From a5c4ae4291a84efd01cd086c9129593c200b26bb Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Wed, 2 Jul 2025 14:48:43 +0200 Subject: [PATCH] Resolve conflicts for cherry-pick to 7.0 --- scripts/base/init-bare.zeek | 276 ------------------ scripts/zeekygen/__load__.zeek | 9 - src/CMakeLists.txt | 4 - src/Conn.cc | 8 +- src/Conn.h | 23 +- src/ConnKey.h | 2 +- src/IP.h | 3 + src/IPAddr.cc | 2 +- src/IPAddr.h | 12 +- src/analyzer/Analyzer.cc | 10 +- src/conn_key/Factory.h | 2 +- src/packet_analysis/protocol/gtpv1/GTPv1.cc | 7 +- src/packet_analysis/protocol/icmp/ICMP.cc | 7 - .../protocol/ip/CMakeLists.txt | 5 - .../protocol/ip/IPBasedAnalyzer.h | 4 +- .../ip/conn_key/fivetuple/CMakeLists.txt | 4 +- .../protocol/ip/conn_key/fivetuple/Factory.cc | 2 +- .../ip/conn_key/vlan_fivetuple/CMakeLists.txt | 4 +- .../ip/conn_key/vlan_fivetuple/Factory.cc | 2 +- src/packet_analysis/protocol/tcp/TCP.cc | 13 - src/packet_analysis/protocol/teredo/Teredo.cc | 11 +- src/packet_analysis/protocol/udp/UDP.cc | 7 - src/plugin/Component.cc | 13 - src/plugin/Component.h | 20 +- src/script_opt/ZAM/OPs/ZAM.op | 28 +- src/script_opt/ZAM/ZBody.cc | 1 + src/session/Manager.cc | 11 +- src/zeek-setup.cc | 5 - .../Baseline/coverage.bare-mode-errors/errors | 12 +- .../coverage.test-all-policy-cluster/.stderr | 24 +- testing/btest/Baseline/plugins.connkey/output | 24 +- .../plugins/connkey-plugin/CMakeLists.txt | 4 +- 32 files changed, 92 insertions(+), 467 deletions(-) diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 475b318d16..62fdd99403 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -388,264 +388,6 @@ type endpoint_stats: record { endian_type: count; }; -<<<<<<< HEAD -======= -## Record containing information about a tag. -## -## .. zeek:see:: get_tags_by_category -type tag_component: record { - name: string; - canonical_name: string; - tag: string; - enabled: bool; -}; - -type tag_component_vec : vector of tag_component; - -## Arguments given to Zeek from the command line. In order to use this, Zeek -## must use a ``--`` command line argument immediately followed by a script -## file and additional arguments after that. For example:: -## -## zeek --bare-mode -- myscript.zeek -a -b -c -## -## To use Zeek as an executable interpreter, include a line at the top of a script -## like the following and make the script executable:: -## -## #!/usr/local/zeek/bin/zeek -- -const zeek_script_args: vector of string = vector(); - -## BPF filter the user has set via the -f command line options. Empty if none. -const cmd_line_bpf_filter = "" &redef; - -## Base time of log rotations in 24-hour time format (``%H:%M``), e.g. "12:00". -const log_rotate_base_time = "0:00" &redef; - -## Whether to attempt to automatically detect SYN/FIN/RST-filtered trace -## and not report missing segments for such connections. -## If this is enabled, then missing data at the end of connections may not -## be reported via :zeek:see:`content_gap`. -const detect_filtered_trace = F &redef; - -## Whether we want :zeek:see:`content_gap` for partial -## connections. A connection is partial if it is missing a full handshake. Note -## that gap reports for partial connections might not be reliable. -## -## .. zeek:see:: content_gap partial_connection -const report_gaps_for_partial = F &redef; - -## Flag to prevent Zeek from exiting automatically when input is exhausted. -## Normally Zeek terminates when all packet sources have gone dry -## and communication isn't enabled. If this flag is set, Zeek's main loop will -## instead keep idling until :zeek:see:`terminate` is explicitly called. -## -## This is mainly for testing purposes when termination behaviour needs to be -## controlled for reproducing results. -const exit_only_after_terminate = F &redef; - -## Default mode for Zeek's user-space dynamic packet filter. If true, packets -## that aren't explicitly allowed through, are dropped from any further -## processing. -## -## .. note:: This is not the BPF packet filter but an additional dynamic filter -## that Zeek optionally applies just before normal processing starts. -## -## .. zeek:see:: install_dst_addr_filter install_dst_net_filter -## install_src_addr_filter install_src_net_filter uninstall_dst_addr_filter -## uninstall_dst_net_filter uninstall_src_addr_filter uninstall_src_net_filter -const packet_filter_default = F &redef; - -## Maximum size of regular expression groups for signature matching. -const sig_max_group_size = 50 &redef; - -## Description transmitted to remote communication peers for identification. -const peer_description = "zeek" &redef; - -## Reassemble the beginning of all TCP connections before doing -## signature matching. Enabling this provides more accurate matching at the -## expense of CPU cycles. -## -## .. zeek:see:: dpd_buffer_size -## dpd_match_only_beginning dpd_ignore_ports -## -## .. note:: Despite the name, this option affects *all* signature matching, not -## only signatures used for dynamic protocol detection. -const dpd_reassemble_first_packets = T &redef; - -## Size of per-connection buffer used for dynamic protocol detection. For each -## connection, Zeek buffers this initial amount of payload in memory so that -## complete protocol analysis can start even after the initial packets have -## already passed through (i.e., when a DPD signature matches only later). -## However, once the buffer is full, data is deleted and lost to analyzers that -## are activated afterwards. Then only analyzers that can deal with partial -## connections will be able to analyze the session. -## -## .. zeek:see:: dpd_reassemble_first_packets dpd_match_only_beginning -## dpd_ignore_ports dpd_max_packets -const dpd_buffer_size = 1024 &redef; - -## Maximum number of per-connection packets that will be buffered for dynamic -## protocol detection. For each connection, Zeek buffers up to this amount -## of packets in memory so that complete protocol analysis can start even after -## the initial packets have already passed through (i.e., when a DPD signature -## matches only later). However, once the buffer is full, data is deleted and lost -## to analyzers that are activated afterwards. Then only analyzers that can deal -## with partial connections will be able to analyze the session. -## -## .. zeek:see:: dpd_reassemble_first_packets dpd_match_only_beginning -## dpd_ignore_ports dpd_buffer_size -const dpd_max_packets = 100 &redef; - -## If true, stops signature matching if :zeek:see:`dpd_buffer_size` has been -## reached. -## -## .. zeek:see:: dpd_reassemble_first_packets dpd_buffer_size -## dpd_ignore_ports -## -## .. note:: Despite the name, this option affects *all* signature matching, not -## only signatures used for dynamic protocol detection. -const dpd_match_only_beginning = T &redef; - -## If true, stops signature matching after a late match. A late match may occur -## in case the DPD buffer is exhausted but a protocol signature matched. To -## allow late matching, :zeek:see:`dpd_match_only_beginning` must be disabled. -## -## .. zeek:see:: dpd_reassemble_first_packets dpd_buffer_size -## dpd_match_only_beginning -## -## .. note:: Despite the name, this option stops *all* signature matching, not -## only signatures used for dynamic protocol detection but is triggered by -## DPD signatures only. -const dpd_late_match_stop = F &redef; - -## If true, don't consider any ports for deciding which protocol analyzer to -## use. -## -## .. zeek:see:: dpd_reassemble_first_packets dpd_buffer_size -## dpd_match_only_beginning -const dpd_ignore_ports = F &redef; - -## Ports which the core considers being likely used by servers. For ports in -## this set, it may heuristically decide to flip the direction of the -## connection if it misses the initial handshake. -const likely_server_ports: set[port] &redef; - -## Holds the filename of the trace file given with ``-w`` (empty if none). -## -## .. zeek:see:: record_all_packets -const trace_output_file = ""; - -## If a trace file is given with ``-w``, dump *all* packets seen by Zeek into it. -## By default, Zeek applies (very few) heuristics to reduce the volume. A side -## effect of setting this to true is that we can write the packets out before we -## actually process them, which can be helpful for debugging in case the -## analysis triggers a crash. -## -## .. zeek:see:: trace_output_file -const record_all_packets = F &redef; - -## Ignore certain TCP retransmissions for :zeek:see:`conn_stats`. Some -## connections (e.g., SSH) retransmit the acknowledged last byte to keep the -## connection alive. If *ignore_keep_alive_rexmit* is set to true, such -## retransmissions will be excluded in the rexmit counter in -## :zeek:see:`conn_stats`. -## -## .. zeek:see:: conn_stats -const ignore_keep_alive_rexmit = F &redef; - - - -## Seed for hashes computed internally for probabilistic data structures. Using -## the same value here will make the hashes compatible between independent Zeek -## instances. If left unset, Zeek will use a temporary local seed. -const global_hash_seed: string = "" &redef; - -## Number of bits in UIDs that are generated to identify connections and -## files. The larger the value, the more confidence in UID uniqueness. -## The maximum is currently 128 bits. -const bits_per_uid: count = 96 &redef; - -## This salt value is used for several message digests in Zeek. We -## use a salt to help mitigate the possibility of an attacker -## manipulating source data to, e.g., mount complexity attacks or -## cause ID collisions. -## This salt is, for example, used by :zeek:see:`get_file_handle` -## to generate installation-unique file IDs (the *id* field of :zeek:see:`fa_file`). -const digest_salt = "Please change this value." &redef; - -## Maximum string length allowed for calls to the :zeek:see:`find_all` and -## :zeek:see:`find_all_ordered` BIFs. -const max_find_all_string_length: int = 10000 &redef; - -## How many rounds to go without checking IO sources with file descriptors -## for readiness by default. This is used when reading from