Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 20:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Reformat the world

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-09-16 15:35:39 -07:00
parent 194cb24547
commit b2f171ec69
714 changed files with 35149 additions and 35203 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/iosource/pcap/Dumper.cc
View file

@ -2,15 +2,15 @@
#include "zeek/iosource/pcap/Dumper.h"
#include <sys/stat.h>
#include <errno.h>
#include <sys/stat.h>
#include "zeek/iosource/PktSrc.h"
#include "zeek/RunState.h"
#include "zeek/iosource/PktSrc.h"
#include "zeek/iosource/pcap/pcap.bif.h"
namespace zeek::iosource::pcap {
namespace zeek::iosource::pcap
{
PcapDumper::PcapDumper(const std::string& path, bool arg_append)
{
@ -20,9 +20,7 @@ PcapDumper::PcapDumper(const std::string& path, bool arg_append)
pd = nullptr;
}
PcapDumper::~PcapDumper()
{
}
PcapDumper::~PcapDumper() { }
void PcapDumper::Open()
{
@ -74,7 +72,7 @@ void PcapDumper::Open()
// is not supported by libpcap. So, we have to hack a
// little bit, knowing that pcap_dumpter_t is, in fact,
// a FILE ... :-(
dumper = (pcap_dumper_t*) fopen(props.path.c_str(), "a");
dumper = (pcap_dumper_t*)fopen(props.path.c_str(), "a");
if ( ! dumper )
{
Error(util::fmt("can't open dump %s: %s", props.path.c_str(), strerror(errno)));
@ -105,11 +103,9 @@ bool PcapDumper::Dump(const Packet* pkt)
return false;
// Reconstitute the pcap_pkthdr.
const struct pcap_pkthdr phdr = {
.ts = pkt->ts, .caplen = pkt->cap_len, .len = pkt->len
};
const struct pcap_pkthdr phdr = {.ts = pkt->ts, .caplen = pkt->cap_len, .len = pkt->len};
pcap_dump((u_char*) dumper, &phdr, pkt->data);
pcap_dump((u_char*)dumper, &phdr, pkt->data);
return true;
}
@ -118,4 +114,4 @@ iosource::PktDumper* PcapDumper::Instantiate(const std::string& path, bool appen
return new PcapDumper(path, append);
}
} // namespace zeek::iosource::pcap
} // namespace zeek::iosource::pcap

15
src/iosource/pcap/Dumper.h
View file

@ -2,15 +2,18 @@
#pragma once
extern "C" {
extern "C"
{
#include <pcap.h>
}
}
#include "zeek/iosource/PktDumper.h"
namespace zeek::iosource::pcap {
namespace zeek::iosource::pcap
{
class PcapDumper : public PktDumper {
class PcapDumper : public PktDumper
{
public:
PcapDumper(const std::string& path, bool append);
~PcapDumper() override;
@ -29,6 +32,6 @@ private:
bool append;
pcap_dumper_t* dumper;
pcap_t* pd;
};
};
} // namespace zeek::iosource::pcap
} // namespace zeek::iosource::pcap

23
src/iosource/pcap/Plugin.cc
View file

@ -1,27 +1,30 @@
// See the file in the main distribution directory for copyright.
#include "zeek/plugin/Plugin.h"
#include "zeek/iosource/Component.h"
#include "zeek/iosource/pcap/Source.h"
#include "zeek/iosource/pcap/Dumper.h"
#include "zeek/iosource/pcap/Source.h"
namespace zeek::plugin::detail::Zeek_Pcap {
namespace zeek::plugin::detail::Zeek_Pcap
{
class Plugin : public plugin::Plugin {
class Plugin : public plugin::Plugin
{
public:
plugin::Configuration Configure() override
{
AddComponent(new iosource::PktSrcComponent(
"PcapReader", "pcap", iosource::PktSrcComponent::BOTH,
iosource::pcap::PcapSource::Instantiate));
AddComponent(new iosource::PktDumperComponent(
"PcapWriter", "pcap", iosource::pcap::PcapDumper::Instantiate));
AddComponent(new iosource::PktSrcComponent("PcapReader", "pcap",
iosource::PktSrcComponent::BOTH,
iosource::pcap::PcapSource::Instantiate));
AddComponent(new iosource::PktDumperComponent("PcapWriter", "pcap",
iosource::pcap::PcapDumper::Instantiate));
plugin::Configuration config;
config.name = "Zeek::Pcap";
config.description = "Packet acquisition via libpcap";
return config;
}
} plugin;
} plugin;
} // namespace zeek::plugin::detail::Zeek_Pcap
} // namespace zeek::plugin::detail::Zeek_Pcap

