Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Deprecate global type pointers in NetVar.h

Browse source 
There's analogous IntrusivePtrs in zeek::vars
This commit is contained in:
Jon Siwek 2020-05-11 19:22:49 -07:00
parent 4351a26710
commit c0986f0739
51 changed files with 451 additions and 224 deletions
Download patch file Download diff file Expand all files Collapse all files

3
NEWS
View file

@ -171,6 +171,9 @@ Deprecated Functionality
- ``Val::Type()`` is deprecated, use ``Val::GetType``.
- Most global type/value pointers in NetVar.h are deprecated, but there's
analogous ``IntrusivePtr`` in ``zeek::vars``.
Zeek 3.1.0
==========

4
src/BroString.cc
View file

@ -11,6 +11,7 @@
#include "Var.h"
#include "Reporter.h"
#include "util.h"
#include "ZeekVars.h"
#ifdef DEBUG
#define DEBUG_STR(msg) DBG_LOG(DBG_STRING, msg)
@ -340,8 +341,7 @@ BroString::Vec* BroString::Split(const BroString::IdxVec& indices) const
VectorVal* BroString:: VecToPolicy(Vec* vec)
{
auto result =
make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
auto result = make_intrusive<VectorVal>(zeek::vars::string_vec);
for ( unsigned int i = 0; i < vec->size(); ++i )
{

4
src/CMakeLists.txt
View file

@ -205,6 +205,9 @@ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
set_source_files_properties(nb_dns.c PROPERTIES COMPILE_FLAGS
-fno-strict-aliasing)
set_source_files_properties(ZeekVars.cc PROPERTIES COMPILE_FLAGS
-Wno-deprecated-declarations)
set(MAIN_SRCS
digest.cc
net_util.cc
@ -286,6 +289,7 @@ set(MAIN_SRCS
Var.cc
WeirdState.cc
ZeekArgs.cc
ZeekVars.cc
bsd-getopt-long.c
bro_inet_ntop.c
patricia.c

10
src/Conn.cc
View file

@ -346,17 +346,17 @@ const IntrusivePtr<RecordVal>& Connection::ConnVal()
{
if ( ! conn_val )
{
conn_val = make_intrusive<RecordVal>(connection_type);
conn_val = make_intrusive<RecordVal>(zeek::vars::connection_type);
TransportProto prot_type = ConnTransport();
auto id_val = make_intrusive<RecordVal>(conn_id);
auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
id_val->Assign(0, make_intrusive<AddrVal>(orig_addr));
id_val->Assign(1, val_mgr->Port(ntohs(orig_port), prot_type));
id_val->Assign(2, make_intrusive<AddrVal>(resp_addr));
id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type));
auto orig_endp = make_intrusive<RecordVal>(endpoint);
auto orig_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
orig_endp->Assign(0, val_mgr->Count(0));
orig_endp->Assign(1, val_mgr->Count(0));
orig_endp->Assign(4, val_mgr->Count(orig_flow_label));
@ -367,7 +367,7 @@ const IntrusivePtr<RecordVal>& Connection::ConnVal()
if ( memcmp(&orig_l2_addr, &null, l2_len) != 0 )
orig_endp->Assign(5, make_intrusive<StringVal>(fmt_mac(orig_l2_addr, l2_len)));
auto resp_endp = make_intrusive<RecordVal>(endpoint);
auto resp_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
resp_endp->Assign(0, val_mgr->Count(0));
resp_endp->Assign(1, val_mgr->Count(0));
resp_endp->Assign(4, val_mgr->Count(resp_flow_label));
@ -379,7 +379,7 @@ const IntrusivePtr<RecordVal>& Connection::ConnVal()
conn_val->Assign(1, std::move(orig_endp));
conn_val->Assign(2, std::move(resp_endp));
// 3 and 4 are set below.
conn_val->Assign(5, make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set})); // service
conn_val->Assign(5, make_intrusive<TableVal>(zeek::vars::string_set)); // service
conn_val->Assign(6, val_mgr->EmptyString()); // history
if ( ! uid )

4
src/EventHandler.cc
View file

@ -127,7 +127,7 @@ void EventHandler::NewEvent(const zeek::Args& vl)
return;
RecordType* args = FType()->Args();
auto vargs = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, call_argument_vector});
auto vargs = make_intrusive<VectorVal>(zeek::vars::call_argument_vector);
for ( int i = 0; i < args->NumFields(); i++ )
{
@ -135,7 +135,7 @@ void EventHandler::NewEvent(const zeek::Args& vl)
const auto& ftype = args->GetFieldType(i);
auto fdefault = args->FieldDefault(i);
auto rec = make_intrusive<RecordVal>(call_argument);
auto rec = make_intrusive<RecordVal>(zeek::vars::call_argument);
rec->Assign(0, make_intrusive<StringVal>(fname));
ODesc d;

2
src/File.cc
View file

@ -277,7 +277,7 @@ RecordVal* BroFile::Rotate()
if ( f == stdin || f == stdout || f == stderr )
return nullptr;
RecordVal* info = new RecordVal(rotate_info);
RecordVal* info = new RecordVal(zeek::vars::rotate_info);
FILE* newf = rotate_file(name, info);
if ( ! newf )

60
src/NetVar.cc
View file

@ -7,8 +7,6 @@
#include "EventHandler.h"
#include "Val.h"
using namespace zeek;
RecordType* conn_id;
RecordType* endpoint;
RecordType* endpoint_stats;
@ -207,7 +205,6 @@ void init_general_global_var()
table_expire_delay = opt_internal_double("table_expire_delay");
table_incremental_step = opt_internal_int("table_incremental_step");
rotate_info = lookup_type("rotate_info")->AsRecordType();
log_rotate_base_time = opt_internal_string("log_rotate_base_time");
peer_description =
@ -241,26 +238,7 @@ void init_net_var()
#include "reporter.bif.netvar_init"
#include "supervisor.bif.netvar_init"
conn_id = lookup_type("conn_id")->AsRecordType();
endpoint = lookup_type("endpoint")->AsRecordType();
endpoint_stats = lookup_type("endpoint_stats")->AsRecordType();
connection_type = lookup_type("connection")->AsRecordType();
fa_file_type = lookup_type("fa_file")->AsRecordType();
fa_metadata_type = lookup_type("fa_metadata")->AsRecordType();
icmp_conn = lookup_type("icmp_conn")->AsRecordType();
icmp_context = lookup_type("icmp_context")->AsRecordType();
signature_state = lookup_type("signature_state")->AsRecordType();
SYN_packet = lookup_type("SYN_packet")->AsRecordType();
pcap_packet = lookup_type("pcap_packet")->AsRecordType();
raw_pkt_hdr_type = lookup_type("raw_pkt_hdr")->AsRecordType();
l2_hdr_type = lookup_type("l2_hdr")->AsRecordType();
transport_proto = lookup_type("transport_proto")->AsEnumType();
string_set = lookup_type("string_set")->AsTableType();
string_array = lookup_type("string_array")->AsTableType();
string_vec = lookup_type("string_vec")->AsVectorType();
index_vec = lookup_type("index_vec")->AsVectorType();
mime_match = lookup_type("mime_match")->AsRecordType();
mime_matches = lookup_type("mime_matches")->AsVectorType();
zeek::vars::detail::Init();
ignore_checksums = opt_internal_int("ignore_checksums");
partial_connection_ok = opt_internal_int("partial_connection_ok");
@ -286,8 +264,6 @@ void init_net_var()
opt_internal_int("tcp_excessive_data_without_further_acks");
tcp_max_old_segments = opt_internal_int("tcp_max_old_segments");
socks_address = lookup_type("SOCKS::Address")->AsRecordType();
non_analyzed_lifetime = opt_internal_double("non_analyzed_lifetime");
tcp_inactivity_timeout = opt_internal_double("tcp_inactivity_timeout");
udp_inactivity_timeout = opt_internal_double("udp_inactivity_timeout");
@ -333,34 +309,10 @@ void init_net_var()
mime_segment_length = opt_internal_int("mime_segment_length");
mime_segment_overlap_length = opt_internal_int("mime_segment_overlap_length");
mime_header_rec = lookup_type("mime_header_rec")->AsRecordType();
mime_header_list = lookup_type("mime_header_list")->AsTableType();
http_entity_data_delivery_size = opt_internal_int("http_entity_data_delivery_size");
http_stats_rec = lookup_type("http_stats_rec")->AsRecordType();
http_message_stat = lookup_type("http_message_stat")->AsRecordType();
truncate_http_URI = opt_internal_int("truncate_http_URI");
pm_mapping = lookup_type("pm_mapping")->AsRecordType();
pm_mappings = lookup_type("pm_mappings")->AsTableType();
pm_port_request = lookup_type("pm_port_request")->AsRecordType();
pm_callit_request = lookup_type("pm_callit_request")->AsRecordType();
geo_location = lookup_type("geo_location")->AsRecordType();
entropy_test_result = lookup_type("entropy_test_result")->AsRecordType();
dns_msg = lookup_type("dns_msg")->AsRecordType();
dns_answer = lookup_type("dns_answer")->AsRecordType();
dns_soa = lookup_type("dns_soa")->AsRecordType();
dns_edns_additional =
lookup_type("dns_edns_additional")->AsRecordType();
dns_tsig_additional =
lookup_type("dns_tsig_additional")->AsRecordType();
dns_rrsig_rr = lookup_type("dns_rrsig_rr")->AsRecordType();
dns_dnskey_rr = lookup_type("dns_dnskey_rr")->AsRecordType();
dns_nsec3_rr = lookup_type("dns_nsec3_rr")->AsRecordType();
dns_ds_rr = lookup_type("dns_ds_rr")->AsRecordType();
dns_skip_auth = zeek::lookup_val("dns_skip_auth")->AsTableVal();
dns_skip_addl = zeek::lookup_val("dns_skip_addl")->AsTableVal();
dns_skip_all_auth = opt_internal_int("dns_skip_all_auth");
@ -396,9 +348,6 @@ void init_net_var()
gap_report_freq = opt_internal_double("gap_report_freq");
irc_join_info = lookup_type("irc_join_info")->AsRecordType();
irc_join_list = lookup_type("irc_join_list")->AsTableType();
dpd_reassemble_first_packets =
opt_internal_int("dpd_reassemble_first_packets");
dpd_buffer_size = opt_internal_int("dpd_buffer_size");
@ -410,11 +359,4 @@ void init_net_var()
timer_mgr_inactivity_timeout =
opt_internal_double("timer_mgr_inactivity_timeout");
script_id = lookup_type("script_id")->AsRecordType();
id_table = lookup_type("id_table")->AsTableType();
record_field = lookup_type("record_field")->AsRecordType();
record_field_table = lookup_type("record_field_table")->AsTableType();
call_argument_vector = lookup_type("call_argument_vector")->AsVectorType();
call_argument = lookup_type("call_argument")->AsRecordType();
}