traces. -## -## Very roughly, when reading from a pcap, setting this to 100 results in -## 100 packets being processed without checking FD based IO sources. -## -## .. note:: This should not be changed outside of development or when -## debugging problems with the main-loop, or developing features with -## tight main-loop interaction. -## -## .. zeek:see:: io_poll_interval_live -const io_poll_interval_default = 100 &redef; - -## How often to check IO sources with file descriptors for readiness when -## monitoring with a live packet source. -## -## The poll interval gets defaulted to 100 which is good for cases like reading -## from pcap files and when there isn't a packet source, but is a little too -## infrequent for live sources (especially fast live sources). Set it down a -## little bit for those sources. -## -## .. note:: This should not be changed outside of development or when -## debugging problems with the main-loop, or developing features with -## tight main-loop interaction. -## -## .. zeek:see:: io_poll_interval_default -const io_poll_interval_live = 10 &redef; - -## Whether Zeek is being run under test. This can be used to alter functionality -## while testing, but should be used sparingly. -const running_under_test: bool = F &redef; - -## The amount of time before a connection created by the netbios analyzer times -## out and is removed. -const netbios_ssn_session_timeout: interval = 15 sec &redef; - -module EventMetadata; - -export { - ## Enum type for metadata identifiers. - type ID: enum { - NETWORK_TIMESTAMP = 1, - }; - - ## A event metadata entry. - type Entry: record { - id: EventMetadata::ID; ##< The registered :zeek:see:`EventMetadata::ID` value. - val: any; ##< The value. Its type matches what was passed to :zeek:see:`EventMetadata::register`. - }; - - ## Add network timestamp metadata to all events. - ## - ## Adding network timestamp metadata affects local and - ## remote events. Events scheduled have a network timestamp - ## of when the scheduled timer was supposed to expire, which - ## might be a value before the network_time() when the event - ## was actually dispatched. - const add_network_timestamp: bool = F &redef; - - ## By default, remote events without network timestamp metadata - ## will yield a negative zeek:see:`current_event_time` during - ## processing. To have the receiving Zeek node set the event's - ## network timestamp metadata with its current local network time, - ## set this option to true. - ## - ## This setting is only in effect if :zeek:see:`EventMetadata::add_network_timestamp` - ## is also set to true. - const add_missing_remote_network_timestamp: bool = F &redef; -} - module ConnKey; export { @@ -659,24 +401,6 @@ export { const factory = ConnKey::CONNKEY_FIVETUPLE &redef; } -module FTP; - -export { - ## Limits the size of commands accepted by the FTP analyzer. Longer commands - ## raise a FTP_max_command_length_exceeded weird and are discarded. - const max_command_length = 100 &redef; -} - -module SMTP; - -export { - ## The maximum line length within a BDAT chunk before a forceful linebreak - ## is introduced and a weird is raised. Conventionally, MIME messages - ## have a maximum line length of 1000 octets when properly encoded. - const bdat_max_line_length = 4096 &redef; -} - ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') module TCP; export { ## A TCP Option field parsed from a TCP header. diff --git a/scripts/zeekygen/__load__.zeek b/scripts/zeekygen/__load__.zeek index 8e17883686..7bc4ed2e8a 100644 --- a/scripts/zeekygen/__load__.zeek +++ b/scripts/zeekygen/__load__.zeek @@ -1,17 +1,8 @@ @load test-all-policy.zeek # Scripts which are commented out in test-all-policy.zeek. -<<<<<<< HEAD -======= -@load frameworks/analyzer/deprecated-dpd-log.zeek @load frameworks/conn_key/vlan_fivetuple.zeek -# Remove in v8.1: replaced by frameworks/analyzer/detect-protocols.zeek -@pragma push ignore-deprecations -@load frameworks/dpd/detect-protocols.zeek -@pragma pop ignore-deprecations - ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') @load protocols/ssl/decryption.zeek @load frameworks/cluster/nodes-experimental/manager.zeek @load frameworks/control/controllee.zeek diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index aef4f4d2df..568c5794b6 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -173,11 +173,7 @@ gen_zam_target(${GEN_ZAM_SRC_DIR}) option(USE_SQLITE "Should Zeek use SQLite?" ON) add_subdirectory(analyzer) -<<<<<<< HEAD -======= add_subdirectory(conn_key) -add_subdirectory(cluster) ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') add_subdirectory(packet_analysis) add_subdirectory(broker) add_subdirectory(telemetry) diff --git a/src/Conn.cc b/src/Conn.cc index d5657e3f48..708eb33a72 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -48,15 +48,15 @@ Connection::Connection(zeek::IPBasedConnKeyPtr k, double t, uint32_t flow, const #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wdeprecated-declarations" +/* + * awelzel: This is