Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'remotes/origin/topic/jsiwek/prealloc-ports'

Browse source 
* remotes/origin/topic/jsiwek/prealloc-ports:
  Clean up PortManager class, mark PortVal ctors deprecated.
  Add BRO_DEPRECATED macro.
  Preallocate all possible PortVals.

BIT-1881 #merged
This commit is contained in:
Johanna Amann 2018-01-12 10:03:21 -08:00
commit cc738544eb
33 changed files with 201 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

20
CHANGES
View file

@ -1,4 +1,24 @@
2.5-381 | 2018-01-12 10:03:21 -0800
* Preallocate all possible PortVals, mark PortVal ctors deprecated.
The performance benefit is small (maybe ~1% at most), however, it's a
trivial change without downsides. (Jon Siwek)
* Add BRO_DEPRECATED macro. (Jon Siwek)
* Add functions for retrieving files by their id.
There are two new script level functions to query and lookup files
from the core by their IDs. These are adding feature parity for
similarly named functions for files. The function prototypes are
as follows:
Files::file_exists(fuid: string): bool
Files::lookup_File(fuid: string): fa_file (Seth Hall)
2.5-375 | 2018-01-11 11:47:01 -0600
* Fix a test that fails in some environments (Daniel Thayer)

4
NEWS
View file

@ -36,6 +36,10 @@ New Functionality
Since ssl_ecdh_server_params contains more information than the old
ssl_server_curve event, ssl_server_curve is now marked as deprecated.
- Functions for retrieving files by their ID have been added:
Files::file_exists, Files::lookup_File
Changed Functionality
---------------------

2
VERSION
View file

@ -1 +1 @@
2.5-375
2.5-381

2
src/CompHash.cc
View file

@ -703,7 +703,7 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0,
break;
case TYPE_PORT:
pval = new PortVal(*kp);
pval = port_mgr->Get(*kp);
break;
default:

4
src/Conn.cc
View file

@ -364,9 +364,9 @@ RecordVal* Connection::BuildConnVal()
RecordVal* id_val = new RecordVal(conn_id);
id_val->Assign(0, new AddrVal(orig_addr));
id_val->Assign(1, new PortVal(ntohs(orig_port), prot_type));
id_val->Assign(1, port_mgr->Get(ntohs(orig_port), prot_type));
id_val->Assign(2, new AddrVal(resp_addr));
id_val->Assign(3, new PortVal(ntohs(resp_port), prot_type));
id_val->Assign(3, port_mgr->Get(ntohs(resp_port), prot_type));
RecordVal *orig_endp = new RecordVal(endpoint);
orig_endp->Assign(0, new Val(0, TYPE_COUNT));

2
src/Event.cc
View file

@ -166,7 +166,7 @@ RecordVal* EventMgr::GetLocalPeerVal()
src_val = new RecordVal(peer);
src_val->Assign(0, new Val(0, TYPE_COUNT));
src_val->Assign(1, new AddrVal("127.0.0.1"));
src_val->Assign(2, new PortVal(0));
src_val->Assign(2, port_mgr->Get(0));
src_val->Assign(3, new Val(true, TYPE_BOOL));
Ref(peer_description);

8
src/IP.cc
View file

@ -370,8 +370,8 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
int tcp_hdr_len = tp->th_off * 4;
int data_len = PayloadLen() - tcp_hdr_len;
tcp_hdr->Assign(0, new PortVal(ntohs(tp->th_sport), TRANSPORT_TCP));
tcp_hdr->Assign(1, new PortVal(ntohs(tp->th_dport), TRANSPORT_TCP));
tcp_hdr->Assign(0, port_mgr->Get(ntohs(tp->th_sport), TRANSPORT_TCP));
tcp_hdr->Assign(1, port_mgr->Get(ntohs(tp->th_dport), TRANSPORT_TCP));
tcp_hdr->Assign(2, new Val(uint32(ntohl(tp->th_seq)), TYPE_COUNT));
tcp_hdr->Assign(3, new Val(uint32(ntohl(tp->th_ack)), TYPE_COUNT));
tcp_hdr->Assign(4, new Val(tcp_hdr_len, TYPE_COUNT));
@ -388,8 +388,8 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
const struct udphdr* up = (const struct udphdr*) data;
RecordVal* udp_hdr = new RecordVal(udp_hdr_type);
udp_hdr->Assign(0, new PortVal(ntohs(up->uh_sport), TRANSPORT_UDP));
udp_hdr->Assign(1, new PortVal(ntohs(up->uh_dport), TRANSPORT_UDP));
udp_hdr->Assign(0, port_mgr->Get(ntohs(up->uh_sport), TRANSPORT_UDP));
udp_hdr->Assign(1, port_mgr->Get(ntohs(up->uh_dport), TRANSPORT_UDP));
udp_hdr->Assign(2, new Val(ntohs(up->uh_ulen), TYPE_COUNT));
pkt_hdr->Assign(sindex + 3, udp_hdr);