51
src/NetVar.h
View file

@ -6,27 +6,49 @@
#include "Func.h"
#include "EventRegistry.h"
#include "Stats.h"
#include "ZeekVars.h"
[[deprecated("Remove in v4.1. Use zeek::vars::conn_id.")]]
extern RecordType* conn_id;
[[deprecated("Remove in v4.1. Use zeek::vars::endpoint.")]]
extern RecordType* endpoint;
[[deprecated("Remove in v4.1. Use zeek::vars::endpoint_stats.")]]
extern RecordType* endpoint_stats;
[[deprecated("Remove in v4.1. Use zeek::vars::connection_type.")]]
extern RecordType* connection_type;
[[deprecated("Remove in v4.1. Use zeek::vars::fa_file_type.")]]
extern RecordType* fa_file_type;
[[deprecated("Remove in v4.1. Use zeek::vars::fa_metadata_type.")]]
extern RecordType* fa_metadata_type;
[[deprecated("Remove in v4.1. Use zeek::vars::icmp_conn.")]]
extern RecordType* icmp_conn;
[[deprecated("Remove in v4.1. Use zeek::vars::icmp_context.")]]
extern RecordType* icmp_context;
[[deprecated("Remove in v4.1. Use zeek::vars::signature_state.")]]
extern RecordType* signature_state;
[[deprecated("Remove in v4.1. Use zeek::vars::SYN_packet.")]]
extern RecordType* SYN_packet;
[[deprecated("Remove in v4.1. Use zeek::vars::pcap_packet.")]]
extern RecordType* pcap_packet;
[[deprecated("Remove in v4.1. Use zeek::vars::raw_pkt_hdr_type.")]]
extern RecordType* raw_pkt_hdr_type;
[[deprecated("Remove in v4.1. Use zeek::vars::l2_hdr_type.")]]
extern RecordType* l2_hdr_type;
[[deprecated("Remove in v4.1. Use zeek::vars::transport_proto.")]]
extern EnumType* transport_proto;
[[deprecated("Remove in v4.1. Use zeek::vars::string_set.")]]
extern TableType* string_set;
[[deprecated("Remove in v4.1. Use zeek::vars::string_array.")]]
extern TableType* string_array;
[[deprecated("Remove in v4.1. Use zeek::vars::count_set.")]]
extern TableType* count_set;
[[deprecated("Remove in v4.1. Use zeek::vars::string_vec.")]]
extern VectorType* string_vec;
[[deprecated("Remove in v4.1. Use zeek::vars::index_vec.")]]
extern VectorType* index_vec;
[[deprecated("Remove in v4.1. Use zeek::vars::mime_matches.")]]
extern VectorType* mime_matches;
[[deprecated("Remove in v4.1. Use zeek::vars::mime_match.")]]
extern RecordType* mime_match;
extern int watchdog_interval;
@ -55,6 +77,7 @@ extern int tcp_max_above_hole_without_any_acks;
extern int tcp_excessive_data_without_further_acks;
extern int tcp_max_old_segments;
[[deprecated("Remove in v4.1. Use zeek::vars::socks_address.")]]
extern RecordType* socks_address;
extern double non_analyzed_lifetime;
@ -85,31 +108,50 @@ extern double rpc_timeout;
extern int mime_segment_length;
extern int mime_segment_overlap_length;
[[deprecated("Remove in v4.1. Use zeek::vars::mime_header_rec.")]]
extern RecordType* mime_header_rec;
[[deprecated("Remove in v4.1. Use zeek::vars::mime_header_list.")]]
extern TableType* mime_header_list;
extern int http_entity_data_delivery_size;
[[deprecated("Remove in v4.1. Use zeek::vars::http_stats_rec.")]]
extern RecordType* http_stats_rec;
[[deprecated("Remove in v4.1. Use zeek::vars::http_message_stat.")]]
extern RecordType* http_message_stat;
extern int truncate_http_URI;
[[deprecated("Remove in v4.1. Use zeek::vars::pm_mapping.")]]
extern RecordType* pm_mapping;
[[deprecated("Remove in v4.1. Use zeek::vars::pm_mappings.")]]
extern TableType* pm_mappings;
[[deprecated("Remove in v4.1. Use zeek::vars::pm_port_request.")]]
extern RecordType* pm_port_request;
[[deprecated("Remove in v4.1. Use zeek::vars::pm_callit_request.")]]
extern RecordType* pm_callit_request;
[[deprecated("Remove in v4.1. Use zeek::vars::geo_location.")]]
extern RecordType* geo_location;
[[deprecated("Remove in v4.1. Use zeek::vars::entropy_test_result.")]]
extern RecordType* entropy_test_result;
[[deprecated("Remove in v4.1. Use zeek::vars::dns_msg.")]]
extern RecordType* dns_msg;
[[deprecated("Remove in v4.1. Use zeek::vars::dns_answer.")]]
extern RecordType* dns_answer;
[[deprecated("Remove in v4.1. Use zeek::vars::dns_soa.")]]
extern RecordType* dns_soa;
[[deprecated("Remove in v4.1. Use zeek::vars::dns_edns_additional.")]]
extern RecordType* dns_edns_additional;
[[deprecated("Remove in v4.1. Use zeek::vars::dns_tsig_additional.")]]
extern RecordType* dns_tsig_additional;
[[deprecated("Remove in v4.1. Use zeek::vars::dns_rrsig_rr.")]]
extern RecordType* dns_rrsig_rr;
[[deprecated("Remove in v4.1. Use zeek::vars::dns_dnskey_rr.")]]
extern RecordType* dns_dnskey_rr;
[[deprecated("Remove in v4.1. Use zeek::vars::dns_nsec3_rr.")]]
extern RecordType* dns_nsec3_rr;
[[deprecated("Remove in v4.1. Use zeek::vars::dns_ds_rr.")]]
extern RecordType* dns_ds_rr;
extern TableVal* dns_skip_auth;
extern TableVal* dns_skip_addl;
@ -133,6 +175,7 @@ extern TableVal* preserve_other_addr;
extern double connection_status_update_interval;
[[deprecated("Remove in v4.1. Use zeek::vars::rotate_info.")]]
extern RecordType* rotate_info;
extern StringVal* log_rotate_base_time;
@ -153,7 +196,9 @@ extern int packet_filter_default;
extern int sig_max_group_size;
[[deprecated("Remove in v4.1. Use zeek::vars::irc_join_list.")]]
extern TableType* irc_join_list;
[[deprecated("Remove in v4.1. Use zeek::vars::irc_join_info.")]]
extern RecordType* irc_join_info;
extern int dpd_reassemble_first_packets;
@ -174,11 +219,17 @@ extern StringVal* trace_output_file;
extern int record_all_packets;
[[deprecated("Remove in v4.1. Use zeek::vars::script_id.")]]
extern RecordType* script_id;
[[deprecated("Remove in v4.1. Use zeek::vars::id_table.")]]
extern TableType* id_table;
[[deprecated("Remove in v4.1. Use zeek::vars::record_field.")]]
extern RecordType* record_field;
[[deprecated("Remove in v4.1. Use zeek::vars::record_field_table.")]]
extern TableType* record_field_table;
[[deprecated("Remove in v4.1. Use zeek::vars::call_argument.")]]
extern RecordType* call_argument;
[[deprecated("Remove in v4.1. Use zeek::vars::call_argument_vector.")]]
extern VectorType* call_argument_vector;
extern StringVal* cmd_line_bpf_filter;

2
src/OpaqueVal.cc
View file

@ -981,7 +981,7 @@ ParaglobVal::ParaglobVal(std::unique_ptr<paraglob::Paraglob> p)
IntrusivePtr<VectorVal> ParaglobVal::Get(StringVal* &pattern)
{
auto rval = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
auto rval = make_intrusive<VectorVal>(zeek::vars::string_vec);
std::string string_pattern (reinterpret_cast<const char*>(pattern->Bytes()), pattern->Len());
std::vector<std::string> matches = this->internal_paraglob->get(string_pattern);

3
src/RuleCondition.cc
View file

@ -8,6 +8,7 @@
#include "Func.h"
#include "Val.h"
#include "Var.h"
#include "ZeekVars.h"
static inline bool is_established(const analyzer::tcp::TCP_Endpoint* e)
{
@ -145,7 +146,7 @@ RuleConditionEval::RuleConditionEval(const char* func)
rules_error("eval function type must yield a 'bool'", func);
TypeList tl;
tl.Append(zeek::lookup_type("signature_state"));
tl.Append(zeek::vars::signature_state);
tl.Append(base_type(TYPE_STRING));
if ( ! f->CheckArgs(tl.Types()) )

2
src/RuleMatcher.cc
View file

@ -79,7 +79,7 @@ RuleHdrTest::RuleHdrTest(Prot arg_prot, Comp arg_comp, vector<IPPrefix> arg_v)
Val* RuleMatcher::BuildRuleStateValue(const Rule* rule,
const RuleEndpointState* state) const
{
RecordVal* val = new RecordVal(signature_state);
RecordVal* val = new RecordVal(zeek::vars::signature_state);
val->Assign(0, make_intrusive<StringVal>(rule->ID()));
val->Assign(1, state->GetAnalyzer()->ConnVal());
val->Assign(2, val_mgr->Bool(state->is_orig));

