diff --git a/aux/bifcl b/aux/bifcl index e96b7d0f3d..0fae77f96a 160000 --- a/aux/bifcl +++ b/aux/bifcl @@ -1 +1 @@ -Subproject commit e96b7d0f3d7e1ae0af8c8bdea9d53fd00b23eb62 +Subproject commit 0fae77f96abe63c93c2b8ab902651ad42e5d6de4 diff --git a/src/CompHash.cc b/src/CompHash.cc index f120c3618b..720fdc09e2 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -685,9 +685,16 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0, kp1 = reinterpret_cast(kp+1); if ( tag == TYPE_ENUM ) - pval = new EnumVal(*kp, t->AsEnumType()); + pval = t->AsEnumType()->GetVal(*kp); + else if ( tag == TYPE_BOOL ) + pval = val_mgr->GetBool(*kp); + else if ( tag == TYPE_INT ) + pval = val_mgr->GetInt(*kp); else - pval = new Val(*kp, tag); + { + reporter->InternalError("bad internal unsigned int in CompositeHash::RecoverOneVal()"); + pval = 0; + } } break; @@ -699,11 +706,11 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0, switch ( tag ) { case TYPE_COUNT: case TYPE_COUNTER: - pval = new Val(*kp, tag); + pval = val_mgr->GetCount(*kp); break; case TYPE_PORT: - pval = port_mgr->Get(*kp); + pval = val_mgr->GetPort(*kp); break; default: diff --git a/src/Conn.cc b/src/Conn.cc index 9781fb175d..b55b1210b0 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -327,8 +327,8 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig, val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); - vl->append(new Val(threshold, TYPE_COUNT)); + vl->append(val_mgr->GetBool(is_orig)); + vl->append(val_mgr->GetCount(threshold)); ConnectionEvent(e, 0, vl); } @@ -408,14 +408,14 @@ RecordVal* Connection::BuildConnVal() RecordVal* id_val = new RecordVal(conn_id); id_val->Assign(0, new AddrVal(orig_addr)); - id_val->Assign(1, port_mgr->Get(ntohs(orig_port), prot_type)); + id_val->Assign(1, val_mgr->GetPort(ntohs(orig_port), prot_type)); id_val->Assign(2, new AddrVal(resp_addr)); - id_val->Assign(3, port_mgr->Get(ntohs(resp_port), prot_type)); + id_val->Assign(3, val_mgr->GetPort(ntohs(resp_port), prot_type)); RecordVal* orig_endp = new RecordVal(endpoint); - orig_endp->Assign(0, new Val(0, TYPE_COUNT)); - orig_endp->Assign(1, new Val(0, TYPE_COUNT)); - orig_endp->Assign(4, new Val(orig_flow_label, TYPE_COUNT)); + orig_endp->Assign(0, val_mgr->GetCount(0)); + orig_endp->Assign(1, val_mgr->GetCount(0)); + orig_endp->Assign(4, val_mgr->GetCount(orig_flow_label)); const int l2_len = sizeof(orig_l2_addr); char null[l2_len]{}; @@ -424,9 +424,9 @@ RecordVal* Connection::BuildConnVal() orig_endp->Assign(5, new StringVal(fmt_mac(orig_l2_addr, l2_len))); RecordVal* resp_endp = new RecordVal(endpoint); - resp_endp->Assign(0, new Val(0, TYPE_COUNT)); - resp_endp->Assign(1, new Val(0, TYPE_COUNT)); - resp_endp->Assign(4, new Val(resp_flow_label, TYPE_COUNT)); + resp_endp->Assign(0, val_mgr->GetCount(0)); + resp_endp->Assign(1, val_mgr->GetCount(0)); + resp_endp->Assign(4, val_mgr->GetCount(resp_flow_label)); if ( memcmp(&resp_l2_addr, &null, l2_len) != 0 ) resp_endp->Assign(5, new StringVal(fmt_mac(resp_l2_addr, l2_len))); @@ -436,7 +436,7 @@ RecordVal* Connection::BuildConnVal() conn_val->Assign(2, resp_endp); // 3 and 4 are set below. conn_val->Assign(5, new TableVal(string_set)); // service - conn_val->Assign(6, new StringVal("")); // history + conn_val->Assign(6, val_mgr->GetEmptyString()); // history if ( ! uid ) uid.Set(bits_per_uid); @@ -447,10 +447,10 @@ RecordVal* Connection::BuildConnVal() conn_val->Assign(8, encapsulation->GetVectorVal()); if ( vlan != 0 ) - conn_val->Assign(9, new Val(vlan, TYPE_INT)); + conn_val->Assign(9, val_mgr->GetInt(vlan)); if ( inner_vlan != 0 ) - conn_val->Assign(10, new