Changes to IRC analyzer and events (addresses #469).

- Removed irc_client and irc_server events. - Added is_orig arguments to all other irc events. - Fix analyzer not recognizing Turbo DCC extension message format. - Fix analyzer not generating irc_dcc_message event when irc_privmsg_message event doesn't have a handler registered. - Changes to IRC policy scripts to use the above changes.
2025-10-06 08:38:20 +00:00 · 2011-07-19 17:06:01 -05:00 · 2011-07-19 17:06:01 -05:00 · a73ef6f0e1
commit a73ef6f0e1
parent 2eb12fef61
4 changed files with 131 additions and 124 deletions
--- a/src/IRC.cc
+++ b/src/IRC.cc
@ -33,8 +33,8 @@ bool IRC_Analyzer::Available()
 		{
 		// It's a lot of events, but for consistency with other
 		// analyzers we need to check for all of them.
-		avail = irc_client || irc_server || irc_request || irc_reply ||
-			irc_message || irc_enter_message || irc_quit_message ||
+		avail = irc_request || irc_reply ||
+			irc_message || irc_quit_message ||
 			irc_privmsg_message || irc_notice_message ||
 			irc_squery_message || irc_join_message ||
 			irc_part_message || irc_nick_message ||
@ -97,28 +97,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)


 	if ( orig )
-		{
 		ProtocolConfirmation();
-		if ( irc_client )
-			{
-			val_list* vl = new val_list;
-			vl->append(BuildConnVal());
-			vl->append(new StringVal(prefix.c_str()));
-			vl->append(new StringVal(myline.c_str()));
-			ConnectionEvent(irc_client, vl);
-			}
-		}
-	else
-		{
-		if ( irc_server )
-			{
-			val_list* vl = new val_list;
-			vl->append(BuildConnVal());
-			vl->append(new StringVal(prefix.c_str()));
-			vl->append(new StringVal(myline.c_str()));
-			ConnectionEvent(irc_server, vl);
-			}
-		}

 	int code = 0;
 	string command = "";
@ -260,6 +239,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new Val(users, TYPE_INT));
 			vl->append(new Val(services, TYPE_INT));
 			vl->append(new Val(servers, TYPE_INT));
@ -296,6 +276,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(type.c_str()));
 			vl->append(new StringVal(channel.c_str()));

@ -338,6 +319,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new Val(users, TYPE_INT));
 			vl->append(new Val(services, TYPE_INT));
 			vl->append(new Val(servers, TYPE_INT));
@ -360,6 +342,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new Val(channels, TYPE_INT));

 			ConnectionEvent(irc_channel_info, vl);
@ -392,6 +375,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(eop - prefix, prefix));
 			vl->append(new StringVal(++msg));
 			ConnectionEvent(irc_global_users, vl);
@ -416,6 +400,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(parts[0].c_str()));
 			vl->append(new StringVal(parts[1].c_str()));
 			vl->append(new StringVal(parts[2].c_str()));
@ -454,6 +439,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(parts[0].c_str()));

 			ConnectionEvent(irc_whois_operator_line, vl);
@ -484,6 +470,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(nick.c_str()));
 			TableVal* set = new TableVal(string_set);
 			for ( unsigned int i = 0; i < parts.size(); ++i )
@ -519,6 +506,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				val_list* vl = new val_list;

 				vl->append(BuildConnVal());
+				vl->append(new Val(orig, TYPE_BOOL));
 				vl->append(new StringVal(parts[1].c_str()));

 				const char* t = topic.c_str();
@ -552,6 +540,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(parts[0].c_str()));
 			vl->append(new StringVal(parts[1].c_str()));
 			if ( parts[2][0] == '~' )
@ -579,6 +568,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				{
 				val_list* vl = new val_list;
 				vl->append(BuildConnVal());
+				vl->append(new Val(orig, TYPE_BOOL));
 				ConnectionEvent(irc_invalid_nick, vl);
 				}
 			break;
@ -590,6 +580,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				{
 				val_list* vl = new val_list;
 				vl->append(BuildConnVal());
+				vl->append(new Val(orig, TYPE_BOOL));
 				vl->append(new Val(code == 381, TYPE_BOOL));
 				ConnectionEvent(irc_oper_response, vl);
 				}
@ -599,6 +590,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		default:
 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(prefix.c_str()));
 			vl->append(new Val(code, TYPE_COUNT));
 			vl->append(new StringVal(params.c_str()));
@ -622,7 +614,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		return;
 		}

