches )

54
src/Var.cc
View file

@ -15,6 +15,7 @@
#include "EventRegistry.h"
#include "Traverse.h"
#include "module_util.h"
#include "ID.h"
static IntrusivePtr<Val> init_val(Expr* init, const BroType* t,
IntrusivePtr<Val> aggr)
@ -657,7 +658,7 @@ void end_func(IntrusivePtr<Stmt> body)
Val* internal_val(const char* name)
{
return zeek::lookup_val(name).get();
return zeek::id::lookup_val(name).get();
}
id_list gather_outer_ids(Scope* scope, Stmt* body)
@ -682,7 +683,7 @@ id_list gather_outer_ids(Scope* scope, Stmt* body)
Val* internal_const_val(const char* name)
{
return zeek::lookup_const(name).get();
return zeek::id::lookup_const(name).get();
}
Val* opt_internal_val(const char* name)
@ -760,44 +761,12 @@ ListVal* internal_list_val(const char* name)
BroType* internal_type(const char* name)
{
return zeek::lookup_type(name).get();
}
const IntrusivePtr<Val>& zeek::lookup_val(const char* name)
{
auto id = lookup_ID(name, GLOBAL_MODULE_NAME);
if ( ! id )
reporter->InternalError("Failed to find variable named: %s", name);
return id->GetVal();
}
const IntrusivePtr<Val>& zeek::lookup_const(const char* name)
{
auto id = lookup_ID(name, GLOBAL_MODULE_NAME);
if ( ! id )
reporter->InternalError("Failed to find variable named: %s", name);
if ( ! id->IsConst() )
reporter->InternalError("Variable is not 'const', but expected to be: %s", name);
return id->GetVal();
}
const IntrusivePtr<BroType>& zeek::lookup_type(const char* name)
{
auto id = lookup_ID(name, GLOBAL_MODULE_NAME);
if ( ! id )
reporter->InternalError("Failed to find type named: %s", name);
return id->GetType();
return zeek::id::lookup_type(name).get();
}
Func* internal_func(const char* name)
{
const auto& v = zeek::lookup_val(name);
const auto& v = zeek::id::lookup_val(name);
if ( v )
return v->AsFunc();
@ -805,19 +774,6 @@ Func* internal_func(const char* name)
return nullptr;
}
IntrusivePtr<Func> zeek::lookup_func(const char* name)
{
const auto& v = zeek::lookup_val(name);
if ( ! v )
return nullptr;
if ( ! IsFunc(v->GetType()->Tag()) )
reporter->InternalError("Expected variable '%s' to be a function", name);
return {NewRef{}, v->AsFunc()};
}
EventHandlerPtr internal_handler(const char* name)
{
// If there already is an entry in the registry, we have a

72
src/Var.h
View file

@ -40,88 +40,32 @@ extern void end_func(IntrusivePtr<Stmt> body);
// Gather all IDs referenced inside a body that aren't part of a given scope.
extern id_list gather_outer_ids(Scope* scope, Stmt* body);
[[deprecated("Remove in v4.1. Use zeek::lookup_val().")]]
[[deprecated("Remove in v4.1. Use zeek::id::lookup_val().")]]
extern Val* internal_val(const char* name);
[[deprecated("Remove in v4.1. Use zeek::lookup_const().")]]
[[deprecated("Remove in v4.1. Use zeek::id::lookup_const().")]]
extern Val* internal_const_val(const char* name); // internal error if not const
[[deprecated("Remove in v4.1. Use lookup_ID() or zeek::lookup_val().")]]
[[deprecated("Remove in v4.1. Use zeek::id::lookup() or zeek::id::lookup_val().")]]
extern Val* opt_internal_val(const char* name); // returns nil if not defined
extern double opt_internal_double(const char* name);
extern bro_int_t opt_internal_int(const char* name);
extern bro_uint_t opt_internal_unsigned(const char* name);
[[deprecated("Remove in v4.1. Use lookup_ID() or zeek::lookup_val().")]]
[[deprecated("Remove in v4.1. Use zeek::id::lookup() or zeek::id::lookup_val().")]]
extern StringVal* opt_internal_string(const char* name);
[[deprecated("Remove in v4.1. Use lookup_ID() or zeek::lookup_val().")]]
[[deprecated("Remove in v4.1. Use zeek::id::lookup() or zeek::id::lookup_val().")]]
extern TableVal* opt_internal_table(const char* name); // nil if not defined
[[deprecated("Remove in v4.1. Use lookup_ID(), zeek::lookup_val(), and/or TableVal::ToPureListVal().")]]
[[deprecated("Remove in v4.1. Use zeek::id::lookup(), zeek::id::lookup_val(), and/or TableVal::ToPureListVal().")]]
extern ListVal* internal_list_val(const char* name);
[[deprecated("Remove in v4.1. Use zeek::lookup_type().")]]
[[deprecated("Remove in v4.1. Use zeek::id::lookup_type().")]]
extern BroType* internal_type(const char* name);
[[deprecated("Remove in v4.1. Use zeek::lookup_func().")]]
[[deprecated("Remove in v4.1. Use zeek::id::lookup_func().")]]
extern Func* internal_func(const char* name);
extern EventHandlerPtr internal_handler(const char* name);
extern int signal_val; // 0 if no signal pending
namespace zeek {
/**
* Lookup an ID by its name and return its type. A fatal occurs if the ID
* does not exist.
* @param name The identifier name to lookup
* @return The type of the identifier.
*/
const IntrusivePtr<BroType>& lookup_type(const char* name);
/**
* Lookup an ID by its name and return its type (as cast to @c T).
* A fatal occurs if the ID does not exist.
* @param name The identifier name to lookup
* @return The type of the identifier.
*/
template<class T>
IntrusivePtr<T> lookup_type(const char* name)
{ return cast_intrusive<T>(lookup_type(name)); }
/**
* Lookup an ID by its name and return its value. A fatal occurs if the ID
* does not exist.
* @param name The identifier name to lookup
* @return The current value of the identifier
*/
const IntrusivePtr<Val>& lookup_val(const char* name);
/**
* Lookup an ID by its name and return its value (as cast to @c T).
* A fatal occurs if the ID does not exist.
* @param name The identifier name to lookup
* @return The current value of the identifier.
*/
template<class T>
IntrusivePtr<T> lookup_val(const char* name)
{ return cast_intrusive<T>(lookup_val(name)); }
/**
* Lookup an ID by its name and return its value. A fatal occurs if the ID
* does not exist or if it is not "const".
* @param name The identifier name to lookup
* @return The current value of the identifier
*/
const IntrusivePtr<Val>& lookup_const(const char* name);
/**
* Lookup an ID by its name and return the function it references.
* A fatal occurs if the ID does not exist or if it is not a function.
* @param name The identifier name to lookup
* @return The current function value the identifier references.
*/
IntrusivePtr<Func> lookup_func(const char* name);
} // namespace zeek

121
src/ZeekVars.cc
View file

@ -1,121 +0,0 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "ZeekVars.h"
#include "Var.h"
#include "NetVar.h"
#include "Scope.h"
IntrusivePtr<RecordType> zeek::vars::conn_id;
IntrusivePtr<RecordType> zeek::vars::endpoint;
IntrusivePtr<RecordType> zeek::vars::connection;
IntrusivePtr<RecordType> zeek::vars::fa_file;
IntrusivePtr<RecordType> zeek::vars::fa_metadata;
IntrusivePtr<EnumType> zeek::vars::transport_proto;
IntrusivePtr<TableType> zeek::vars::string_set;
IntrusivePtr<TableType> zeek::vars::string_array;
IntrusivePtr<TableType> zeek::vars::count_set;
IntrusivePtr<VectorType> zeek::vars::string_vec;
IntrusivePtr<VectorType> zeek::vars::index_vec;
void zeek::vars::detail::init()
{
// Types
conn_id = zeek::lookup_type<RecordType>("conn_id");
endpoint = zeek::lookup_type<RecordType>("endpoint");
connection = zeek::lookup_type<RecordType>("connection");
fa_file = zeek::lookup_type<RecordType>("fa_file");
fa_metadata = zeek::lookup_type<RecordType>("fa_metadata");
transport_proto = zeek::lookup_type<EnumType>("transport_proto");
string_set = zeek::lookup_type<TableType>("string_set");
string_array = zeek::lookup_type<TableType>("string_array");
count_set = zeek::lookup_type<TableType>("count_set");
string_vec = zeek::lookup_type<VectorType>("string_vec");
index_vec = zeek::lookup_type<VectorType>("index_vec");
// Note: to bypass deprecation warnings on setting the legacy globals,
// CMake was told to compile this file with -Wno-deprecated-declarations.
// Once the legacy globals are removed, that compile flag can go also.
::conn_id = conn_id.get();
::endpoint = endpoint.get();
::connection_type = connection.get();
::fa_file_type = fa_file.get();
::fa_metadata_type = fa_metadata.get();
::icmp_conn = zeek::lookup_type("icmp_conn")->AsRecordType();
::icmp_context = zeek::lookup_type("icmp_context")->AsRecordType();
::signature_state = zeek::lookup_type("signature_state")->AsRecordType();
::SYN_packet = zeek::lookup_type("SYN_packet")->AsRecordType();
::pcap_packet = zeek::lookup_type("pcap_packet")->AsRecordType();
::raw_pkt_hdr_type = zeek::lookup_type("raw_pkt_hdr")->AsRecordType();
::l2_hdr_type = zeek::lookup_type("l2_hdr")->AsRecordType();
::transport_proto = transport_proto.get();
::string_set = string_set.get();
::string_array = string_array.get();
::count_set = count_set.get();
::string_vec = string_vec.get();
::index_vec = index_vec.get();
::mime_matches = zeek::lookup_type("mime_matches")->AsVectorType();
::mime_match = zeek::lookup_type("mime_match")->AsRecordType();
::socks_address = zeek::lookup_type("SOCKS::Address")->AsRecordType();
::mime_header_rec = zeek::lookup_type("mime_header_rec")->AsRecordType();
::mime_header_list = zeek::lookup_type("mime_header_list")->AsTableType();
::http_stats_rec = zeek::lookup_type("http_stats_rec")->AsRecordType();
::http_message_stat = zeek::lookup_type("http_message_stat")->AsRecordType();
::pm_mapping = zeek::lookup_type("pm_mapping")->AsRecordType();
::pm_mappings = zeek::lookup_type("pm_mappings")->AsTableType();
::pm_port_request = zeek::lookup_type("pm_port_request")->AsRecordType();
::pm_callit_request = zeek::lookup_type("pm_callit_request")->AsRecordType();
::geo_location = zeek::lookup_type("geo_location")->AsRecordType();
::entropy_test_result = zeek::lookup_type("entropy_test_result")->AsRecordType();
::dns_msg = zeek::lookup_type("dns_msg")->AsRecordType();
::dns_answer = zeek::lookup_type("dns_answer")->AsRecordType();
::dns_soa = zeek::lookup_type("dns_soa")->AsRecordType();
::dns_edns_additional = zeek::lookup_type("dns_edns_additional")->AsRecordType();
::dns_tsig_additional = zeek::lookup_type("dns_tsig_additional")->AsRecordType();
::dns_rrsig_rr = zeek::lookup_type("dns_rrsig_rr")->AsRecordType();
::dns_dnskey_rr = zeek::lookup_type("dns_dnskey_rr")->AsRecordType();
::dns_nsec3_rr = zeek::lookup_type("dns_nsec3_rr")->AsRecordType();
::dns_ds_rr = zeek::lookup_type("dns_ds_rr")->AsRecordType();
::rotate_info = zeek::lookup_type("rotate_info")->AsRecordType();
::irc_join_list = zeek::lookup_type("irc_join_list")->AsTableType();
::irc_join_info = zeek::lookup_type("irc_join_info")->AsRecordType();
::script_id = zeek::lookup_type("script_id")->AsRecordType();
::id_table = zeek::lookup_type("id_table")->AsTableType();
::record_field = zeek::lookup_type("record_field")->AsRecordType();
::record_field_table = zeek::lookup_type("record_field_table")->AsTableType();
::call_argument = zeek::lookup_type("call_argument")->AsRecordType();
::call_argument_vector = zeek::lookup_type("call_argument_vector")->AsVectorType();
::log_rotate_base_time = zeek::lookup_val("log_rotate_base_time")->AsStringVal();
::pkt_profile_file = zeek::lookup_val("pkt_profile_file").get();
::likely_server_ports = zeek::lookup_val("likely_server_ports")->AsTableVal();
::tcp_content_delivery_ports_orig = zeek::lookup_val("tcp_content_delivery_ports_orig")->AsTableVal();
::tcp_content_delivery_ports_resp = zeek::lookup_val("tcp_content_delivery_ports_resp")->AsTableVal();
::stp_skip_src = zeek::lookup_val("stp_skip_src")->AsTableVal();
::dns_skip_auth = zeek::lookup_val("dns_skip_auth")->AsTableVal();
::dns_skip_addl = zeek::lookup_val("dns_skip_addl")->AsTableVal();
::udp_content_ports = zeek::lookup_val("udp_content_ports")->AsTableVal();
::udp_content_delivery_ports_orig = zeek::lookup_val("udp_content_delivery_ports_orig")->AsTableVal();
::udp_content_delivery_ports_resp = zeek::lookup_val("udp_content_delivery_ports_resp")->AsTableVal();
::profiling_file = zeek::lookup_val("profiling_file").get();
::global_hash_seed = zeek::lookup_val("global_hash_seed")->AsStringVal();
::tcp_reassembler_ports_orig = zeek::lookup_val("tcp_reassembler_ports_orig")->AsTableVal();
::tcp_reassembler_ports_resp = zeek::lookup_val("tcp_reassembler_ports_resp")->AsTableVal();
::peer_description = zeek::lookup_val("peer_description")->AsStringVal();
::trace_output_file = zeek::lookup_val("trace_output_file")->AsStringVal();
::cmd_line_bpf_filter = zeek::lookup_val("cmd_line_bpf_filter")->AsStringVal();
auto anon_id = global_scope()->Lookup("preserve_orig_addr");
if ( anon_id )
preserve_orig_addr = anon_id->GetVal()->AsTableVal();
anon_id = global_scope()->Lookup("preserve_resp_addr");
if ( anon_id )
preserve_resp_addr = anon_id->GetVal()->AsTableVal();
anon_id = global_scope()->Lookup("preserve_other_addr");
if ( anon_id )
preserve_other_addr = anon_id->GetVal()->AsTableVal();
}