2
src/PersistenceSerializer.cc
View file

@ -191,7 +191,7 @@ void PersistenceSerializer::RaiseFinishedSendState()
{
val_list* vl = new val_list;
vl->append(new AddrVal(htonl(remote_host)));
vl->append(new PortVal(remote_port));
vl->append(port_mgr->Get(remote_port));
mgr.QueueEvent(finished_send_state, vl);
reporter->Log("Serialization done.");

2
src/RemoteSerializer.cc
View file

@ -1809,7 +1809,7 @@ RecordVal* RemoteSerializer::MakePeerVal(Peer* peer)
v->Assign(0, new Val(uint32(peer->id), TYPE_COUNT));
// Sic! Network order for AddrVal, host order for PortVal.
v->Assign(1, new AddrVal(peer->ip));
v->Assign(2, new PortVal(peer->port, TRANSPORT_TCP));
v->Assign(2, port_mgr->Get(peer->port, TRANSPORT_TCP));
v->Assign(3, new Val(false, TYPE_BOOL));
v->Assign(4, new StringVal("")); // set when received
v->Assign(5, peer->peer_class.size() ?

4
src/TunnelEncapsulation.cc
View file

@ -22,9 +22,9 @@ RecordVal* EncapsulatingConn::GetRecordVal() const
RecordVal* id_val = new RecordVal(conn_id);
id_val->Assign(0, new AddrVal(src_addr));
id_val->Assign(1, new PortVal(ntohs(src_port), proto));
id_val->Assign(1, port_mgr->Get(ntohs(src_port), proto));
id_val->Assign(2, new AddrVal(dst_addr));
id_val->Assign(3, new PortVal(ntohs(dst_port), proto));
id_val->Assign(3, port_mgr->Get(ntohs(dst_port), proto));
rv->Assign(0, id_val);
rv->Assign(1, new EnumVal(type, BifType::Enum::Tunnel::Type));

74
src/Val.cc
View file

@ -760,34 +760,92 @@ bool IntervalVal::DoUnserialize(UnserialInfo* info)
return true;
}
PortVal::PortVal(uint32 p, TransportProto port_type) : Val(TYPE_PORT)
PortManager::PortManager()
{
for ( auto i = 0u; i < ports.size(); ++i )
{
auto& arr = ports[i];
auto port_type = (TransportProto)i;
for ( auto j = 0u; j < arr.size(); ++j )
arr[j] = new PortVal(Mask(j, port_type), true);
}
}
PortManager::~PortManager()
{
for ( auto& arr : ports )
for ( auto& pv : arr )
Unref(pv);
}
PortVal* PortManager::Get(uint32 port_num) const
{
auto mask = port_num & PORT_SPACE_MASK;
port_num &= ~PORT_SPACE_MASK;
if ( mask == TCP_PORT_MASK )
return Get(port_num, TRANSPORT_TCP);
else if ( mask == UDP_PORT_MASK )
return Get(port_num, TRANSPORT_UDP);
else if ( mask == ICMP_PORT_MASK )
return Get(port_num, TRANSPORT_ICMP);
else
return Get(port_num, TRANSPORT_UNKNOWN);
}
PortVal* PortManager::Get(uint32 port_num, TransportProto port_type) const
{
if ( port_num >= 65536 )
{
reporter->Warning("bad port number %d", port_num);
port_num = 0;
}
auto rval = ports[port_type][port_num];
::Ref(rval);
return rval;
}
uint32 PortManager::Mask(uint32 port_num, TransportProto port_type) const
{
// Note, for ICMP one-way connections:
// src_port = icmp_type, dst_port = icmp_code.
if ( p >= 65536 )
if ( port_num >= 65536 )
{
InternalWarning("bad port number");
p = 0;
reporter->Warning("bad port number %d", port_num);
port_num = 0;
}
switch ( port_type ) {
case TRANSPORT_TCP:
p |= TCP_PORT_MASK;
port_num |= TCP_PORT_MASK;
break;
case TRANSPORT_UDP:
p |= UDP_PORT_MASK;
port_num |= UDP_PORT_MASK;
break;
case TRANSPORT_ICMP:
p |= ICMP_PORT_MASK;
port_num |= ICMP_PORT_MASK;
break;
default:
break; // "other"
break; // "unknown/other"
}
return port_num;
}
PortVal::PortVal(uint32 p, TransportProto port_type) : Val(TYPE_PORT)
{
auto port_num = port_mgr->Mask(p, port_type);
val.uint_val = static_cast<bro_uint_t>(port_num);
}
PortVal::PortVal(uint32 p, bool unused) : Val(TYPE_PORT)
{
val.uint_val = static_cast<bro_uint_t>(p);
}

