diff --git a/doc/scripts/example.bro b/doc/scripts/example.bro index b7407a27a9..2ff12bfa27 100644 --- a/doc/scripts/example.bro +++ b/doc/scripts/example.bro @@ -57,8 +57,6 @@ global example_ports = { event bro_init() { - # Registering a well-known port is self-documenting and - # goes into the generated doc's "Port Analysis" section. Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, example_ports); } diff --git a/scripts/base/frameworks/analyzer/main.bro b/scripts/base/frameworks/analyzer/main.bro index 66b3abc46e..c7bfd1ce34 100644 --- a/scripts/base/frameworks/analyzer/main.bro +++ b/scripts/base/frameworks/analyzer/main.bro @@ -1,26 +1,25 @@ ##! Framework for managing Bro's protocol analyzers. ##! ##! The analyzer framework allows to dynamically enable or disable analyzers, as -##! well as to manage the well-known ports which automatically active a particular -##! analyzer for new connections. +##! well as to manage the well-known ports which automatically activate a +##! particular analyzer for new connections. ##! ##! Protocol analyzers are identified by unique tags of type ##! :bro:type:`Analyzer::Tag`, such as :bro:enum:`Analyzer::ANALYZER_HTTP` and -##! :bro:enum:`Analyzer::ANALYZER_HTTP`. These tags are defined internally by the -##! analyzers themselves, and documented in their analyzer-specific description -##! along with the events that they generate. -##! -##! .. todo: ``The ANALYZER_*`` are in fact not yet documented, we need to add that -##! to Broxygen. +##! :bro:enum:`Analyzer::ANALYZER_HTTP`. These tags are defined internally by +##! the analyzers themselves, and documented in their analyzer-specific +##! description along with the events that they generate. + module Analyzer; export { - ## If true, all available analyzers are initially disabled at startup. One can - ## then selectively enable them with :bro:id:`enable_analyzer`. + ## If true, all available analyzers are initially disabled at startup. One + ## can then selectively enable them with + ## :bro:id:`Analyzer::enable_analyzer`. global disable_all = F &redef; - ## Enables an analyzer. Once enabled, the analyzer may be used for analysis of - ## future connections as decided by Bro's dynamic protocol detection. + ## Enables an analyzer. Once enabled, the analyzer may be used for analysis + ## of future connections as decided by Bro's dynamic protocol detection. ## ## tag: The tag of the analyzer to enable. ## @@ -35,10 +34,10 @@ export { ## Returns: True if the analyzer was successfully disabled. global disable_analyzer: function(tag: Analyzer::Tag) : bool; - ## Registers a set of well-known ports for an analyzer. If a future connection - ## on one of these ports is seen, the analyzer will be automatically assigned - ## to parsing it. The function *adds* to all ports already registered, it doesn't - ## replace them . + ## Registers a set of well-known ports for an analyzer. If a future + ## connection on one of these ports is seen, the analyzer will be + ## automatically assigned to parsing it. The function *adds* to all ports + ## already registered, it doesn't replace them. ## ## tag: The tag of the analyzer. ## @@ -47,10 +46,10 @@ export { ## Returns: True if the ports were sucessfully registered. global register_for_ports: function(tag: Analyzer::Tag, ports: set[port]) : bool; - ## Registers an individual well-known port for an analyzer. If a future connection - ## on this ports is seen, the analyzer will be automatically assigned to parsing - ## it. The function *adds* to all ports already registered, it doesn't replace - ## them. + ## Registers an individual well-known port for an analyzer. If a future + ## connection on this port is seen, the analyzer will be automatically + ## assigned to parsing it. The function *adds* to all ports already + ## registered, it doesn't replace them. ## ## tag: The tag of the analyzer. ## @@ -70,7 +69,7 @@ export { ## Returns a table of all ports-to-analyzer mappings currently registered. ## ## Returns: A table mapping each analyzer to the set of ports - ## registered for it. + ## registered for it. global all_registered_ports: function() : table[Analyzer::Tag] of set[port]; ## Translates an analyzer type to a string with the analyzer's name. @@ -84,7 +83,7 @@ export { ## address and port. ## ## orig: The IP address originating a connection in the future. - ## 0.0.0.0 can be used as a wildcard to match any originator address. + ## 0.0.0.0 can be used as a wildcard to match any originator address. ## ## resp: The IP address responding to a connection from *orig*. ## @@ -93,22 +92,20 @@ export { ## analyzer: The analyzer ID. ## ## tout: A timeout interval after which the scheduling request will be - ## discarded if the connection has not yet been seen. + ## discarded if the connection has not yet been seen. ## ## Returns: True if succesful. global schedule_analyzer: function(orig: addr, resp: addr, resp_p: port, analyzer: Analyzer::Tag, tout: interval) : bool; - ## A set of analyzers to disable by default at startup. The default set contains - ## legacy analyzers that are no longer supported. + ## A set of analyzers to disable by default at startup. The default set + ## contains legacy analyzers that are no longer supported. global disabled_analyzers: set[Analyzer::Tag] = { ANALYZER_INTERCONN, ANALYZER_STEPPINGSTONE, ANALYZER_BACKDOOR, ANALYZER_TCPSTATS, - } - - &redef; + } &redef; } @load base/bif/analyzer.bif diff --git a/scripts/base/frameworks/reporter/main.bro b/scripts/base/frameworks/reporter/main.bro index 249ecdac98..891aebf6b2 100644 --- a/scripts/base/frameworks/reporter/main.bro +++ b/scripts/base/frameworks/reporter/main.bro @@ -9,7 +9,7 @@ ##! Note that this framework deals with the handling of internally generated ##! reporter messages, for the interface in to actually creating interface ##! into actually creating reporter messages from the scripting layer, use -##! the built-in functions in :doc:`/scripts/base/reporter.bif`. +##! the built-in functions in :doc:`/scripts/base/bif/reporter.bif`. module Reporter; diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index d5abbef1ff..2110110a40 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -226,7 +226,7 @@ type endpoint_stats: record { ## for a connection, it assigns it a unique ID that can be used to reference ## that instance. ## -## .. bro:see:: analyzer_name disable_analyzer protocol_confirmation +## .. bro:see:: Analyzer::name Analyzer::disable_analyzer protocol_confirmation ## protocol_violation ## ## .. todo::While we declare an alias for the type here, the events/functions still diff --git a/src/IPAddr.h b/src/IPAddr.h index 0c6942c61e..cc7b2baa6e 100644 --- a/src/IPAddr.h +++ b/src/IPAddr.h @@ -451,11 +451,6 @@ inline void IPAddr::ConvertToThreadingValue(threading::Value::addr_t* v) const */ HashKey* BuildConnIDHashKey(const ConnID& id); -/** - * Returns a hash key for a given ExpectedConn instance. Passes ownership to caller. - */ -HashKey* BuildExpectedConnHashKey(const analyzer::ExpectedConn& c); - /** * Class storing both IPv4 and IPv6 prefixes * (i.e., \c 192.168.1.1/16 and \c FD00::/8. diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index 2d905867eb..396d45d60e 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -509,31 +509,31 @@ public: virtual void UpdateConnVal(RecordVal *conn_val); /** - * Convinience function that forwards directly to + * Convenience function that forwards directly to * Connection::BuildConnVal(). */ RecordVal* BuildConnVal(); /** - * Convinience function that forwards directly to the corresponding + * Convenience function that forwards directly to the corresponding * Connection::Event(). */ void Event(EventHandlerPtr f, const char* name = 0); /** - * Convinience function that forwards directly to the corresponding + * Convenience function that forwards directly to the corresponding * Connection::Event(). */ void Event(EventHandlerPtr f, Val* v1, Val* v2 = 0); /** - * Convinience function that forwards directly to + * Convenience function that forwards directly to * Connection::ConnectionEvent(). */ void ConnectionEvent(EventHandlerPtr f, val_list* vl); /** - * Convinience function that forwards directly to the corresponding + * Convenience function that forwards directly to the corresponding * Connection::Weird(). */ void Weird(const char* name, const char* addl = ""); diff --git a/src/analyzer/Component.h b/src/analyzer/Component.h index 79d4c12fe5..b766c2fe82 100644 --- a/src/analyzer/Component.h +++ b/src/analyzer/Component.h @@ -40,10 +40,10 @@ public: * returns a new instance. * * @param subtype A subtype associated with this component that - * further. The subtype will be integrated into the analyzer::Tag - * that the manager associates with this analyzer, and analyzer - * instances can accordingly access it via analyzer::Tag(). If not - * used, leave at zero. + * further distinguishes it. The subtype will be integrated into + * the analyzer::Tag that the manager associates with this analyzer, + * and analyzer instances can accordingly access it via analyzer::Tag(). + * If not used, leave at zero. * * @param enabled If false the analyzer starts out as disabled and * hence won't be used. It can still