28
src/ZeekVars.h
View file

@ -1,28 +0,0 @@
// See the file "COPYING" in the main distribution directory for copyright.
#pragma once
#include "Val.h"
#include "Type.h"
#include "IntrusivePtr.h"
namespace zeek { namespace vars { namespace detail {
void init();
}}}
namespace zeek { namespace vars {
// Common Types
extern IntrusivePtr<RecordType> conn_id;
extern IntrusivePtr<RecordType> endpoint;
extern IntrusivePtr<RecordType> connection;
extern IntrusivePtr<RecordType> fa_file;
extern IntrusivePtr<RecordType> fa_metadata;
extern IntrusivePtr<EnumType> transport_proto;
extern IntrusivePtr<TableType> string_set;
extern IntrusivePtr<TableType> string_array;
extern IntrusivePtr<TableType> count_set;
extern IntrusivePtr<VectorType> string_vec;
extern IntrusivePtr<VectorType> index_vec;
}} // namespace zeek::vars

6
src/analyzer/Manager.cc
View file

@ -438,8 +438,8 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
if ( tcp_contents && ! reass )
{
static auto tcp_content_delivery_ports_orig = zeek::lookup_val<TableVal>("tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp = zeek::lookup_val<TableVal>("tcp_content_delivery_ports_resp");
static auto tcp_content_delivery_ports_orig = zeek::id::lookup_val<TableVal>("tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp = zeek::id::lookup_val<TableVal>("tcp_content_delivery_ports_resp");
const auto& dport = val_mgr->Port(ntohs(conn->RespPort()), TRANSPORT_TCP);
if ( ! reass )
@ -462,7 +462,7 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
uint16_t resp_port = ntohs(conn->RespPort());
if ( resp_port == 22 || resp_port == 23 || resp_port == 513 )
{
static auto stp_skip_src = zeek::lookup_val<TableVal>("stp_skip_src");
static auto stp_skip_src = zeek::id::lookup_val<TableVal>("stp_skip_src");
AddrVal src(conn->OrigAddr());
if ( ! stp_skip_src->Lookup(&src) )

10
src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
View file

@ -27,15 +27,15 @@ BitTorrentTracker_Analyzer::BitTorrentTracker_Analyzer(Connection* c)
if ( ! bt_tracker_headers )
{
bt_tracker_headers =
zeek::lookup_type("bt_tracker_headers")->AsTableType();
zeek::id::lookup_type("bt_tracker_headers")->AsTableType();
bittorrent_peer =
zeek::lookup_type("bittorrent_peer")->AsRecordType();
zeek::id::lookup_type("bittorrent_peer")->AsRecordType();
bittorrent_peer_set =
zeek::lookup_type("bittorrent_peer_set")->AsTableType();
zeek::id::lookup_type("bittorrent_peer_set")->AsTableType();
bittorrent_benc_value =
zeek::lookup_type("bittorrent_benc_value")->AsRecordType();
zeek::id::lookup_type("bittorrent_benc_value")->AsRecordType();
bittorrent_benc_dir =
zeek::lookup_type("bittorrent_benc_dir")->AsTableType();
zeek::id::lookup_type("bittorrent_benc_dir")->AsTableType();
}
keep_alive = false;

4
src/analyzer/protocol/conn-size/ConnSize.cc
View file

@ -174,8 +174,8 @@ void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val)
RecordVal *resp_endp = conn_val->Lookup("resp")->AsRecordVal();
// endpoint is the RecordType from NetVar.h
int pktidx = zeek::vars::endpoint->FieldOffset("num_pkts");
int bytesidx = zeek::vars::endpoint->FieldOffset("num_bytes_ip");
int pktidx = zeek::id::endpoint->FieldOffset("num_pkts");
int bytesidx = zeek::id::endpoint->FieldOffset("num_bytes_ip");
if ( pktidx < 0 )
reporter->InternalError("'endpoint' record missing 'num_pkts' field");

2
src/analyzer/protocol/dhcp/dhcp-analyzer.pac
View file

@ -20,7 +20,7 @@ refine flow DHCP_Flow += {
if ( ! options )
{
options = make_intrusive<RecordVal>(BifType::Record::DHCP::Options);
all_options = make_intrusive<VectorVal>(zeek::vars::index_vec);
all_options = make_intrusive<VectorVal>(zeek::id::index_vec);
options->Assign(0, all_options);
}

2
src/analyzer/protocol/dhcp/dhcp-options.pac
View file

@ -462,7 +462,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_par_req_list_option(v: OptionValue): bool
%{
auto params = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto params = make_intrusive<VectorVal>(zeek::id::index_vec);
int num_parms = ${v.par_req_list}->size();
vector<uint8>* plist = ${v.par_req_list};

30
src/analyzer/protocol/dns/DNS.cc
View file

@ -91,8 +91,8 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
int skip_addl = dns_skip_all_addl;
if ( msg.ancount > 0 )
{ // We did an answer, so can potentially skip auth/addl.
static auto dns_skip_auth = zeek::lookup_val<TableVal>("dns_skip_auth");
static auto dns_skip_addl = zeek::lookup_val<TableVal>("dns_skip_addl");
static auto dns_skip_auth = zeek::id::lookup_val<TableVal>("dns_skip_auth");
static auto dns_skip_addl = zeek::id::lookup_val<TableVal>("dns_skip_addl");
skip_auth = skip_auth || msg.nscount == 0 ||
dns_skip_auth->Lookup(&server);
@ -595,7 +595,7 @@ bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg,
if ( dns_SOA_reply && ! msg->skip_event )
{
static auto dns_soa = zeek::lookup_type<RecordType>("dns_soa");
static auto dns_soa = zeek::id::lookup_type<RecordType>("dns_soa");
auto r = make_intrusive<RecordVal>(dns_soa);
r->Assign(0, make_intrusive<StringVal>(new BroString(mname, mname_end - mname, true)));
r->Assign(1, make_intrusive<StringVal>(new BroString(rname, rname_end - rname, true)));
@ -1002,7 +1002,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
int typebitmaps_len = rdlength - (data - data_start);
auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto char_strings = make_intrusive<VectorVal>(zeek::id::string_vec);
while ( typebitmaps_len > 0 && len > 0 )
{
@ -1077,7 +1077,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
int typebitmaps_len = rdlength - (data - data_start);
auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto char_strings = make_intrusive<VectorVal>(zeek::id::string_vec);
while ( typebitmaps_len > 0 && len > 0 )
{
@ -1292,7 +1292,7 @@ bool DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg,
return true;
}
auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto char_strings = make_intrusive<VectorVal>(zeek::id::string_vec);
IntrusivePtr<StringVal> char_string;
while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) )
@ -1320,7 +1320,7 @@ bool DNS_Interpreter::ParseRR_SPF(DNS_MsgInfo* msg,
return true;
}
auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto char_strings = make_intrusive<VectorVal>(zeek::id::string_vec);
IntrusivePtr<StringVal> char_string;
while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) )
@ -1439,7 +1439,7 @@ DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query)
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildHdrVal()
{
static auto dns_msg = zeek::lookup_type<RecordType>("dns_msg");
static auto dns_msg = zeek::id::lookup_type<RecordType>("dns_msg");
auto r = make_intrusive<RecordVal>(dns_msg);
r->Assign(0, val_mgr->Count(id));
@ -1461,7 +1461,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildHdrVal()
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildAnswerVal()
{
static auto dns_answer = zeek::lookup_type<RecordType>("dns_answer");
static auto dns_answer = zeek::id::lookup_type<RecordType>("dns_answer");
auto r = make_intrusive<RecordVal>(dns_answer);
r->Assign(0, val_mgr->Count(int(answer_type)));
@ -1477,7 +1477,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildEDNS_Val()
{
// We have to treat the additional record type in EDNS differently
// than a regular resource record.
static auto dns_edns_additional = zeek::lookup_type<RecordType>("dns_edns_additional");
static auto dns_edns_additional = zeek::id::lookup_type<RecordType>("dns_edns_additional");
auto r = make_intrusive<RecordVal>(dns_edns_additional);
r->Assign(0, val_mgr->Count(int(answer_type)));
@ -1511,7 +1511,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildEDNS_Val()
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
{
static auto dns_tsig_additional = zeek::lookup_type<RecordType>("dns_tsig_additional");
static auto dns_tsig_additional = zeek::id::lookup_type<RecordType>("dns_tsig_additional");
auto r = make_intrusive<RecordVal>(dns_tsig_additional);
double rtime = tsig->time_s + tsig->time_ms / 1000.0;
@ -1531,7 +1531,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
{
static auto dns_rrsig_rr = zeek::lookup_type<RecordType>("dns_rrsig_rr");
static auto dns_rrsig_rr = zeek::id::lookup_type<RecordType>("dns_rrsig_rr");
auto r = make_intrusive<RecordVal>(dns_rrsig_rr);
r->Assign(0, query_name);
@ -1552,7 +1552,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
{
static auto dns_dnskey_rr = zeek::lookup_type<RecordType>("dns_dnskey_rr");
static auto dns_dnskey_rr = zeek::id::lookup_type<RecordType>("dns_dnskey_rr");
auto r = make_intrusive<RecordVal>(dns_dnskey_rr);
r->Assign(0, query_name);
@ -1568,7 +1568,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
{
static auto dns_nsec3_rr = zeek::lookup_type<RecordType>("dns_nsec3_rr");
static auto dns_nsec3_rr = zeek::id::lookup_type<RecordType>("dns_nsec3_rr");
auto r = make_intrusive<RecordVal>(dns_nsec3_rr);
r->Assign(0, query_name);
@ -1588,7 +1588,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
{
static auto dns_ds_rr = zeek::lookup_type<RecordType>("dns_ds_rr");
static auto dns_ds_rr = zeek::id::lookup_type<RecordType>("dns_ds_rr");
auto r = make_intrusive<RecordVal>(dns_ds_rr);
r->Assign(0, query_name);

