Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 03:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Reformat the world

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-09-16 15:35:39 -07:00
parent 194cb24547
commit b2f171ec69
714 changed files with 35149 additions and 35203 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/session/Key.cc
View file

@ -2,10 +2,10 @@
#include <cstring>
namespace zeek::session::detail {
namespace zeek::session::detail
{
Key::Key(const void* session, size_t size, size_t type, bool copy) :
size(size), type(type)
Key::Key(const void* session, size_t size, size_t type, bool copy) : size(size), type(type)
{
data = reinterpret_cast<const uint8_t*>(session);
@ -45,7 +45,7 @@ Key& Key::operator=(Key&& rhs)
Key::~Key()
{
if ( copied )
delete [] data;
delete[] data;
}
void Key::CopyData()
@ -55,7 +55,7 @@ void Key::CopyData()
copied = true;
uint8_t *temp = new uint8_t[size];
uint8_t* temp = new uint8_t[size];
memcpy(temp, data, size);
data = temp;
}
@ -80,4 +80,4 @@ bool Key::operator==(const Key& rhs) const
return memcmp(data, rhs.data, size) == 0;
}
} // namespace zeek::session::detail
} // namespace zeek::session::detail

25
src/session/Key.h
View file

@ -4,9 +4,11 @@
#include <cstddef>
#include <cstdint>
#include "zeek/Hash.h"
namespace zeek::session::detail {
namespace zeek::session::detail
{
struct KeyHash;
@ -20,10 +22,10 @@ struct KeyHash;
* the data is copied into the object so the lifetime of the key data is
* guaranteed over the lifetime of the map entry.
*/
class Key final {
class Key final
{
public:
const static size_t CONNECTION_KEY_TYPE=0;
const static size_t CONNECTION_KEY_TYPE = 0;
/**
* Create a new session key from a data pointer.
@ -38,7 +40,7 @@ public:
* during construction. This defaults to false because normally the only time
* data is copied into the key is when it's inserted into the session map.
*/
Key(const void* key_data, size_t size, size_t type, bool copy=false);
Key(const void* key_data, size_t size, size_t type, bool copy = false);
~Key();
@ -62,9 +64,7 @@ public:
bool operator<(const Key& rhs) const;
bool operator==(const Key& rhs) const;
std::size_t Hash() const {
return zeek::detail::HashKey::HashBytes(data, size);
}
std::size_t Hash() const { return zeek::detail::HashKey::HashBytes(data, size); }
private:
friend struct KeyHash;
@ -73,10 +73,11 @@ private:
size_t size = 0;
size_t type = CONNECTION_KEY_TYPE;
bool copied = false;
};
};
struct KeyHash {
struct KeyHash
{
std::size_t operator()(const Key& k) const { return k.Hash(); }
};
};
} // namespace zeek::session::detail
} // namespace zeek::session::detail