be enabled later via the diff --git a/src/analyzer/Manager.h b/src/analyzer/Manager.h index c66fd9eafb..efae629971 100644 --- a/src/analyzer/Manager.h +++ b/src/analyzer/Manager.h @@ -91,7 +91,7 @@ public: * * @param tag The analyzer's tag. * - * @return True if sucessful. + * @return True if successful. */ bool EnableAnalyzer(Tag tag); @@ -102,7 +102,7 @@ public: * @param tag The analyzer's tag as an enum of script type \c * Analyzer::Tag. * - * @return True if sucessful. + * @return True if successful. */ bool EnableAnalyzer(EnumVal* tag); @@ -112,7 +112,7 @@ public: * * @param tag The analyzer's tag. * - * @return True if sucessful. + * @return True if successful. */ bool DisableAnalyzer(Tag tag); @@ -123,7 +123,7 @@ public: * @param tag The analyzer's tag as an enum of script type \c * Analyzer::Tag. * - * @return True if sucessful. + * @return True if successful. */ bool DisableAnalyzer(EnumVal* tag); @@ -157,7 +157,7 @@ public: * * @param port The well-known port. * - * @return True if sucessful. + * @return True if successful. */ bool RegisterAnalyzerForPort(EnumVal* tag, PortVal* port); @@ -172,7 +172,7 @@ public: * * @param port The port's number. * - * @return True if sucessful. + * @return True if successful. */ bool RegisterAnalyzerForPort(Tag tag, TransportProto proto, uint32 port); @@ -184,7 +184,7 @@ public: * * @param port The well-known port. * - * @return True if sucessful (incl. when the port wasn't actually + * @return True if successful (incl. when the port wasn't actually * registered for the analyzer). * */ @@ -215,7 +215,7 @@ public: * have been added to the connection's analyzer tree yet. Returns * null if tag is invalid or the requested analyzer is disabled. */ - Analyzer* InstantiateAnalyzer(Tag tag, Connection* c); // Null if disabled or not available. + Analyzer* InstantiateAnalyzer(Tag tag, Connection* c); /** * Instantiates a new analyzer instance for a connection. @@ -229,7 +229,7 @@ public: * null if the name is not known or if the requested analyzer that is * disabled. */ - Analyzer* InstantiateAnalyzer(const char* name, Connection* c); // Null if disabled or not available. + Analyzer* InstantiateAnalyzer(const char* name, Connection* c); /** * Translates an analyzer tag into corresponding analyzer name. diff --git a/src/analyzer/Tag.h b/src/analyzer/Tag.h index 9b2fea4a9b..cf33dca41c 100644 --- a/src/analyzer/Tag.h +++ b/src/analyzer/Tag.h @@ -28,7 +28,7 @@ class Component; * assigns them their main types), and analyzer::Component creates new * tags. * - * The Tag class supports all operations necessary to act at the index in a + * The Tag class supports all operations necessary to act as an index in a * \c std::map. */ class Tag { @@ -90,7 +90,7 @@ public: /** * Assignment operator. */ - Tag& operator=(const Tag& other); + Tag& operator=(const Tag& other); /** * Compares two tags for equality. diff --git a/src/analyzer/protocol/http/events.bif b/src/analyzer/protocol/http/events.bif index ead8bc254b..7a509c6d54 100644 --- a/src/analyzer/protocol/http/events.bif +++ b/src/analyzer/protocol/http/events.bif @@ -18,7 +18,7 @@ ## version: The version number specified in the request (e.g., ``1.1``). ## ## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity -## http_entity_data http_event http_header http_message_done ply http_stats +## http_entity_data http_event http_header http_message_done http_reply http_stats ## truncate_http_URI event http_request%(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string%); diff --git a/src/analyzer/protocol/login/events.bif b/src/analyzer/protocol/login/events.bif index 084f53eaad..68f1c3cf11 100644 --- a/src/analyzer/protocol/login/events.bif +++ b/src/analyzer/protocol/login/events.bif @@ -87,7 +87,8 @@ event rsh_reply%(c: connection, client_user: string, server_user: string, line: ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event login_failure%(c: connection, user: string, client_user: string, password: string, line: string%); ## Generated for successful Telnet/Rlogin logins. The *login* analyzer inspects @@ -121,7 +122,8 @@ event login_failure%(c: connection, user: string, client_user: string, password: ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event login_success%(c: connection, user: string, client_user: string, password: string, line: string%); ## Generated for lines of input on Telnet/Rlogin sessions. The line will have @@ -137,7 +139,8 @@ event login_success%(c: connection, user: string, client_user: string, password: ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event login_input_line%(c: connection, line: string%); ## Generated for lines of output on Telnet/Rlogin sessions. The line will have @@ -153,7 +156,8 @@ event login_input_line%(c: connection, line: string%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event login_output_line%(c: connection, line: string%); ## Generated when tracking of Telnet/Rlogin authentication failed. As Bro's @@ -179,7 +183,8 @@ event login_output_line%(c: connection, line: string%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event login_confused%(c: connection, msg: string, line: string%); ## Generated after getting confused while tracking a Telnet/Rlogin @@ -199,7 +204,8 @@ event login_confused%(c: connection, msg: string, line: string%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event login_confused_text%(c: connection, line: string%); ## Generated for clients transmitting a terminal type in a Telnet session. This @@ -215,7 +221,8 @@ event login_confused_text%(c: connection, line: string%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event login_terminal%(c: connection, terminal: string%); ## Generated for clients transmitting an X11 DISPLAY in a Telnet session. This @@ -231,7 +238,8 @@ event login_terminal%(c: connection, terminal: string%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event login_display%(c: connection, display: string%); ## Generated when a Telnet authentication has been successful. The Telnet @@ -255,7 +263,8 @@ event login_display%(c: connection, display: string%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event authentication_accepted%(name: string, c: connection%); ## Generated when a Telnet authentication has been unsuccessful. The Telnet @@ -279,7 +288,8 @@ event authentication_accepted%(name: string, c: connection%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event authentication_rejected%(name: string, c: connection%); ## Generated for Telnet/Rlogin sessions when a pattern match indicates @@ -302,7 +312,8 @@ event authentication_rejected%(name: string, c: connection%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event authentication_skipped%(c: connection%); ## Generated for clients transmitting a terminal prompt in a Telnet session. @@ -322,7 +333,8 @@ event authentication_skipped%(c: connection%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event login_prompt%(c: connection, prompt: string%); ## Generated for Telnet sessions when encryption is activated. The Telnet @@ -373,7 +385,8 @@ event inconsistent_option%(c: connection%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event bad_option%(c: connection%); ## Generated for a Telnet option that's incorrectly terminated. @@ -391,5 +404,6 @@ event bad_option%(c: connection%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event bad_option_termination%(c: connection%); diff --git a/src/analyzer/protocol/rpc/events.bif b/src/analyzer/protocol/rpc/events.bif index f0050ab446..72c57aff74 100644 --- a/src/analyzer/protocol/rpc/events.bif +++ b/src/analyzer/protocol/rpc/events.bif @@ -675,7 +675,8 @@ event pm_bad_port%(r: connection, bad_p: count%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status: rpc_status, start_time: time, call_len: count, reply_len: count%); ## Generated for RPC *call* messages. @@ -701,7 +702,8 @@ event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status: ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count, call_len: count%); ## Generated for RPC *reply* messages. @@ -724,5 +726,6 @@ event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count, ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## corresponding entry to :bro:see:`dpd_config` or a DPD payload signature. +## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## signature. event rpc_reply%(c: connection, xid: count, status: rpc_status, reply_len: count%); diff --git a/src/analyzer/protocol/tcp/events.bif b/src/analyzer/protocol/tcp/events.bif index 05a280024d..af61783ac4 100644 --- a/src/analyzer/protocol/tcp/events.bif +++ b/src/analyzer/protocol/tcp/events.bif @@ -10,7 +10,7 @@ ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused ## connection_state_remove connection_status_update connection_timeout -## expected_connection_seen new_connection partial_connection +## scheduled_analyzer_applied new_connection partial_connection event new_connection_contents%(c: connection%); ## Generated for an unsuccessful connection attempt. This event is raised when @@ -25,7 +25,7 @@ event new_connection_contents%(c: connection%); ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove -## connection_status_update connection_timeout expected_connection_seen +## connection_status_update connection_timeout scheduled_analyzer_applied ## new_connection new_connection_contents partial_connection event connection_attempt%(c: connection%); @@ -41,7 +41,7 @@ event connection_attempt%(c: connection%); ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove -## connection_status_update connection_timeout expected_connection_seen +## connection_status_update connection_timeout scheduled_analyzer_applied ## new_connection new_connection_contents partial_connection event connection_established%(c: connection%); @@ -57,7 +57,7 @@ event connection_established%(c: connection%); ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused ## connection_state_remove connection_status_update connection_timeout -## expected_connection_seen new_connection new_connection_contents +## scheduled_analyzer_applied new_connection new_connection_contents ## event partial_connection%(c: connection%); @@ -73,7 +73,7 @@ event partial_connection%(c: connection%); ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove -## connection_status_update connection_timeout expected_connection_seen +## connection_status_update connection_timeout scheduled_analyzer_applied ## new_connection new_connection_contents partial_connection event connection_partial_close%(c: connection%); @@ -86,7 +86,7 @@ event connection_partial_close%(c: connection%); ## connection_established connection_external connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove -## connection_status_update connection_timeout expected_connection_seen +## connection_status_update connection_timeout scheduled_analyzer_applied ## new_connection new_connection_contents partial_connection event connection_finished%(c: connection%); @@ -100,7 +100,7 @@ event connection_finished%(c: connection%); ## connection_established connection_external connection_finished ## connection_first_ACK connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove -## connection_status_update connection_timeout expected_connection_seen +## connection_status_update connection_timeout scheduled_analyzer_applied ## new_connection new_connection_contents partial_connection event connection_half_finished%(c: connection%); @@ -112,7 +112,7 @@ event connection_half_finished%(c: connection%); ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_reset connection_reused connection_state_remove -## connection_status_update connection_timeout expected_connection_seen +## connection_status_update connection_timeout scheduled_analyzer_applied ## new_connection new_connection_contents partial_connection ## ## c: The connection. @@ -136,7 +136,7 @@ event connection_rejected%(c: connection%); ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reused ## connection_state_remove connection_status_update connection_timeout -## expected_connection_seen new_connection new_connection_contents +## scheduled_analyzer_applied new_connection new_connection_contents ## partial_connection event connection_reset%(c: connection%); @@ -148,7 +148,7 @@ event connection_reset%(c: connection%); ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_rejected connection_reset connection_reused connection_state_remove -## connection_status_update connection_timeout expected_connection_seen +## connection_status_update connection_timeout scheduled_analyzer_applied ## new_connection new_connection_contents partial_connection bro_done event connection_pending%(c: connection%); @@ -163,7 +163,7 @@ event connection_pending%(c: connection%); ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove -## connection_status_update connection_timeout expected_connection_seen +## connection_status_update connection_timeout scheduled_analyzer_applied ## new_connection new_connection_contents partial_connection ## ## .. note:: @@ -184,7 +184,7 @@ event connection_SYN_packet%(c: connection, pkt: SYN_packet%); ## connection_established connection_external connection_finished ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove -## connection_status_update connection_timeout expected_connection_seen +## connection_status_update connection_timeout scheduled_analyzer_applied ## new_connection new_connection_contents partial_connection ## ## .. note:: @@ -204,7 +204,7 @@ event connection_first_ACK%(c: connection%); ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove -## connection_status_update connection_timeout expected_connection_seen +## connection_status_update connection_timeout scheduled_analyzer_applied ## new_connection new_connection_contents partial_connection event connection_EOF%(c: connection, is_orig: bool%); diff --git a/src/bro.bif b/src/bro.bif index 07a98327b3..efb913bbf7 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -3699,7 +3699,7 @@ function file_mode%(mode: count%): string ## Returns: True if the connection identified by *cid* exists and has analyzer ## *aid*. ## -## .. bro:see:: expect_connection analyzer_name +## .. bro:see:: Analyzer::schedule_analyzer Analyzer::name function disable_analyzer%(cid: conn_id, aid: count%) : bool %{ Connection* c = sessions->FindConnection(cid); diff --git a/src/event.bif b/src/event.bif index 6ddcf21682..f7fd9b4147 100644 --- a/src/event.bif +++ b/src/event.bif @@ -107,8 +107,9 @@ event tunnel_changed%(c: connection, e: EncapsulatingConnVector%); ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused -## connection_state_remove connection_status_update expected_connection_seen -## new_connection new_connection_contents partial_connection +## connection_state_remove connection_status_update +## scheduled_analyzer_applied new_connection new_connection_contents +## partial_connection ## ## .. note:: ## @@ -201,14 +202,15 @@ event connection_external%(c: connection, tag: string%); event udp_session_done%(u: connection%); ## Generated when a connection is seen that is marked as being expected. -## The function :bro:id:`expect_connection` tells Bro to expect a particular -## connection to come up, and which analyzer to associate with it. Once the -## first packet of such a connection is indeed seen, this event is raised. +## The function :bro:id:`Analyzer::schedule_analyzer` tells Bro to expect a +## particular connection to come up, and which analyzer to associate with it. +## Once the first packet of such a connection is indeed seen, this event is +## raised. ## ## c: The connection. ## ## a: The analyzer that was scheduled for the connection with the -## :bro:id:`expect_connection` call. When the event is raised, that +## :bro:id:`Analyzer::schedule_analyzer` call. When the event is raised, that ## analyzer will already have been activated to process the connection. The ## ``count`` is one of the ``ANALYZER_*`` constants, e.g., ``ANALYZER_HTTP``. ## diff --git a/src/plugin/Macros.h b/src/plugin/Macros.h index 9d063cd60a..0cbf00f899 100644 --- a/src/plugin/Macros.h +++ b/src/plugin/Macros.h @@ -70,10 +70,10 @@ #define BRO_PLUGIN_VERSION(v) SetVersion(v) /** - * Adds scrip-level items defined in a \c *.bif file to what the plugin + * Adds script-level items defined in a \c *.bif file to what the plugin * provides. * - * @param file A string with the name of \c *.bif file. When loaded, the the + * @param file A string with the name of \c *.bif file. When loaded, the * plugin will make all items defined in the file available to Bro's script * interpreter. */ @@ -82,7 +82,7 @@ AddBifInitFunction(&__bif_##file##_init); /** - * Defines a component implementating a protocol analyzer. + * Defines a component implementing a protocol analyzer. * * @param tag A string with the analyzer's tag. This must be unique across * all loaded analyzers and will translate into a corresponding \c ANALYZER_* @@ -95,11 +95,11 @@ AddComponent(new ::analyzer::Component(tag, ::analyzer::cls::InstantiateAnalyzer)); /** - * Defines a component implementating an protocol analyzer class that will + * Defines a component implementing a protocol analyzer class that will * not be instantiated dynamically. This is for two use-cases: (1) abstract * analyzer base classes that aren't instantiated directly; and (2) analyzers * that are only instantiated explicitly by other Bro components, but not - * dynmically by the manager based on their tag (e.g., the ZIP analyzer is + * dynamically by the manager based on their tag (e.g., the ZIP analyzer is * attached by the HTTP analyzer when corresponding content is found). * * @param tag A string with the analyzer's tag. This must be unique across diff --git a/src/plugin/Plugin.h b/src/plugin/Plugin.h index 189fdf5c52..7ec6a11884 100644 --- a/src/plugin/Plugin.h +++ b/src/plugin/Plugin.h @@ -80,7 +80,7 @@ private: * components, a plugin can also provide of script-level elements defined in * *.bif files. * - * Currently, all plugins ard compiled statically into the final Bro binary. + * Currently, all plugins are compiled statically into the final Bro binary. * Later, we will extend the infrastructure to also support plugins loaded * dynamically as shared libraries. */ @@ -124,8 +124,6 @@ public: /** * Returns a list of all components the plugin provides. - * BRO_PLUGIN_VERSION_BUILTIN indiciates that it's a plugin compiled - * in statically. */ component_list Components();