4
src/analyzer/protocol/http/HTTP.cc
View file

@ -615,7 +615,7 @@ HTTP_Message::~HTTP_Message()
IntrusivePtr<RecordVal> HTTP_Message::BuildMessageStat(bool interrupted, const char* msg)
{
static auto http_message_stat = zeek::lookup_type<RecordType>("http_message_stat");
static auto http_message_stat = zeek::id::lookup_type<RecordType>("http_message_stat");
auto stat = make_intrusive<RecordVal>(http_message_stat);
int field = 0;
stat->Assign(field++, make_intrusive<Val>(start_time, TYPE_TIME));
@ -1152,7 +1152,7 @@ void HTTP_Analyzer::GenStats()
{
if ( http_stats )
{
static auto http_stats_rec = zeek::lookup_type<RecordType>("http_stats_rec");
static auto http_stats_rec = zeek::id::lookup_type<RecordType>("http_stats_rec");
auto r = make_intrusive<RecordVal>(http_stats_rec);
r->Assign(0, val_mgr->Count(num_requests));
r->Assign(1, val_mgr->Count(num_replies));

16
src/analyzer/protocol/icmp/ICMP.cc
View file

@ -225,7 +225,7 @@ ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len,
{
if ( ! icmp_conn_val )
{
static auto icmp_conn = zeek::lookup_type<RecordType>("icmp_conn");
static auto icmp_conn = zeek::id::lookup_type<RecordType>("icmp_conn");
icmp_conn_val = make_intrusive<RecordVal>(icmp_conn);
icmp_conn_val->Assign(0, make_intrusive<AddrVal>(Conn()->OrigAddr()));
@ -351,9 +351,9 @@ IntrusivePtr<RecordVal> ICMP_Analyzer::ExtractICMP4Context(int len, const u_char
}
}
static auto icmp_context = zeek::lookup_type<RecordType>("icmp_context");
static auto icmp_context = zeek::id::lookup_type<RecordType>("icmp_context");
auto iprec = make_intrusive<RecordVal>(icmp_context);
auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
auto id_val = make_intrusive<RecordVal>(zeek::id::conn_id);
id_val->Assign(0, make_intrusive<AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(src_port, proto));
@ -411,9 +411,9 @@ IntrusivePtr<RecordVal> ICMP_Analyzer::ExtractICMP6Context(int len, const u_char
}
}
static auto icmp_context = zeek::lookup_type<RecordType>("icmp_context");
static auto icmp_context = zeek::id::lookup_type<RecordType>("icmp_context");
auto iprec = make_intrusive<RecordVal>(icmp_context);
auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
auto id_val = make_intrusive<RecordVal>(zeek::id::conn_id);
id_val->Assign(0, make_intrusive<AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(src_port, proto));
@ -729,13 +729,13 @@ IntrusivePtr<VectorVal> ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_cha
if ( ! icmp6_nd_option_type )
{
icmp6_nd_option_type = zeek::lookup_type("icmp6_nd_option")->AsRecordType();
icmp6_nd_option_type = zeek::id::lookup_type("icmp6_nd_option")->AsRecordType();
icmp6_nd_prefix_info_type =
zeek::lookup_type("icmp6_nd_prefix_info")->AsRecordType();
zeek::id::lookup_type("icmp6_nd_prefix_info")->AsRecordType();
}
auto vv = make_intrusive<VectorVal>(
zeek::lookup_type<VectorType>("icmp6_nd_options"));
zeek::id::lookup_type<VectorType>("icmp6_nd_options"));
while ( caplen > 0 )
{

2
src/analyzer/protocol/imap/imap-analyzer.pac
View file

@ -59,7 +59,7 @@ refine connection IMAP_Conn += {
if ( ! imap_capabilities )
return true;
auto capv = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto capv = make_intrusive<VectorVal>(zeek::id::string_vec);
for ( unsigned int i = 0; i< capabilities->size(); i++ )
{

10
src/analyzer/protocol/irc/IRC.cc
View file

@ -44,8 +44,8 @@ inline void IRC_Analyzer::SkipLeadingWhitespace(string& str)
void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
{
static auto irc_join_list = zeek::lookup_type<TableType>("irc_join_list");
static auto irc_join_info = zeek::lookup_type<RecordType>("irc_join_info");
static auto irc_join_list = zeek::id::lookup_type<TableType>("irc_join_list");
static auto irc_join_info = zeek::id::lookup_type<RecordType>("irc_join_info");
tcp::TCP_ApplicationAnalyzer::DeliverStream(length, line, orig);
if ( starttls )
@ -273,7 +273,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
if ( parts.size() > 0 && parts[0][0] == ':' )
parts[0] = parts[0].substr(1);
auto set = make_intrusive<TableVal>(zeek::vars::string_set);
auto set = make_intrusive<TableVal>(zeek::id::string_set);
for ( unsigned int i = 0; i < parts.size(); ++i )
{
@ -466,7 +466,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
if ( parts.size() > 0 && parts[0][0] == ':' )
parts[0] = parts[0].substr(1);
auto set = make_intrusive<TableVal>(zeek::vars::string_set);
auto set = make_intrusive<TableVal>(zeek::id::string_set);
for ( unsigned int i = 0; i < parts.size(); ++i )
{
@ -953,7 +953,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
nick = nick.substr(0, pos);
vector<string> channelList = SplitWords(channels, ',');
auto set = make_intrusive<TableVal>(zeek::vars::string_set);
auto set = make_intrusive<TableVal>(zeek::id::string_set);
for ( unsigned int i = 0; i < channelList.size(); ++i )
{

2
src/analyzer/protocol/krb/krb-padata.pac
View file

@ -13,7 +13,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
%code{
VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_analyzer, bool is_error)
{
auto vv = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("KRB::Type_Value_Vector"));
auto vv = make_intrusive<VectorVal>(zeek::id::lookup_type<VectorType>("KRB::Type_Value_Vector"));
if ( ! data->data()->has_padata() )
return vv.release();

6
src/analyzer/protocol/krb/krb-types.pac
View file

@ -27,7 +27,7 @@ IntrusivePtr<Val> GetStringFromPrincipalName(const KRB_Principal_Name* pname)
VectorVal* proc_cipher_list(const Array* list)
{
auto ciphers = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto ciphers = make_intrusive<VectorVal>(zeek::id::index_vec);
for ( uint i = 0; i < list->data()->size(); ++i )
ciphers->Assign(ciphers->Size(), asn1_integer_to_val((*list->data())[i], TYPE_COUNT));
return ciphers.release();
@ -35,7 +35,7 @@ VectorVal* proc_cipher_list(const Array* list)
VectorVal* proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses* list)
{
auto addrs = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("KRB::Host_Address_Vector"));
auto addrs = make_intrusive<VectorVal>(zeek::id::lookup_type<VectorType>("KRB::Host_Address_Vector"));
for ( uint i = 0; i < list->addresses()->size(); ++i )
{
@ -94,7 +94,7 @@ RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr)
IntrusivePtr<VectorVal> proc_tickets(const KRB_Ticket_Sequence* list)
{
auto tickets = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("KRB::Ticket_Vector"));
auto tickets = make_intrusive<VectorVal>(zeek::id::lookup_type<VectorType>("KRB::Ticket_Vector"));
for ( uint i = 0; i < list->tickets()->size(); ++i )
{

14
src/analyzer/protocol/login/Login.cc
View file

@ -45,13 +45,13 @@ Login_Analyzer::Login_Analyzer(const char* name, Connection* conn)
if ( ! re_skip_authentication )
{
IntrusivePtr<ListVal> skip_authentication = zeek::lookup_val("skip_authentication")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> direct_login_prompts = zeek::lookup_val("direct_login_prompts")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> login_prompts = zeek::lookup_val("login_prompts")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> login_non_failure_msgs = zeek::lookup_val("login_non_failure_msgs")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> login_failure_msgs = zeek::lookup_val("login_failure_msgs")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> login_success_msgs = zeek::lookup_val("login_success_msgs")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> login_timeouts = zeek::lookup_val("login_timeouts")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> skip_authentication = zeek::id::lookup_val("skip_authentication")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> direct_login_prompts = zeek::id::lookup_val("direct_login_prompts")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> login_prompts = zeek::id::lookup_val("login_prompts")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> login_non_failure_msgs = zeek::id::lookup_val("login_non_failure_msgs")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> login_failure_msgs = zeek::id::lookup_val("login_failure_msgs")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> login_success_msgs = zeek::id::lookup_val("login_success_msgs")->AsTableVal()->ToPureListVal();
IntrusivePtr<ListVal> login_timeouts = zeek::id::lookup_val("login_timeouts")->AsTableVal()->ToPureListVal();
#ifdef USE_PERFTOOLS_DEBUG
HeapLeakChecker::Disabler disabler;