89
src/session/Manager.cc
View file

@ -1,50 +1,50 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "zeek/zeek-config.h"
#include "zeek/session/Manager.h"
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <pcap.h>
#include <stdlib.h>
#include <unistd.h>
#include <pcap.h>
#include "zeek/Desc.h"
#include "zeek/RunState.h"
#include "zeek/Event.h"
#include "zeek/Timer.h"
#include "zeek/NetVar.h"
#include "zeek/Reporter.h"
#include "zeek/RuleMatcher.h"
#include "zeek/session/Session.h"
#include "zeek/RunState.h"
#include "zeek/Timer.h"
#include "zeek/TunnelEncapsulation.h"
#include "zeek/telemetry/Manager.h"
#include "zeek/analyzer/Manager.h"
#include "zeek/iosource/IOSource.h"
#include "zeek/packet_analysis/Manager.h"
#include "zeek/session/Session.h"
#include "zeek/telemetry/Manager.h"
#include "zeek/zeek-config.h"
zeek::session::Manager* zeek::session_mgr = nullptr;
zeek::session::Manager*& zeek::sessions = zeek::session_mgr;
namespace zeek::session {
namespace detail {
namespace zeek::session
{
namespace detail
{
class ProtocolStats {
class ProtocolStats
{
public:
struct Protocol {
struct Protocol
{
telemetry::IntGauge active;
telemetry::IntCounter total;
ssize_t max = 0;
Protocol(telemetry::IntGaugeFamily active_family,
telemetry::IntCounterFamily total_family,
std::string protocol) : active(active_family.GetOrAdd({{"protocol", protocol}})),
total(total_family.GetOrAdd({{"protocol", protocol}}))
Protocol(telemetry::IntGaugeFamily active_family, telemetry::IntCounterFamily total_family,
std::string protocol)
: active(active_family.GetOrAdd({{"protocol", protocol}})),
total(total_family.GetOrAdd({{"protocol", protocol}}))
{
}
};
@ -56,11 +56,10 @@ public:
telemetry::IntGaugeFamily active_family = telemetry_mgr->GaugeFamily(
"zeek", "active-sessions", {"protocol"}, "Active Zeek Sessions");
telemetry::IntCounterFamily total_family = telemetry_mgr->CounterFamily(
"zeek", "total-sessions", {"protocol"},
"Total number of sessions", "1", true);
"zeek", "total-sessions", {"protocol"}, "Total number of sessions", "1", true);
auto [it, inserted] = entries.insert(
{protocol, Protocol{active_family, total_family, protocol}});
auto [it, inserted] =
entries.insert({protocol, Protocol{active_family, total_family, protocol}});
if ( inserted )
return it;
@ -81,11 +80,10 @@ public:
}
private:
ProtocolMap entries;
};
};
} // namespace detail
} // namespace detail
Manager::Manager()
{
@ -98,9 +96,7 @@ Manager::~Manager()
delete stats;
}
void Manager::Done()
{
}
void Manager::Done() { }
Connection* Manager::FindConnection(Val* v)
{
@ -111,7 +107,7 @@ Connection* Manager::FindConnection(Val* v)
RecordType* vr = vt->AsRecordType();
auto vl = v->As<RecordVal*>();
int orig_h, orig_p; // indices into record's value list
int orig_h, orig_p; // indices into record's value list
int resp_h, resp_p;
if ( vr == id::conn_id )
@ -142,18 +138,16 @@ Connection* Manager::FindConnection(Val* v)
auto orig_portv = vl->GetFieldAs<PortVal>(orig_p);
auto resp_portv = vl->GetFieldAs<PortVal>(resp_p);
zeek::detail::ConnKey conn_key(orig_addr, resp_addr,
htons((unsigned short) orig_portv->Port()),
htons((unsigned short) resp_portv->Port()),
orig_portv->PortType(), false);
zeek::detail::ConnKey conn_key(orig_addr, resp_addr, htons((unsigned short)orig_portv->Port()),
htons((unsigned short)resp_portv->Port()),
orig_portv->PortType(), false);
return FindConnection(conn_key);
}
Connection* Manager::FindConnection(const zeek::detail::ConnKey& conn_key)
{
detail::Key key(&conn_key, sizeof(conn_key),
detail::Key::CONNECTION_KEY_TYPE, false);
detail::Key key(&conn_key, sizeof(conn_key), detail::Key::CONNECTION_KEY_TYPE, false);
auto it = session_map.find(key);
if ( it != session_map.end() )
@ -228,8 +222,11 @@ void Manager::Drain()
for ( auto& entry : session_map )
keys.push_back(&(entry.first));
std::sort(keys.begin(), keys.end(), [](const detail::Key* a, const detail::Key* b) {
return *a < *b; });
std::sort(keys.begin(), keys.end(),
[](const detail::Key* a, const detail::Key* b)
{
return *a < *b;
});
for ( const auto* k : keys )
{
@ -294,7 +291,8 @@ void Manager::Weird(const char* name, const Packet* pkt, const char* addl, const
if ( pkt->ip_hdr )
{
reporter->Weird(pkt->ip_hdr->SrcAddr(), pkt->ip_hdr->DstAddr(), weird_name, addl, source);
reporter->Weird(pkt->ip_hdr->SrcAddr(), pkt->ip_hdr->DstAddr(), weird_name, addl,
source);
return;
}
}
@ -349,12 +347,11 @@ unsigned int Manager::MemoryAllocation()
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
return SessionMemoryUsage()
+ padded_sizeof(*this)
+ (session_map.size() * (sizeof(SessionMap::key_type) + sizeof(SessionMap::value_type)))
+ zeek::detail::fragment_mgr->MemoryAllocation();
// FIXME: MemoryAllocation() not implemented for rest.
;
return SessionMemoryUsage() + padded_sizeof(*this) +
(session_map.size() * (sizeof(SessionMap::key_type) + sizeof(SessionMap::value_type))) +
zeek::detail::fragment_mgr->MemoryAllocation();
// FIXME: MemoryAllocation() not implemented for rest.
;
#pragma GCC diagnostic pop
}
@ -381,4 +378,4 @@ zeek::detail::PacketFilter* Manager::GetPacketFilter(bool init)
return packet_mgr->GetPacketFilter(init);
}
} // namespace zeek::session
} // namespace zeek::session