Val(inner_vlan, TYPE_INT)); + conn_val->Assign(10, val_mgr->GetInt(inner_vlan)); } @@ -547,7 +547,7 @@ Val* Connection::BuildVersionVal(const char* s, int len) ; if ( s != e ) - major = new Val(atoi(s), TYPE_INT); + major = val_mgr->GetInt(atoi(s)); // Find second number seperated only by punctuation chars - // that's the minor version. @@ -557,7 +557,7 @@ Val* Connection::BuildVersionVal(const char* s, int len) ; if ( s != e ) - minor = new Val(atoi(s), TYPE_INT); + minor = val_mgr->GetInt(atoi(s)); // Find second number seperated only by punctuation chars; - // that's the minor version. @@ -567,7 +567,7 @@ Val* Connection::BuildVersionVal(const char* s, int len) ; if ( s != e ) - minor2 = new Val(atoi(s), TYPE_INT); + minor2 = val_mgr->GetInt(atoi(s)); // Anything after following punctuation and until next white space is // an additional version string. @@ -604,10 +604,10 @@ Val* Connection::BuildVersionVal(const char* s, int len) } RecordVal* version = new RecordVal(software_version); - version->Assign(0, major ? major : new Val(-1, TYPE_INT)); - version->Assign(1, minor ? minor : new Val(-1, TYPE_INT)); - version->Assign(2, minor2 ? minor2 : new Val(-1, TYPE_INT)); - version->Assign(3, addl ? addl : new StringVal("")); + version->Assign(0, major ? major : val_mgr->GetInt(-1)); + version->Assign(1, minor ? minor : val_mgr->GetInt(-1)); + version->Assign(2, minor2 ? minor2 : val_mgr->GetInt(-1)); + version->Assign(3, addl ? addl : val_mgr->GetEmptyString()); RecordVal* sw = new RecordVal(software); sw->Assign(0, name); @@ -1049,7 +1049,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32 flow_label) if ( conn_val ) { RecordVal *endp = conn_val->Lookup(is_orig ? 1 : 2)->AsRecordVal(); - endp->Assign(4, new Val(flow_label, TYPE_COUNT)); + endp->Assign(4, val_mgr->GetCount(flow_label)); } if ( connection_flow_label_changed && @@ -1057,9 +1057,9 @@ void Connection::CheckFlowLabel(bool is_orig, uint32 flow_label) { val_list* vl = new val_list(4); vl->append(BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); - vl->append(new Val(my_flow_label, TYPE_COUNT)); - vl->append(new Val(flow_label, TYPE_COUNT)); + vl->append(val_mgr->GetBool(is_orig)); + vl->append(val_mgr->GetCount(my_flow_label)); + vl->append(val_mgr->GetCount(flow_label)); ConnectionEvent(connection_flow_label_changed, 0, vl); } diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 266217c02a..9f356ff316 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -738,7 +738,7 @@ Val* DNS_Mgr::BuildMappingVal(DNS_Mapping* dm) r->Assign(0, new Val(dm->CreationTime(), TYPE_TIME)); r->Assign(1, new StringVal(dm->ReqHost() ? dm->ReqHost() : "")); r->Assign(2, new AddrVal(dm->ReqAddr())); - r->Assign(3, new Val(dm->Valid(), TYPE_BOOL)); + r->Assign(3, val_mgr->GetBool(dm->Valid())); Val* h = dm->Host(); r->Assign(4, h ? h : new StringVal("")); diff --git a/src/Event.cc b/src/Event.cc index 33256a573e..36ba2dfc3c 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -196,10 +196,10 @@ RecordVal* EventMgr::GetLocalPeerVal() if ( ! src_val ) { src_val = new RecordVal(peer); - src_val->Assign(0, new Val(0, TYPE_COUNT)); + src_val->Assign(0, val_mgr->GetCount(0)); src_val->Assign(1, new AddrVal("127.0.0.1")); - src_val->Assign(2, port_mgr->Get(0)); - src_val->Assign(3, new Val(true, TYPE_BOOL)); + src_val->Assign(2, val_mgr->GetPort(0)); + src_val->Assign(3, val_mgr->GetTrue()); Ref(peer_description); src_val->Assign(4, peer_description); diff --git a/src/Expr.cc b/src/Expr.cc index 84db97b2d6..b5ed7d600a 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -824,9 +824,11 @@ Val* BinaryExpr::Fold(Val* v1, Val* v2) const else