4
src/analyzer/protocol/mime/MIME.cc
View file

@ -1289,7 +1289,7 @@ void MIME_Entity::DebugPrintHeaders()
IntrusivePtr<RecordVal> MIME_Message::BuildHeaderVal(MIME_Header* h)
{
static auto mime_header_rec = zeek::lookup_type<RecordType>("mime_header_rec");
static auto mime_header_rec = zeek::id::lookup_type<RecordType>("mime_header_rec");
auto header_record = make_intrusive<RecordVal>(mime_header_rec);
header_record->Assign(0, new_string_val(h->get_name()));
auto upper_hn = new_string_val(h->get_name());
@ -1301,7 +1301,7 @@ IntrusivePtr<RecordVal> MIME_Message::BuildHeaderVal(MIME_Header* h)
IntrusivePtr<TableVal> MIME_Message::BuildHeaderTable(MIME_HeaderList& hlist)
{
static auto mime_header_list = zeek::lookup_type<TableType>("mime_header_list");
static auto mime_header_list = zeek::id::lookup_type<TableType>("mime_header_list");
auto t = make_intrusive<TableVal>(mime_header_list);
for ( unsigned int i = 0; i < hlist.size(); ++i )

4
src/analyzer/protocol/mqtt/commands/subscribe.pac
View file

@ -19,8 +19,8 @@ refine flow MQTT_Flow += {
%{
if ( mqtt_subscribe )
{
auto topics = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto qos_levels = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto topics = make_intrusive<VectorVal>(zeek::id::string_vec);
auto qos_levels = make_intrusive<VectorVal>(zeek::id::index_vec);
for ( auto topic: *${msg.topics} )
{

2
src/analyzer/protocol/mqtt/commands/unsubscribe.pac
View file

@ -14,7 +14,7 @@ refine flow MQTT_Flow += {
%{
if ( mqtt_unsubscribe )
{
auto topics = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto topics = make_intrusive<VectorVal>(zeek::id::string_vec);
for ( auto topic: *${msg.topics} )
{

2
src/analyzer/protocol/mysql/mysql-analyzer.pac
View file

@ -82,7 +82,7 @@ refine flow MySQL_Flow += {
if ( ! mysql_result_row )
return true;
auto vt = zeek::vars::string_vec;
auto vt = zeek::id::string_vec;
auto vv = make_intrusive<VectorVal>(std::move(vt));
auto& bstring = ${msg.row.first_field.val};

2
src/analyzer/protocol/rpc/MOUNT.cc
View file

@ -192,7 +192,7 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
zeek::Args vl;
vl.reserve(2 + extra_elements);
vl.emplace_back(analyzer->ConnVal());
auto auxgids = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto auxgids = make_intrusive<VectorVal>(zeek::id::index_vec);
for (size_t i = 0; i < c->AuxGIDs().size(); ++i)
{

2
src/analyzer/protocol/rpc/NFS.cc
View file

@ -328,7 +328,7 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_
zeek::Args vl;
vl.reserve(2 + extra_elements);
vl.emplace_back(analyzer->ConnVal());
auto auxgids = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto auxgids = make_intrusive<VectorVal>(zeek::id::index_vec);
for ( size_t i = 0; i < c->AuxGIDs().size(); ++i )
auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i]));

8
src/analyzer/protocol/rpc/Portmap.cc
View file

@ -138,7 +138,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
event = success ? pm_request_dump : pm_attempt_dump;
if ( success )
{
static auto pm_mappings = zeek::lookup_type<TableType>("pm_mappings");
static auto pm_mappings = zeek::id::lookup_type<TableType>("pm_mappings");
TableVal* mappings = new TableVal(pm_mappings);
uint32_t nmap = 0;
@ -194,7 +194,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
Val* PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
{
static auto pm_mapping = zeek::lookup_type<RecordType>("pm_mapping");
static auto pm_mapping = zeek::id::lookup_type<RecordType>("pm_mapping");
RecordVal* mapping = new RecordVal(pm_mapping);
mapping->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
@ -215,7 +215,7 @@ Val* PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
Val* PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
{
static auto pm_port_request = zeek::lookup_type<RecordType>("pm_port_request");
static auto pm_port_request = zeek::id::lookup_type<RecordType>("pm_port_request");
RecordVal* pr = new RecordVal(pm_port_request);
pr->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
@ -236,7 +236,7 @@ Val* PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
Val* PortmapperInterp::ExtractCallItRequest(const u_char*& buf, int& len)
{
static auto pm_callit_request = zeek::lookup_type<RecordType>("pm_callit_request");
static auto pm_callit_request = zeek::id::lookup_type<RecordType>("pm_callit_request");
RecordVal* c = new RecordVal(pm_callit_request);
c->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));

4
src/analyzer/protocol/sip/sip-analyzer.pac
View file

@ -67,7 +67,7 @@ refine flow SIP_Flow += {
function build_sip_headers_val(): BroVal
%{
static auto mime_header_list = zeek::lookup_type<TableType>("mime_header_list");
static auto mime_header_list = zeek::id::lookup_type<TableType>("mime_header_list");
TableVal* t = new TableVal(mime_header_list);
for ( unsigned int i = 0; i < headers.size(); ++i )
@ -102,7 +102,7 @@ refine flow SIP_Flow += {
function build_sip_header_val(name: const_bytestring, value: const_bytestring): BroVal
%{
static auto mime_header_rec = zeek::lookup_type<RecordType>("mime_header_rec");
static auto mime_header_rec = zeek::id::lookup_type<RecordType>("mime_header_rec");
RecordVal* header_record = new RecordVal(mime_header_rec);
IntrusivePtr<StringVal> name_val;

2
src/analyzer/protocol/smb/smb1-com-negotiate.pac
View file

@ -15,7 +15,7 @@ refine connection SMB_Conn += {
%{
if ( smb1_negotiate_request )
{
auto dialects = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto dialects = make_intrusive<VectorVal>(zeek::id::string_vec);
for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i )
{

2
src/analyzer/protocol/smb/smb2-com-negotiate.pac
View file

@ -22,7 +22,7 @@ refine connection SMB_Conn += {
%{
if ( smb2_negotiate_request )
{
auto dialects = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto dialects = make_intrusive<VectorVal>(zeek::id::index_vec);
for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i )
dialects->Assign(i, val_mgr->Count((*${val.dialects})[i]));

6
src/analyzer/protocol/smb/smb2-protocol.pac
View file

@ -68,7 +68,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
rpreauth->Assign(0, val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg_count}));
rpreauth->Assign(1, val_mgr->Count(${ncv.preauth_integrity_capabilities.salt_length}));
auto ha = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto ha = make_intrusive<VectorVal>(zeek::id::index_vec);
for ( int i = 0; i < ${ncv.preauth_integrity_capabilities.hash_alg_count}; ++i )
{
@ -87,7 +87,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
auto rencr = make_intrusive<RecordVal>(BifType::Record::SMB2::EncryptionCapabilities);
rencr->Assign(0, val_mgr->Count(${ncv.encryption_capabilities.cipher_count}));
auto c = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto c = make_intrusive<VectorVal>(zeek::id::index_vec);
for ( int i = 0; i < ${ncv.encryption_capabilities.cipher_count}; ++i )
{
@ -105,7 +105,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
auto rcomp = make_intrusive<RecordVal>(BifType::Record::SMB2::CompressionCapabilities);
rcomp->Assign(0, val_mgr->Count(${ncv.compression_capabilities.alg_count}));
auto c = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto c = make_intrusive<VectorVal>(zeek::id::index_vec);
for ( int i = 0; i < ${ncv.compression_capabilities.alg_count}; ++i )
{

8
src/analyzer/protocol/socks/socks-analyzer.pac
View file

@ -24,7 +24,7 @@ refine connection SOCKS_Conn += {
%{
if ( socks_request )
{
static auto socks_address = zeek::lookup_type<RecordType>("SOCKS::Address");
static auto socks_address = zeek::id::lookup_type<RecordType>("SOCKS::Address");
auto sa = make_intrusive<RecordVal>(socks_address);
sa->Assign(0, make_intrusive<AddrVal>(htonl(${request.addr})));
@ -49,7 +49,7 @@ refine connection SOCKS_Conn += {
%{
if ( socks_reply )
{
static auto socks_address = zeek::lookup_type<RecordType>("SOCKS::Address");
static auto socks_address = zeek::id::lookup_type<RecordType>("SOCKS::Address");
auto sa = make_intrusive<RecordVal>(socks_address);
sa->Assign(0, make_intrusive<AddrVal>(htonl(${reply.addr})));
@ -82,7 +82,7 @@ refine connection SOCKS_Conn += {
return false;
}
static auto socks_address = zeek::lookup_type<RecordType>("SOCKS::Address");
static auto socks_address = zeek::id::lookup_type<RecordType>("SOCKS::Address");
auto sa = make_intrusive<RecordVal>(socks_address);
// This is dumb and there must be a better way (checking for presence of a field)...
@ -122,7 +122,7 @@ refine connection SOCKS_Conn += {
function socks5_reply(reply: SOCKS5_Reply): bool
%{
static auto socks_address = zeek::lookup_type<RecordType>("SOCKS::Address");
static auto socks_address = zeek::id::lookup_type<RecordType>("SOCKS::Address");
auto sa = make_intrusive<RecordVal>(socks_address);
// This is dumb and there must be a better way (checking for presence of a field)...

2
src/analyzer/protocol/ssh/ssh-analyzer.pac
View file

@ -12,7 +12,7 @@ VectorVal* name_list_to_vector(const bytestring& nl);
// Copied from IRC_Analyzer::SplitWords
VectorVal* name_list_to_vector(const bytestring& nl)
{
VectorVal* vv = new VectorVal(zeek::vars::string_vec);
VectorVal* vv = new VectorVal(zeek::id::string_vec);
string name_list = std_str(nl);
if ( name_list.size() < 1 )

4
src/analyzer/protocol/ssl/proc-client-hello.pac
View file

@ -23,7 +23,7 @@
else
std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(cipher_suites), to_int());
auto cipher_vec = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto cipher_vec = make_intrusive<VectorVal>(zeek::id::index_vec);
for ( unsigned int i = 0; i < cipher_suites.size(); ++i )
{
@ -31,7 +31,7 @@
cipher_vec->Assign(i, ciph);
}
auto comp_vec = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto comp_vec = make_intrusive<VectorVal>(zeek::id::index_vec);
if ( compression_methods )
{