2
src/Sessions.cc
View file

@ -914,7 +914,7 @@ Connection* NetSessions::FindConnection(Val* v)
int orig_h, orig_p; // indices into record's value list
int resp_h, resp_p;
if ( vr == conn_id )
if ( vr == zeek::vars::conn_id )
{
orig_h = 0;
orig_p = 1;

2
src/Stmt.cc
View file

@ -202,7 +202,7 @@ static void print_log(const std::vector<IntrusivePtr<Val>>& vals)
{
auto plval = lookup_enum_val("Log", "PRINTLOG");
auto record = make_intrusive<RecordVal>(zeek::lookup_type("Log::PrintLogInfo")->AsRecordType());
auto vec = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
auto vec = make_intrusive<VectorVal>(zeek::vars::string_vec);
for ( const auto& val : vals )
{

2
src/TunnelEncapsulation.cc
View file

@ -20,7 +20,7 @@ IntrusivePtr<RecordVal> EncapsulatingConn::ToVal() const
{
auto rv = make_intrusive<RecordVal>(BifType::Record::Tunnel::EncapsulatingConn);
auto id_val = make_intrusive<RecordVal>(conn_id);
auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
id_val->Assign(0, make_intrusive<AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(ntohs(src_port), proto));
id_val->Assign(2, make_intrusive<AddrVal>(dst_addr));

165
src/ZeekVars.cc Normal file
View file

@ -0,0 +1,165 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "ZeekVars.h"
#include "Var.h"
#include "NetVar.h"
IntrusivePtr<RecordType> zeek::vars::conn_id;
IntrusivePtr<RecordType> zeek::vars::endpoint;
IntrusivePtr<RecordType> zeek::vars::endpoint_stats;
IntrusivePtr<RecordType> zeek::vars::connection_type;
IntrusivePtr<RecordType> zeek::vars::fa_file_type;
IntrusivePtr<RecordType> zeek::vars::fa_metadata_type;
IntrusivePtr<RecordType> zeek::vars::icmp_conn;
IntrusivePtr<RecordType> zeek::vars::icmp_context;
IntrusivePtr<RecordType> zeek::vars::signature_state;
IntrusivePtr<RecordType> zeek::vars::SYN_packet;
IntrusivePtr<RecordType> zeek::vars::pcap_packet;
IntrusivePtr<RecordType> zeek::vars::raw_pkt_hdr_type;
IntrusivePtr<RecordType> zeek::vars::l2_hdr_type;
IntrusivePtr<EnumType> zeek::vars::transport_proto;
IntrusivePtr<TableType> zeek::vars::string_set;
IntrusivePtr<TableType> zeek::vars::string_array;
IntrusivePtr<TableType> zeek::vars::count_set;
IntrusivePtr<VectorType> zeek::vars::string_vec;
IntrusivePtr<VectorType> zeek::vars::index_vec;
IntrusivePtr<VectorType> zeek::vars::mime_matches;
IntrusivePtr<RecordType> zeek::vars::mime_match;
IntrusivePtr<RecordType> zeek::vars::socks_address;
IntrusivePtr<RecordType> zeek::vars::mime_header_rec;
IntrusivePtr<TableType> zeek::vars::mime_header_list;
IntrusivePtr<RecordType> zeek::vars::http_stats_rec;
IntrusivePtr<RecordType> zeek::vars::http_message_stat;
IntrusivePtr<RecordType> zeek::vars::pm_mapping;
IntrusivePtr<TableType> zeek::vars::pm_mappings;
IntrusivePtr<RecordType> zeek::vars::pm_port_request;
IntrusivePtr<RecordType> zeek::vars::pm_callit_request;
IntrusivePtr<RecordType> zeek::vars::geo_location;
IntrusivePtr<RecordType> zeek::vars::entropy_test_result;
IntrusivePtr<RecordType> zeek::vars::dns_msg;
IntrusivePtr<RecordType> zeek::vars::dns_answer;
IntrusivePtr<RecordType> zeek::vars::dns_soa;
IntrusivePtr<RecordType> zeek::vars::dns_edns_additional;
IntrusivePtr<RecordType> zeek::vars::dns_tsig_additional;
IntrusivePtr<RecordType> zeek::vars::dns_rrsig_rr;
IntrusivePtr<RecordType> zeek::vars::dns_dnskey_rr;
IntrusivePtr<RecordType> zeek::vars::dns_nsec3_rr;
IntrusivePtr<RecordType> zeek::vars::dns_ds_rr;
IntrusivePtr<RecordType> zeek::vars::rotate_info;
IntrusivePtr<TableType> zeek::vars::irc_join_list;
IntrusivePtr<RecordType> zeek::vars::irc_join_info;
IntrusivePtr<RecordType> zeek::vars::script_id;
IntrusivePtr<TableType> zeek::vars::id_table;
IntrusivePtr<RecordType> zeek::vars::record_field;
IntrusivePtr<TableType> zeek::vars::record_field_table;
IntrusivePtr<RecordType> zeek::vars::call_argument;
IntrusivePtr<VectorType> zeek::vars::call_argument_vector;
void zeek::vars::detail::Init()
{
// Types
conn_id = zeek::lookup_type<RecordType>("conn_id");
endpoint = zeek::lookup_type<RecordType>("endpoint");
endpoint_stats = zeek::lookup_type<RecordType>("endpoint_stats");
connection_type = zeek::lookup_type<RecordType>("connection");
fa_file_type = zeek::lookup_type<RecordType>("fa_file");
fa_metadata_type = zeek::lookup_type<RecordType>("fa_metadata");
icmp_conn = zeek::lookup_type<RecordType>("icmp_conn");
icmp_context = zeek::lookup_type<RecordType>("icmp_context");
signature_state = zeek::lookup_type<RecordType>("signature_state");
SYN_packet = zeek::lookup_type<RecordType>("SYN_packet");
pcap_packet = zeek::lookup_type<RecordType>("pcap_packet");
raw_pkt_hdr_type = zeek::lookup_type<RecordType>("raw_pkt_hdr");
l2_hdr_type = zeek::lookup_type<RecordType>("l2_hdr");
transport_proto = zeek::lookup_type<EnumType>("transport_proto");
string_set = zeek::lookup_type<TableType>("string_set");
string_array = zeek::lookup_type<TableType>("string_array");
count_set = zeek::lookup_type<TableType>("count_set");
string_vec = zeek::lookup_type<VectorType>("string_vec");
index_vec = zeek::lookup_type<VectorType>("index_vec");
mime_matches = zeek::lookup_type<VectorType>("mime_matches");
mime_match = zeek::lookup_type<RecordType>("mime_match");
socks_address = zeek::lookup_type<RecordType>("SOCKS::Address");
mime_header_rec = zeek::lookup_type<RecordType>("mime_header_rec");
mime_header_list = zeek::lookup_type<TableType>("mime_header_list");
http_stats_rec = zeek::lookup_type<RecordType>("http_stats_rec");
http_message_stat = zeek::lookup_type<RecordType>("http_message_stat");
pm_mapping = zeek::lookup_type<RecordType>("pm_mapping");
pm_mappings = zeek::lookup_type<TableType>("pm_mappings");
pm_port_request = zeek::lookup_type<RecordType>("pm_port_request");
pm_callit_request = zeek::lookup_type<RecordType>("pm_callit_request");
geo_location = zeek::lookup_type<RecordType>("geo_location");
entropy_test_result = zeek::lookup_type<RecordType>("entropy_test_result");
dns_msg = zeek::lookup_type<RecordType>("dns_msg");
dns_answer = zeek::lookup_type<RecordType>("dns_answer");
dns_soa = zeek::lookup_type<RecordType>("dns_soa");
dns_edns_additional = zeek::lookup_type<RecordType>("dns_edns_additional");
dns_tsig_additional = zeek::lookup_type<RecordType>("dns_tsig_additional");
dns_rrsig_rr = zeek::lookup_type<RecordType>("dns_rrsig_rr");
dns_dnskey_rr = zeek::lookup_type<RecordType>("dns_dnskey_rr");
dns_nsec3_rr = zeek::lookup_type<RecordType>("dns_nsec3_rr");
dns_ds_rr = zeek::lookup_type<RecordType>("dns_ds_rr");
rotate_info = zeek::lookup_type<RecordType>("rotate_info");
irc_join_list = zeek::lookup_type<TableType>("irc_join_list");
irc_join_info = zeek::lookup_type<RecordType>("irc_join_info");
script_id = zeek::lookup_type<RecordType>("script_id");
id_table = zeek::lookup_type<TableType>("id_table");
record_field = zeek::lookup_type<RecordType>("record_field");
record_field_table = zeek::lookup_type<TableType>("record_field_table");
call_argument = zeek::lookup_type<RecordType>("call_argument");
call_argument_vector = zeek::lookup_type<VectorType>("call_argument_vector");
// Note: to bypass deprecation warnings on setting the legacy globals,
// CMake was told to compile this file with -Wno-deprecated-declarations.
// Once the legacy globals are removed, that compile flag can go also.
::conn_id = conn_id.get();
::endpoint = endpoint.get();
::endpoint_stats = endpoint_stats.get();
::connection_type = connection_type.get();
::fa_file_type = fa_file_type.get();
::fa_metadata_type = fa_metadata_type.get();
::icmp_conn = icmp_conn.get();
::icmp_context = icmp_context.get();
::signature_state = signature_state.get();
::SYN_packet = SYN_packet.get();
::pcap_packet = pcap_packet.get();
::raw_pkt_hdr_type = raw_pkt_hdr_type.get();
::l2_hdr_type = l2_hdr_type.get();
::transport_proto = transport_proto.get();
::string_set = string_set.get();
::string_array = string_array.get();
::count_set = count_set.get();
::string_vec = string_vec.get();
::index_vec = index_vec.get();
::mime_matches = mime_matches.get();
::mime_match = mime_match.get();
::socks_address = socks_address.get();
::mime_header_rec = mime_header_rec.get();
::mime_header_list = mime_header_list.get();
::http_stats_rec = http_stats_rec.get();
::http_message_stat = http_message_stat.get();
::pm_mapping = pm_mapping.get();
::pm_mappings = pm_mappings.get();
::pm_port_request = pm_port_request.get();
::pm_callit_request = pm_callit_request.get();
::geo_location = geo_location.get();
::entropy_test_result = entropy_test_result.get();
::dns_msg = dns_msg.get();
::dns_answer = dns_answer.get();
::dns_soa = dns_soa.get();
::dns_edns_additional = dns_edns_additional.get();
::dns_tsig_additional = dns_tsig_additional.get();
::dns_rrsig_rr = dns_rrsig_rr.get();
::dns_dnskey_rr = dns_dnskey_rr.get();
::dns_nsec3_rr = dns_nsec3_rr.get();
::dns_ds_rr = dns_ds_rr.get();
::rotate_info = rotate_info.get();
::irc_join_list = irc_join_list.get();
::irc_join_info = irc_join_info.get();
::script_id = script_id.get();
::id_table = id_table.get();
::record_field = record_field.get();
::record_field_table = record_field_table.get();
::call_argument = call_argument.get();
::call_argument_vector = call_argument_vector.get();
}