-	else if ( irc_privmsg_message && command == "PRIVMSG")
+	else if ( irc_privmsg_message || irc_dcc_message && command == "PRIVMSG")
 		{
 		unsigned int pos = params.find(' ');
 		if ( pos >= params.size() )
@ -649,8 +641,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			vector<string> parts = SplitWords(message, ' ');
 			if ( parts.size() < 5 || parts.size() > 6 )
 				{
-				Weird("irc_invalid_dcc_message_format");
-				return;
+				// Turbo DCC extension appends a "T" at the end of handshake
+				if ( ! (parts.size() == 7 && parts[6] == "T") )
+					{
+					Weird("irc_invalid_dcc_message_format");
+					return;
+					}
 				}

 			// Calculate IP address.
@ -663,13 +659,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(prefix.c_str()));
 			vl->append(new StringVal(target.c_str()));
 			vl->append(new StringVal(parts[1].c_str()));
 			vl->append(new StringVal(parts[2].c_str()));
 			vl->append(new AddrVal(htonl(raw_ip)));
-			vl->append(new Val(atoi(parts[4].c_str()), TYPE_INT));
-			if ( parts.size() == 6 )
+			vl->append(new Val(atoi(parts[4].c_str()), TYPE_COUNT));
+			if ( parts.size() >= 6 )
 				vl->append(new Val(atoi(parts[5].c_str()),
 							TYPE_INT));
 			else
@ -682,6 +679,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			{
 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(prefix.c_str()));
 			vl->append(new StringVal(target.c_str()));
 			vl->append(new StringVal(message.c_str()));
@ -706,6 +704,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));
 		vl->append(new StringVal(prefix.c_str()));
 		vl->append(new StringVal(target.c_str()));
 		vl->append(new StringVal(message.c_str()));
@ -729,6 +728,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));
 		vl->append(new StringVal(prefix.c_str()));
 		vl->append(new StringVal(target.c_str()));
 		vl->append(new StringVal(message.c_str()));
@ -742,6 +742,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		vector<string> parts = SplitWords(params, ' ');
 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));

 		if ( parts.size() > 0 )
 			vl->append(new StringVal(parts[0].c_str()));
@ -777,6 +778,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			{
 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(parts[0].c_str()));
 			vl->append(new StringVal(parts[1].c_str()));

@ -799,6 +801,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));
 		vl->append(new StringVal(prefix.c_str()));
 		vl->append(new StringVal(parts[0].c_str()));
 		vl->append(new StringVal(parts[1].c_str()));
@ -842,6 +845,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));

 		TableVal* list = new TableVal(irc_join_list);
 		vector<string> channels = SplitWords(parts[0], ',');
@ -888,6 +892,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));

 		TableVal* list = new TableVal(irc_join_list);
 		string empty_string = "";
@ -965,6 +970,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));
 		vl->append(new StringVal(nick.c_str()));
 		vl->append(set);
 		vl->append(new StringVal(message.c_str()));
@ -988,6 +994,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));
+		vl->append(new Val(orig, TYPE_BOOL));
 		vl->append(new StringVal(nickname.c_str()));
 		vl->append(new StringVal(message.c_str()));

@ -1002,6 +1010,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));
 		vl->append(new StringVal(prefix.c_str()));
 		vl->append(new StringVal(nick.c_str()));

@ -1027,6 +1036,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));
 		vl->append(new StringVal(parts[0].c_str()));
 		vl->append(new Val(oper, TYPE_BOOL));

@ -1055,6 +1065,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));
 		vl->append(new StringVal(server.c_str()));
 		vl->append(new StringVal(users.c_str()));

@ -1065,6 +1076,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		{
 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));
 		vl->append(new StringVal(prefix.c_str()));
 		if ( params[0] == ':' )
 			params = params.substr(1);
@ -1083,6 +1095,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(prefix.c_str()));
 			vl->append(new StringVal(parts[0].c_str()));
 			vl->append(new StringVal(parts[1].c_str()));
@ -1099,6 +1112,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			{
 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(prefix.c_str()));
 			vl->append(new StringVal(params.c_str()));

@ -1113,6 +1127,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		{
 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));
 		vl->append(new StringVal(params.c_str()));
 		ConnectionEvent(irc_password_message, vl);
 		}
@ -1133,6 +1148,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)

 		val_list* vl = new val_list;
 		vl->append(BuildConnVal());
+		vl->append(new Val(orig, TYPE_BOOL));
 		vl->append(new StringVal(prefix.c_str()));
 		vl->append(new StringVal(server.c_str()));
 		vl->append(new StringVal(message.c_str()));
@ -1147,6 +1163,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			{
 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(prefix.c_str()));
 			vl->append(new StringVal(command.c_str()));
 			vl->append(new StringVal(params.c_str()));
@ -1161,6 +1178,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			{
 			val_list* vl = new val_list;
 			vl->append(BuildConnVal());
+			vl->append(new Val(orig, TYPE_BOOL));
 			vl->append(new StringVal(prefix.c_str()));
 			vl->append(new StringVal(command.c_str()));
 			vl->append(new StringVal(params.c_str()));