deprecated and a mess make work, so commented out. + * Connection::Connection(const detail::ConnKey& k, double t, const ConnTuple* id, uint32_t flow, const Packet* pkt) : Session(t, connection_timeout, connection_status_update, detail::connection_status_update_interval) { orig_addr = id->src_addr; resp_addr = id->dst_addr; orig_port = id->src_port; resp_port = id->dst_port; -<<<<<<< HEAD - proto = TRANSPORT_UNKNOWN; -======= switch ( id->proto ) { case IPPROTO_TCP: proto = TRANSPORT_TCP; break; @@ -72,6 +72,7 @@ Connection::Connection(const detail::ConnKey& k, double t, const ConnTuple* id, Init(flow, pkt); } +*/ #pragma GCC diagnostic pop Connection::~Connection() { @@ -89,7 +90,6 @@ Connection::~Connection() { } void Connection::Init(uint32_t flow, const Packet* pkt) { ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') orig_flow_label = flow; resp_flow_label = 0; saw_first_orig_packet = 1; diff --git a/src/Conn.h b/src/Conn.h index a29bf3e88d..2aaab3d554 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -30,15 +30,9 @@ class RecordVal; using ValPtr = IntrusivePtr; using RecordValPtr = IntrusivePtr; -<<<<<<< HEAD -namespace session { -class Manager; -} -======= class IPBasedConnKey; using IPBasedConnKeyPtr = std::unique_ptr; ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') namespace detail { class Specific_RE_Matcher; @@ -66,23 +60,14 @@ enum ConnEventToFlag { #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wdeprecated-declarations" struct ConnTuple { -<<<<<<< HEAD - IPAddr src_addr; - IPAddr dst_addr; - uint32_t src_port = 0; - uint32_t dst_port = 0; - bool is_one_way = false; // if true, don't canonicalize order - TransportProto proto = TRANSPORT_UNKNOWN; -======= #pragma GCC diagnostic pop [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] IPAddr src_addr; [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] IPAddr dst_addr; [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint32_t src_port = 0; [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint32_t dst_port = 0; - [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint16_t proto = UNKNOWN_IP_PROTO; + [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] TransportProto transport = TRANSPORT_UNKNOWN; [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] bool is_one_way = false; // if true, don't canonicalize order ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') }; static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1, const IPAddr& addr2, uint32_t p2) { @@ -93,8 +78,10 @@ class Connection final : public session::Session { public: Connection(zeek::IPBasedConnKeyPtr k, double t, uint32_t flow, const Packet* pkt); - [[deprecated("Remove in v8.1. Switch to ConnKey factories and the new zeek::ConnKey tree.")]] - Connection(const detail::ConnKey& k, double t, const ConnTuple* id, uint32_t flow, const Packet* pkt); + /* awelzel: Commented because it's a hard to make this work and it's deprecated anyhow. + [[deprecated("Remove in v8.1. Switch to ConnKey factories and the new zeek::ConnKey tree.")]] Connection( + const detail::ConnKey& k, double t, const ConnTuple* id, uint32_t flow, const Packet* pkt); + */ ~Connection() override; diff --git a/src/ConnKey.h b/src/ConnKey.h index ec10104528..55069a10c6 100644 --- a/src/ConnKey.h +++ b/src/ConnKey.h @@ -67,7 +67,7 @@ protected: * * @param pkt The packet that's currently being processed. */ - virtual void DoInit(const Packet& pkt) {}; + virtual void DoInit(const Packet& pkt){}; /** * Hook method for ConnKey::PopulateConnIdVal. diff --git a/src/IP.h b/src/IP.h index 8e3b2bd553..0863a0653e 100644 --- a/src/IP.h +++ b/src/IP.h @@ -32,6 +32,9 @@ namespace detail { class FragReassembler; } +// From Zeek 8.0 for proto support. +constexpr uint16_t UNKNOWN_IP_PROTO = 65535; + #ifndef IPPROTO_MOBILITY #define IPPROTO_MOBILITY 135 #endif diff --git a/src/IPAddr.cc b/src/IPAddr.cc index aa94e11243..0d85b02014 100644 --- a/src/IPAddr.cc +++ b/src/IPAddr.cc @@ -28,7 +28,7 @@ ConnKey::ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wdeprecated-declarations" ConnKey::ConnKey(const ConnTuple& id) { - Init(id.src_addr, id.dst_addr, id.src_port, id.dst_port, id.proto, id.is_one_way); + Init(id.src_addr, id.dst_addr, id.src_port, id.dst_port, id.transport, id.is_one_way); } ConnKey& ConnKey::operator=(const ConnKey& rhs) { diff --git a/src/IPAddr.h b/src/IPAddr.h index 05536e9764..b6796bab51 100644 --- a/src/IPAddr.h +++ b/src/IPAddr.h @@ -8,6 +8,7 @@ #include #include +#include "zeek/net_util.h" #include "zeek/threading/SerialTypes.h" using in4_addr = in_addr; @@ -29,22 +30,15 @@ public: in6_addr ip2; uint16_t port1 = 0; uint16_t port2 = 0; - TransportProto transport = TRANSPORT_UNKNOWN; + TransportProto transport = TRANSPORT_UNKNOWN; // awelzel: In 8.0 this is proto. It's not used, so shrug. bool valid = true; -<<<<<<< HEAD - ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, TransportProto t, bool one_way); - ConnKey(const ConnTuple& conn); - ConnKey(const ConnKey& rhs) { *this = rhs; } - ConnKey(Val* v); -======= [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, - uint16_t proto, bool one_way); + TransportProto t, bool one_way); [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const ConnTuple& conn); [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const ConnKey& rhs) { *this = rhs; } [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(Val* v); ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') bool operator<(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) < 0; } bool operator<=(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) <= 0; } diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index 491dccddf0..c62dcf5c36 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -5,21 +5,13 @@ #include #include -<<<<<<< HEAD -======= +#include "zeek/3rdparty/doctest.h" #include "zeek/Conn.h" #include "zeek/Event.h" #include "zeek/analyzer/Manager.h" #include "zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h" #include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h" ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') -#include "zeek/3rdparty/doctest.h" -#include "zeek/Event.h" -#include "zeek/ZeekString.h" -#include "zeek/analyzer/Manager.h" -#include "zeek/analyzer/protocol/pia/PIA.h" - namespace zeek::analyzer { class AnalyzerTimer final : public zeek::detail::Timer { diff --git a/src/conn_key/Factory.h b/src/conn_key/Factory.h index 9eec55462c..9bc3250696 100644 --- a/src/conn_key/Factory.h +++ b/src/conn_key/Factory.h @@ -2,7 +2,7 @@ #pragma once #include "zeek/ConnKey.h" -#include "zeek/util-types.h" +#include "zeek/util.h" namespace zeek { diff --git a/src/packet_analysis/protocol/gtpv1/GTPv1.cc b/src/packet_analysis/protocol/gtpv1/GTPv1.cc index 67d77bb969..bedc7e467b 100644 --- a/src/packet_analysis/protocol/gtpv1/GTPv1.cc +++ b/src/packet_analysis/protocol/gtpv1/GTPv1.cc @@ -22,18 +22,13 @@ bool GTPv1_Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack const auto& key = conn->Key(); auto sk = key.SessionKey(); -<<<<<<< HEAD - auto cm_it = conn_map.find(conn_key); - if ( cm_it == conn_map.end() ) - cm_it = conn_map.insert(cm_it, {conn_key, std::make_unique(this)}); -======= auto cm_it = conn_map.find(sk); if ( cm_it == conn_map.end() ) { sk.CopyData(); // Copy key data to store in map. auto [it, inserted] = conn_map.emplace(std::move(sk), std::make_unique(this)); assert(inserted); cm_it = it; ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') + } try { cm_it->second->set_raw_packet(packet); diff --git a/src/packet_analysis/protocol/icmp/ICMP.cc b/src/packet_analysis/protocol/icmp/ICMP.cc index 61263249f7..0ceb2483e8 100644 --- a/src/packet_analysis/protocol/icmp/ICMP.cc +++ b/src/packet_analysis/protocol/icmp/ICMP.cc @@ -38,13 +38,6 @@ bool ICMPAnalyzer::InitConnKey(size_t len, const uint8_t* data, Packet* packet, if ( ! CheckHeaderTrunc(ICMP_MINLEN, len, packet) ) return false; -<<<<<<< HEAD - tuple.src_addr = packet->ip_hdr->SrcAddr(); - tuple.dst_addr = packet->ip_hdr->DstAddr(); - tuple.proto = TRANSPORT_ICMP; - -======= ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') const struct icmp* icmpp = (const struct icmp*)data; uint32_t icmp_counter_type = 0; diff --git a/src/packet_analysis/protocol/ip/CMakeLists.txt b/src/packet_analysis/protocol/ip/CMakeLists.txt index 565d20b2eb..504399767c 100644 --- a/src/packet_analysis/protocol/ip/CMakeLists.txt +++ b/src/packet_analysis/protocol/ip/CMakeLists.txt @@ -1,5 +1,4 @@ zeek_add_plugin( -<<<<<<< HEAD PacketAnalyzer IP SOURCES @@ -7,9 +6,5 @@ zeek_add_plugin( IPBasedAnalyzer.cc SessionAdapter.cc Plugin.cc) -======= - PacketAnalyzer IP - SOURCES IP.cc IPBasedAnalyzer.cc SessionAdapter.cc Plugin.cc) add_subdirectory(conn_key) ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') diff --git a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h index c0ac67988f..e007090fdd 100644 --- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h +++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h @@ -118,8 +118,8 @@ protected: /** * Parse the header from the packet into a ConnTuple object. */ - [[deprecated("Remove in v8.1. Switch to InitConnKey() and key-only initialization.")]] - virtual bool BuildConnTuple(size_t len, const uint8_t* data, Packet* packet, ConnTuple& tuple) { + [[deprecated("Remove in v8.1. Switch to InitConnKey() and key-only initialization.")]] virtual bool BuildConnTuple( + size_t len, const uint8_t* data, Packet* packet, ConnTuple& tuple) { return false; } diff --git a/src/packet_analysis/protocol/ip/conn_key/fivetuple/CMakeLists.txt b/src/packet_analysis/protocol/ip/conn_key/fivetuple/CMakeLists.txt index c243f41b01..7a4eb31bcb 100644 --- a/src/packet_analysis/protocol/ip/conn_key/fivetuple/CMakeLists.txt +++ b/src/packet_analysis/protocol/ip/conn_key/fivetuple/CMakeLists.txt @@ -1,3 +1 @@ -zeek_add_plugin( - Zeek ConnKey_Fivetuple - SOURCES Factory.cc Plugin.cc) +zeek_add_plugin(Zeek ConnKey_Fivetuple SOURCES Factory.cc Plugin.cc) diff --git