26
src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
View file

@ -75,7 +75,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_ec_point_formats )
return true;
auto points = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto points = make_intrusive<VectorVal>(zeek::id::index_vec);
if ( point_format_list )
{
@ -94,7 +94,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_elliptic_curves )
return true;
auto curves = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto curves = make_intrusive<VectorVal>(zeek::id::index_vec);
if ( list )
{
@ -113,7 +113,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_key_share )
return true;
auto nglist = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto nglist = make_intrusive<VectorVal>(zeek::id::index_vec);
if ( keyshare )
{
@ -131,7 +131,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_key_share )
return true;
auto nglist = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto nglist = make_intrusive<VectorVal>(zeek::id::index_vec);
nglist->Assign(0u, val_mgr->Count(keyshare->namedgroup()));
BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
@ -143,7 +143,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_key_share )
return true;
auto nglist = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto nglist = make_intrusive<VectorVal>(zeek::id::index_vec);
nglist->Assign(0u, val_mgr->Count(namedgroup));
BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
@ -155,7 +155,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_signature_algorithm )
return true;
auto slist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("signature_and_hashalgorithm_vec"));
auto slist = make_intrusive<VectorVal>(zeek::id::lookup_type<VectorType>("signature_and_hashalgorithm_vec"));
if ( supported_signature_algorithms )
{
@ -178,7 +178,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_application_layer_protocol_negotiation )
return true;
auto plist = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto plist = make_intrusive<VectorVal>(zeek::id::string_vec);
if ( protocols )
{
@ -194,7 +194,7 @@ refine connection Handshake_Conn += {
function proc_server_name(rec: HandshakeRecord, list: ServerName[]) : bool
%{
auto servers = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto servers = make_intrusive<VectorVal>(zeek::id::string_vec);
if ( list )
{
@ -226,7 +226,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_supported_versions )
return true;
auto versions = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto versions = make_intrusive<VectorVal>(zeek::id::index_vec);
if ( versions_list )
{
@ -245,7 +245,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_supported_versions )
return true;
auto versions = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto versions = make_intrusive<VectorVal>(zeek::id::index_vec);
versions->Assign(0u, val_mgr->Count(version));
BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
@ -259,7 +259,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_psk_key_exchange_modes )
return true;
auto modes = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto modes = make_intrusive<VectorVal>(zeek::id::index_vec);
if ( mode_list )
{
@ -492,7 +492,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_pre_shared_key_server_hello )
return true;
auto slist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("psk_identity_vec"));
auto slist = make_intrusive<VectorVal>(zeek::id::lookup_type<VectorType>("psk_identity_vec"));
if ( identities && identities->identities() )
{
@ -505,7 +505,7 @@ refine connection Handshake_Conn += {
}
}
auto blist = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto blist = make_intrusive<VectorVal>(zeek::id::string_vec);
if ( binders && binders->binders() )
{

6
src/analyzer/protocol/tcp/TCP.cc
View file

@ -107,7 +107,7 @@ static RecordVal* build_syn_packet_val(bool is_orig, const IP_Hdr* ip,
options += opt_len;
}
static auto SYN_packet = zeek::lookup_type<RecordType>("SYN_packet");
static auto SYN_packet = zeek::id::lookup_type<RecordType>("SYN_packet");
RecordVal* v = new RecordVal(SYN_packet);
v->Assign(0, val_mgr->Bool(is_orig));
@ -1422,7 +1422,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
{
auto p = reinterpret_cast<const uint32_t*>(o + 2);
auto num_pointers = (length - 2) / 4;
auto vt = zeek::vars::index_vec;
auto vt = zeek::id::index_vec;
auto sack = make_intrusive<VectorVal>(std::move(vt));
for ( auto i = 0; i < num_pointers; ++i )
@ -2078,7 +2078,7 @@ bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int capl
RecordVal* TCPStats_Endpoint::BuildStats()
{
static auto endpoint_stats = zeek::lookup_type<RecordType>("endpoint_stats");
static auto endpoint_stats = zeek::id::lookup_type<RecordType>("endpoint_stats");
RecordVal* stats = new RecordVal(endpoint_stats);
stats->Assign(0, val_mgr->Count(num_pkts));

4
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -42,8 +42,8 @@ TCP_Reassembler::TCP_Reassembler(analyzer::Analyzer* arg_dst_analyzer,
if ( ::tcp_contents )
{
static auto tcp_content_delivery_ports_orig = zeek::lookup_val<TableVal>("tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp = zeek::lookup_val<TableVal>("tcp_content_delivery_ports_resp");
static auto tcp_content_delivery_ports_orig = zeek::id::lookup_val<TableVal>("tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp = zeek::id::lookup_val<TableVal>("tcp_content_delivery_ports_resp");
const auto& dst_port_val = val_mgr->Port(ntohs(tcp_analyzer->Conn()->RespPort()),
TRANSPORT_TCP);
const auto& ports = IsOrig() ?

6
src/analyzer/protocol/teredo/Teredo.cc
View file

@ -104,9 +104,9 @@ IntrusivePtr<RecordVal> TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
if ( ! teredo_hdr_type )
{
teredo_hdr_type = zeek::lookup_type("teredo_hdr")->AsRecordType();
teredo_auth_type = zeek::lookup_type("teredo_auth")->AsRecordType();
teredo_origin_type = zeek::lookup_type("teredo_origin")->AsRecordType();
teredo_hdr_type = zeek::id::lookup_type("teredo_hdr")->AsRecordType();
teredo_auth_type = zeek::id::lookup_type("teredo_auth")->AsRecordType();
teredo_origin_type = zeek::id::lookup_type("teredo_origin")->AsRecordType();
}
auto teredo_hdr = make_intrusive<RecordVal>(teredo_hdr_type);

6
src/analyzer/protocol/udp/UDP.cc
View file

@ -134,9 +134,9 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
if ( udp_contents )
{
static auto udp_content_ports = zeek::lookup_val<TableVal>("udp_content_ports");
static auto udp_content_delivery_ports_orig = zeek::lookup_val<TableVal>("udp_content_delivery_ports_orig");
static auto udp_content_delivery_ports_resp = zeek::lookup_val<TableVal>("udp_content_delivery_ports_resp");
static auto udp_content_ports = zeek::id::lookup_val<TableVal>("udp_content_ports");
static auto udp_content_delivery_ports_orig = zeek::id::lookup_val<TableVal>("udp_content_delivery_ports_orig");
static auto udp_content_delivery_ports_resp = zeek::id::lookup_val<TableVal>("udp_content_delivery_ports_resp");
bool do_udp_contents = false;
const auto& sport_val = val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP);
const auto& dport_val = val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP);

3
src/bro-bif.h
View file

@ -7,4 +7,5 @@
#include "NetVar.h"
#include "Event.h"
#include "Reporter.h"
#include "Var.h"
#include "ID.h"
#include "Var.h" // for internal_handler()

4
src/broker/Data.cc
View file

@ -3,7 +3,7 @@
#include "Desc.h"
#include "IntrusivePtr.h"
#include "RE.h"
#include "Var.h"
#include "ID.h"
#include "Scope.h"
#include "module_util.h"
#include "3rdparty/doctest.h"
@ -1154,7 +1154,7 @@ IntrusivePtr<Val> bro_broker::DataVal::castTo(BroType* t)
BroType* bro_broker::DataVal::ScriptDataType()
{
if ( ! script_data_type )
script_data_type = zeek::lookup_type("Broker::Data").get();
script_data_type = zeek::id::lookup_type("Broker::Data").get();
return script_data_type;
}

10
src/broker/Manager.cc
View file

@ -148,8 +148,8 @@ void Manager::InitPostScript()
default_log_topic_prefix =
get_option("Broker::default_log_topic_prefix")->AsString()->CheckString();
log_topic_func = get_option("Broker::log_topic")->AsFunc();
log_id_type = zeek::lookup_type("Log::ID")->AsEnumType();
writer_id_type = zeek::lookup_type("Log::Writer")->AsEnumType();
log_id_type = zeek::id::lookup_type("Log::ID")->AsEnumType();
writer_id_type = zeek::id::lookup_type("Log::Writer")->AsEnumType();
opaque_of_data_type = new OpaqueType("Broker::Data");
opaque_of_set_iterator = new OpaqueType("Broker::SetIterator");
@ -157,7 +157,7 @@ void Manager::InitPostScript()
opaque_of_vector_iterator = new OpaqueType("Broker::VectorIterator");
opaque_of_record_iterator = new OpaqueType("Broker::RecordIterator");
opaque_of_store_handle = new OpaqueType("Broker::Store");
vector_of_data_type = make_intrusive<VectorType>(zeek::lookup_type("Broker::Data"));
vector_of_data_type = make_intrusive<VectorType>(zeek::id::lookup_type("Broker::Data"));
// Register as a "dont-count" source first, we may change that later.
iosource_mgr->Register(this, true);
@ -1245,13 +1245,13 @@ void Manager::ProcessStatus(broker::status stat)
if ( ! event )
return;
auto ei = zeek::lookup_type("Broker::EndpointInfo")->AsRecordType();
auto ei = zeek::id::lookup_type("Broker::EndpointInfo")->AsRecordType();
auto endpoint_info = make_intrusive<RecordVal>(ei);
if ( ctx )
{
endpoint_info->Assign(0, make_intrusive<StringVal>(to_string(ctx->node)));
auto ni = zeek::lookup_type("Broker::NetworkInfo")->AsRecordType();
auto ni = zeek::id::lookup_type("Broker::NetworkInfo")->AsRecordType();
auto network_info = make_intrusive<RecordVal>(ni);
if ( ctx->network )

4
src/broker/Store.cc
View file

@ -1,6 +1,6 @@
#include "Store.h"
#include "Desc.h"
#include "Var.h"
#include "ID.h"
#include "broker/Manager.h"
namespace bro_broker {
@ -15,7 +15,7 @@ EnumVal* query_status(bool success)
if ( ! store_query_status )
{
store_query_status = zeek::lookup_type("Broker::QueryStatus")->AsEnumType();
store_query_status = zeek::id::lookup_type("Broker::QueryStatus")->AsEnumType();
success_val = store_query_status->Lookup("Broker", "SUCCESS");
failure_val = store_query_status->Lookup("Broker", "FAILURE");
}

8
src/broker/comm.bif
View file

@ -94,14 +94,14 @@ function Broker::__unpeer%(a: string, p: port%): bool
function Broker::__peers%(%): PeerInfos
%{
bro_broker::Manager::ScriptScopeGuard ssg;
auto rval = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("Broker::PeerInfos"));
auto rval = make_intrusive<VectorVal>(zeek::id::lookup_type<VectorType>("Broker::PeerInfos"));
auto i = 0;
for ( auto& p : broker_mgr->Peers() )
{
auto pi = zeek::lookup_type("Broker::PeerInfo")->AsRecordType();
auto ei = zeek::lookup_type("Broker::EndpointInfo")->AsRecordType();
auto ni = zeek::lookup_type("Broker::NetworkInfo")->AsRecordType();
auto pi = zeek::id::lookup_type("Broker::PeerInfo")->AsRecordType();
auto ei = zeek::id::lookup_type("Broker::EndpointInfo")->AsRecordType();
auto ni = zeek::id::lookup_type("Broker::NetworkInfo")->AsRecordType();
auto peer_info = new RecordVal(pi);
auto endpoint_info = new RecordVal(ei);
auto network_info = new RecordVal(ni);