67
src/ZeekVars.h Normal file
View file

@ -0,0 +1,67 @@
// See the file "COPYING" in the main distribution directory for copyright.
#pragma once
#include "Val.h"
#include "Type.h"
#include "IntrusivePtr.h"
namespace zeek { namespace vars { namespace detail {
void Init();
}}}
namespace zeek { namespace vars {
// Types
extern IntrusivePtr<RecordType> conn_id;
extern IntrusivePtr<RecordType> endpoint;
extern IntrusivePtr<RecordType> endpoint_stats;
extern IntrusivePtr<RecordType> connection_type;
extern IntrusivePtr<RecordType> fa_file_type;
extern IntrusivePtr<RecordType> fa_metadata_type;
extern IntrusivePtr<RecordType> icmp_conn;
extern IntrusivePtr<RecordType> icmp_context;
extern IntrusivePtr<RecordType> signature_state;
extern IntrusivePtr<RecordType> SYN_packet;
extern IntrusivePtr<RecordType> pcap_packet;
extern IntrusivePtr<RecordType> raw_pkt_hdr_type;
extern IntrusivePtr<RecordType> l2_hdr_type;
extern IntrusivePtr<EnumType> transport_proto;
extern IntrusivePtr<TableType> string_set;
extern IntrusivePtr<TableType> string_array;
extern IntrusivePtr<TableType> count_set;
extern IntrusivePtr<VectorType> string_vec;
extern IntrusivePtr<VectorType> index_vec;
extern IntrusivePtr<VectorType> mime_matches;
extern IntrusivePtr<RecordType> mime_match;
extern IntrusivePtr<RecordType> socks_address;
extern IntrusivePtr<RecordType> mime_header_rec;
extern IntrusivePtr<TableType> mime_header_list;
extern IntrusivePtr<RecordType> http_stats_rec;
extern IntrusivePtr<RecordType> http_message_stat;
extern IntrusivePtr<RecordType> pm_mapping;
extern IntrusivePtr<TableType> pm_mappings;
extern IntrusivePtr<RecordType> pm_port_request;
extern IntrusivePtr<RecordType> pm_callit_request;
extern IntrusivePtr<RecordType> geo_location;
extern IntrusivePtr<RecordType> entropy_test_result;
extern IntrusivePtr<RecordType> dns_msg;
extern IntrusivePtr<RecordType> dns_answer;
extern IntrusivePtr<RecordType> dns_soa;
extern IntrusivePtr<RecordType> dns_edns_additional;
extern IntrusivePtr<RecordType> dns_tsig_additional;
extern IntrusivePtr<RecordType> dns_rrsig_rr;
extern IntrusivePtr<RecordType> dns_dnskey_rr;
extern IntrusivePtr<RecordType> dns_nsec3_rr;
extern IntrusivePtr<RecordType> dns_ds_rr;
extern IntrusivePtr<RecordType> rotate_info;
extern IntrusivePtr<TableType> irc_join_list;
extern IntrusivePtr<RecordType> irc_join_info;
extern IntrusivePtr<RecordType> script_id;
extern IntrusivePtr<TableType> id_table;
extern IntrusivePtr<RecordType> record_field;
extern IntrusivePtr<TableType> record_field_table;
extern IntrusivePtr<RecordType> call_argument;
extern IntrusivePtr<VectorType> call_argument_vector;
}} // namespace zeek::vars

4
src/analyzer/protocol/conn-size/ConnSize.cc
View file

@ -174,8 +174,8 @@ void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val)
RecordVal *resp_endp = conn_val->Lookup("resp")->AsRecordVal();
// endpoint is the RecordType from NetVar.h
int pktidx = endpoint->FieldOffset("num_pkts");
int bytesidx = endpoint->FieldOffset("num_bytes_ip");
int pktidx = zeek::vars::endpoint->FieldOffset("num_pkts");
int bytesidx = zeek::vars::endpoint->FieldOffset("num_bytes_ip");
if ( pktidx < 0 )
reporter->InternalError("'endpoint' record missing 'num_pkts' field");

2
src/analyzer/protocol/dhcp/dhcp-analyzer.pac
View file

@ -20,7 +20,7 @@ refine flow DHCP_Flow += {
if ( ! options )
{
options = make_intrusive<RecordVal>(BifType::Record::DHCP::Options);
all_options = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, index_vec});
all_options = make_intrusive<VectorVal>(zeek::vars::index_vec);
options->Assign(0, all_options);
}

2
src/analyzer/protocol/dhcp/dhcp-options.pac
View file

@ -462,7 +462,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_par_req_list_option(v: OptionValue): bool
%{
auto params = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, index_vec});
auto params = make_intrusive<VectorVal>(zeek::vars::index_vec);
int num_parms = ${v.par_req_list}->size();
vector<uint8>* plist = ${v.par_req_list};

26
src/analyzer/protocol/dns/DNS.cc
View file

@ -592,7 +592,7 @@ bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg,
if ( dns_SOA_reply && ! msg->skip_event )
{
auto r = make_intrusive<RecordVal>(dns_soa);
auto r = make_intrusive<RecordVal>(zeek::vars::dns_soa);
r->Assign(0, make_intrusive<StringVal>(new BroString(mname, mname_end - mname, true)));
r->Assign(1, make_intrusive<StringVal>(new BroString(rname, rname_end - rname, true)));
r->Assign(2, val_mgr->Count(serial));
@ -998,7 +998,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
int typebitmaps_len = rdlength - (data - data_start);
auto char_strings = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
while ( typebitmaps_len > 0 && len > 0 )
{
@ -1073,7 +1073,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
int typebitmaps_len = rdlength - (data - data_start);
auto char_strings = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
while ( typebitmaps_len > 0 && len > 0 )
{
@ -1288,7 +1288,7 @@ bool DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg,
return true;
}
auto char_strings = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
IntrusivePtr<StringVal> char_string;
while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) )
@ -1316,7 +1316,7 @@ bool DNS_Interpreter::ParseRR_SPF(DNS_MsgInfo* msg,
return true;
}
auto char_strings = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
auto char_strings = make_intrusive<VectorVal>(zeek::vars::string_vec);
IntrusivePtr<StringVal> char_string;
while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) )
@ -1435,7 +1435,7 @@ DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query)
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildHdrVal()
{
auto r = make_intrusive<RecordVal>(dns_msg);
auto r = make_intrusive<RecordVal>(zeek::vars::dns_msg);
r->Assign(0, val_mgr->Count(id));
r->Assign(1, val_mgr->Count(opcode));
@ -1456,7 +1456,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildHdrVal()
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildAnswerVal()
{
auto r = make_intrusive<RecordVal>(dns_answer);
auto r = make_intrusive<RecordVal>(zeek::vars::dns_answer);
r->Assign(0, val_mgr->Count(int(answer_type)));
r->Assign(1, query_name);
@ -1471,7 +1471,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildEDNS_Val()
{
// We have to treat the additional record type in EDNS differently
// than a regular resource record.
auto r = make_intrusive<RecordVal>(dns_edns_additional);
auto r = make_intrusive<RecordVal>(zeek::vars::dns_edns_additional);
r->Assign(0, val_mgr->Count(int(answer_type)));
r->Assign(1, query_name);
@ -1504,7 +1504,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildEDNS_Val()
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
{
auto r = make_intrusive<RecordVal>(dns_tsig_additional);
auto r = make_intrusive<RecordVal>(zeek::vars::dns_tsig_additional);
double rtime = tsig->time_s + tsig->time_ms / 1000.0;
// r->Assign(0, val_mgr->Count(int(answer_type)));
@ -1523,7 +1523,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
{
auto r = make_intrusive<RecordVal>(dns_rrsig_rr);
auto r = make_intrusive<RecordVal>(zeek::vars::dns_rrsig_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
@ -1543,7 +1543,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
{
auto r = make_intrusive<RecordVal>(dns_dnskey_rr);
auto r = make_intrusive<RecordVal>(zeek::vars::dns_dnskey_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
@ -1558,7 +1558,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
{
auto r = make_intrusive<RecordVal>(dns_nsec3_rr);
auto r = make_intrusive<RecordVal>(zeek::vars::dns_nsec3_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
@ -1577,7 +1577,7 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
IntrusivePtr<RecordVal> DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
{
auto r = make_intrusive<RecordVal>(dns_ds_rr);
auto r = make_intrusive<RecordVal>(zeek::vars::dns_ds_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));

