Move packet filter out of NetSessions

2025-10-05 08:08:19 +00:00 · 2021-04-07 16:16:39 -07:00 · 2021-04-07 16:16:39 -07:00 · c752d76052
commit c752d76052
parent 50713b3c2d
6 changed files with 29 additions and 22 deletions
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -36,15 +36,11 @@ namespace zeek {

 NetSessions::NetSessions()
 	{
-	packet_filter = nullptr;
-
 	memset(&stats, 0, sizeof(SessionStats));
 	}

 NetSessions::~NetSessions()
 	{
-	delete packet_filter;
-
 	for ( const auto& entry : tcp_conns )
 		Unref(entry.second);
 	for ( const auto& entry : udp_conns )
@ -758,4 +754,9 @@ void NetSessions::InsertConnection(ConnectionMap* m, const detail::ConnIDKey& ke
 		}
 	}

+detail::PacketFilter* NetSessions::GetPacketFilter(bool init)
+	{
+	return packet_mgr->GetPacketFilter(init);
+	}
+
 } // namespace zeek
--- a/src/Sessions.h
+++ b/src/Sessions.h
@ -7,12 +7,13 @@
 #include <utility>

 #include "zeek/Frag.h"
-#include "zeek/PacketFilter.h"
 #include "zeek/NetVar.h"
 #include "zeek/analyzer/protocol/tcp/Stats.h"

 namespace zeek {

+namespace detail { class PacketFilter; }
+
 class EncapsulationStack;
 class Packet;
 class Connection;
@ -65,12 +66,8 @@ public:
 	void Weird(const char* name, const IP_Hdr* ip,
 	           const char* addl = "");

-	detail::PacketFilter* GetPacketFilter(bool init=true)
-		{
-		if ( ! packet_filter && init )
-			packet_filter = new detail::PacketFilter(detail::packet_filter_default);
-		return packet_filter;
-		}
+	[[deprecated("Remove in v5.1. Use packet_mgr->GetPacketFilter().")]]
+	detail::PacketFilter* GetPacketFilter(bool init=true);

 	unsigned int CurrentConnections()
 		{
@ -166,8 +163,6 @@ protected:
 	ConnectionMap icmp_conns;

 	SessionStats stats;
-
-	detail::PacketFilter* packet_filter;
 };

 // Manager for the currently active sessions.
--- a/src/packet_analysis/Manager.cc
+++ b/src/packet_analysis/Manager.cc
@ -20,6 +20,7 @@ Manager::Manager()
 Manager::~Manager()
 	{
 	delete pkt_profiler;
+	delete pkt_filter;
 	}

 void Manager::InitPostScript()
--- a/src/packet_analysis/Manager.h
+++ b/src/packet_analysis/Manager.h
@ -7,6 +7,7 @@
 #include "zeek/plugin/ComponentManager.h"
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/Dispatcher.h"
+#include "zeek/PacketFilter.h"

 namespace zeek {

@ -112,6 +113,13 @@ public:
 	 */
 	void ResetUnknownProtocolTimer(const std::string& analyzer, uint32_t protocol);

+	detail::PacketFilter* GetPacketFilter(bool init=true)
+		{
+		if ( ! pkt_filter && init )
+			pkt_filter = new detail::PacketFilter(detail::packet_filter_default);
+		return pkt_filter;
+		}
+
 private:
 	/**
 	 * Instantiates a new analyzer instance.
@ -140,6 +148,7 @@ private:

 	uint64_t num_packets_processed = 0;
 	detail::PacketProfiler* pkt_profiler = nullptr;
+	detail::PacketFilter* pkt_filter = nullptr;

 	using UnknownProtocolPair = std::pair<std::string, uint32_t>;
 	std::map<UnknownProtocolPair, uint64_t> unknown_protocols;
--- a/src/packet_analysis/protocol/ip/IP.cc
+++ b/src/packet_analysis/protocol/ip/IP.cc
@ -122,7 +122,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		}

 	// Ignore if packet matches packet filter.
-	detail::PacketFilter* packet_filter = sessions->GetPacketFilter(false);
+	detail::PacketFilter* packet_filter = packet_mgr->GetPacketFilter(false);
 	if ( packet_filter && packet_filter->Match(packet->ip_hdr, total_len, len) )
 		 return false;

--- a/src/zeek.bif
+++ b/src/zeek.bif
@ -28,6 +28,7 @@
 #include "zeek/IntrusivePtr.h"
 #include "zeek/input.h"
 #include "zeek/Hash.h"
+#include "zeek/packet_analysis/Manager.h"

 using namespace std;

@ -4878,7 +4879,7 @@ function enable_raw_output%(f: file%): any
 ## .. todo:: The return value should be changed to any.
 function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool
 	%{
-	sessions->GetPacketFilter()->AddSrc(ip->AsAddr(), tcp_flags, prob);
+	packet_mgr->GetPacketFilter()->AddSrc(ip->AsAddr(), tcp_flags, prob);
 	return zeek::val_mgr->True();
 	%}

@ -4908,7 +4909,7 @@ function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b
 ## .. todo:: The return value should be changed to any.
 function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) : bool
 	%{
-	sessions->GetPacketFilter()->AddSrc(snet, tcp_flags, prob);
+	packet_mgr->GetPacketFilter()->AddSrc(snet, tcp_flags, prob);
 	return zeek::val_mgr->True();
 	%}

@ -4930,7 +4931,7 @@ function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%)
 ##              Pcap::error
 function uninstall_src_addr_filter%(ip: addr%) : bool
 	%{
-	return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveSrc(ip->AsAddr()));
+	return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveSrc(ip->AsAddr()));
 	%}

 ## Removes a source subnet filter.
@ -4951,7 +4952,7 @@ function uninstall_src_addr_filter%(ip: addr%) : bool
 ##              Pcap::error
 function uninstall_src_net_filter%(snet: subnet%) : bool
 	%{
-	return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveSrc(snet));
+	return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveSrc(snet));
 	%}

 ## Installs a filter to drop packets destined to a given IP address with
@ -4983,7 +4984,7 @@ function uninstall_src_net_filter%(snet: subnet%) : bool
 ## .. todo:: The return value should be changed to any.
 function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool
 	%{
-	sessions->GetPacketFilter()->AddDst(ip->AsAddr(), tcp_flags, prob);
+	packet_mgr->GetPacketFilter()->AddDst(ip->AsAddr(), tcp_flags, prob);
 	return zeek::val_mgr->True();
 	%}

@ -5013,7 +5014,7 @@ function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b
 ## .. todo:: The return value should be changed to any.
 function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) : bool
 	%{
-	sessions->GetPacketFilter()->AddDst(snet, tcp_flags, prob);
+	packet_mgr->GetPacketFilter()->AddDst(snet, tcp_flags, prob);
 	return zeek::val_mgr->True();
 	%}

@ -5035,7 +5036,7 @@ function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%)
 ##              Pcap::error
 function uninstall_dst_addr_filter%(ip: addr%) : bool
 	%{
-	return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveDst(ip->AsAddr()));
+	return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveDst(ip->AsAddr()));
 	%}

 ## Removes a destination subnet filter.
@ -5056,7 +5057,7 @@ function uninstall_dst_addr_filter%(ip: addr%) : bool
 ##              Pcap::error
 function uninstall_dst_net_filter%(snet: subnet%) : bool
 	%{
-	return zeek::val_mgr->Bool(sessions->GetPacketFilter()->RemoveDst(snet));
+	return zeek::val_mgr->Bool(packet_mgr->GetPacketFilter()->RemoveDst(snet));
 	%}

 ## Checks whether the last raised event came from a remote peer.