46
src/file_analysis/File.cc
View file

@ -23,16 +23,16 @@ using namespace file_analysis;
static Val* empty_connection_table()
{
auto tbl_index = make_intrusive<TypeList>(zeek::vars::conn_id);
tbl_index->Append(zeek::vars::conn_id);
auto tbl_index = make_intrusive<TypeList>(zeek::id::conn_id);
tbl_index->Append(zeek::id::conn_id);
auto tbl_type = make_intrusive<TableType>(std::move(tbl_index),
zeek::vars::connection);
zeek::id::connection);
return new TableVal(std::move(tbl_type));
}
static IntrusivePtr<RecordVal> get_conn_id_val(const Connection* conn)
{
auto v = make_intrusive<RecordVal>(zeek::vars::conn_id);
auto v = make_intrusive<RecordVal>(zeek::id::conn_id);
v->Assign(0, make_intrusive<AddrVal>(conn->OrigAddr()));
v->Assign(1, val_mgr->Port(ntohs(conn->OrigPort()), conn->ConnTransport()));
v->Assign(2, make_intrusive<AddrVal>(conn->RespAddr()));
@ -62,22 +62,22 @@ void File::StaticInit()
if ( id_idx != -1 )
return;
id_idx = Idx("id", zeek::vars::fa_file);
parent_id_idx = Idx("parent_id", zeek::vars::fa_file);
source_idx = Idx("source", zeek::vars::fa_file);
is_orig_idx = Idx("is_orig", zeek::vars::fa_file);
conns_idx = Idx("conns", zeek::vars::fa_file);
last_active_idx = Idx("last_active", zeek::vars::fa_file);
seen_bytes_idx = Idx("seen_bytes", zeek::vars::fa_file);
total_bytes_idx = Idx("total_bytes", zeek::vars::fa_file);
missing_bytes_idx = Idx("missing_bytes", zeek::vars::fa_file);
overflow_bytes_idx = Idx("overflow_bytes", zeek::vars::fa_file);
timeout_interval_idx = Idx("timeout_interval", zeek::vars::fa_file);
bof_buffer_size_idx = Idx("bof_buffer_size", zeek::vars::fa_file);
bof_buffer_idx = Idx("bof_buffer", zeek::vars::fa_file);
meta_mime_type_idx = Idx("mime_type", zeek::vars::fa_metadata);
meta_mime_types_idx = Idx("mime_types", zeek::vars::fa_metadata);
meta_inferred_idx = Idx("inferred", zeek::vars::fa_metadata);
id_idx = Idx("id", zeek::id::fa_file);
parent_id_idx = Idx("parent_id", zeek::id::fa_file);
source_idx = Idx("source", zeek::id::fa_file);
is_orig_idx = Idx("is_orig", zeek::id::fa_file);
conns_idx = Idx("conns", zeek::id::fa_file);
last_active_idx = Idx("last_active", zeek::id::fa_file);
seen_bytes_idx = Idx("seen_bytes", zeek::id::fa_file);
total_bytes_idx = Idx("total_bytes", zeek::id::fa_file);
missing_bytes_idx = Idx("missing_bytes", zeek::id::fa_file);
overflow_bytes_idx = Idx("overflow_bytes", zeek::id::fa_file);
timeout_interval_idx = Idx("timeout_interval", zeek::id::fa_file);
bof_buffer_size_idx = Idx("bof_buffer_size", zeek::id::fa_file);
bof_buffer_idx = Idx("bof_buffer", zeek::id::fa_file);
meta_mime_type_idx = Idx("mime_type", zeek::id::fa_metadata);
meta_mime_types_idx = Idx("mime_types", zeek::id::fa_metadata);
meta_inferred_idx = Idx("inferred", zeek::id::fa_metadata);
}
File::File(const std::string& file_id, const std::string& source_name, Connection* conn,
@ -91,7 +91,7 @@ File::File(const std::string& file_id, const std::string& source_name, Connectio
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Creating new File object", file_id.c_str());
val = new RecordVal(zeek::vars::fa_file);
val = new RecordVal(zeek::id::fa_file);
val->Assign(id_idx, make_intrusive<StringVal>(file_id.c_str()));
SetSource(source_name);
@ -295,7 +295,7 @@ bool File::SetMime(const std::string& mime_type)
if ( ! FileEventAvailable(file_sniff) )
return false;
auto meta = make_intrusive<RecordVal>(zeek::vars::fa_metadata);
auto meta = make_intrusive<RecordVal>(zeek::id::fa_metadata);
meta->Assign(meta_mime_type_idx, make_intrusive<StringVal>(mime_type));
meta->Assign(meta_inferred_idx, val_mgr->False());
@ -328,7 +328,7 @@ void File::InferMetadata()
len = std::min(len, LookupFieldDefaultCount(bof_buffer_size_idx));
file_mgr->DetectMIME(data, len, &matches);
auto meta = make_intrusive<RecordVal>(zeek::vars::fa_metadata);
auto meta = make_intrusive<RecordVal>(zeek::id::fa_metadata);
if ( ! matches.empty() )
{

7
src/file_analysis/Manager.cc
View file

@ -3,7 +3,6 @@
#include "Manager.h"
#include "File.h"
#include "Analyzer.h"
#include "Var.h"
#include "Event.h"
#include "UID.h"
#include "digest.h"
@ -432,7 +431,7 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig)
bool Manager::IsDisabled(const analyzer::Tag& tag)
{
if ( ! disabled )
disabled = zeek::lookup_const("Files::disable")->AsTableVal();
disabled = zeek::id::lookup_const("Files::disable")->AsTableVal();
auto index = val_mgr->Count(bool(tag));
auto yield = disabled->Lookup(index.get());
@ -499,8 +498,8 @@ string Manager::DetectMIME(const u_char* data, uint64_t len) const
IntrusivePtr<VectorVal> file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m)
{
static auto mime_matches = zeek::lookup_type<VectorType>("mime_matches");
static auto mime_match = zeek::lookup_type<RecordType>("mime_match");
static auto mime_matches = zeek::id::lookup_type<VectorType>("mime_matches");
static auto mime_match = zeek::id::lookup_type<RecordType>("mime_match");
auto rval = make_intrusive<VectorVal>(mime_matches);
for ( RuleMatcher::MIME_Matches::const_iterator it = m.begin();

2
src/file_analysis/analyzer/entropy/Entropy.cc
View file

@ -60,7 +60,7 @@ void Entropy::Finalize()
montepi = scc = ent = mean = chisq = 0.0;
entropy->Get(&ent, &chisq, &mean, &montepi, &scc);
static auto entropy_test_result = zeek::lookup_type<RecordType>("entropy_test_result");
static auto entropy_test_result = zeek::id::lookup_type<RecordType>("entropy_test_result");
auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE));
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE));

4
src/file_analysis/analyzer/pe/pe-analyzer.pac
View file

@ -11,7 +11,7 @@ VectorVal* process_rvas(const RVAS* rvas);
%code{
VectorVal* process_rvas(const RVAS* rva_table)
{
auto rvas = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto rvas = make_intrusive<VectorVal>(zeek::id::index_vec);
for ( uint16 i=0; i < rva_table->rvas()->size(); ++i )
rvas->Assign(i, val_mgr->Count((*rva_table->rvas())[i]->size()));
@ -26,7 +26,7 @@ refine flow File += {
function characteristics_to_bro(c: uint32, len: uint8): TableVal
%{
uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF;
TableVal* char_set = new TableVal(zeek::vars::count_set);
TableVal* char_set = new TableVal(zeek::id::count_set);
for ( uint16 i=0; i < len; ++i )
{
if ( ((c >> i) & 0x1) == 1 )

2
src/file_analysis/analyzer/x509/OCSP.cc
View file

@ -634,7 +634,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
//ocsp_resp_record->Assign(7, make_intrusive<StringVal>(len, buf));
//BIO_reset(bio);
certs_vector = new VectorVal(zeek::lookup_type<VectorType>("x509_opaque_vector"));
certs_vector = new VectorVal(zeek::id::lookup_type<VectorType>("x509_opaque_vector"));
vl.emplace_back(AdoptRef{}, certs_vector);
#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)

8
src/file_analysis/analyzer/x509/X509.cc
View file

@ -367,21 +367,21 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
{
case GEN_DNS:
if ( names == nullptr )
names = new VectorVal(zeek::vars::string_vec);
names = new VectorVal(zeek::id::string_vec);
names->Assign(names->Size(), bs);
break;
case GEN_URI:
if ( uris == nullptr )
uris = new VectorVal(zeek::vars::string_vec);
uris = new VectorVal(zeek::id::string_vec);
uris->Assign(uris->Size(), bs);
break;
case GEN_EMAIL:
if ( emails == nullptr )
emails = new VectorVal(zeek::vars::string_vec);
emails = new VectorVal(zeek::id::string_vec);
emails->Assign(emails->Size(), bs);
break;
@ -391,7 +391,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
else if ( gen->type == GEN_IPADD )
{
if ( ips == nullptr )
ips = new VectorVal(zeek::lookup_type<VectorType>("addr_vec"));
ips = new VectorVal(zeek::id::lookup_type<VectorType>("addr_vec"));
uint32_t* addr = (uint32_t*) gen->d.ip->data;

2
src/file_analysis/analyzer/x509/functions.bif
View file

@ -556,7 +556,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
}
int num_certs = sk_X509_num(chain);
chainVector = new VectorVal(zeek::lookup_type<VectorType>("x509_opaque_vector"));
chainVector = new VectorVal(zeek::id::lookup_type<VectorType>("x509_opaque_vector"));
for ( int i = 0; i < num_certs; i++ )
{

4
src/iosource/Packet.cc
View file

@ -594,8 +594,8 @@ void Packet::ProcessLayer2()
IntrusivePtr<RecordVal> Packet::ToRawPktHdrVal() const
{
static auto raw_pkt_hdr_type = zeek::lookup_type<RecordType>("raw_pkt_hdr");
static auto l2_hdr_type = zeek::lookup_type<RecordType>("l2_hdr");
static auto raw_pkt_hdr_type = zeek::id::lookup_type<RecordType>("raw_pkt_hdr");
static auto l2_hdr_type = zeek::id::lookup_type<RecordType>("l2_hdr");
auto pkt_hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);
RecordVal* l2_hdr = new RecordVal(l2_hdr_type);