84
src/iosource/pcap/Source.cc
View file

@ -1,19 +1,20 @@
// See the file in the main distribution directory for copyright.
#include "zeek/zeek-config.h"
#include "zeek/iosource/pcap/Source.h"
#include "zeek/zeek-config.h"
#ifdef HAVE_PCAP_INT_H
#include <pcap-int.h>
#endif
#include "zeek/iosource/Packet.h"
#include "zeek/iosource/BPF_Program.h"
#include "zeek/Event.h"
#include "zeek/iosource/BPF_Program.h"
#include "zeek/iosource/Packet.h"
#include "zeek/iosource/pcap/pcap.bif.h"
namespace zeek::iosource::pcap {
namespace zeek::iosource::pcap
{
PcapSource::~PcapSource()
{
@ -156,7 +157,7 @@ void PcapSource::OpenLive()
#endif
#ifdef HAVE_PCAP_INT_H
Info(util::fmt("pcap bufsize = %d\n", ((struct pcap *) pd)->bufsize));
Info(util::fmt("pcap bufsize = %d\n", ((struct pcap*)pd)->bufsize));
#endif
props.selectable_fd = pcap_get_selectable_fd(pd);
@ -200,39 +201,40 @@ bool PcapSource::ExtractNextPacket(Packet* pkt)
int res = pcap_next_ex(pd, &header, &data);
switch ( res ) {
case PCAP_ERROR_BREAK: // -2
// Exhausted pcap file, no more packets to read.
assert(! props.is_live);
Close();
return false;
case PCAP_ERROR: // -1
// Error occurred while reading the packet.
if ( props.is_live )
reporter->Error("failed to read a packet from %s: %s",
props.path.data(), pcap_geterr(pd));
else
reporter->FatalError("failed to read a packet from %s: %s",
props.path.data(), pcap_geterr(pd));
return false;
case 0:
// Read from live interface timed out (ok).
return false;
case 1:
// Read a packet without problem.
// Although, some libpcaps may claim to have read a packet, but either did
// not really read a packet or at least provide no way to access its
// contents, so the following check for null-data helps handle those cases.
if ( ! data )
{
reporter->Weird("pcap_null_data_packet");
switch ( res )
{
case PCAP_ERROR_BREAK: // -2
// Exhausted pcap file, no more packets to read.
assert(! props.is_live);
Close();
return false;
}
break;
default:
reporter->InternalError("unhandled pcap_next_ex return value: %d", res);
return false;
}
case PCAP_ERROR: // -1
// Error occurred while reading the packet.
if ( props.is_live )
reporter->Error("failed to read a packet from %s: %s", props.path.data(),
pcap_geterr(pd));
else
reporter->FatalError("failed to read a packet from %s: %s", props.path.data(),
pcap_geterr(pd));
return false;
case 0:
// Read from live interface timed out (ok).
return false;
case 1:
// Read a packet without problem.
// Although, some libpcaps may claim to have read a packet, but either did
// not really read a packet or at least provide no way to access its
// contents, so the following check for null-data helps handle those cases.
if ( ! data )
{
reporter->Weird("pcap_null_data_packet");
return false;
}
break;
default:
reporter->InternalError("unhandled pcap_next_ex return value: %d", res);
return false;
}
pkt->Init(props.link_type, &header->ts, header->caplen, header->len, data);
@ -269,9 +271,7 @@ bool PcapSource::SetFilter(int index)
if ( ! code )
{
snprintf(errbuf, sizeof(errbuf),
"No precompiled pcap filter for index %d",
index);
snprintf(errbuf, sizeof(errbuf), "No precompiled pcap filter for index %d", index);
Error(errbuf);
return false;
}
@ -350,4 +350,4 @@ iosource::PktSrc* PcapSource::Instantiate(const std::string& path, bool is_live)
return new PcapSource(path, is_live);
}
} // namespace zeek::iosource::pcap
} // namespace zeek::iosource::pcap

17
src/iosource/pcap/Source.h
View file

@ -4,15 +4,18 @@
#include <sys/types.h> // for u_char
extern "C" {
extern "C"
{
#include <pcap.h>
}
}
#include "zeek/iosource/PktSrc.h"
namespace zeek::iosource::pcap {
namespace zeek::iosource::pcap
{
class PcapSource : public PktSrc {
class PcapSource : public PktSrc
{
public:
PcapSource(const std::string& path, bool is_live);
~PcapSource() override;
@ -37,7 +40,7 @@ private:
Properties props;
Stats stats;
pcap_t *pd;
};
pcap_t* pd;
};
} // namespace zeek::iosource::pcap
} // namespace zeek::iosource::pcap