diff --git a/src/Sessions.cc b/src/Sessions.cc index 0d20398c03..5cb8e8745d 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -36,15 +36,11 @@ namespace zeek { NetSessions::NetSessions() { - packet_filter = nullptr; - memset(&stats, 0, sizeof(SessionStats)); } NetSessions::~NetSessions() { - delete packet_filter; - for ( const auto& entry : tcp_conns ) Unref(entry.second); for ( const auto& entry : udp_conns ) @@ -758,4 +754,9 @@ void NetSessions::InsertConnection(ConnectionMap* m, const detail::ConnIDKey& ke } } +detail::PacketFilter* NetSessions::GetPacketFilter(bool init) + { + return packet_mgr->GetPacketFilter(init); + } + } // namespace zeek diff --git a/src/Sessions.h b/src/Sessions.h index 1b381d32db..79908a99f3 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -7,12 +7,13 @@ #include #include "zeek/Frag.h" -#include "zeek/PacketFilter.h" #include "zeek/NetVar.h" #include "zeek/analyzer/protocol/tcp/Stats.h" namespace zeek { +namespace detail { class PacketFilter; } + class EncapsulationStack; class Packet; class Connection; @@ -65,12 +66,8 @@ public: void Weird(const char* name, const IP_Hdr* ip, const char* addl = ""); - detail::PacketFilter* GetPacketFilter(bool init=true) - { - if ( ! packet_filter && init ) - packet_filter = new detail::PacketFilter(detail::packet_filter_default); - return packet_filter; - } + [[deprecated("Remove in v5.1. Use packet_mgr->GetPacketFilter().")]] + detail::PacketFilter* GetPacketFilter(bool init=true); unsigned int CurrentConnections() { @@ -166,8 +163,6 @@ protected: ConnectionMap icmp_conns; SessionStats stats; - - detail::PacketFilter* packet_filter; }; // Manager for the currently active sessions. diff --git a/src/packet_analysis/Manager.cc b/src/packet_analysis/Manager.cc index 05919ab7df..04ffc9e23d 100644 --- a/src/packet_analysis/Manager.cc +++ b/src/packet_analysis/Manager.cc @@ -20,6 +20,7 @@ Manager::Manager() Manager::~Manager() { delete pkt_profiler; + delete pkt_filter; } void Manager::InitPostScript() diff --git a/src/packet_analysis/Manager.h b/src/packet_analysis/Manager.h index 35eaacbee7..de50907ff0 100644 --- a/src/packet_analysis/Manager.h +++ b/src/packet_analysis/Manager.h @@ -7,6 +7,7 @@ #include "zeek/plugin/ComponentManager.h" #include "zeek/iosource/Packet.h" #include "zeek/packet_analysis/Dispatcher.h" +#include "zeek/PacketFilter.h" namespace zeek { @@ -112,6 +113,13 @@ public: */ void ResetUnknownProtocolTimer(const std::string& analyzer, uint32_t protocol); + detail::PacketFilter* GetPacketFilter(bool init=true) + { + if ( ! pkt_filter && init ) + pkt_filter = new detail::PacketFilter(detail::packet_filter_default); + return pkt_filter; + } + private: /** * Instantiates a new analyzer instance. @@ -140,6 +148,7 @@ private: uint64_t num_packets_processed = 0; detail::PacketProfiler* pkt_profiler = nullptr; + detail::PacketFilter* pkt_filter = nullptr; using UnknownProtocolPair = std::pair; std::map unknown_protocols; diff --git a/src/packet_analysis/protocol/ip/IP.cc b/src/packet_analysis/protocol/ip/IP.cc index 00676d3154..6e132c55a5 100644 --- a/src/packet_analysis/protocol/ip/IP.cc +++ b/src/packet_analysis/protocol/ip/IP.cc @@ -122,7 +122,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) } // Ignore if packet matches packet filter. - detail::PacketFilter* packet_filter = sessions->GetPacketFilter(false); + detail::PacketFilter* packet_filter = packet_mgr->GetPacketFilter(false); if ( packet_filter && packet_filter->Match(packet->ip_hdr, total_len, len) ) return false; diff --git a/src/zeek.bif b/src/zeek.bif index 7e0c6a7a1b..a8d24bf0c5 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -28,6 +28,7 @@ #include "zeek/IntrusivePtr.h" #include "zeek/input.h" #include "zeek/Hash.h" +#include "zeek/packet_analysis/Manager.h" using namespace std; @@ -4878,7 +4879,7 @@ function enable_raw_output%(f: file%): any ## .. todo:: The return value should be changed to any. function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool %{ - sessions->GetPacketFilter()->AddSrc(ip->AsAddr(), tcp_flags, prob); + packet_mgr->GetPacketFilter()->AddSrc(ip->AsAddr(), tcp_flags, prob); return zeek::val_mgr->True(); %} @@ -4908,7 +4909,7 @@ function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b ## .. todo:: The return value should be changed to any. function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) : bool %{ - sessions->GetPacketFilter()->AddSrc(snet, tcp_flags, prob); + packet_mgr->GetPacketFilter()->AddSrc(snet, tcp_flags, prob); return zeek::val_mgr->True(); %} @@ -4930,7 +4931,7 @@ function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## Pcap::error function uninstall_src_addr_filter%(ip: addr%) : bool %{ - return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveSrc(ip->AsAddr())); + return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveSrc(ip->AsAddr())); %} ## Removes a source subnet filter. @@ -4951,7 +4952,7 @@ function uninstall_src_addr_filter%(ip: addr%) : bool ## Pcap::error function uninstall_src_net_filter%(snet: subnet%) : bool %{ - return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveSrc(snet)); + return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveSrc(snet)); %} ## Installs a filter to drop packets destined to a given IP address with @@ -4983,7 +4984,7 @@ function uninstall_src_net_filter%(snet: subnet%) : bool ## .. todo:: The return value should be changed to any. function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool %{ - sessions->GetPacketFilter()->AddDst(ip->AsAddr(), tcp_flags, prob); + packet_mgr->GetPacketFilter()->AddDst(ip->AsAddr(), tcp_flags, prob); return zeek::val_mgr->True(); %} @@ -5013,7 +5014,7 @@ function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b ## .. todo:: The return value should be changed to any. function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) : bool %{ - sessions->GetPacketFilter()->AddDst(snet, tcp_flags, prob); + packet_mgr->GetPacketFilter()->AddDst(snet, tcp_flags, prob); return zeek::val_mgr->True(); %} @@ -5035,7 +5036,7 @@ function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## Pcap::error function uninstall_dst_addr_filter%(ip: addr%) : bool %{ - return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveDst(ip->AsAddr())); + return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveDst(ip->AsAddr())); %} ## Removes a destination subnet filter. @@ -5056,7 +5057,7 @@ function uninstall_dst_addr_filter%(ip: addr%) : bool ## Pcap::error function uninstall_dst_net_filter%(snet: subnet%) : bool %{ - return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveDst(snet)); + return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveDst(snet)); %} ## Checks whether the last raised event came from a remote peer.