4
src/analyzer/protocol/http/HTTP.cc
View file

@ -615,7 +615,7 @@ HTTP_Message::~HTTP_Message()
IntrusivePtr<RecordVal> HTTP_Message::BuildMessageStat(bool interrupted, const char* msg)
{
auto stat = make_intrusive<RecordVal>(http_message_stat);
auto stat = make_intrusive<RecordVal>(zeek::vars::http_message_stat);
int field = 0;
stat->Assign(field++, make_intrusive<Val>(start_time, TYPE_TIME));
stat->Assign(field++, val_mgr->Bool(interrupted));
@ -1151,7 +1151,7 @@ void HTTP_Analyzer::GenStats()
{
if ( http_stats )
{
auto r = make_intrusive<RecordVal>(http_stats_rec);
auto r = make_intrusive<RecordVal>(zeek::vars::http_stats_rec);
r->Assign(0, val_mgr->Count(num_requests));
r->Assign(1, val_mgr->Count(num_replies));
r->Assign(2, make_intrusive<Val>(request_version.ToDouble(), TYPE_DOUBLE));

10
src/analyzer/protocol/icmp/ICMP.cc
View file

@ -225,7 +225,7 @@ ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len,
{
if ( ! icmp_conn_val )
{
icmp_conn_val = make_intrusive<RecordVal>(icmp_conn);
icmp_conn_val = make_intrusive<RecordVal>(zeek::vars::icmp_conn);
icmp_conn_val->Assign(0, make_intrusive<AddrVal>(Conn()->OrigAddr()));
icmp_conn_val->Assign(1, make_intrusive<AddrVal>(Conn()->RespAddr()));
@ -350,8 +350,8 @@ IntrusivePtr<RecordVal> ICMP_Analyzer::ExtractICMP4Context(int len, const u_char
}
}
auto iprec = make_intrusive<RecordVal>(icmp_context);
auto id_val = make_intrusive<RecordVal>(conn_id);
auto iprec = make_intrusive<RecordVal>(zeek::vars::icmp_context);
auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
id_val->Assign(0, make_intrusive<AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(src_port, proto));
@ -409,8 +409,8 @@ IntrusivePtr<RecordVal> ICMP_Analyzer::ExtractICMP6Context(int len, const u_char
}
}
auto iprec = make_intrusive<RecordVal>(icmp_context);
auto id_val = make_intrusive<RecordVal>(conn_id);
auto iprec = make_intrusive<RecordVal>(zeek::vars::icmp_context);
auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
id_val->Assign(0, make_intrusive<AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(src_port, proto));

2
src/analyzer/protocol/imap/imap-analyzer.pac
View file

@ -59,7 +59,7 @@ refine connection IMAP_Conn += {
if ( ! imap_capabilities )
return true;
auto capv = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
auto capv = make_intrusive<VectorVal>(zeek::vars::string_vec);
for ( unsigned int i = 0; i< capabilities->size(); i++ )
{

14
src/analyzer/protocol/irc/IRC.cc
View file

@ -271,7 +271,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
if ( parts.size() > 0 && parts[0][0] == ':' )
parts[0] = parts[0].substr(1);
auto set = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set});
auto set = make_intrusive<TableVal>(zeek::vars::string_set);
for ( unsigned int i = 0; i < parts.size(); ++i )
{
@ -464,7 +464,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
if ( parts.size() > 0 && parts[0][0] == ':' )
parts[0] = parts[0].substr(1);
auto set = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set});
auto set = make_intrusive<TableVal>(zeek::vars::string_set);
for ( unsigned int i = 0; i < parts.size(); ++i )
{
@ -836,7 +836,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
nickname = prefix.substr(0, pos);
}
auto list = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, irc_join_list});
auto list = make_intrusive<TableVal>(zeek::vars::irc_join_list);
vector<string> channels = SplitWords(parts[0], ',');
vector<string> passwords;
@ -847,7 +847,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
string empty_string = "";
for ( unsigned int i = 0; i < channels.size(); ++i )
{
RecordVal* info = new RecordVal(irc_join_info);
RecordVal* info = new RecordVal(zeek::vars::irc_join_info);
info->Assign(0, make_intrusive<StringVal>(nickname.c_str()));
info->Assign(1, make_intrusive<StringVal>(channels[i].c_str()));
if ( i < passwords.size() )
@ -881,13 +881,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
parts[1] = parts[1].substr(1);
vector<string> users = SplitWords(parts[1], ',');
auto list = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, irc_join_list});
auto list = make_intrusive<TableVal>(zeek::vars::irc_join_list);
string empty_string = "";
for ( unsigned int i = 0; i < users.size(); ++i )
{
auto info = make_intrusive<RecordVal>(irc_join_info);
auto info = make_intrusive<RecordVal>(zeek::vars::irc_join_info);
string nick = users[i];
string mode = "none";
@ -951,7 +951,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
nick = nick.substr(0, pos);
vector<string> channelList = SplitWords(channels, ',');
auto set = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set});
auto set = make_intrusive<TableVal>(zeek::vars::string_set);
for ( unsigned int i = 0; i < channelList.size(); ++i )
{

2
src/analyzer/protocol/krb/krb-types.pac
View file

@ -27,7 +27,7 @@ IntrusivePtr<Val> GetStringFromPrincipalName(const KRB_Principal_Name* pname)
VectorVal* proc_cipher_list(const Array* list)
{
auto ciphers = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto ciphers = make_intrusive<VectorVal>(zeek::vars::index_vec);
for ( uint i = 0; i < list->data()->size(); ++i )
ciphers->Assign(ciphers->Size(), asn1_integer_to_val((*list->data())[i], TYPE_COUNT));
return ciphers.release();

4
src/analyzer/protocol/mime/MIME.cc
View file

@ -1289,7 +1289,7 @@ void MIME_Entity::DebugPrintHeaders()
IntrusivePtr<RecordVal> MIME_Message::BuildHeaderVal(MIME_Header* h)
{
auto header_record = make_intrusive<RecordVal>(mime_header_rec);
auto header_record = make_intrusive<RecordVal>(zeek::vars::mime_header_rec);
header_record->Assign(0, new_string_val(h->get_name()));
auto upper_hn = new_string_val(h->get_name());
upper_hn->ToUpper();
@ -1300,7 +1300,7 @@ IntrusivePtr<RecordVal> MIME_Message::BuildHeaderVal(MIME_Header* h)
IntrusivePtr<TableVal> MIME_Message::BuildHeaderTable(MIME_HeaderList& hlist)
{
auto t = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, mime_header_list});
auto t = make_intrusive<TableVal>(zeek::vars::mime_header_list);
for ( unsigned int i = 0; i < hlist.size(); ++i )
{

4
src/analyzer/protocol/mqtt/commands/subscribe.pac
View file

@ -19,8 +19,8 @@ refine flow MQTT_Flow += {
%{
if ( mqtt_subscribe )
{
auto topics = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
auto qos_levels = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, index_vec});
auto topics = make_intrusive<VectorVal>(zeek::vars::string_vec);
auto qos_levels = make_intrusive<VectorVal>(zeek::vars::index_vec);
for ( auto topic: *${msg.topics} )
{

2
src/analyzer/protocol/mqtt/commands/unsubscribe.pac
View file

@ -14,7 +14,7 @@ refine flow MQTT_Flow += {
%{
if ( mqtt_unsubscribe )
{
auto topics = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
auto topics = make_intrusive<VectorVal>(zeek::vars::string_vec);
for ( auto topic: *${msg.topics} )
{

2
src/analyzer/protocol/mysql/mysql-analyzer.pac
View file

@ -82,7 +82,7 @@ refine flow MySQL_Flow += {
if ( ! mysql_result_row )
return true;
auto vt = zeek::lookup_type<VectorType>("string_vec");
auto vt = zeek::vars::string_vec;
auto vv = make_intrusive<VectorVal>(std::move(vt));
auto& bstring = ${msg.row.first_field.val};

2
src/analyzer/protocol/rpc/MOUNT.cc
View file

@ -192,7 +192,7 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
zeek::Args vl;
vl.reserve(2 + extra_elements);
vl.emplace_back(analyzer->ConnVal());
auto auxgids = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto auxgids = make_intrusive<VectorVal>(zeek::vars::index_vec);
for (size_t i = 0; i < c->AuxGIDs().size(); ++i)
{

2
src/analyzer/protocol/rpc/NFS.cc
View file

@ -328,7 +328,7 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_
zeek::Args vl;
vl.reserve(2 + extra_elements);
vl.emplace_back(analyzer->ConnVal());
auto auxgids = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto auxgids = make_intrusive<VectorVal>(zeek::vars::index_vec);
for ( size_t i = 0; i < c->AuxGIDs().size(); ++i )
auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i]));

8
src/analyzer/protocol/rpc/Portmap.cc
View file

@ -138,7 +138,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
event = success ? pm_request_dump : pm_attempt_dump;
if ( success )
{
TableVal* mappings = new TableVal({NewRef{}, pm_mappings});
TableVal* mappings = new TableVal(zeek::vars::pm_mappings);
uint32_t nmap = 0;
// Each call in the loop test pulls the next "opted"
@ -193,7 +193,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
Val* PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
{
RecordVal* mapping = new RecordVal(pm_mapping);
RecordVal* mapping = new RecordVal(zeek::vars::pm_mapping);
mapping->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
mapping->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
@ -213,7 +213,7 @@ Val* PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
Val* PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
{
RecordVal* pr = new RecordVal(pm_port_request);
RecordVal* pr = new RecordVal(zeek::vars::pm_port_request);
pr->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
pr->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
@ -233,7 +233,7 @@ Val* PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
Val* PortmapperInterp::ExtractCallItRequest(const u_char*& buf, int& len)
{
RecordVal* c = new RecordVal(pm_callit_request);
RecordVal* c = new RecordVal(zeek::vars::pm_callit_request);
c->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
c->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));