31
src/Val.h
View file

@ -7,6 +7,7 @@
#include <vector>
#include <list>
#include <array>
#include "net_util.h"
#include "Type.h"
@ -503,11 +504,35 @@ protected:
#define UDP_PORT_MASK 0x20000
#define ICMP_PORT_MASK 0x30000
class PortManager {
public:
PortManager();
~PortManager();
// Port number given in host order.
PortVal* Get(uint32 port_num, TransportProto port_type) const;
// Host-order port number already masked with port space protocol mask.
PortVal* Get(uint32 port_num) const;
// Returns a masked port number
uint32 Mask(uint32 port_num, TransportProto port_type) const;
private:
std::array<std::array<PortVal*, 65536>, NUM_PORT_SPACES> ports;
};
extern PortManager* port_mgr;
class PortVal : public Val {
public:
// Constructors - both take the port number in host order.
// Port number given in host order.
BRO_DEPRECATED("use port_mgr->Get() instead")
PortVal(uint32 p, TransportProto port_type);
PortVal(uint32 p); // used for already-massaged port value.
// Host-order port number already masked with port space protocol mask.
BRO_DEPRECATED("use port_mgr->Get() instead")
PortVal(uint32 p);
Val* SizeVal() const override { return new Val(val.uint_val, TYPE_INT); }
@ -533,7 +558,9 @@ public:
protected:
friend class Val;
friend class PortManager;
PortVal() {}
PortVal(uint32 p, bool unused);
void ValDescribe(ODesc* d) const override;

8
src/analyzer/Manager.cc
View file

@ -434,14 +434,16 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
if ( tcp_contents && ! reass )
{
PortVal dport(ntohs(conn->RespPort()), TRANSPORT_TCP);
auto dport = port_mgr->Get(ntohs(conn->RespPort()), TRANSPORT_TCP);
Val* result;
if ( ! reass )
reass = tcp_content_delivery_ports_orig->Lookup(&dport);
reass = tcp_content_delivery_ports_orig->Lookup(dport);
if ( ! reass )
reass = tcp_content_delivery_ports_resp->Lookup(&dport);
reass = tcp_content_delivery_ports_resp->Lookup(dport);
Unref(dport);
}
if ( reass )

2
src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
View file

@ -482,7 +482,7 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name,
RecordVal* peer = new RecordVal(bittorrent_peer);
peer->Assign(0, new AddrVal(ad));
peer->Assign(1, new PortVal(pt, TRANSPORT_TCP));
peer->Assign(1, port_mgr->Get(pt, TRANSPORT_TCP));
res_val_peers->Assign(peer, 0);
Unref(peer);

2
src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac
View file

@ -222,7 +222,7 @@ flow BitTorrent_Flow(is_orig: bool) {
connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
is_orig(),
new PortVal(listen_port, TRANSPORT_TCP));
port_mgr->Get(listen_port, TRANSPORT_TCP));
}
return true;

6
src/analyzer/protocol/ftp/functions.bif
View file

@ -33,13 +33,13 @@ static Val* parse_port(const char* line)
}
r->Assign(0, new AddrVal(htonl(addr)));
r->Assign(1, new PortVal(port, TRANSPORT_TCP));
r->Assign(1, port_mgr->Get(port, TRANSPORT_TCP));
r->Assign(2, new Val(good, TYPE_BOOL));
}
else
{
r->Assign(0, new AddrVal(uint32(0)));
r->Assign(1, new PortVal(0, TRANSPORT_TCP));
r->Assign(1, port_mgr->Get(0, TRANSPORT_TCP));
r->Assign(2, new Val(0, TYPE_BOOL));
}
@ -109,7 +109,7 @@ static Val* parse_eftp(const char* line)
}
r->Assign(0, new AddrVal(addr));
r->Assign(1, new PortVal(port, TRANSPORT_TCP));
r->Assign(1, port_mgr->Get(port, TRANSPORT_TCP));
r->Assign(2, new Val(good, TYPE_BOOL));
return r;