83
src/session/Manager.h
View file

@ -7,14 +7,18 @@
#include <utility>
#include "zeek/Frag.h"
#include "zeek/NetVar.h"
#include "zeek/telemetry/Manager.h"
#include "zeek/Hash.h"
#include "zeek/NetVar.h"
#include "zeek/session/Session.h"
#include "zeek/telemetry/Manager.h"
namespace zeek {
namespace zeek
{
namespace detail { class PacketFilter; }
namespace detail
{
class PacketFilter;
}
class EncapsulationStack;
class Packet;
@ -22,11 +26,16 @@ class Connection;
struct ConnTuple;
class StatBlocks;
namespace session {
namespace session
{
namespace detail { class ProtocolStats; }
namespace detail
{
class ProtocolStats;
}
struct Stats {
struct Stats
{
size_t num_TCP_conns;
size_t max_TCP_conns;
uint64_t cumulative_TCP_conns;
@ -42,14 +51,15 @@ struct Stats {
size_t num_fragments;
size_t max_fragments;
uint64_t num_packets;
};
};
class Manager final {
class Manager final
{
public:
Manager();
~Manager();
void Done(); // call to drain events before destructing
void Done(); // call to drain events before destructing
// Looks up the connection referred to by the given Val,
// which should be a conn_id record. Returns nil if there's
@ -65,7 +75,7 @@ public:
Connection* FindConnection(const zeek::detail::ConnKey& conn_key);
void Remove(Session* s);
void Insert(Session* c, bool remove_existing=true);
void Insert(Session* c, bool remove_existing = true);
// Generating connection_pending events for all connections
// that are still active.
@ -76,37 +86,35 @@ public:
void GetStats(Stats& s);
void Weird(const char* name, const Packet* pkt,
const char* addl = "", const char* source = "");
void Weird(const char* name, const IP_Hdr* ip,
const char* addl = "");
void Weird(const char* name, const Packet* pkt, const char* addl = "", const char* source = "");
void Weird(const char* name, const IP_Hdr* ip, const char* addl = "");
[[deprecated("Remove in v5.1. Use packet_mgr->GetPacketFilter().")]]
zeek::detail::PacketFilter* GetPacketFilter(bool init=true);
[[deprecated("Remove in v5.1. Use packet_mgr->GetPacketFilter().")]] zeek::detail::PacketFilter*
GetPacketFilter(bool init = true);
unsigned int CurrentSessions()
unsigned int CurrentSessions() { return session_map.size(); }
[[deprecated("Remove in v5.1. Use CurrentSessions().")]] unsigned int CurrentConnections()
{
return session_map.size();
return CurrentSessions();
}
[[deprecated("Remove in v5.1. Use CurrentSessions().")]]
unsigned int CurrentConnections() { return CurrentSessions(); }
[[deprecated("Remove in v5.1. MemoryAllocation() is deprecated and will be removed. See "
"GHI-572.")]] unsigned int
SessionMemoryUsage();
[[deprecated("Remove in v5.1. MemoryAllocation() is deprecated and will be removed. See "
"GHI-572.")]] unsigned int
SessionMemoryUsageVals();
[[deprecated("Remove in v5.1. MemoryAllocation() is deprecated and will be removed. See GHI-572.")]]
unsigned int SessionMemoryUsage();
[[deprecated("Remove in v5.1. MemoryAllocation() is deprecated and will be removed. See GHI-572.")]]
unsigned int SessionMemoryUsageVals();
[[deprecated("Remove in v5.1. Use SessionMemoryUsage().")]]
unsigned int ConnectionMemoryUsage()
[[deprecated("Remove in v5.1. Use SessionMemoryUsage().")]] unsigned int ConnectionMemoryUsage()
{
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
return SessionMemoryUsage();
#pragma GCC diagnostic pop
}
[[deprecated("Remove in v5.1. Use SessionMemoryUsageVals().")]]
unsigned int ConnectionMemoryUsageConnVals()
[[deprecated("Remove in v5.1. Use SessionMemoryUsageVals().")]] unsigned int
ConnectionMemoryUsageConnVals()
{
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
@ -114,11 +122,11 @@ public:
#pragma GCC diagnostic pop
}
[[deprecated("Remove in v5.1. MemoryAllocation() is deprecated and will be removed. See GHI-572.")]]
unsigned int MemoryAllocation();
[[deprecated("Remove in v5.1. MemoryAllocation() is deprecated and will be removed. See "
"GHI-572.")]] unsigned int
MemoryAllocation();
private:
using SessionMap = std::unordered_map<detail::Key, Session*, detail::KeyHash>;
// Inserts a new connection into the sessions map. If a connection with
@ -130,14 +138,15 @@ private:
SessionMap session_map;
detail::ProtocolStats* stats;
};
};
} // namespace session
} // namespace session
// Manager for the currently active sessions.
extern session::Manager* session_mgr;
extern session::Manager*& sessions [[deprecated("Remove in v5.1. Use zeek::sessions::session_mgr.")]];
extern session::Manager*& sessions
[[deprecated("Remove in v5.1. Use zeek::sessions::session_mgr.")]];
using NetSessions [[deprecated("Remove in v5.1. Use zeek::session::Manager.")]] = session::Manager;
} // namespace zeek
} // namespace zeek