a/src/packet_analysis/protocol/ip/conn_key/fivetuple/Factory.cc b/src/packet_analysis/protocol/ip/conn_key/fivetuple/Factory.cc index 47dd7e3c78..9a976a1e0f 100644 --- a/src/packet_analysis/protocol/ip/conn_key/fivetuple/Factory.cc +++ b/src/packet_analysis/protocol/ip/conn_key/fivetuple/Factory.cc @@ -5,7 +5,7 @@ #include "zeek/IP.h" #include "zeek/Val.h" #include "zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h" -#include "zeek/util-types.h" +#include "zeek/util.h" namespace zeek::conn_key::fivetuple { diff --git a/src/packet_analysis/protocol/ip/conn_key/vlan_fivetuple/CMakeLists.txt b/src/packet_analysis/protocol/ip/conn_key/vlan_fivetuple/CMakeLists.txt index bc4c11d944..8f7d69e291 100644 --- a/src/packet_analysis/protocol/ip/conn_key/vlan_fivetuple/CMakeLists.txt +++ b/src/packet_analysis/protocol/ip/conn_key/vlan_fivetuple/CMakeLists.txt @@ -1,3 +1 @@ -zeek_add_plugin( - Zeek Conntuple_VLAN - SOURCES Factory.cc Plugin.cc) +zeek_add_plugin(Zeek Conntuple_VLAN SOURCES Factory.cc Plugin.cc) diff --git a/src/packet_analysis/protocol/ip/conn_key/vlan_fivetuple/Factory.cc b/src/packet_analysis/protocol/ip/conn_key/vlan_fivetuple/Factory.cc index a9d5c32880..e46ee2f330 100644 --- a/src/packet_analysis/protocol/ip/conn_key/vlan_fivetuple/Factory.cc +++ b/src/packet_analysis/protocol/ip/conn_key/vlan_fivetuple/Factory.cc @@ -9,7 +9,7 @@ #include "zeek/iosource/Packet.h" #include "zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h" #include "zeek/packet_analysis/protocol/ip/conn_key/fivetuple/Factory.h" -#include "zeek/util-types.h" +#include "zeek/util.h" namespace zeek::conn_key::vlan_fivetuple { diff --git a/src/packet_analysis/protocol/tcp/TCP.cc b/src/packet_analysis/protocol/tcp/TCP.cc index fb69819612..5fb9c599e2 100644 --- a/src/packet_analysis/protocol/tcp/TCP.cc +++ b/src/packet_analysis/protocol/tcp/TCP.cc @@ -33,21 +33,8 @@ bool TCPAnalyzer::InitConnKey(size_t len, const uint8_t* data, Packet* packet, I if ( ! CheckHeaderTrunc(min_hdr_len, len, packet) ) return false; -<<<<<<< HEAD - tuple.src_addr = packet->ip_hdr->SrcAddr(); - tuple.dst_addr = packet->ip_hdr->DstAddr(); - - data = packet->ip_hdr->Payload(); - - const struct tcphdr* tp = (const struct tcphdr*)data; - tuple.src_port = tp->th_sport; - tuple.dst_port = tp->th_dport; - tuple.is_one_way = false; - tuple.proto = TRANSPORT_TCP; -======= const struct tcphdr* tp = (const struct tcphdr*)packet->ip_hdr->Payload(); key.InitTuple(packet->ip_hdr->SrcAddr(), tp->th_sport, packet->ip_hdr->DstAddr(), tp->th_dport, packet->proto); ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') return true; } diff --git a/src/packet_analysis/protocol/teredo/Teredo.cc b/src/packet_analysis/protocol/teredo/Teredo.cc index 6aacfc593a..d5a6954654 100644 --- a/src/packet_analysis/protocol/teredo/Teredo.cc +++ b/src/packet_analysis/protocol/teredo/Teredo.cc @@ -153,12 +153,8 @@ bool TeredoAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack return false; } + // awelzel: This is the code in 7.0. Creepy. conn = static_cast(packet->session); - zeek::detail::ConnKey conn_key = conn->Key(); - - OrigRespMap::iterator or_it = orig_resp_map.find(conn_key); - if ( or_it == orig_resp_map.end() ) - or_it = orig_resp_map.insert(or_it, {conn_key, {}}); detail::TeredoEncapsulation te(this); if ( ! te.Parse(data, len) ) { @@ -188,8 +184,6 @@ bool TeredoAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack return false; } -<<<<<<< HEAD -======= const auto& k = conn->Key(); auto sk = k.SessionKey(); OrigRespMap::iterator or_it = orig_resp_map.find(sk); @@ -204,10 +198,9 @@ bool TeredoAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack assert(inserted); or_it = it; - packet->session->EnqueueEvent(new_teredo_state, nullptr, packet->session->GetVal()); + // packet->session->EnqueueEvent(new_teredo_state, nullptr, packet->session->GetVal()); } ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') if ( packet->is_orig ) or_it->second.valid_orig = true; else diff --git a/src/packet_analysis/protocol/udp/UDP.cc b/src/packet_analysis/protocol/udp/UDP.cc index 57752bcfef..57d4c3ef38 100644 --- a/src/packet_analysis/protocol/udp/UDP.cc +++ b/src/packet_analysis/protocol/udp/UDP.cc @@ -60,14 +60,7 @@ bool UDPAnalyzer::InitConnKey(size_t len, const uint8_t* data, Packet* packet, I return false; const struct udphdr* up = (const struct udphdr*)packet->ip_hdr->Payload(); -<<<<<<< HEAD - tuple.src_port = up->uh_sport; - tuple.dst_port = up->uh_dport; - tuple.is_one_way = false; - tuple.proto = TRANSPORT_UDP; -======= key.InitTuple(packet->ip_hdr->SrcAddr(), up->uh_sport, packet->ip_hdr->DstAddr(), up->uh_dport, packet->proto); ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') return true; } diff --git a/src/plugin/Component.cc b/src/plugin/Component.cc index e384eddce3..57bd59e927 100644 --- a/src/plugin/Component.cc +++ b/src/plugin/Component.cc @@ -39,21 +39,8 @@ void Component::Describe(ODesc* d) const { case component::SESSION_ADAPTER: d->Add("Session Adapter"); break; -<<<<<<< HEAD -======= - case