8
src/analyzer/protocol/icmp/ICMP.cc
View file

@ -352,9 +352,9 @@ RecordVal* ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
RecordVal* id_val = new RecordVal(conn_id);
id_val->Assign(0, new AddrVal(src_addr));
id_val->Assign(1, new PortVal(src_port, proto));
id_val->Assign(1, port_mgr->Get(src_port, proto));
id_val->Assign(2, new AddrVal(dst_addr));
id_val->Assign(3, new PortVal(dst_port, proto));
id_val->Assign(3, port_mgr->Get(dst_port, proto));
iprec->Assign(0, id_val);
iprec->Assign(1, new Val(ip_len, TYPE_COUNT));
@ -411,9 +411,9 @@ RecordVal* ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data)
RecordVal* id_val = new RecordVal(conn_id);
id_val->Assign(0, new AddrVal(src_addr));
id_val->Assign(1, new PortVal(src_port, proto));
id_val->Assign(1, port_mgr->Get(src_port, proto));
id_val->Assign(2, new AddrVal(dst_addr));
id_val->Assign(3, new PortVal(dst_port, proto));
id_val->Assign(3, port_mgr->Get(dst_port, proto));
iprec->Assign(0, id_val);
iprec->Assign(1, new Val(ip_len, TYPE_COUNT));

12
src/analyzer/protocol/ident/Ident.cc
View file

@ -82,8 +82,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
val_list* vl = new val_list;
vl->append(BuildConnVal());
vl->append(new PortVal(local_port, TRANSPORT_TCP));
vl->append(new PortVal(remote_port, TRANSPORT_TCP));
vl->append(port_mgr->Get(local_port, TRANSPORT_TCP));
vl->append(port_mgr->Get(remote_port, TRANSPORT_TCP));
ConnectionEvent(ident_request, vl);
@ -143,8 +143,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
{
val_list* vl = new val_list;
vl->append(BuildConnVal());
vl->append(new PortVal(local_port, TRANSPORT_TCP));
vl->append(new PortVal(remote_port, TRANSPORT_TCP));
vl->append(port_mgr->Get(local_port, TRANSPORT_TCP));
vl->append(port_mgr->Get(remote_port, TRANSPORT_TCP));
vl->append(new StringVal(end_of_line - line, line));
ConnectionEvent(ident_error, vl);
@ -177,8 +177,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
val_list* vl = new val_list;
vl->append(BuildConnVal());
vl->append(new PortVal(local_port, TRANSPORT_TCP));
vl->append(new PortVal(remote_port, TRANSPORT_TCP));
vl->append(port_mgr->Get(local_port, TRANSPORT_TCP));
vl->append(port_mgr->Get(remote_port, TRANSPORT_TCP));
vl->append(new StringVal(end_of_line - line, line));
vl->append(new StringVal(sys_type_s));

6
src/analyzer/protocol/rpc/Portmap.cc
View file

@ -126,7 +126,7 @@ int PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status status
RecordVal* rv = c->RequestVal()->AsRecordVal();
Val* is_tcp = rv->Lookup(2);
reply = new PortVal(CheckPort(port),
reply = port_mgr->Get(CheckPort(port),
is_tcp->IsOne() ?
TRANSPORT_TCP : TRANSPORT_UDP);
event = pm_request_getport;
@ -178,7 +178,7 @@ int PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status status
if ( ! opaque_reply )
return 0;
reply = new PortVal(CheckPort(port), TRANSPORT_UDP);
reply = port_mgr->Get(CheckPort(port), TRANSPORT_UDP);
event = pm_request_callit;
}
else
@ -202,7 +202,7 @@ Val* PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
int is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP;
uint32 port = extract_XDR_uint32(buf, len);
mapping->Assign(2, new PortVal(CheckPort(port),
mapping->Assign(2, port_mgr->Get(CheckPort(port),
is_tcp ? TRANSPORT_TCP : TRANSPORT_UDP));
if ( ! buf )