45
src/session/Session.cc
View file

@ -2,19 +2,20 @@
#include "zeek/session/Session.h"
#include "zeek/Reporter.h"
#include "zeek/analyzer/Analyzer.h"
#include "zeek/Val.h"
#include "zeek/Event.h"
#include "zeek/Desc.h"
#include "zeek/session/Manager.h"
#include "zeek/Event.h"
#include "zeek/IP.h"
#include "zeek/Reporter.h"
#include "zeek/Val.h"
#include "zeek/analyzer/Analyzer.h"
#include "zeek/session/Manager.h"
namespace zeek::session {
namespace detail {
namespace zeek::session
{
namespace detail
{
void Timer::Init(Session* arg_session, timer_func arg_timer,
bool arg_do_expire)
void Timer::Init(Session* arg_session, timer_func arg_timer, bool arg_do_expire)
{
session = arg_session;
timer = arg_timer;
@ -46,14 +47,11 @@ void Timer::Dispatch(double t, bool is_expire)
reporter->InternalError("reference count inconsistency in session::Timer::Dispatch");
}
} // namespace detail
} // namespace detail
Session::Session(double t,
EventHandlerPtr timeout_event,
EventHandlerPtr status_update_event,
Session::Session(double t, EventHandlerPtr timeout_event, EventHandlerPtr status_update_event,
double status_update_interval)
: start_time(t), last_time(t),
session_timeout_event(timeout_event),
: start_time(t), last_time(t), session_timeout_event(timeout_event),
session_status_update_event(status_update_event),
session_status_update_interval(status_update_interval)
{
@ -116,8 +114,8 @@ void Session::SetInactivityTimeout(double timeout)
}
if ( timeout )
ADD_TIMER(&Session::InactivityTimer,
last_time + timeout, 0, zeek::detail::TIMER_CONN_INACTIVITY);
ADD_TIMER(&Session::InactivityTimer, last_time + timeout, 0,
zeek::detail::TIMER_CONN_INACTIVITY);
inactivity_timeout = timeout;
}
@ -160,8 +158,7 @@ void Session::DeleteTimer(double /* t */)
session_mgr->Remove(this);
}
void Session::AddTimer(timer_func timer, double t, bool do_expire,
zeek::detail::TimerType type)
void Session::AddTimer(timer_func timer, double t, bool do_expire, zeek::detail::TimerType type)
{
if ( timers_canceled )
return;
@ -191,17 +188,15 @@ void Session::InactivityTimer(double t)
++zeek::detail::killed_by_inactivity;
}
else
ADD_TIMER(&Session::InactivityTimer,
last_time + inactivity_timeout, 0,
ADD_TIMER(&Session::InactivityTimer, last_time + inactivity_timeout, 0,
zeek::detail::TIMER_CONN_INACTIVITY);
}
void Session::StatusUpdateTimer(double t)
{
EnqueueEvent(session_status_update_event, nullptr, GetVal());
ADD_TIMER(&Session::StatusUpdateTimer,
run_state::network_time + session_status_update_interval, 0,
zeek::detail::TIMER_CONN_STATUS_UPDATE);
ADD_TIMER(&Session::StatusUpdateTimer, run_state::network_time + session_status_update_interval,
0, zeek::detail::TIMER_CONN_STATUS_UPDATE);
}
void Session::RemoveConnectionTimer(double t)
@ -210,4 +205,4 @@ void Session::RemoveConnectionTimer(double t)
session_mgr->Remove(this);
}
} // namespace zeek::session
} // namespace zeek::session

