Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add BIF have_spicy_analyzers().

Browse source 
We previously used the Spicy plugin's `Spicy::available` to test for
Spicy support. However, having Spicy support does not necessarily mean that we
have built Zeek with its in-tree Spicy analyzers: the Spicy plugin
could have been pulled in from external. The new BIF now reliably
tells us whether the Spicy analyzers are available; its result
corresponds to what `zeek-config --have-spicy-analyzers` returns as
well.

We also move the two current checks over to use this BIF.

(Note: I refrained from renaming the CMake-side `USE_SPICY_ANALYERS`
to `HAVE_SPICY_ANALYZERS`. We should do this eventually for
consistency, but I didn't want to make more changes than necessary
right now.)
This commit is contained in:
Robin Sommer 2023-02-03 12:43:43 +01:00
parent 39f0b78043
commit bc252c63dc
No known key found for this signature in database
GPG key ID: 6BEDA4DA6B8B23E3
6 changed files with 17 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CMakeLists.txt
View file

@ -978,7 +978,7 @@ if ( ZEEK_SKIPPED_ANALYZERS )
endif () endif ()
if ( ZEEK_LEGACY_ANALYZERS OR ZEEK_SKIPPED_ANALYZERS ) if ( ZEEK_LEGACY_ANALYZERS OR ZEEK_SKIPPED_ANALYZERS )
set(_analyzer_warning "\n\n[Warning] Some analyzers are not available due to lack of Spicy:${_legacy_analyzers}${_skipped_analyzers}") set(_analyzer_warning "\n\n[Warning] Some analyzers are not available due to lack of built-in Spicy support:${_legacy_analyzers}${_skipped_analyzers}")
endif () endif ()
message( message(

2
scripts/base/protocols/finger/spicy-events.zeek
View file

@ -1,6 +1,6 @@
##! Events generated by the Finger analyzer. ##! Events generated by the Finger analyzer.
@ifdef ( Spicy::available ) # must not be used with legacy analyzer @if ( have_spicy_analyzers() ) # prototypes below must not be used with legacy analyzer
## Generated for Finger requests. ## Generated for Finger requests.
## ##

2
scripts/base/protocols/syslog/spicy-events.zeek
View file

@ -1,6 +1,6 @@
##! Events generated by the Syslog analyzer. ##! Events generated by the Syslog analyzer.
@ifdef ( Spicy::available ) # must not be used with legacy analyzer @if ( have_spicy_analyzers() ) # prototypes below must not be used with legacy analyzer
## Generated for monitored Syslog messages. ## Generated for monitored Syslog messages.
## ##

8
src/zeek.bif
View file

@ -5731,3 +5731,11 @@ function has_module_events%(group: string%) : bool
return zeek::val_mgr->Bool(has_event_group(zeek::EventGroupKind::Module, return zeek::val_mgr->Bool(has_event_group(zeek::EventGroupKind::Module,
group->CheckString())); group->CheckString()));
%} %}
## Returns true if Zeek was built with support for its in-tree Spicy analyzers
## (which is the default).
function have_spicy_analyzers%(%) : bool
%{
return zeek::val_mgr->Bool(USE_SPICY_ANALYZERS);
%}

3
testing/btest/Baseline/plugins.hooks/output
View file

@ -759,6 +759,7 @@
0.000000 MetaHookPost CallFunction(gsub, ..., ...) -> <no result> 0.000000 MetaHookPost CallFunction(gsub, ..., ...) -> <no result>
0.000000 MetaHookPost CallFunction(has_event_group, <frame>, (Analyzer::Logging)) -> <no result> 0.000000 MetaHookPost CallFunction(has_event_group, <frame>, (Analyzer::Logging)) -> <no result>
0.000000 MetaHookPost CallFunction(has_module_events, <frame>, (Analyzer::Logging)) -> <no result> 0.000000 MetaHookPost CallFunction(has_module_events, <frame>, (Analyzer::Logging)) -> <no result>
0.000000 MetaHookPost CallFunction(have_spicy_analyzers, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(is_file_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result> 0.000000 MetaHookPost CallFunction(is_file_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
0.000000 MetaHookPost CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result> 0.000000 MetaHookPost CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
0.000000 MetaHookPost CallFunction(lambda_<15261139872714441626>, <frame>, (Analyzer::Logging::include_confirmations, F)) -> <no result> 0.000000 MetaHookPost CallFunction(lambda_<15261139872714441626>, <frame>, (Analyzer::Logging::include_confirmations, F)) -> <no result>
@ -2323,6 +2324,7 @@
0.000000 MetaHookPre CallFunction(gsub, ..., ...) 0.000000 MetaHookPre CallFunction(gsub, ..., ...)
0.000000 MetaHookPre CallFunction(has_event_group, <frame>, (Analyzer::Logging)) 0.000000 MetaHookPre CallFunction(has_event_group, <frame>, (Analyzer::Logging))
0.000000 MetaHookPre CallFunction(has_module_events, <frame>, (Analyzer::Logging)) 0.000000 MetaHookPre CallFunction(has_module_events, <frame>, (Analyzer::Logging))
0.000000 MetaHookPre CallFunction(have_spicy_analyzers, <null>, ())
0.000000 MetaHookPre CallFunction(is_file_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) 0.000000 MetaHookPre CallFunction(is_file_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
0.000000 MetaHookPre CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) 0.000000 MetaHookPre CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
0.000000 MetaHookPre CallFunction(lambda_<15261139872714441626>, <frame>, (Analyzer::Logging::include_confirmations, F)) 0.000000 MetaHookPre CallFunction(lambda_<15261139872714441626>, <frame>, (Analyzer::Logging::include_confirmations, F))
@ -3886,6 +3888,7 @@
0.000000 | HookCallFunction gsub(...) 0.000000 | HookCallFunction gsub(...)
0.000000 | HookCallFunction has_event_group(Analyzer::Logging) 0.000000 | HookCallFunction has_event_group(Analyzer::Logging)
0.000000 | HookCallFunction has_module_events(Analyzer::Logging) 0.000000 | HookCallFunction has_module_events(Analyzer::Logging)
0.000000 | HookCallFunction have_spicy_analyzers()
0.000000 | HookCallFunction is_file_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) 0.000000 | HookCallFunction is_file_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
0.000000 | HookCallFunction is_packet_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) 0.000000 | HookCallFunction is_packet_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
0.000000 | HookCallFunction lambda_<15261139872714441626>(Analyzer::Logging::include_confirmations, F) 0.000000 | HookCallFunction lambda_<15261139872714441626>(Analyzer::Logging::include_confirmations, F)

3
zeek-config.h.in
View file

@ -242,6 +242,9 @@
/* Common IPv6 extension structure */ /* Common IPv6 extension structure */
#cmakedefine HAVE_IP6_EXT #cmakedefine HAVE_IP6_EXT
/* Spicy analyzers built in. */
#cmakedefine01 USE_SPICY_ANALYZERS
/* String with host architecture (e.g., "linux-x86_64") */ /* String with host architecture (e.g., "linux-x86_64") */
#define HOST_ARCHITECTURE "@HOST_ARCHITECTURE@" #define HOST_ARCHITECTURE "@HOST_ARCHITECTURE@"