8
src/analyzer/protocol/socks/socks-analyzer.pac
View file

@ -32,7 +32,7 @@ refine connection SOCKS_Conn += {
4,
${request.command},
sa,
new PortVal(${request.port} | TCP_PORT_MASK),
port_mgr->Get(${request.port} | TCP_PORT_MASK),
array_to_string(${request.user}));
static_cast<analyzer::socks::SOCKS_Analyzer*>(bro_analyzer())->EndpointDone(true);
@ -50,7 +50,7 @@ refine connection SOCKS_Conn += {
4,
${reply.status},
sa,
new PortVal(${reply.port} | TCP_PORT_MASK));
port_mgr->Get(${reply.port} | TCP_PORT_MASK));
bro_analyzer()->ProtocolConfirmation();
static_cast<analyzer::socks::SOCKS_Analyzer*>(bro_analyzer())->EndpointDone(false);
@ -102,7 +102,7 @@ refine connection SOCKS_Conn += {
5,
${request.command},
sa,
new PortVal(${request.port} | TCP_PORT_MASK),
port_mgr->Get(${request.port} | TCP_PORT_MASK),
new StringVal(""));
static_cast<analyzer::socks::SOCKS_Analyzer*>(bro_analyzer())->EndpointDone(true);
@ -141,7 +141,7 @@ refine connection SOCKS_Conn += {
5,
${reply.reply},
sa,
new PortVal(${reply.port} | TCP_PORT_MASK));
port_mgr->Get(${reply.port} | TCP_PORT_MASK));
bro_analyzer()->ProtocolConfirmation();
static_cast<analyzer::socks::SOCKS_Analyzer*>(bro_analyzer())->EndpointDone(false);

7
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -38,18 +38,19 @@ TCP_Reassembler::TCP_Reassembler(analyzer::Analyzer* arg_dst_analyzer,
if ( ::tcp_contents )
{
// Val dst_port_val(ntohs(Conn()->RespPort()), TYPE_PORT);
PortVal dst_port_val(ntohs(tcp_analyzer->Conn()->RespPort()),
auto dst_port_val = port_mgr->Get(ntohs(tcp_analyzer->Conn()->RespPort()),
TRANSPORT_TCP);
TableVal* ports = IsOrig() ?
tcp_content_delivery_ports_orig :
tcp_content_delivery_ports_resp;
Val* result = ports->Lookup(&dst_port_val);
Val* result = ports->Lookup(dst_port_val);
if ( (IsOrig() && tcp_content_deliver_all_orig) ||
(! IsOrig() && tcp_content_deliver_all_resp) ||
(result && result->AsBool()) )
deliver_tcp_contents = 1;
Unref(dst_port_val);
}
}

2
src/analyzer/protocol/teredo/Teredo.cc
View file

@ -130,7 +130,7 @@ RecordVal* TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
RecordVal* teredo_origin = new RecordVal(teredo_origin_type);
uint16 port = ntohs(*((uint16*)(origin_indication + 2))) ^ 0xFFFF;
uint32 addr = ntohl(*((uint32*)(origin_indication + 4))) ^ 0xFFFFFFFF;
teredo_origin->Assign(0, new PortVal(port, TRANSPORT_UDP));
teredo_origin->Assign(0, port_mgr->Get(port, TRANSPORT_UDP));
teredo_origin->Assign(1, new AddrVal(htonl(addr)));
teredo_hdr->Assign(1, teredo_origin);
}

8
src/analyzer/protocol/udp/UDP.cc
View file

@ -97,14 +97,14 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
if ( udp_contents )
{
PortVal port_val(ntohs(up->uh_dport), TRANSPORT_UDP);
auto port_val = port_mgr->Get(ntohs(up->uh_dport), TRANSPORT_UDP);
Val* result = 0;
bool do_udp_contents = false;
if ( is_orig )
{
result = udp_content_delivery_ports_orig->Lookup(
&port_val);
port_val);
if ( udp_content_deliver_all_orig ||
(result && result->AsBool()) )
do_udp_contents = true;
@ -112,7 +112,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
else
{
result = udp_content_delivery_ports_resp->Lookup(
&port_val);
port_val);
if ( udp_content_deliver_all_resp ||
(result && result->AsBool()) )
do_udp_contents = true;
@ -126,6 +126,8 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
vl->append(new StringVal(len, (const char*) data));
ConnectionEvent(udp_contents, vl);
}
Unref(port_val);
}
if ( is_orig )

