Move packet filter out of NetSessions

src/Sessions.cc

@@ -36,15 +36,11 @@ namespace zeek {
 
 NetSessions::NetSessions()
 	{
-	packet_filter = nullptr;
-
 	memset(&stats, 0, sizeof(SessionStats));
 	}
 
 NetSessions::~NetSessions()
 	{
-	delete packet_filter;
-
 	for ( const auto& entry : tcp_conns )
 		Unref(entry.second);
 	for ( const auto& entry : udp_conns )
@@ -758,4 +754,9 @@ void NetSessions::InsertConnection(ConnectionMap* m, const detail::ConnIDKey& ke
 		}
 	}
 
+detail::PacketFilter* NetSessions::GetPacketFilter(bool init)
+	{
+	return packet_mgr->GetPacketFilter(init);
+	}
+
 } // namespace zeek

src/Sessions.h

@@ -7,12 +7,13 @@
 #include <utility>
 
 #include "zeek/Frag.h"
-#include "zeek/PacketFilter.h"
 #include "zeek/NetVar.h"
 #include "zeek/analyzer/protocol/tcp/Stats.h"
 
 namespace zeek {
 
+namespace detail { class PacketFilter; }
+
 class EncapsulationStack;
 class Packet;
 class Connection;
@@ -65,12 +66,8 @@ public:
 	void Weird(const char* name, const IP_Hdr* ip,
 	           const char* addl = "");
 
-	detail::PacketFilter* GetPacketFilter(bool init=true)
+	[[deprecated("Remove in v5.1. Use packet_mgr->GetPacketFilter().")]]
-		{
+	detail::PacketFilter* GetPacketFilter(bool init=true);
-		if ( ! packet_filter && init )
-			packet_filter = new detail::PacketFilter(detail::packet_filter_default);
-		return packet_filter;
-		}
 
 	unsigned int CurrentConnections()
 		{
@@ -166,8 +163,6 @@ protected:
 	ConnectionMap icmp_conns;
 
 	SessionStats stats;
-
-	detail::PacketFilter* packet_filter;
 };
 
 // Manager for the currently active sessions.

src/packet_analysis/Manager.cc

@@ -20,6 +20,7 @@ Manager::Manager()
 Manager::~Manager()
 	{
 	delete pkt_profiler;
+	delete pkt_filter;
 	}
 
 void Manager::InitPostScript()

src/packet_analysis/Manager.h

@@ -7,6 +7,7 @@
 #include "zeek/plugin/ComponentManager.h"
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Dispatcher.h"
+#include "zeek/PacketFilter.h"
 
 namespace zeek {
 
@@ -112,6 +113,13 @@ public:
 	 */
 	void ResetUnknownProtocolTimer(const std::string& analyzer, uint32_t protocol);
 
+	detail::PacketFilter* GetPacketFilter(bool init=true)
+		{
+		if ( ! pkt_filter && init )
+			pkt_filter = new detail::PacketFilter(detail::packet_filter_default);
+		return pkt_filter;
+		}
+
 private:
 	/**
 	 * Instantiates a new analyzer instance.
@@ -140,6 +148,7 @@ private:
 
 	uint64_t num_packets_processed = 0;
 	detail::PacketProfiler* pkt_profiler = nullptr;
+	detail::PacketFilter* pkt_filter = nullptr;
 
 	using UnknownProtocolPair = std::pair<std::string, uint32_t>;
 	std::map<UnknownProtocolPair, uint64_t> unknown_protocols;

src/packet_analysis/protocol/ip/IP.cc

@@ -122,7 +122,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		}
 
 	// Ignore if packet matches packet filter.
-	detail::PacketFilter* packet_filter = sessions->GetPacketFilter(false);
+	detail::PacketFilter* packet_filter = packet_mgr->GetPacketFilter(false);
 	if ( packet_filter && packet_filter->Match(packet->ip_hdr, total_len, len) )
 		 return false;
 

src/zeek.bif

@@ -28,6 +28,7 @@
 #include "zeek/IntrusivePtr.h"
 #include "zeek/input.h"
 #include "zeek/Hash.h"
+#include "zeek/packet_analysis/Manager.h"
 
 using namespace std;
 
@@ -4878,7 +4879,7 @@ function enable_raw_output%(f: file%): any
 ## .. todo:: The return value should be changed to any.
 function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool
 	%{
-	sessions->GetPacketFilter()->AddSrc(ip->AsAddr(), tcp_flags, prob);
+	packet_mgr->GetPacketFilter()->AddSrc(ip->AsAddr(), tcp_flags, prob);
 	return zeek::val_mgr->True();
 	%}
 
@@ -4908,7 +4909,7 @@ function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b
 ## .. todo:: The return value should be changed to any.
 function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) : bool
 	%{
-	sessions->GetPacketFilter()->AddSrc(snet, tcp_flags, prob);
+	packet_mgr->GetPacketFilter()->AddSrc(snet, tcp_flags, prob);
 	return zeek::val_mgr->True();
 	%}
 
@@ -4930,7 +4931,7 @@ function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%)
 ##              Pcap::error
 function uninstall_src_addr_filter%(ip: addr%) : bool
 	%{
-	return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveSrc(ip->AsAddr()));
+	return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveSrc(ip->AsAddr()));
 	%}
 
 ## Removes a source subnet filter.
@@ -4951,7 +4952,7 @@ function uninstall_src_addr_filter%(ip: addr%) : bool
 ##              Pcap::error
 function uninstall_src_net_filter%(snet: subnet%) : bool
 	%{
-	return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveSrc(snet));
+	return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveSrc(snet));
 	%}
 
 ## Installs a filter to drop packets destined to a given IP address with
@@ -4983,7 +4984,7 @@ function uninstall_src_net_filter%(snet: subnet%) : bool
 ## .. todo:: The return value should be changed to any.
 function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool
 	%{
-	sessions->GetPacketFilter()->AddDst(ip->AsAddr(), tcp_flags, prob);
+	packet_mgr->GetPacketFilter()->AddDst(ip->AsAddr(), tcp_flags, prob);
 	return zeek::val_mgr->True();
 	%}
 
@@ -5013,7 +5014,7 @@ function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b
 ## .. todo:: The return value should be changed to any.
 function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) : bool
 	%{
-	sessions->GetPacketFilter()->AddDst(snet, tcp_flags, prob);
+	packet_mgr->GetPacketFilter()->AddDst(snet, tcp_flags, prob);
 	return zeek::val_mgr->True();
 	%}
 
@@ -5035,7 +5036,7 @@ function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%)
 ##              Pcap::error
 function uninstall_dst_addr_filter%(ip: addr%) : bool
 	%{
-	return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveDst(ip->AsAddr()));
+	return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveDst(ip->AsAddr()));
 	%}
 
 ## Removes a destination subnet filter.
@@ -5056,7 +5057,7 @@ function uninstall_dst_addr_filter%(ip: addr%) : bool
 ##              Pcap::error
 function uninstall_dst_net_filter%(snet: subnet%) : bool
 	%{
-	return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveDst(snet));
+	return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveDst(snet));
 	%}
 
 ## Checks whether the last raised event came from a remote peer.