93
src/legacy-netvar-init.cc Normal file
View file

@ -0,0 +1,93 @@
#include "NetVar.h"
#include "Var.h"
#include "ID.h"
#include "Scope.h"
// Compiled separately to avoid deprecation warnings at the assignment sites.
void zeek_legacy_netvar_init()
{
::conn_id = zeek::id::conn_id.get();
::endpoint = zeek::id::endpoint.get();
::connection_type = zeek::id::connection.get();
::fa_file_type = zeek::id::fa_file.get();
::fa_metadata_type = zeek::id::fa_metadata.get();
::icmp_conn = zeek::id::lookup_type("icmp_conn")->AsRecordType();
::icmp_context = zeek::id::lookup_type("icmp_context")->AsRecordType();
::signature_state = zeek::id::lookup_type("signature_state")->AsRecordType();
::SYN_packet = zeek::id::lookup_type("SYN_packet")->AsRecordType();
::pcap_packet = zeek::id::lookup_type("pcap_packet")->AsRecordType();
::raw_pkt_hdr_type = zeek::id::lookup_type("raw_pkt_hdr")->AsRecordType();
::l2_hdr_type = zeek::id::lookup_type("l2_hdr")->AsRecordType();
::transport_proto = zeek::id::transport_proto.get();
::string_set = zeek::id::string_set.get();
::string_array = zeek::id::string_array.get();
::count_set = zeek::id::count_set.get();
::string_vec = zeek::id::string_vec.get();
::index_vec = zeek::id::index_vec.get();
::mime_matches = zeek::id::lookup_type("mime_matches")->AsVectorType();
::mime_match = zeek::id::lookup_type("mime_match")->AsRecordType();
::socks_address = zeek::id::lookup_type("SOCKS::Address")->AsRecordType();
::mime_header_rec = zeek::id::lookup_type("mime_header_rec")->AsRecordType();
::mime_header_list = zeek::id::lookup_type("mime_header_list")->AsTableType();
::http_stats_rec = zeek::id::lookup_type("http_stats_rec")->AsRecordType();
::http_message_stat = zeek::id::lookup_type("http_message_stat")->AsRecordType();
::pm_mapping = zeek::id::lookup_type("pm_mapping")->AsRecordType();
::pm_mappings = zeek::id::lookup_type("pm_mappings")->AsTableType();
::pm_port_request = zeek::id::lookup_type("pm_port_request")->AsRecordType();
::pm_callit_request = zeek::id::lookup_type("pm_callit_request")->AsRecordType();
::geo_location = zeek::id::lookup_type("geo_location")->AsRecordType();
::entropy_test_result = zeek::id::lookup_type("entropy_test_result")->AsRecordType();
::dns_msg = zeek::id::lookup_type("dns_msg")->AsRecordType();
::dns_answer = zeek::id::lookup_type("dns_answer")->AsRecordType();
::dns_soa = zeek::id::lookup_type("dns_soa")->AsRecordType();
::dns_edns_additional = zeek::id::lookup_type("dns_edns_additional")->AsRecordType();
::dns_tsig_additional = zeek::id::lookup_type("dns_tsig_additional")->AsRecordType();
::dns_rrsig_rr = zeek::id::lookup_type("dns_rrsig_rr")->AsRecordType();
::dns_dnskey_rr = zeek::id::lookup_type("dns_dnskey_rr")->AsRecordType();
::dns_nsec3_rr = zeek::id::lookup_type("dns_nsec3_rr")->AsRecordType();
::dns_ds_rr = zeek::id::lookup_type("dns_ds_rr")->AsRecordType();
::rotate_info = zeek::id::lookup_type("rotate_info")->AsRecordType();
::irc_join_list = zeek::id::lookup_type("irc_join_list")->AsTableType();
::irc_join_info = zeek::id::lookup_type("irc_join_info")->AsRecordType();
::script_id = zeek::id::lookup_type("script_id")->AsRecordType();
::id_table = zeek::id::lookup_type("id_table")->AsTableType();
::record_field = zeek::id::lookup_type("record_field")->AsRecordType();
::record_field_table = zeek::id::lookup_type("record_field_table")->AsTableType();
::call_argument = zeek::id::lookup_type("call_argument")->AsRecordType();
::call_argument_vector = zeek::id::lookup_type("call_argument_vector")->AsVectorType();
::log_rotate_base_time = zeek::id::lookup_val("log_rotate_base_time")->AsStringVal();
::pkt_profile_file = zeek::id::lookup_val("pkt_profile_file").get();
::likely_server_ports = zeek::id::lookup_val("likely_server_ports")->AsTableVal();
::tcp_content_delivery_ports_orig = zeek::id::lookup_val("tcp_content_delivery_ports_orig")->AsTableVal();
::tcp_content_delivery_ports_resp = zeek::id::lookup_val("tcp_content_delivery_ports_resp")->AsTableVal();
::stp_skip_src = zeek::id::lookup_val("stp_skip_src")->AsTableVal();
::dns_skip_auth = zeek::id::lookup_val("dns_skip_auth")->AsTableVal();
::dns_skip_addl = zeek::id::lookup_val("dns_skip_addl")->AsTableVal();
::udp_content_ports = zeek::id::lookup_val("udp_content_ports")->AsTableVal();
::udp_content_delivery_ports_orig = zeek::id::lookup_val("udp_content_delivery_ports_orig")->AsTableVal();
::udp_content_delivery_ports_resp = zeek::id::lookup_val("udp_content_delivery_ports_resp")->AsTableVal();
::profiling_file = zeek::id::lookup_val("profiling_file").get();
::global_hash_seed = zeek::id::lookup_val("global_hash_seed")->AsStringVal();
::tcp_reassembler_ports_orig = zeek::id::lookup_val("tcp_reassembler_ports_orig")->AsTableVal();
::tcp_reassembler_ports_resp = zeek::id::lookup_val("tcp_reassembler_ports_resp")->AsTableVal();
::peer_description = zeek::id::lookup_val("peer_description")->AsStringVal();
::trace_output_file = zeek::id::lookup_val("trace_output_file")->AsStringVal();
::cmd_line_bpf_filter = zeek::id::lookup_val("cmd_line_bpf_filter")->AsStringVal();
auto anon_id = global_scope()->Lookup("preserve_orig_addr");
if ( anon_id )
preserve_orig_addr = anon_id->GetVal()->AsTableVal();
anon_id = global_scope()->Lookup("preserve_resp_addr");
if ( anon_id )
preserve_resp_addr = anon_id->GetVal()->AsTableVal();
anon_id = global_scope()->Lookup("preserve_other_addr");
if ( anon_id )
preserve_other_addr = anon_id->GetVal()->AsTableVal();
}

8
src/logging/Manager.cc
View file

@ -313,7 +313,7 @@ bool Manager::CreateStream(EnumVal* id, RecordVal* sval)
streams[idx]->event = event ? event_registry->Lookup(event->Name()) : nullptr;
streams[idx]->columns = columns->Ref()->AsRecordType();
streams[idx]->enable_remote = zeek::lookup_val("Log::enable_remote_logging")->AsBool();
streams[idx]->enable_remote = zeek::id::lookup_val("Log::enable_remote_logging")->AsBool();
DBG_LOG(DBG_LOGGING, "Created new logging stream '%s', raising event %s",
streams[idx]->name.c_str(), event ? streams[idx]->event->Name() : "<none>");
@ -1193,7 +1193,7 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, WriterBacken
// Still need to set the WriterInfo's rotation parameters, which we
// computed above.
static auto log_rotate_base_time = zeek::lookup_val<StringVal>("log_rotate_base_time");
static auto log_rotate_base_time = zeek::id::lookup_val<StringVal>("log_rotate_base_time");
static auto base_time = log_rotate_base_time->AsString()->CheckString();
winfo->info->rotation_interval = winfo->interval;
@ -1276,7 +1276,7 @@ bool Manager::WriteFromRemote(EnumVal* id, EnumVal* writer, const string& path,
void Manager::SendAllWritersTo(const broker::endpoint_info& ei)
{
auto et = zeek::lookup_type("Log::Writer")->AsEnumType();
auto et = zeek::id::lookup_type("Log::Writer")->AsEnumType();
for ( vector<Stream *>::iterator s = streams.begin(); s != streams.end(); ++s )
{
@ -1453,7 +1453,7 @@ void Manager::InstallRotationTimer(WriterInfo* winfo)
if ( ! winfo->open_time )
winfo->open_time = network_time;
static auto log_rotate_base_time = zeek::lookup_val<StringVal>("log_rotate_base_time");
static auto log_rotate_base_time = zeek::id::lookup_val<StringVal>("log_rotate_base_time");
static auto base_time = log_rotate_base_time->AsString()->CheckString();
double base = parse_rotate_base_time(base_time);

2
src/probabilistic/Hasher.cc
View file

@ -23,7 +23,7 @@ Hasher::seed_t Hasher::MakeSeed(const void* data, size_t size)
assert(sizeof(tmpseed) == 16);
static auto global_hash_seed = zeek::lookup_val<StringVal>("global_hash_seed");
static auto global_hash_seed = zeek::id::lookup_val<StringVal>("global_hash_seed");
if ( data )
hash_update(ctx, data, size);

2
src/reporter.bif
View file

@ -153,7 +153,7 @@ function Reporter::file_weird%(name: string, f: fa_file, addl: string &default="
## Returns: Current weird sampling whitelist
function Reporter::get_weird_sampling_whitelist%(%): string_set
%{
auto set = make_intrusive<TableVal>(zeek::vars::string_set);
auto set = make_intrusive<TableVal>(zeek::id::string_set);
for ( auto el : reporter->GetWeirdSamplingWhitelist() )
{
auto idx = make_intrusive<StringVal>(el);

2
src/stats.bif
View file

@ -470,7 +470,7 @@ function get_reporter_stats%(%): ReporterStats
auto r = make_intrusive<RecordVal>(ReporterStats);
int n = 0;
auto weirds_by_type = make_intrusive<TableVal>(zeek::lookup_type<TableType>("table_string_of_count"));
auto weirds_by_type = make_intrusive<TableVal>(zeek::id::lookup_type<TableType>("table_string_of_count"));
for ( auto& kv : reporter->GetWeirdsByType() )
{

8
src/strings.bif
View file

@ -204,7 +204,7 @@ static IntrusivePtr<VectorVal> do_split_string(StringVal* str_val,
int max_num_sep)
{
// string_vec is used early in the version script - do not use the NetVar.
auto rval = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
auto rval = make_intrusive<VectorVal>(zeek::id::lookup_type<VectorType>("string_vec"));
const u_char* s = str_val->Bytes();
int n = str_val->Len();
const u_char* end_of_s = s + n;
@ -259,7 +259,7 @@ static IntrusivePtr<VectorVal> do_split_string(StringVal* str_val,
Val* do_split(StringVal* str_val, RE_Matcher* re, int incl_sep, int max_num_sep)
{
TableVal* a = new TableVal(zeek::vars::string_array);
TableVal* a = new TableVal(zeek::id::string_array);
const u_char* s = str_val->Bytes();
int n = str_val->Len();
const u_char* end_of_s = s + n;
@ -713,7 +713,7 @@ function str_split%(s: string, idx: index_vec%): string_vec
indices[i] = (*idx_v)[i]->AsCount();
BroString::Vec* result = s->AsString()->Split(indices);
auto result_v = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto result_v = make_intrusive<VectorVal>(zeek::id::string_vec);
if ( result )
{
@ -908,7 +908,7 @@ function safe_shell_quote%(source: string%): string
## .. zeek:see: find_last strstr
function find_all%(str: string, re: pattern%) : string_set
%{
auto a = make_intrusive<TableVal>(zeek::vars::string_set);
auto a = make_intrusive<TableVal>(zeek::id::string_set);
const u_char* s = str->Bytes();
const u_char* e = s + str->Len();