14
src/bro.bif
View file

@ -2270,7 +2270,7 @@ function port_to_count%(p: port%): count
## .. bro:see:: port_to_count
function count_to_port%(num: count, proto: transport_proto%): port
%{
return new PortVal(num, (TransportProto)proto->AsEnum());
return port_mgr->Get(num, (TransportProto)proto->AsEnum());
%}
## Converts a :bro:type:`string` to an :bro:type:`addr`.
@ -2430,16 +2430,16 @@ function to_port%(s: string%): port
{
++slash;
if ( streq(slash, "tcp") )
return new PortVal(port, TRANSPORT_TCP);
return port_mgr->Get(port, TRANSPORT_TCP);
else if ( streq(slash, "udp") )
return new PortVal(port, TRANSPORT_UDP);
return port_mgr->Get(port, TRANSPORT_UDP);
else if ( streq(slash, "icmp") )
return new PortVal(port, TRANSPORT_ICMP);
return port_mgr->Get(port, TRANSPORT_ICMP);
}
}
builtin_error("wrong port format, must be /[0-9]{1,5}\\/(tcp|udp|icmp)/");
return new PortVal(port, TRANSPORT_UNKNOWN);
return port_mgr->Get(port, TRANSPORT_UNKNOWN);
%}
## Converts a string of bytes (in network byte order) to a :bro:type:`double`.
@ -3208,9 +3208,9 @@ function lookup_connection%(cid: conn_id%): connection
RecordVal* id_val = new RecordVal(conn_id);
id_val->Assign(0, new AddrVal((unsigned int) 0));
id_val->Assign(1, new PortVal(ntohs(0), TRANSPORT_UDP));
id_val->Assign(1, port_mgr->Get(ntohs(0), TRANSPORT_UDP));
id_val->Assign(2, new AddrVal((unsigned int) 0));
id_val->Assign(3, new PortVal(ntohs(0), TRANSPORT_UDP));
id_val->Assign(3, port_mgr->Get(ntohs(0), TRANSPORT_UDP));
c->Assign(0, id_val);
RecordVal* orig_endp = new RecordVal(endpoint);

2
src/broker/Data.cc
View file

@ -135,7 +135,7 @@ struct val_converter {
result_type operator()(broker::port& a)
{
if ( type->Tag() == TYPE_PORT )
return new PortVal(a.number(), bro_broker::to_bro_port_proto(a.type()));
return port_mgr->Get(a.number(), bro_broker::to_bro_port_proto(a.type()));
return nullptr;
}

6
src/broker/Manager.cc
View file

@ -697,7 +697,7 @@ void bro_broker::Manager::Process()
{
val_list* vl = new val_list;
vl->append(new StringVal(u.relation.remote_tuple().first));
vl->append(new PortVal(u.relation.remote_tuple().second,
vl->append(port_mgr->Get(u.relation.remote_tuple().second,
TRANSPORT_TCP));
vl->append(new StringVal(u.peer_name));
mgr.QueueEvent(Broker::outgoing_connection_established, vl);
@ -709,7 +709,7 @@ void bro_broker::Manager::Process()
{
val_list* vl = new val_list;
vl->append(new StringVal(u.relation.remote_tuple().first));
vl->append(new PortVal(u.relation.remote_tuple().second,
vl->append(port_mgr->Get(u.relation.remote_tuple().second,
TRANSPORT_TCP));
mgr.QueueEvent(Broker::outgoing_connection_broken, vl);
}
@ -720,7 +720,7 @@ void bro_broker::Manager::Process()
{
val_list* vl = new val_list;
vl->append(new StringVal(u.relation.remote_tuple().first));
vl->append(new PortVal(u.relation.remote_tuple().second,
vl->append(port_mgr->Get(u.relation.remote_tuple().second,
TRANSPORT_TCP));
mgr.QueueEvent(Broker::outgoing_connection_incompatible, vl);
}

2
src/broker/data.bif
View file

@ -88,7 +88,7 @@ function Broker::__refine_to_port%(d: Broker::Data%): port
%{
auto& a = bro_broker::require_data_type<broker::port>(d->AsRecordVal(),
TYPE_PORT, frame);
return new PortVal(a.number(), bro_broker::to_bro_port_proto(a.type()));
return port_mgr->Get(a.number(), bro_broker::to_bro_port_proto(a.type()));
%}
function Broker::__refine_to_time%(d: Broker::Data%): time