component::CLUSTER_BACKEND: d->Add("Cluster Backend"); break; - - case component::EVENT_SERIALIZER: d->Add("Event Serializer"); break; - - case component::LOG_SERIALIZER: d->Add("Log Serializer"); break; - - case component::STORAGE_BACKEND: d->Add("Storage Backend"); break; - - case component::STORAGE_SERIALIZER: d->Add("Storage Serializer"); break; - case component::CONNKEY: d->Add("ConnKey Factory"); break; ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') default: reporter->InternalWarning("unknown component type in plugin::Component::Describe"); d->Add(""); diff --git a/src/plugin/Component.h b/src/plugin/Component.h index d919c0de70..6aa25caa68 100644 --- a/src/plugin/Component.h +++ b/src/plugin/Component.h @@ -20,7 +20,6 @@ namespace component { /** * Component types. */ -<<<<<<< HEAD enum Type { READER, /// An input reader (not currently used). WRITER, /// A logging writer (not currently used). @@ -31,24 +30,7 @@ enum Type { PKTSRC, /// A packet source. PKTDUMPER, /// A packet dumper. SESSION_ADAPTER, /// A session adapter analyzer. -======= -enum Type : uint8_t { - READER, /// An input reader (not currently used). - WRITER, /// A logging writer (not currently used). - ANALYZER, /// A protocol analyzer. - PACKET_ANALYZER, /// A packet analyzer. - FILE_ANALYZER, /// A file analyzer. - IOSOURCE, /// An I/O source, excluding packet sources. - PKTSRC, /// A packet source. - PKTDUMPER, /// A packet dumper. - SESSION_ADAPTER, /// A session adapter analyzer. - CLUSTER_BACKEND, /// A cluster backend. - EVENT_SERIALIZER, /// A serializer for events, used by cluster backends. - LOG_SERIALIZER, /// A serializer for log batches, used by cluster backends. - STORAGE_BACKEND, /// A backend for the storage framework. - STORAGE_SERIALIZER, /// A serializer for the storage framework. - CONNKEY, /// A factory for connection keys. ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') + CONNKEY, /// A factory for connection keys. }; } // namespace component diff --git a/src/script_opt/ZAM/OPs/ZAM.op b/src/script_opt/ZAM/OPs/ZAM.op index 36e960abec..aa73c90629 100644 --- a/src/script_opt/ZAM/OPs/ZAM.op +++ b/src/script_opt/ZAM/OPs/ZAM.op @@ -2514,8 +2514,11 @@ type V eval auto teredo = zeek::packet_mgr->GetAnalyzer("Teredo"); if ( teredo ) { - zeek::detail::ConnKey conn_key(frame[z.v1].record_val); - static_cast(teredo.get())->RemoveConnection(conn_key); + auto r = zeek::conn_key_mgr->GetFactory().ConnKeyFromVal(*frame[z.v1].record_val); + if ( ! r.has_value() ) + return zeek::val_mgr->False(); + auto sk = r.value()->SessionKey(); + static_cast(teredo.get())->RemoveConnection(sk); } internal-op Remove-Teredo @@ -2524,8 +2527,11 @@ type VV eval auto teredo = zeek::packet_mgr->GetAnalyzer("Teredo"); if ( teredo ) { - zeek::detail::ConnKey conn_key(frame[z.v2].record_val); - static_cast(teredo.get())->RemoveConnection(conn_key); + auto r = zeek::conn_key_mgr->GetFactory().ConnKeyFromVal(*frame[z.v2].record_val); + if ( ! r.has_value() ) + return zeek::val_mgr->False(); + auto sk = r.value()->SessionKey(); + static_cast(teredo.get())->RemoveConnection(sk); } frame[z.v1].int_val = 1; @@ -2535,8 +2541,11 @@ type V eval auto gtpv1 = zeek::packet_mgr->GetAnalyzer("GTPv1"); if ( gtpv1 ) { - zeek::detail::ConnKey conn_key(frame[z.v1].record_val); - static_cast(gtpv1.get())->RemoveConnection(conn_key); + auto r = zeek::conn_key_mgr->GetFactory().ConnKeyFromVal(*frame[z.v1].record_val); + if ( ! r.has_value() ) + return zeek::val_mgr->False(); + auto sk = r.value()->SessionKey(); + static_cast(gtpv1.get())->RemoveConnection(sk); } internal-op Remove-GTPv1 @@ -2545,8 +2554,11 @@ type VV eval auto gtpv1 = zeek::packet_mgr->GetAnalyzer("GTPv1"); if ( gtpv1 ) { - zeek::detail::ConnKey conn_key(frame[z.v2].record_val); - static_cast(gtpv1.get())->RemoveConnection(conn_key); + auto r = zeek::conn_key_mgr->GetFactory().ConnKeyFromVal(*frame[z.v2].record_val); + if ( ! r.has_value() ) + return zeek::val_mgr->False(); + auto sk = r.value()->SessionKey(); + static_cast(gtpv1.get())->RemoveConnection(sk); } frame[z.v1].int_val = 1; diff --git a/src/script_opt/ZAM/ZBody.cc b/src/script_opt/ZAM/ZBody.cc index 72e5236419..55307fd2b0 100644 --- a/src/script_opt/ZAM/ZBody.cc +++ b/src/script_opt/ZAM/ZBody.cc @@ -10,6 +10,7 @@ #include "zeek/Reporter.h" #include "zeek/Traverse.h" #include "zeek/Trigger.h" +#include "zeek/conn_key/Manager.h" #include "zeek/script_opt/ScriptOpt.h" #include "zeek/script_opt/ZAM/Compile.h" #include "zeek/session/Manager.h" diff --git a/src/session/Manager.cc b/src/session/Manager.cc index cba75d993c..9b1101b842 100644 --- a/src/session/Manager.cc +++ b/src/session/Manager.cc @@ -18,12 +18,7 @@ #include "zeek/RunState.h" #include "zeek/Timer.h" #include "zeek/TunnelEncapsulation.h" -<<<<<<< HEAD -#include "zeek/analyzer/Manager.h" -#include "zeek/iosource/IOSource.h" -======= #include "zeek/conn_key/Manager.h" ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') #include "zeek/packet_analysis/Manager.h" #include "zeek/session/Session.h" #include "zeek/telemetry/Manager.h" @@ -95,14 +90,10 @@ Connection* Manager::FindConnection(Val* v) { // different builder. auto r = conn_key_mgr->GetFactory().ConnKeyFromVal(*v); -<<<<<<< HEAD - if ( ! conn_key.valid ) -======= if ( ! r.has_value() ) { - // Produce a loud error for invalid script-layer conn_id records. zeek::emit_builtin_error(r.error().c_str()); ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') return nullptr; + } return FindConnection(*r.value()); } diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc index d42ce9af7f..66e51cfb9f 100644 --- a/src/zeek-setup.cc +++ b/src/zeek-setup.cc @@ -54,12 +54,7 @@ #include "zeek/analyzer/Manager.h" #include "zeek/binpac_zeek.h" #include "zeek/broker/Manager.h" -<<<<<<< HEAD -======= -#include "zeek/cluster/Backend.h" -#include "zeek/cluster/Manager.h" #include "zeek/conn_key/Manager.h" ->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples') #include "zeek/file_analysis/Manager.h" #include "zeek/input.h" #include "zeek/input/Manager.h" diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 96bd73c166..a33e61ca75 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -4,12 +4,12 @@ warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__lo warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; warning in <...>/__load__.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; warning in <...>/warnings.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; diff --git a/testing/btest/Baseline/coverage.test-all-policy-cluster/.stderr b/testing/btest/Baseline/coverage.test-all-policy-cluster/.stderr index c27d68e2df..f083c14481 100644 --- a/testing/btest/Baseline/coverage.test-all-policy-cluster/.stderr +++ b/testing/btest/Baseline/coverage.test-all-policy-cluster/.stderr @@ -1,21 +1,21 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; received termination signal warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; received termination signal warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; received termination signal warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; -warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; +warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general."; received termination signal diff --git a/testing/btest/Baseline/plugins.connkey/output b/testing/btest/Baseline/plugins.connkey/output index 92385ac789..f26f8dd10f 100644 --- a/testing/btest/Baseline/plugins.connkey/output +++ b/testing/btest/Baseline/plugins.connkey/output @@ -5,11 +5,31 @@ Demo::Foo - A Foo ConnKey factory (dynamic, version 1.0.0) === DoNewConnKey (0 key all_inits) DoNewConnKey (1 key all_inits) -DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, proto=6, inits=0] +DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, inits=0] DoNewConnKey (2 key all_inits) -DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, proto=6, inits=0] +DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, inits=0] DoNewConnKey (6 key all_inits) DoNewConnKey (22 key all_inits) DoNewConnKey (40 key all_inits) +DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=37604/tcp, resp_h=199.233.217.249, resp_p=56666/tcp, inits=1] +DoNewConnKey (53 key all_inits) +DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=37604/tcp, resp_h=199.233.217.249, resp_p=56666/tcp, inits=1] +DoNewConnKey (53 key all_inits) +DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=59378/tcp, resp_h=199.233.217.249, resp_p=56667/tcp, inits=22] +DoNewConnKey (54 key all_inits) +DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=59378/tcp, resp_h=199.233.217.249, resp_p=56667/tcp, inits=22] +DoNewConnKey (54 key all_inits) DoNewConnKey (60 key all_inits) DoNewConnKey (78 key all_inits) +DoConnKeyFromVal for [orig_h=199.233.217.249, orig_p=61920/tcp, resp_h=141.142.220.235, resp_p=33582/tcp, inits=40] +DoNewConnKey (90 key all_inits) +DoConnKeyFromVal for [orig_h=199.233.217.249, orig_p=61920/tcp, resp_h=141.142.220.235, resp_p=33582/tcp, inits=40] +DoNewConnKey (90 key all_inits) +DoConnKeyFromVal for [orig_h=199.233.217.249, orig_p=61918/tcp, resp_h=141.142.220.235, resp_p=37835/tcp, inits=60] +DoNewConnKey (95 key all_inits) +DoConnKeyFromVal for [orig_h=199.233.217.249, orig_p=61918/tcp, resp_h=141.142.220.235, resp_p=37835/tcp, inits=60] +DoNewConnKey (95 key all_inits) +DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, inits=0] +DoNewConnKey (95 key all_inits) +DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, inits=0] +DoNewConnKey (95 key all_inits) diff --git a/testing/btest/plugins/connkey-plugin/CMakeLists.txt b/testing/btest/plugins/connkey-plugin/CMakeLists.txt index 5945ecac62..cc6114d1e3 100644 --- a/testing/btest/plugins/connkey-plugin/CMakeLists.txt +++ b/testing/btest/plugins/connkey-plugin/CMakeLists.txt @@ -10,6 +10,4 @@ set(CMAKE_MODULE_PATH ${ZEEK_DIST}/cmake) include(ZeekPlugin) -zeek_add_plugin( - Demo Foo - SOURCES src/Plugin.cc src/Foo.cc) +zeek_add_plugin(Demo Foo SOURCES src/Plugin.cc src/Foo.cc)