128
src/session/Session.h
View file

@ -4,28 +4,36 @@
#include <memory>
#include "zeek/EventHandler.h"
#include "zeek/Hash.h"
#include "zeek/Obj.h"
#include "zeek/EventHandler.h"
#include "zeek/Timer.h"
#include "zeek/session/Key.h"
namespace zeek {
namespace zeek
{
class RecordVal;
using RecordValPtr = IntrusivePtr<RecordVal>;
namespace analyzer { class Analyzer; }
namespace analyzer
{
class Analyzer;
}
namespace session {
namespace detail { class Timer; }
namespace session
{
namespace detail
{
class Timer;
}
class Session;
typedef void (Session::*timer_func)(double t);
class Session : public Obj {
class Session : public Obj
{
public:
/**
* Construct a new session.
*
@ -39,11 +47,10 @@ public:
* @param status_update_interval The interval in seconds for the status update
* event to be emitted. Setting this to zero disables the status update timer.
*/
Session(double t, EventHandlerPtr timeout_event,
EventHandlerPtr status_update_event = nullptr,
Session(double t, EventHandlerPtr timeout_event, EventHandlerPtr status_update_event = nullptr,
double status_update_interval = 0);
virtual ~Session() {}
virtual ~Session() { }
/**
* Invoked when the session is about to be removed. Use Ref(this)
@ -64,52 +71,53 @@ public:
/**
* Set whether this session is in the session table.
*/
void SetInSessionTable(bool in_table) { in_session_table = in_table; }
void SetInSessionTable(bool in_table) { in_session_table = in_table; }
/**
* Return whether this session is in the session table.
*/
bool IsInSessionTable() const { return in_session_table; }
bool IsInSessionTable() const { return in_session_table; }
double StartTime() const { return start_time; }
void SetStartTime(double t) { start_time = t; }
double LastTime() const { return last_time; }
void SetLastTime(double t) { last_time = t; }
double StartTime() const { return start_time; }
void SetStartTime(double t) { start_time = t; }
double LastTime() const { return last_time; }
void SetLastTime(double t) { last_time = t; }
// True if we should record subsequent packets (either headers or
// in their entirety, depending on record_contents). We still
// record subsequent SYN/FIN/RST, regardless of how this is set.
bool RecordPackets() const { return record_packets; }
void SetRecordPackets(bool do_record) { record_packets = do_record ? 1 : 0; }
bool RecordPackets() const { return record_packets; }
void SetRecordPackets(bool do_record) { record_packets = do_record ? 1 : 0; }
// True if we should record full packets for this session,
// false if we should just record headers.
bool RecordContents() const { return record_contents; }
void SetRecordContents(bool do_record) { record_contents = do_record ? 1 : 0; }
bool RecordContents() const { return record_contents; }
void SetRecordContents(bool do_record) { record_contents = do_record ? 1 : 0; }
// Set whether to record *current* packet header/full.
void SetRecordCurrentPacket(bool do_record)
{ record_current_packet = do_record ? 1 : 0; }
void SetRecordCurrentContent(bool do_record)
{ record_current_content = do_record ? 1 : 0; }
void SetRecordCurrentPacket(bool do_record) { record_current_packet = do_record ? 1 : 0; }
void SetRecordCurrentContent(bool do_record) { record_current_content = do_record ? 1 : 0; }
/**
* Returns the associated "session" record.
*/
virtual const RecordValPtr& GetVal() = 0;
[[deprecated("Remove in v5.1. Use GetVal().")]]
const RecordValPtr& ConnVal() { return GetVal(); }
[[deprecated("Remove in v5.1. Use GetVal().")]] const RecordValPtr& ConnVal()
{
return GetVal();
}
/**
* Return the memory allocation required by the session record. This requires at
* least one call to Get() first in order to setup the record object.
*/
[[deprecated("Remove in v5.1. MemoryAllocation() is deprecated and will be removed. See GHI-572.")]]
virtual unsigned int MemoryAllocationVal() const = 0;
[[deprecated("Remove in v5.1. MemoryAllocation() is deprecated and will be removed. See "