4
src/analyzer/protocol/sip/sip-analyzer.pac
View file

@ -67,7 +67,7 @@ refine flow SIP_Flow += {
function build_sip_headers_val(): BroVal
%{
TableVal* t = new TableVal({NewRef{}, mime_header_list});
TableVal* t = new TableVal(zeek::vars::mime_header_list);
for ( unsigned int i = 0; i < headers.size(); ++i )
{ // index starting from 1
@ -101,7 +101,7 @@ refine flow SIP_Flow += {
function build_sip_header_val(name: const_bytestring, value: const_bytestring): BroVal
%{
RecordVal* header_record = new RecordVal(mime_header_rec);
RecordVal* header_record = new RecordVal(zeek::vars::mime_header_rec);
IntrusivePtr<StringVal> name_val;
if ( name.length() > 0 )

2
src/analyzer/protocol/smb/smb1-com-negotiate.pac
View file

@ -15,7 +15,7 @@ refine connection SMB_Conn += {
%{
if ( smb1_negotiate_request )
{
auto dialects = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, string_vec});
auto dialects = make_intrusive<VectorVal>(zeek::vars::string_vec);
for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i )
{

2
src/analyzer/protocol/smb/smb2-com-negotiate.pac
View file

@ -22,7 +22,7 @@ refine connection SMB_Conn += {
%{
if ( smb2_negotiate_request )
{
auto dialects = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, index_vec});
auto dialects = make_intrusive<VectorVal>(zeek::vars::index_vec);
for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i )
dialects->Assign(i, val_mgr->Count((*${val.dialects})[i]));

6
src/analyzer/protocol/smb/smb2-protocol.pac
View file

@ -68,7 +68,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
rpreauth->Assign(0, val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg_count}));
rpreauth->Assign(1, val_mgr->Count(${ncv.preauth_integrity_capabilities.salt_length}));
auto ha = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto ha = make_intrusive<VectorVal>(zeek::vars::index_vec);
for ( int i = 0; i < ${ncv.preauth_integrity_capabilities.hash_alg_count}; ++i )
{
@ -87,7 +87,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
auto rencr = make_intrusive<RecordVal>(BifType::Record::SMB2::EncryptionCapabilities);
rencr->Assign(0, val_mgr->Count(${ncv.encryption_capabilities.cipher_count}));
auto c = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto c = make_intrusive<VectorVal>(zeek::vars::index_vec);
for ( int i = 0; i < ${ncv.encryption_capabilities.cipher_count}; ++i )
{
@ -105,7 +105,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
auto rcomp = make_intrusive<RecordVal>(BifType::Record::SMB2::CompressionCapabilities);
rcomp->Assign(0, val_mgr->Count(${ncv.compression_capabilities.alg_count}));
auto c = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto c = make_intrusive<VectorVal>(zeek::vars::index_vec);
for ( int i = 0; i < ${ncv.compression_capabilities.alg_count}; ++i )
{

8
src/analyzer/protocol/socks/socks-analyzer.pac
View file

@ -24,7 +24,7 @@ refine connection SOCKS_Conn += {
%{
if ( socks_request )
{
auto sa = make_intrusive<RecordVal>(socks_address);
auto sa = make_intrusive<RecordVal>(zeek::vars::socks_address);
sa->Assign(0, make_intrusive<AddrVal>(htonl(${request.addr})));
if ( ${request.v4a} )
@ -48,7 +48,7 @@ refine connection SOCKS_Conn += {
%{
if ( socks_reply )
{
auto sa = make_intrusive<RecordVal>(socks_address);
auto sa = make_intrusive<RecordVal>(zeek::vars::socks_address);
sa->Assign(0, make_intrusive<AddrVal>(htonl(${reply.addr})));
BifEvent::enqueue_socks_reply(bro_analyzer(),
@ -80,7 +80,7 @@ refine connection SOCKS_Conn += {
return false;
}
auto sa = make_intrusive<RecordVal>(socks_address);
auto sa = make_intrusive<RecordVal>(zeek::vars::socks_address);
// This is dumb and there must be a better way (checking for presence of a field)...
switch ( ${request.remote_name.addr_type} )
@ -119,7 +119,7 @@ refine connection SOCKS_Conn += {
function socks5_reply(reply: SOCKS5_Reply): bool
%{
auto sa = make_intrusive<RecordVal>(socks_address);
auto sa = make_intrusive<RecordVal>(zeek::vars::socks_address);
// This is dumb and there must be a better way (checking for presence of a field)...
switch ( ${reply.bound.addr_type} )

2
src/analyzer/protocol/ssh/ssh-analyzer.pac
View file

@ -12,7 +12,7 @@ VectorVal* name_list_to_vector(const bytestring& nl);
// Copied from IRC_Analyzer::SplitWords
VectorVal* name_list_to_vector(const bytestring& nl)
{
VectorVal* vv = new VectorVal(zeek::lookup_type<VectorType>("string_vec"));
VectorVal* vv = new VectorVal(zeek::vars::string_vec);
string name_list = std_str(nl);
if ( name_list.size() < 1 )

4
src/analyzer/protocol/ssl/proc-client-hello.pac
View file

@ -23,7 +23,7 @@
else
std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(cipher_suites), to_int());
auto cipher_vec = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto cipher_vec = make_intrusive<VectorVal>(zeek::vars::index_vec);
for ( unsigned int i = 0; i < cipher_suites.size(); ++i )
{
@ -31,7 +31,7 @@
cipher_vec->Assign(i, ciph);
}
auto comp_vec = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto comp_vec = make_intrusive<VectorVal>(zeek::vars::index_vec);
if ( compression_methods )
{

22
src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
View file

@ -75,7 +75,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_ec_point_formats )
return true;
auto points = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto points = make_intrusive<VectorVal>(zeek::vars::index_vec);
if ( point_format_list )
{
@ -94,7 +94,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_elliptic_curves )
return true;
auto curves = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto curves = make_intrusive<VectorVal>(zeek::vars::index_vec);
if ( list )
{
@ -113,7 +113,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_key_share )
return true;
auto nglist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto nglist = make_intrusive<VectorVal>(zeek::vars::index_vec);
if ( keyshare )
{
@ -131,7 +131,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_key_share )
return true;
auto nglist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto nglist = make_intrusive<VectorVal>(zeek::vars::index_vec);
nglist->Assign(0u, val_mgr->Count(keyshare->namedgroup()));
BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
@ -143,7 +143,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_key_share )
return true;
auto nglist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto nglist = make_intrusive<VectorVal>(zeek::vars::index_vec);
nglist->Assign(0u, val_mgr->Count(namedgroup));
BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
@ -178,7 +178,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_application_layer_protocol_negotiation )
return true;
auto plist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
auto plist = make_intrusive<VectorVal>(zeek::vars::string_vec);
if ( protocols )
{
@ -194,7 +194,7 @@ refine connection Handshake_Conn += {
function proc_server_name(rec: HandshakeRecord, list: ServerName[]) : bool
%{
auto servers = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
auto servers = make_intrusive<VectorVal>(zeek::vars::string_vec);
if ( list )
{
@ -226,7 +226,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_supported_versions )
return true;
auto versions = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto versions = make_intrusive<VectorVal>(zeek::vars::index_vec);
if ( versions_list )
{
@ -245,7 +245,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_supported_versions )
return true;
auto versions = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto versions = make_intrusive<VectorVal>(zeek::vars::index_vec);
versions->Assign(0u, val_mgr->Count(version));
BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
@ -259,7 +259,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_psk_key_exchange_modes )
return true;
auto modes = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto modes = make_intrusive<VectorVal>(zeek::vars::index_vec);
if ( mode_list )
{
@ -505,7 +505,7 @@ refine connection Handshake_Conn += {
}
}
auto blist = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("string_vec"));
auto blist = make_intrusive<VectorVal>(zeek::vars::string_vec);
if ( binders && binders->binders() )
{

6
src/analyzer/protocol/tcp/TCP.cc
View file

@ -107,7 +107,7 @@ static RecordVal* build_syn_packet_val(bool is_orig, const IP_Hdr* ip,
options += opt_len;
}
RecordVal* v = new RecordVal(SYN_packet);
RecordVal* v = new RecordVal(zeek::vars::SYN_packet);
v->Assign(0, val_mgr->Bool(is_orig));
v->Assign(1, val_mgr->Bool(int(ip->DF())));
@ -1421,7 +1421,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
{
auto p = reinterpret_cast<const uint32_t*>(o + 2);
auto num_pointers = (length - 2) / 4;
auto vt = zeek::lookup_type<VectorType>("index_vec");
auto vt = zeek::vars::index_vec;
auto sack = make_intrusive<VectorVal>(std::move(vt));
for ( auto i = 0; i < num_pointers; ++i )
@ -2077,7 +2077,7 @@ bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int capl
RecordVal* TCPStats_Endpoint::BuildStats()
{
RecordVal* stats = new RecordVal(endpoint_stats);
RecordVal* stats = new RecordVal(zeek::vars::endpoint_stats);
stats->Assign(0, val_mgr->Count(num_pkts));
stats->Assign(1, val_mgr->Count(num_rxmit));