4
src/file_analysis/File.cc
View file

@ -34,9 +34,9 @@ static RecordVal* get_conn_id_val(const Connection* conn)
{
RecordVal* v = new RecordVal(conn_id);
v->Assign(0, new AddrVal(conn->OrigAddr()));
v->Assign(1, new PortVal(ntohs(conn->OrigPort()), conn->ConnTransport()));
v->Assign(1, port_mgr->Get(ntohs(conn->OrigPort()), conn->ConnTransport()));
v->Assign(2, new AddrVal(conn->RespAddr()));
v->Assign(3, new PortVal(ntohs(conn->RespPort()), conn->ConnTransport()));
v->Assign(3, port_mgr->Get(ntohs(conn->RespPort()), conn->ConnTransport()));
return v;
}

2
src/file_analysis/analyzer/unified2/unified2-analyzer.pac
View file

@ -54,7 +54,7 @@ refine flow Flow += {
case 17: proto = TRANSPORT_UDP; break;
}
return new PortVal(n, proto);
return port_mgr->Get(n, proto);
%}
#function proc_record(rec: Record) : bool

2
src/input/Manager.cc
View file

@ -2287,7 +2287,7 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ
}
case TYPE_PORT:
return new PortVal(val->val.port_val.port, val->val.port_val.proto);
return port_mgr->Get(val->val.port_val.port, val->val.port_val.proto);
case TYPE_ADDR:
{

3
src/main.cc
View file

@ -87,6 +87,7 @@ int perftools_profile = 0;
DNS_Mgr* dns_mgr;
TimerMgr* timer_mgr;
PortManager* port_mgr = 0;
logging::Manager* log_mgr = 0;
threading::Manager* thread_mgr = 0;
input::Manager* input_mgr = 0;
@ -384,6 +385,7 @@ void terminate_bro()
delete plugin_mgr;
delete reporter;
delete iosource_mgr;
delete port_mgr;
reporter = 0;
}
@ -711,6 +713,7 @@ int main(int argc, char** argv)
bro_start_time = current_time(true);
port_mgr = new PortManager();
reporter = new Reporter();
thread_mgr = new threading::Manager();
plugin_mgr = new plugin::Manager();

8
src/scan.l
View file

@ -474,7 +474,7 @@ F RET_CONST(new Val(false, TYPE_BOOL))
reporter->Error("bad port number - %s", yytext);
p = 0;
}
RET_CONST(new PortVal(p, TRANSPORT_TCP))
RET_CONST(port_mgr->Get(p, TRANSPORT_TCP))
}
{D}"/udp" {
uint32 p = atoi(yytext);
@ -483,7 +483,7 @@ F RET_CONST(new Val(false, TYPE_BOOL))
reporter->Error("bad port number - %s", yytext);
p = 0;
}
RET_CONST(new PortVal(p, TRANSPORT_UDP))
RET_CONST(port_mgr->Get(p, TRANSPORT_UDP))
}
{D}"/icmp" {
uint32 p = atoi(yytext);
@ -492,7 +492,7 @@ F RET_CONST(new Val(false, TYPE_BOOL))
reporter->Error("bad port number - %s", yytext);
p = 0;
}
RET_CONST(new PortVal(p, TRANSPORT_ICMP))
RET_CONST(port_mgr->Get(p, TRANSPORT_ICMP))
}
{D}"/unknown" {
uint32 p = atoi(yytext);
@ -501,7 +501,7 @@ F RET_CONST(new Val(false, TYPE_BOOL))
reporter->Error("bad port number - %s", yytext);
p = 0;
}
RET_CONST(new PortVal(p, TRANSPORT_UNKNOWN))
RET_CONST(port_mgr->Get(p, TRANSPORT_UNKNOWN))
}
{FLOAT}{OWS}day(s?) RET_CONST(new IntervalVal(atof(yytext),Days))

9
src/util.h
View file

@ -3,6 +3,15 @@
#ifndef util_h
#define util_h
#ifdef __GNUC__
#define BRO_DEPRECATED(msg) __attribute__ ((deprecated(msg)))
#elif defined(_MSC_VER)
#define BRO_DEPRECATED(msg) __declspec(deprecated(msg)) func
#else
#pragma message("Warning: BRO_DEPRECATED macro not implemented")
#define BRO_DEPRECATED(msg)
#endif
// Expose C99 functionality from inttypes.h, which would otherwise not be
// available in C++.
#ifndef __STDC_FORMAT_MACROS