"GHI-572.")]] virtual unsigned int
MemoryAllocationVal() const = 0;
[[deprecated("Remove in v5.1. Use MemoryAllocationVal().")]]
unsigned int MemoryAllocationConnVal() const
[[deprecated("Remove in v5.1. Use MemoryAllocationVal().")]] unsigned int
MemoryAllocationConnVal() const
{
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
@ -120,8 +128,9 @@ public:
/**
* A lower-bound calculation of how much memory a session object is using.
*/
[[deprecated("Remove in v5.1. MemoryAllocation() is deprecated and will be removed. See GHI-572.")]]
virtual unsigned int MemoryAllocation() const;
[[deprecated("Remove in v5.1. MemoryAllocation() is deprecated and will be removed. See "
"GHI-572.")]] virtual unsigned int
MemoryAllocation() const;
/**
* Generates session removal event(s). Must be overridden by child classes to
@ -151,13 +160,13 @@ public:
* A version of EnqueueEvent() taking a variable number of arguments.
*/
template <class... Args>
std::enable_if_t<
std::is_convertible_v<
std::tuple_element_t<0, std::tuple<Args...>>, ValPtr>>
std::enable_if_t<std::is_convertible_v<std::tuple_element_t<0, std::tuple<Args...>>, ValPtr>>
EnqueueEvent(EventHandlerPtr h, analyzer::Analyzer* analyzer, Args&&... args)
{ return EnqueueEvent(h, analyzer, zeek::Args{std::forward<Args>(args)...}); }
{
return EnqueueEvent(h, analyzer, zeek::Args{std::forward<Args>(args)...});
}
virtual void Describe(ODesc* d) const override;
virtual void Describe(ODesc* d) const override;
/**
* Sets the session to expire after a given amount of time.
@ -177,7 +186,7 @@ public:
/**
* Returns the inactivity timeout for the session.
*/
double InactivityTimeout() const { return inactivity_timeout; }
double InactivityTimeout() const { return inactivity_timeout; }
/**
* Activates the timer for the status update event.
@ -206,7 +215,6 @@ public:
virtual std::string TransportIdentifier() const = 0;
protected:
friend class detail::Timer;
/**
@ -219,8 +227,7 @@ protected:
* terminates.
* @param type The type of timer being added.
*/
void AddTimer(timer_func timer, double t, bool do_expire,
zeek::detail::TimerType type);
void AddTimer(timer_func timer, double t, bool do_expire, zeek::detail::TimerType type);
/**
* Remove a specific timer from firing.
@ -248,39 +255,40 @@ protected:
EventHandlerPtr session_status_update_event;
double session_status_update_interval;
unsigned int installed_status_timer:1;
unsigned int timers_canceled:1;
unsigned int is_active:1;
unsigned int record_packets:1, record_contents:1;
unsigned int record_current_packet:1, record_current_content:1;
unsigned int installed_status_timer : 1;
unsigned int timers_canceled : 1;
unsigned int is_active : 1;
unsigned int record_packets : 1, record_contents : 1;
unsigned int record_current_packet : 1, record_current_content : 1;
bool in_session_table;
};
};
namespace detail {
namespace detail
{
class Timer final : public zeek::detail::Timer {
class Timer final : public zeek::detail::Timer
{
public:
Timer(Session* arg_session, timer_func arg_timer,
double arg_t, bool arg_do_expire,
zeek::detail::TimerType arg_type)
Timer(Session* arg_session, timer_func arg_timer, double arg_t, bool arg_do_expire,
zeek::detail::TimerType arg_type)
: zeek::detail::Timer(arg_t, arg_type)
{ Init(arg_session, arg_timer, arg_do_expire); }
{
Init(arg_session, arg_timer, arg_do_expire);
}
~Timer() override;
void Dispatch(double t, bool is_expire) override;
protected:
void Init(Session* session, timer_func timer, bool do_expire);
Session* session;
timer_func timer;
bool do_expire;
};
};
} // namespace detail
} // namespace session
} // namespace zeek
} // namespace detail
} // namespace session
} // namespace zeek
#define ADD_TIMER(timer, t, do_expire, type) \
AddTimer(timer_func(timer), (t), (do_expire), (type))
#define ADD_TIMER(timer, t, do_expire, type) AddTimer(timer_func(timer), (t), (do_expire), (type))