6
src/zeek-setup.cc
View file

@ -363,7 +363,7 @@ static std::vector<std::string> get_script_signature_files()
// Parse rule files defined on the script level.
char* script_signature_files =
copy_string(zeek::lookup_val("signature_files")->AsString()->CheckString());
copy_string(zeek::id::lookup_val("signature_files")->AsString()->CheckString());
char* tmp = script_signature_files;
char* s;
@ -724,7 +724,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv,
if ( ! options.pcap_file && ! options.interface )
{
const auto& interfaces_val = zeek::lookup_val("interfaces");
const auto& interfaces_val = zeek::id::lookup_val("interfaces");
if ( interfaces_val )
{
char* interfaces_str =
@ -784,7 +784,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv,
if ( profiling_interval > 0 )
{
const auto& profiling_file = zeek::lookup_val("profiling_file");
const auto& profiling_file = zeek::id::lookup_val("profiling_file");
profiling_logger = new ProfileLogger(profiling_file->AsFile(),
profiling_interval);

56
src/zeek.bif
View file

@ -1051,7 +1051,7 @@ function find_entropy%(data: string%): entropy_test_result
e.Feed(data->Bytes(), data->Len());
e.Get(&ent, &chisq, &mean, &montepi, &scc);
static auto entropy_test_result = zeek::lookup_type<RecordType>("entropy_test_result");
static auto entropy_test_result = zeek::id::lookup_type<RecordType>("entropy_test_result");
auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE));
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE));
@ -1103,7 +1103,7 @@ function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result
montepi = scc = ent = mean = chisq = 0.0;
static_cast<EntropyVal*>(handle)->Get(&ent, &chisq, &mean, &montepi, &scc);
static auto entropy_test_result = zeek::lookup_type<RecordType>("entropy_test_result");
static auto entropy_test_result = zeek::id::lookup_type<RecordType>("entropy_test_result");
auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE));
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE));
@ -1471,7 +1471,7 @@ function sort%(v: any, ...%) : any
## .. zeek:see:: sort
function order%(v: any, ...%) : index_vec
%{
auto result_v = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto result_v = make_intrusive<VectorVal>(zeek::id::index_vec);
if ( v->GetType()->Tag() != TYPE_VECTOR )
{
@ -1824,9 +1824,9 @@ function zeek_version%(%): string
## Returns: A string vector with the field names of *rt*.
function record_type_to_vector%(rt: string%): string_vec
%{
auto result = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto result = make_intrusive<VectorVal>(zeek::id::string_vec);
RecordType* type = zeek::lookup_type(rt->CheckString())->AsRecordType();
RecordType* type = zeek::id::lookup_type(rt->CheckString())->AsRecordType();
for ( int i = 0; i < type->NumFields(); ++i )
result->Assign(i+1, make_intrusive<StringVal>(type->FieldName(i)));
@ -1853,7 +1853,7 @@ function type_name%(t: any%): string
## Returns: list of command-line arguments (``argv``) used to run Zeek.
function zeek_args%(%): string_vec
%{
auto sv = zeek::vars::string_vec;
auto sv = zeek::id::string_vec;
auto rval = make_intrusive<VectorVal>(std::move(sv));
for ( auto i = 0; i < bro_argc; ++i )
@ -1891,7 +1891,7 @@ function reading_traces%(%): bool
## .. zeek:see:: reading_live_traffic reading_traces
function packet_source%(%): PacketSource
%{
auto ps_type = zeek::lookup_type("PacketSource")->AsRecordType();
auto ps_type = zeek::id::lookup_type("PacketSource")->AsRecordType();
auto ps = iosource_mgr->GetPktSrc();
auto r = make_intrusive<RecordVal>(ps_type);
@ -1941,14 +1941,14 @@ function global_sizes%(%): var_sizes
## .. zeek:see:: global_sizes
function global_ids%(%): id_table
%{
static auto id_table = zeek::lookup_type<TableType>("id_table");
static auto id_table = zeek::id::lookup_type<TableType>("id_table");
auto ids = make_intrusive<TableVal>(id_table);
const auto& globals = global_scope()->Vars();
for ( const auto& global : globals )
{
ID* id = global.second.get();
static auto script_id = zeek::lookup_type<RecordType>("script_id");
static auto script_id = zeek::id::lookup_type<RecordType>("script_id");
auto rec = make_intrusive<RecordVal>(script_id);
rec->Assign(0, make_intrusive<StringVal>(type_name(id->GetType()->Tag())));
rec->Assign(1, val_mgr->Bool(id->IsExport()));
@ -1994,7 +1994,7 @@ function lookup_ID%(id: string%) : any
## Returns: A table that describes the fields of a record.
function record_fields%(rec: any%): record_field_table
%{
static auto record_field_table = zeek::lookup_type<TableType>("record_field_table");
static auto record_field_table = zeek::id::lookup_type<TableType>("record_field_table");
if ( rec->GetType()->Tag() == TYPE_STRING )
{
@ -2189,7 +2189,7 @@ function is_v6_subnet%(s: subnet%): bool
## Returns: The vector of addresses contained in the routing header data.
function routing0_data_to_addrs%(s: string%): addr_vec
%{
auto rval = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("addr_vec"));
auto rval = make_intrusive<VectorVal>(zeek::id::lookup_type<VectorType>("addr_vec"));
int len = s->Len();
const u_char* bytes = s->Bytes();
@ -2220,7 +2220,7 @@ function routing0_data_to_addrs%(s: string%): addr_vec
## .. zeek:see:: counts_to_addr
function addr_to_counts%(a: addr%): index_vec
%{
auto rval = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto rval = make_intrusive<VectorVal>(zeek::id::index_vec);
const uint32_t* bytes;
int len = a->AsAddr().GetBytes(&bytes);
@ -3214,16 +3214,16 @@ static IntrusivePtr<EnumVal> map_conn_type(TransportProto tp)
{
switch ( tp ) {
case TRANSPORT_UNKNOWN:
return zeek::vars::transport_proto->GetVal(0);
return zeek::id::transport_proto->GetVal(0);
case TRANSPORT_TCP:
return zeek::vars::transport_proto->GetVal(1);
return zeek::id::transport_proto->GetVal(1);
case TRANSPORT_UDP:
return zeek::vars::transport_proto->GetVal(2);
return zeek::id::transport_proto->GetVal(2);
case TRANSPORT_ICMP:
return zeek::vars::transport_proto->GetVal(3);
return zeek::id::transport_proto->GetVal(3);
default:
reporter->InternalError("bad connection type in map_conn_type()");
@ -3249,7 +3249,7 @@ function get_conn_transport_proto%(cid: conn_id%): transport_proto
if ( ! c )
{
builtin_error("unknown connection id in get_conn_transport_proto()", cid);
return zeek::vars::transport_proto->GetVal(0);
return zeek::id::transport_proto->GetVal(0);
}
return map_conn_type(c->ConnTransport());
@ -3301,20 +3301,20 @@ function lookup_connection%(cid: conn_id%): connection
builtin_error("connection ID not a known connection", cid);
// Return a dummy connection record.
auto c = make_intrusive<RecordVal>(zeek::vars::connection);
auto c = make_intrusive<RecordVal>(zeek::id::connection);
auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
auto id_val = make_intrusive<RecordVal>(zeek::id::conn_id);
id_val->Assign(0, make_intrusive<AddrVal>((unsigned int) 0));
id_val->Assign(1, val_mgr->Port(ntohs(0), TRANSPORT_UDP));
id_val->Assign(2, make_intrusive<AddrVal>((unsigned int) 0));
id_val->Assign(3, val_mgr->Port(ntohs(0), TRANSPORT_UDP));
c->Assign(0, std::move(id_val));
auto orig_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
auto orig_endp = make_intrusive<RecordVal>(zeek::id::endpoint);
orig_endp->Assign(0, val_mgr->Count(0));
orig_endp->Assign(1, val_mgr->Count(int(0)));
auto resp_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
auto resp_endp = make_intrusive<RecordVal>(zeek::id::endpoint);
resp_endp->Assign(0, val_mgr->Count(0));
resp_endp->Assign(1, val_mgr->Count(int(0)));
@ -3323,7 +3323,7 @@ function lookup_connection%(cid: conn_id%): connection
c->Assign(3, make_intrusive<Val>(network_time, TYPE_TIME));
c->Assign(4, make_intrusive<Val>(0.0, TYPE_INTERVAL));
c->Assign(5, make_intrusive<TableVal>(zeek::vars::string_set)); // service
c->Assign(5, make_intrusive<TableVal>(zeek::id::string_set)); // service
c->Assign(6, val_mgr->EmptyString()); // history
return c;
@ -3385,7 +3385,7 @@ function dump_current_packet%(file_name: string%) : bool
## .. zeek:see:: dump_current_packet dump_packet
function get_current_packet%(%) : pcap_packet
%{
static auto pcap_packet = zeek::lookup_type<RecordType>("pcap_packet");
static auto pcap_packet = zeek::id::lookup_type<RecordType>("pcap_packet");
const Packet* p;
auto pkt = make_intrusive<RecordVal>(pcap_packet);
@ -3427,7 +3427,7 @@ function get_current_packet_header%(%) : raw_pkt_hdr
return p->ToRawPktHdrVal();
}
static auto raw_pkt_hdr_type = zeek::lookup_type<RecordType>("raw_pkt_hdr");
static auto raw_pkt_hdr_type = zeek::id::lookup_type<RecordType>("raw_pkt_hdr");
auto hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);
return hdr;
%}
@ -3998,7 +3998,7 @@ function mmdb_open_asn_db%(f: string%) : bool
## .. zeek:see:: lookup_asn
function lookup_location%(a: addr%) : geo_location
%{
static auto geo_location = zeek::lookup_type<RecordType>("geo_location");
static auto geo_location = zeek::id::lookup_type<RecordType>("geo_location");
auto location = make_intrusive<RecordVal>(geo_location);
#ifdef USE_GEOIP
@ -4630,7 +4630,7 @@ function rotate_file%(f: file%): rotate_info
return info;
// Record indicating error.
static auto rotate_info = zeek::lookup_type<RecordType>("rotate_info");
static auto rotate_info = zeek::id::lookup_type<RecordType>("rotate_info");
info = make_intrusive<RecordVal>(rotate_info);
info->Assign(0, val_mgr->EmptyString());
info->Assign(1, val_mgr->EmptyString());
@ -4650,7 +4650,7 @@ function rotate_file%(f: file%): rotate_info
## .. zeek:see:: rotate_file calc_next_rotate
function rotate_file_by_name%(f: string%): rotate_info
%{
static auto rotate_info = zeek::lookup_type<RecordType>("rotate_info");
static auto rotate_info = zeek::id::lookup_type<RecordType>("rotate_info");
auto info = make_intrusive<RecordVal>(rotate_info);
bool is_pkt_dumper = false;
@ -4705,7 +4705,7 @@ function rotate_file_by_name%(f: string%): rotate_info
## .. zeek:see:: rotate_file rotate_file_by_name
function calc_next_rotate%(i: interval%) : interval
%{
static auto log_rotate_base_time = zeek::lookup_val<StringVal>("log_rotate_base_time");
static auto log_rotate_base_time = zeek::id::lookup_val<StringVal>("log_rotate_base_time");
static auto base_time = log_rotate_base_time->AsString()->CheckString();
double base = parse_rotate_base_time(base_time);