58
src/file_analysis/File.cc
View file

@ -23,16 +23,16 @@ using namespace file_analysis;
static Val* empty_connection_table()
{
auto tbl_index = make_intrusive<TypeList>(IntrusivePtr{NewRef{}, conn_id});
tbl_index->Append({NewRef{}, conn_id});
auto tbl_index = make_intrusive<TypeList>(zeek::vars::conn_id);
tbl_index->Append(zeek::vars::conn_id);
auto tbl_type = make_intrusive<TableType>(std::move(tbl_index),
IntrusivePtr{NewRef{}, connection_type});
zeek::vars::connection_type);
return new TableVal(std::move(tbl_type));
}
static RecordVal* get_conn_id_val(const Connection* conn)
static IntrusivePtr<RecordVal> get_conn_id_val(const Connection* conn)
{
RecordVal* v = new RecordVal(conn_id);
auto v = make_intrusive<RecordVal>(zeek::vars::conn_id);
v->Assign(0, make_intrusive<AddrVal>(conn->OrigAddr()));
v->Assign(1, val_mgr->Port(ntohs(conn->OrigPort()), conn->ConnTransport()));
v->Assign(2, make_intrusive<AddrVal>(conn->RespAddr()));
@ -62,22 +62,22 @@ void File::StaticInit()
if ( id_idx != -1 )
return;
id_idx = Idx("id", fa_file_type);
parent_id_idx = Idx("parent_id", fa_file_type);
source_idx = Idx("source", fa_file_type);
is_orig_idx = Idx("is_orig", fa_file_type);
conns_idx = Idx("conns", fa_file_type);
last_active_idx = Idx("last_active", fa_file_type);
seen_bytes_idx = Idx("seen_bytes", fa_file_type);
total_bytes_idx = Idx("total_bytes", fa_file_type);
missing_bytes_idx = Idx("missing_bytes", fa_file_type);
overflow_bytes_idx = Idx("overflow_bytes", fa_file_type);
timeout_interval_idx = Idx("timeout_interval", fa_file_type);
bof_buffer_size_idx = Idx("bof_buffer_size", fa_file_type);
bof_buffer_idx = Idx("bof_buffer", fa_file_type);
meta_mime_type_idx = Idx("mime_type", fa_metadata_type);
meta_mime_types_idx = Idx("mime_types", fa_metadata_type);
meta_inferred_idx = Idx("inferred", fa_metadata_type);
id_idx = Idx("id", zeek::vars::fa_file_type);
parent_id_idx = Idx("parent_id", zeek::vars::fa_file_type);
source_idx = Idx("source", zeek::vars::fa_file_type);
is_orig_idx = Idx("is_orig", zeek::vars::fa_file_type);
conns_idx = Idx("conns", zeek::vars::fa_file_type);
last_active_idx = Idx("last_active", zeek::vars::fa_file_type);
seen_bytes_idx = Idx("seen_bytes", zeek::vars::fa_file_type);
total_bytes_idx = Idx("total_bytes", zeek::vars::fa_file_type);
missing_bytes_idx = Idx("missing_bytes", zeek::vars::fa_file_type);
overflow_bytes_idx = Idx("overflow_bytes", zeek::vars::fa_file_type);
timeout_interval_idx = Idx("timeout_interval", zeek::vars::fa_file_type);
bof_buffer_size_idx = Idx("bof_buffer_size", zeek::vars::fa_file_type);
bof_buffer_idx = Idx("bof_buffer", zeek::vars::fa_file_type);
meta_mime_type_idx = Idx("mime_type", zeek::vars::fa_metadata_type);
meta_mime_types_idx = Idx("mime_types", zeek::vars::fa_metadata_type);
meta_inferred_idx = Idx("inferred", zeek::vars::fa_metadata_type);
}
File::File(const std::string& file_id, const std::string& source_name, Connection* conn,
@ -91,7 +91,7 @@ File::File(const std::string& file_id, const std::string& source_name, Connectio
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Creating new File object", file_id.c_str());
val = new RecordVal(fa_file_type);
val = new RecordVal(zeek::vars::fa_file_type);
val->Assign(id_idx, make_intrusive<StringVal>(file_id.c_str()));
SetSource(source_name);
@ -137,16 +137,12 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig)
val->Assign(conns_idx, conns);
}
Val* idx = get_conn_id_val(conn);
auto idx = get_conn_id_val(conn);
if ( conns->AsTableVal()->Lookup(idx) )
{
Unref(idx);
if ( conns->AsTableVal()->Lookup(idx.get()) )
return false;
}
conns->AsTableVal()->Assign(idx, conn->ConnVal());
Unref(idx);
conns->AsTableVal()->Assign(idx.get(), conn->ConnVal());
return true;
}
@ -299,7 +295,7 @@ bool File::SetMime(const std::string& mime_type)
if ( ! FileEventAvailable(file_sniff) )
return false;
auto meta = make_intrusive<RecordVal>(fa_metadata_type);
auto meta = make_intrusive<RecordVal>(zeek::vars::fa_metadata_type);
meta->Assign(meta_mime_type_idx, make_intrusive<StringVal>(mime_type));
meta->Assign(meta_inferred_idx, val_mgr->False());
@ -332,7 +328,7 @@ void File::InferMetadata()
len = std::min(len, LookupFieldDefaultCount(bof_buffer_size_idx));
file_mgr->DetectMIME(data, len, &matches);
auto meta = make_intrusive<RecordVal>(fa_metadata_type);
auto meta = make_intrusive<RecordVal>(zeek::vars::fa_metadata_type);
if ( ! matches.empty() )
{

2
src/file_analysis/File.h
View file

@ -323,6 +323,8 @@ protected:
* @return the field offset in #val record corresponding to \a field_name.
*/
static int Idx(const std::string& field_name, const RecordType* type);
static int Idx(const std::string& field_name, const IntrusivePtr<RecordType>& type)
{ return Idx(field_name, type.get()); }
/**
* Initializes static member.

4
src/file_analysis/Manager.cc
View file

@ -499,12 +499,12 @@ string Manager::DetectMIME(const u_char* data, uint64_t len) const
IntrusivePtr<VectorVal> file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m)
{
auto rval = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, mime_matches});
auto rval = make_intrusive<VectorVal>(zeek::vars::mime_matches);
for ( RuleMatcher::MIME_Matches::const_iterator it = m.begin();
it != m.end(); ++it )
{
auto element = make_intrusive<RecordVal>(mime_match);
auto element = make_intrusive<RecordVal>(zeek::vars::mime_match);
for ( set<string>::const_iterator it2 = it->second.begin();
it2 != it->second.end(); ++it2 )

2
src/file_analysis/analyzer/entropy/Entropy.cc
View file

@ -60,7 +60,7 @@ void Entropy::Finalize()
montepi = scc = ent = mean = chisq = 0.0;
entropy->Get(&ent, &chisq, &mean, &montepi, &scc);
auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
auto ent_result = make_intrusive<RecordVal>(zeek::vars::entropy_test_result);
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE));
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE));
ent_result->Assign(2, make_intrusive<Val>(mean, TYPE_DOUBLE));

4
src/file_analysis/analyzer/pe/pe-analyzer.pac
View file

@ -11,7 +11,7 @@ VectorVal* process_rvas(const RVAS* rvas);
%code{
VectorVal* process_rvas(const RVAS* rva_table)
{
auto rvas = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("index_vec"));
auto rvas = make_intrusive<VectorVal>(zeek::vars::index_vec);
for ( uint16 i=0; i < rva_table->rvas()->size(); ++i )
rvas->Assign(i, val_mgr->Count((*rva_table->rvas())[i]->size()));
@ -26,7 +26,7 @@ refine flow File += {
function characteristics_to_bro(c: uint32, len: uint8): TableVal
%{
uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF;
TableVal* char_set = new TableVal(zeek::lookup_type<TableType>("count_set"));
TableVal* char_set = new TableVal(zeek::vars::count_set);
for ( uint16 i=0; i < len; ++i )
{
if ( ((c >> i) & 0x1) == 1 )

6
src/file_analysis/analyzer/x509/X509.cc
View file

@ -367,21 +367,21 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
{
case GEN_DNS:
if ( names == nullptr )
names = new VectorVal(zeek::lookup_type<VectorType>("string_vec"));
names = new VectorVal(zeek::vars::string_vec);
names->Assign(names->Size(), bs);
break;
case GEN_URI:
if ( uris == nullptr )
uris = new VectorVal(zeek::lookup_type<VectorType>("string_vec"));
uris = new VectorVal(zeek::vars::string_vec);
uris->Assign(uris->Size(), bs);
break;
case GEN_EMAIL:
if ( emails == nullptr )
emails = new VectorVal(zeek::lookup_type<VectorType>("string_vec"));
emails = new VectorVal(zeek::vars::string_vec);
emails->Assign(emails->Size(), bs);
break;

4
src/iosource/Packet.cc
View file

@ -593,8 +593,8 @@ void Packet::ProcessLayer2()
IntrusivePtr<RecordVal> Packet::ToRawPktHdrVal() const
{
auto pkt_hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);
RecordVal* l2_hdr = new RecordVal(l2_hdr_type);
auto pkt_hdr = make_intrusive<RecordVal>(zeek::vars::raw_pkt_hdr_type);
RecordVal* l2_hdr = new RecordVal(zeek::vars::l2_hdr_type);
bool is_ethernet = link_type == DLT_EN10MB;

2
src/reporter.bif
View file

@ -153,7 +153,7 @@ function Reporter::file_weird%(name: string, f: fa_file, addl: string &default="
## Returns: Current weird sampling whitelist
function Reporter::get_weird_sampling_whitelist%(%): string_set
%{
auto set = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set});
auto set = make_intrusive<TableVal>(zeek::vars::string_set);
for ( auto el : reporter->GetWeirdSamplingWhitelist() )
{
auto idx = make_intrusive<StringVal>(el);

7
src/strings.bif
View file

@ -259,7 +259,7 @@ static IntrusivePtr<VectorVal> do_split_string(StringVal* str_val,
Val* do_split(StringVal* str_val, RE_Matcher* re, int incl_sep, int max_num_sep)
{
TableVal* a = new TableVal({NewRef{}, string_array});
TableVal* a = new TableVal(zeek::vars::string_array);
const u_char* s = str_val->Bytes();
int n = str_val->Len();
const u_char* end_of_s = s + n;
@ -713,8 +713,7 @@ function str_split%(s: string, idx: index_vec%): string_vec
indices[i] = (*idx_v)[i]->AsCount();
BroString::Vec* result = s->AsString()->Split(indices);
auto result_v = make_intrusive<VectorVal>(
zeek::lookup_type<VectorType>("string_vec"));
auto result_v = make_intrusive<VectorVal>(zeek::vars::string_vec);
if ( result )
{
@ -909,7 +908,7 @@ function safe_shell_quote%(source: string%): string
## .. zeek:see: find_last strstr
function find_all%(str: string, re: pattern%) : string_set
%{
auto a = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set});
auto a = make_intrusive<TableVal>(zeek::vars::string_set);
const u_char* s = str->Bytes();
const u_char* e = s + str->Len();

