From bc252c63dc28e0b39caac6ad16641e25c3f7c56d Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 3 Feb 2023 12:43:43 +0100 Subject: [PATCH] Add BIF `have_spicy_analyzers()`. We previously used the Spicy plugin's `Spicy::available` to test for Spicy support. However, having Spicy support does not necessarily mean that we have built Zeek with its in-tree Spicy analyzers: the Spicy plugin could have been pulled in from external. The new BIF now reliably tells us whether the Spicy analyzers are available; its result corresponds to what `zeek-config --have-spicy-analyzers` returns as well. We also move the two current checks over to use this BIF. (Note: I refrained from renaming the CMake-side `USE_SPICY_ANALYERS` to `HAVE_SPICY_ANALYZERS`. We should do this eventually for consistency, but I didn't want to make more changes than necessary right now.) --- CMakeLists.txt | 2 +- scripts/base/protocols/finger/spicy-events.zeek | 2 +- scripts/base/protocols/syslog/spicy-events.zeek | 2 +- src/zeek.bif | 8 ++++++++ testing/btest/Baseline/plugins.hooks/output | 3 +++ zeek-config.h.in | 3 +++ 6 files changed, 17 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1c43720d18..7a0d9bc5eb 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -978,7 +978,7 @@ if ( ZEEK_SKIPPED_ANALYZERS ) endif () if ( ZEEK_LEGACY_ANALYZERS OR ZEEK_SKIPPED_ANALYZERS ) - set(_analyzer_warning "\n\n[Warning] Some analyzers are not available due to lack of Spicy:${_legacy_analyzers}${_skipped_analyzers}") + set(_analyzer_warning "\n\n[Warning] Some analyzers are not available due to lack of built-in Spicy support:${_legacy_analyzers}${_skipped_analyzers}") endif () message( diff --git a/scripts/base/protocols/finger/spicy-events.zeek b/scripts/base/protocols/finger/spicy-events.zeek index 0e956683e5..da5b4af72c 100644 --- a/scripts/base/protocols/finger/spicy-events.zeek +++ b/scripts/base/protocols/finger/spicy-events.zeek @@ -1,6 +1,6 @@ ##! Events generated by the Finger analyzer. -@ifdef ( Spicy::available ) # must not be used with legacy analyzer +@if ( have_spicy_analyzers() ) # prototypes below must not be used with legacy analyzer ## Generated for Finger requests. ## diff --git a/scripts/base/protocols/syslog/spicy-events.zeek b/scripts/base/protocols/syslog/spicy-events.zeek index 060a481688..df6fa699c7 100644 --- a/scripts/base/protocols/syslog/spicy-events.zeek +++ b/scripts/base/protocols/syslog/spicy-events.zeek @@ -1,6 +1,6 @@ ##! Events generated by the Syslog analyzer. -@ifdef ( Spicy::available ) # must not be used with legacy analyzer +@if ( have_spicy_analyzers() ) # prototypes below must not be used with legacy analyzer ## Generated for monitored Syslog messages. ## diff --git a/src/zeek.bif b/src/zeek.bif index 2cfed26d72..3ff3bfd8ef 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -5731,3 +5731,11 @@ function has_module_events%(group: string%) : bool return zeek::val_mgr->Bool(has_event_group(zeek::EventGroupKind::Module, group->CheckString())); %} + +## Returns true if Zeek was built with support for its in-tree Spicy analyzers +## (which is the default). +function have_spicy_analyzers%(%) : bool + %{ + return zeek::val_mgr->Bool(USE_SPICY_ANALYZERS); + %} + diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 16854bc82e..85fbbb333d 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -759,6 +759,7 @@ 0.000000 MetaHookPost CallFunction(gsub, ..., ...) -> 0.000000 MetaHookPost CallFunction(has_event_group, , (Analyzer::Logging)) -> 0.000000 MetaHookPost CallFunction(has_module_events, , (Analyzer::Logging)) -> +0.000000 MetaHookPost CallFunction(have_spicy_analyzers, , ()) -> 0.000000 MetaHookPost CallFunction(is_file_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> 0.000000 MetaHookPost CallFunction(is_packet_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> 0.000000 MetaHookPost CallFunction(lambda_<15261139872714441626>, , (Analyzer::Logging::include_confirmations, F)) -> @@ -2323,6 +2324,7 @@ 0.000000 MetaHookPre CallFunction(gsub, ..., ...) 0.000000 MetaHookPre CallFunction(has_event_group, , (Analyzer::Logging)) 0.000000 MetaHookPre CallFunction(has_module_events, , (Analyzer::Logging)) +0.000000 MetaHookPre CallFunction(have_spicy_analyzers, , ()) 0.000000 MetaHookPre CallFunction(is_file_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) 0.000000 MetaHookPre CallFunction(is_packet_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) 0.000000 MetaHookPre CallFunction(lambda_<15261139872714441626>, , (Analyzer::Logging::include_confirmations, F)) @@ -3886,6 +3888,7 @@ 0.000000 | HookCallFunction gsub(...) 0.000000 | HookCallFunction has_event_group(Analyzer::Logging) 0.000000 | HookCallFunction has_module_events(Analyzer::Logging) +0.000000 | HookCallFunction have_spicy_analyzers() 0.000000 | HookCallFunction is_file_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) 0.000000 | HookCallFunction is_packet_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) 0.000000 | HookCallFunction lambda_<15261139872714441626>(Analyzer::Logging::include_confirmations, F) diff --git a/zeek-config.h.in b/zeek-config.h.in index e0c4229b66..3e5f0bfe41 100644 --- a/zeek-config.h.in +++ b/zeek-config.h.in @@ -242,6 +242,9 @@ /* Common IPv6 extension structure */ #cmakedefine HAVE_IP6_EXT +/* Spicy analyzers built in. */ +#cmakedefine01 USE_SPICY_ANALYZERS + /* String with host architecture (e.g., "linux-x86_64") */ #define HOST_ARCHITECTURE "@HOST_ARCHITECTURE@"