57
src/zeek.bif
View file

@ -30,7 +30,6 @@
#include "Hash.h"
using namespace std;
using namespace zeek;
TableType* var_sizes;
@ -1052,7 +1051,7 @@ function find_entropy%(data: string%): entropy_test_result
e.Feed(data->Bytes(), data->Len());
e.Get(&ent, &chisq, &mean, &montepi, &scc);
auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
auto ent_result = make_intrusive<RecordVal>(zeek::vars::entropy_test_result);
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE));
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE));
ent_result->Assign(2, make_intrusive<Val>(mean, TYPE_DOUBLE));
@ -1103,7 +1102,7 @@ function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result
montepi = scc = ent = mean = chisq = 0.0;
static_cast<EntropyVal*>(handle)->Get(&ent, &chisq, &mean, &montepi, &scc);
auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
auto ent_result = make_intrusive<RecordVal>(zeek::vars::entropy_test_result);
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE));
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE));
ent_result->Assign(2, make_intrusive<Val>(mean, TYPE_DOUBLE));
@ -1470,7 +1469,7 @@ function sort%(v: any, ...%) : any
## .. zeek:see:: sort
function order%(v: any, ...%) : index_vec
%{
auto result_v = make_intrusive<VectorVal>(lookup_type<VectorType>("index_vec"));
auto result_v = make_intrusive<VectorVal>(zeek::vars::index_vec);
if ( v->GetType()->Tag() != TYPE_VECTOR )
{
@ -1823,10 +1822,9 @@ function zeek_version%(%): string
## Returns: A string vector with the field names of *rt*.
function record_type_to_vector%(rt: string%): string_vec
%{
auto result =
make_intrusive<VectorVal>(lookup_type<VectorType>("string_vec"));
auto result = make_intrusive<VectorVal>(zeek::vars::string_vec);
RecordType* type = lookup_type(rt->CheckString())->AsRecordType();
RecordType* type = zeek::lookup_type(rt->CheckString())->AsRecordType();
for ( int i = 0; i < type->NumFields(); ++i )
result->Assign(i+1, make_intrusive<StringVal>(type->FieldName(i)));
@ -1853,7 +1851,7 @@ function type_name%(t: any%): string
## Returns: list of command-line arguments (``argv``) used to run Zeek.
function zeek_args%(%): string_vec
%{
auto sv = lookup_type<VectorType>("string_vec");
auto sv = zeek::vars::string_vec;
auto rval = make_intrusive<VectorVal>(std::move(sv));
for ( auto i = 0; i < bro_argc; ++i )
@ -1891,7 +1889,7 @@ function reading_traces%(%): bool
## .. zeek:see:: reading_live_traffic reading_traces
function packet_source%(%): PacketSource
%{
auto ps_type = lookup_type("PacketSource")->AsRecordType();
auto ps_type = zeek::lookup_type("PacketSource")->AsRecordType();
auto ps = iosource_mgr->GetPktSrc();
auto r = make_intrusive<RecordVal>(ps_type);
@ -1941,13 +1939,13 @@ function global_sizes%(%): var_sizes
## .. zeek:see:: global_sizes
function global_ids%(%): id_table
%{
auto ids = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, id_table});
auto ids = make_intrusive<TableVal>(zeek::vars::id_table);
const auto& globals = global_scope()->Vars();
for ( const auto& global : globals )
{
ID* id = global.second.get();
auto rec = make_intrusive<RecordVal>(script_id);
auto rec = make_intrusive<RecordVal>(zeek::vars::script_id);
rec->Assign(0, make_intrusive<StringVal>(type_name(id->GetType()->Tag())));
rec->Assign(1, val_mgr->Bool(id->IsExport()));
rec->Assign(2, val_mgr->Bool(id->IsConst()));
@ -1999,8 +1997,7 @@ function record_fields%(rec: any%): record_field_table
if ( ! id || ! id->IsType() || id->GetType()->Tag() != TYPE_RECORD )
{
reporter->Error("record_fields string argument does not name a record type");
auto tt = lookup_type<TableType>("record_field_table");
return make_intrusive<TableVal>(std::move(tt));
return make_intrusive<TableVal>(zeek::vars::record_field_table);
}
return id->GetType()->AsRecordType()->GetRecordFieldsVal();
@ -2186,7 +2183,7 @@ function is_v6_subnet%(s: subnet%): bool
## Returns: The vector of addresses contained in the routing header data.
function routing0_data_to_addrs%(s: string%): addr_vec
%{
auto rval = make_intrusive<VectorVal>(lookup_type<VectorType>("addr_vec"));
auto rval = make_intrusive<VectorVal>(zeek::lookup_type<VectorType>("addr_vec"));
int len = s->Len();
const u_char* bytes = s->Bytes();
@ -2217,7 +2214,7 @@ function routing0_data_to_addrs%(s: string%): addr_vec
## .. zeek:see:: counts_to_addr
function addr_to_counts%(a: addr%): index_vec
%{
auto rval = make_intrusive<VectorVal>(lookup_type<VectorType>("index_vec"));
auto rval = make_intrusive<VectorVal>(zeek::vars::index_vec);
const uint32_t* bytes;
int len = a->AsAddr().GetBytes(&bytes);
@ -3211,16 +3208,16 @@ static IntrusivePtr<EnumVal> map_conn_type(TransportProto tp)
{
switch ( tp ) {
case TRANSPORT_UNKNOWN:
return transport_proto->GetVal(0);
return zeek::vars::transport_proto->GetVal(0);
case TRANSPORT_TCP:
return transport_proto->GetVal(1);
return zeek::vars::transport_proto->GetVal(1);
case TRANSPORT_UDP:
return transport_proto->GetVal(2);
return zeek::vars::transport_proto->GetVal(2);
case TRANSPORT_ICMP:
return transport_proto->GetVal(3);
return zeek::vars::transport_proto->GetVal(3);
default:
reporter->InternalError("bad connection type in map_conn_type()");
@ -3246,7 +3243,7 @@ function get_conn_transport_proto%(cid: conn_id%): transport_proto
if ( ! c )
{
builtin_error("unknown connection id in get_conn_transport_proto()", cid);
return transport_proto->GetVal(0);
return zeek::vars::transport_proto->GetVal(0);
}
return map_conn_type(c->ConnTransport());
@ -3298,20 +3295,20 @@ function lookup_connection%(cid: conn_id%): connection
builtin_error("connection ID not a known connection", cid);
// Return a dummy connection record.
auto c = make_intrusive<RecordVal>(connection_type);
auto c = make_intrusive<RecordVal>(zeek::vars::connection_type);
auto id_val = make_intrusive<RecordVal>(conn_id);
auto id_val = make_intrusive<RecordVal>(zeek::vars::conn_id);
id_val->Assign(0, make_intrusive<AddrVal>((unsigned int) 0));
id_val->Assign(1, val_mgr->Port(ntohs(0), TRANSPORT_UDP));
id_val->Assign(2, make_intrusive<AddrVal>((unsigned int) 0));
id_val->Assign(3, val_mgr->Port(ntohs(0), TRANSPORT_UDP));
c->Assign(0, std::move(id_val));
auto orig_endp = make_intrusive<RecordVal>(endpoint);
auto orig_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
orig_endp->Assign(0, val_mgr->Count(0));
orig_endp->Assign(1, val_mgr->Count(int(0)));
auto resp_endp = make_intrusive<RecordVal>(endpoint);
auto resp_endp = make_intrusive<RecordVal>(zeek::vars::endpoint);
resp_endp->Assign(0, val_mgr->Count(0));
resp_endp->Assign(1, val_mgr->Count(int(0)));
@ -3320,7 +3317,7 @@ function lookup_connection%(cid: conn_id%): connection
c->Assign(3, make_intrusive<Val>(network_time, TYPE_TIME));
c->Assign(4, make_intrusive<Val>(0.0, TYPE_INTERVAL));
c->Assign(5, make_intrusive<TableVal>(IntrusivePtr{NewRef{}, string_set})); // service
c->Assign(5, make_intrusive<TableVal>(zeek::vars::string_set)); // service
c->Assign(6, val_mgr->EmptyString()); // history
return c;
@ -3383,7 +3380,7 @@ function dump_current_packet%(file_name: string%) : bool
function get_current_packet%(%) : pcap_packet
%{
const Packet* p;
auto pkt = make_intrusive<RecordVal>(pcap_packet);
auto pkt = make_intrusive<RecordVal>(zeek::vars::pcap_packet);
if ( ! current_pktsrc ||
! current_pktsrc->GetCurrentPacket(&p) )
@ -3423,7 +3420,7 @@ function get_current_packet_header%(%) : raw_pkt_hdr
return p->ToRawPktHdrVal();
}
auto hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);
auto hdr = make_intrusive<RecordVal>(zeek::vars::raw_pkt_hdr_type);
return hdr;
%}
@ -3993,7 +3990,7 @@ function mmdb_open_asn_db%(f: string%) : bool
## .. zeek:see:: lookup_asn
function lookup_location%(a: addr%) : geo_location
%{
auto location = make_intrusive<RecordVal>(geo_location);
auto location = make_intrusive<RecordVal>(zeek::vars::geo_location);
#ifdef USE_GEOIP
mmdb_check_loc();
@ -4624,7 +4621,7 @@ function rotate_file%(f: file%): rotate_info
return info;
// Record indicating error.
info = make_intrusive<RecordVal>(rotate_info);
info = make_intrusive<RecordVal>(zeek::vars::rotate_info);
info->Assign(0, val_mgr->EmptyString());
info->Assign(1, val_mgr->EmptyString());
info->Assign(2, make_intrusive<Val>(0.0, TYPE_TIME));
@ -4643,7 +4640,7 @@ function rotate_file%(f: file%): rotate_info
## .. zeek:see:: rotate_file calc_next_rotate
function rotate_file_by_name%(f: string%): rotate_info
%{
auto info = make_intrusive<RecordVal>(rotate_info);
auto info = make_intrusive<RecordVal>(zeek::vars::rotate_info);
bool is_pkt_dumper = false;
bool is_addl_pkt_dumper = false;