if ( ret_type->InternalType() == TYPE_INTERNAL_DOUBLE ) return new Val(d3, ret_type->Tag()); else if ( ret_type->InternalType() == TYPE_INTERNAL_UNSIGNED ) - return new Val(u3, ret_type->Tag()); + return val_mgr->GetCount(u3); + else if ( ret_type->Tag() == TYPE_BOOL ) + return val_mgr->GetBool(i3); else - return new Val(i3, ret_type->Tag()); + return val_mgr->GetInt(i3); } Val* BinaryExpr::StringFold(Val* v1, Val* v2) const @@ -860,7 +862,7 @@ Val* BinaryExpr::StringFold(Val* v1, Val* v2) const BadTag("BinaryExpr::StringFold", expr_name(tag)); } - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); } @@ -931,7 +933,7 @@ Val* BinaryExpr::SetFold(Val* v1, Val* v2) const return 0; } - return new Val(res, TYPE_BOOL); + return val_mgr->GetBool(res); } Val* BinaryExpr::AddrFold(Val* v1, Val* v2) const @@ -965,7 +967,7 @@ Val* BinaryExpr::AddrFold(Val* v1, Val* v2) const BadTag("BinaryExpr::AddrFold", expr_name(tag)); } - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); } Val* BinaryExpr::SubNetFold(Val* v1, Val* v2) const @@ -978,7 +980,7 @@ Val* BinaryExpr::SubNetFold(Val* v1, Val* v2) const if ( tag == EXPR_NE ) result = ! result; - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); } void BinaryExpr::SwapOps() @@ -1127,7 +1129,10 @@ Val* IncrExpr::DoSingleEval(Frame* f, Val* v) const if ( IsVector(ret_type->Tag()) ) ret_type = Type()->YieldType(); - return new Val(k, ret_type->Tag()); + if ( ret_type->Tag() == TYPE_INT ) + return val_mgr->GetInt(k); + else + return val_mgr->GetCount(k); } @@ -1199,7 +1204,7 @@ ComplementExpr::ComplementExpr(Expr* arg_op) : UnaryExpr(EXPR_COMPLEMENT, arg_op Val* ComplementExpr::Fold(Val* v) const { - return new Val(~ v->InternalUnsigned(), type->Tag()); + return val_mgr->GetCount(~ v->InternalUnsigned()); } IMPLEMENT_SERIAL(ComplementExpr, SER_COMPLEMENT_EXPR); @@ -1232,7 +1237,7 @@ NotExpr::NotExpr(Expr* arg_op) : UnaryExpr(EXPR_NOT, arg_op) Val* NotExpr::Fold(Val* v) const { - return new Val(! v->InternalInt(), type->Tag()); + return val_mgr->GetBool(! v->InternalInt()); } IMPLEMENT_SERIAL(NotExpr, SER_NOT_EXPR); @@ -1282,7 +1287,7 @@ Val* PosExpr::Fold(Val* v) const if ( t == TYPE_DOUBLE || t == TYPE_INTERVAL || t == TYPE_INT ) return v->Ref(); else - return new Val(v->CoerceToInt(), type->Tag()); + return val_mgr->GetInt(v->CoerceToInt()); } IMPLEMENT_SERIAL(PosExpr, SER_POS_EXPR); @@ -1332,7 +1337,7 @@ Val* NegExpr::Fold(Val* v) const else if ( v->Type()->Tag() == TYPE_INTERVAL ) return new IntervalVal(- v->InternalDouble(), 1.0); else - return new Val(- v->CoerceToInt(), TYPE_INT); + return val_mgr->GetInt(- v->CoerceToInt()); } @@ -1968,7 +1973,7 @@ Val* BoolExpr::Eval(Frame* f) const (! op1->IsZero() && ! op2->IsZero()) : (! op1->IsZero() || ! op2->IsZero()); - result->Assign(i, new Val(local_result, TYPE_BOOL)); + result->Assign(i, val_mgr->GetBool(local_result)); } else result->Assign(i, 0); @@ -2150,9 +2155,9 @@ Val* EqExpr::Fold(Val* v1, Val* v2) const RE_Matcher* re = v1->AsPattern(); const BroString* s = v2->AsString(); if ( tag == EXPR_EQ ) - return new Val(re->MatchExactly(s), TYPE_BOOL); + return val_mgr->GetBool(re->MatchExactly(s)); else - return new Val(! re->MatchExactly(s), TYPE_BOOL); + return val_mgr->GetBool(! re->MatchExactly(s)); } else @@ -3371,10 +3376,10 @@ Val* HasFieldExpr::Fold(Val* v) const rec_to_look_at = v->AsRecordVal(); if ( ! rec_to_look_at ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); RecordVal* r = rec_to_look_at->Ref()->AsRecordVal(); - Val* ret = new Val(r->Lookup(field) != 0, TYPE_BOOL); + Val* ret = val_mgr->GetBool(r->Lookup(field) != 0); Unref(r); return ret; @@ -3983,10 +3988,10 @@ Val* ArithCoerceExpr::FoldSingleVal(Val* v, InternalTypeTag t) const return new Val(v->CoerceToDouble(), TYPE_DOUBLE); case TYPE_INTERNAL_INT: - return new Val(v->CoerceToInt(), TYPE_INT); + return val_mgr->GetInt(v->CoerceToInt()); case TYPE_INTERNAL_UNSIGNED: - return new Val(v->CoerceToUnsigned(), TYPE_COUNT); + return val_mgr->GetCount(v->CoerceToUnsigned()); default: Internal("bad type in CoerceExpr::Fold"); @@ -4639,7 +4644,7 @@ Val* InExpr::Fold(Val* v1, Val* v2) const { RE_Matcher* re = v1->AsPattern(); const BroString* s = v2->AsString(); - return new Val(re->MatchAnywhere(s) != 0, TYPE_BOOL); + return val_mgr->GetBool(re->MatchAnywhere(s) != 0); } if ( v2->Type()->Tag() == TYPE_STRING ) @@ -4648,12 +4653,12 @@ Val* InExpr::Fold(Val* v1, Val* v2) const const BroString* s2 = v2->AsString(); // Could do better here e.g. Boyer-Moore if done repeatedly. - return new Val(strstr_n(s2->Len(), s2->Bytes(), s1->Len(), reinterpret_cast(s1->CheckString())) != -1, TYPE_BOOL); + return val_mgr->GetBool(strstr_n(s2->Len(), s2->Bytes(), s1->Len(), reinterpret_cast(s1->CheckString())) != -1); } if ( v1->Type()->Tag() == TYPE_ADDR && v2->Type()->Tag() == TYPE_SUBNET ) - return new Val(v2->AsSubNetVal()->Contains(v1->AsAddr()), TYPE_BOOL); + return val_mgr->GetBool(v2->AsSubNetVal()->Contains(v1->AsAddr())); Val* res; @@ -4663,9 +4668,9 @@ Val* InExpr::Fold(Val* v1, Val* v2) const res = v2->AsTableVal()->Lookup(v1, false); if ( res ) - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); else - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } IMPLEMENT_SERIAL(InExpr, SER_IN_EXPR); @@ -5589,9 +5594,9 @@ Val* IsExpr::Fold(Val* v) const return 0; if ( can_cast_value_to_type(v, t) ) - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); else - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } void IsExpr::ExprDescribe(ODesc* d) const @@ -5834,28 +5839,3 @@ int expr_greater(const Expr* e1, const Expr* e2) { return int(e1->Tag()) > int(e2->Tag()); } - -static Expr* make_constant(BroType* t, double d) - { - Val* v = 0; - switch ( t->InternalType() ) { - case TYPE_INTERNAL_INT: v = new Val(bro_int_t(d), t->Tag()); break; - case TYPE_INTERNAL_UNSIGNED: v = new Val(bro_uint_t(d), t->Tag()); break; - case TYPE_INTERNAL_DOUBLE: v = new Val(double(d), t->Tag()); break; - - default: - reporter->InternalError("bad type in make_constant()"); - } - - return new ConstExpr(v); - } - -Expr* make_zero(BroType* t) - { - return make_constant(t, 0.0); - } - -Expr* make_one(BroType* t) - { - return make_constant(t, 1.0); - } diff --git a/src/Expr.h b/src/Expr.h index 8ac547c534..d7dc01807e 100644 --- a/src/Expr.h +++ b/src/Expr.h @@ -1144,10 +1144,6 @@ val_list* eval_list(Frame* f, const ListExpr* l); // a canonical form. extern int expr_greater(const Expr* e1, const Expr* e2); -// Return constants of the given type. -Expr* make_zero(BroType* t); -Expr* make_one(BroType* t); - // True if the given Val* has a vector type inline bool is_vector(Expr* e) { return e->Type()->Tag() == TYPE_VECTOR; } diff --git a/src/Func.cc b/src/Func.cc index 9d624df1d1..908d1f97e4 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -386,7 +386,7 @@ Val* BroFunc::Call(val_list* args, Frame* parent) const loop_over_list(*args, i) Unref((*args)[i]); - return Flavor() == FUNC_FLAVOR_HOOK ? new Val(true, TYPE_BOOL) : 0; + return Flavor() == FUNC_FLAVOR_HOOK ? val_mgr->GetTrue() : 0; } Frame* f = new Frame(frame_size, this, args); @@ -464,7 +464,7 @@ Val* BroFunc::Call(val_list* args, Frame* parent) const if ( flow == FLOW_BREAK ) { // Short-circuit execution of remaining hook handler bodies. - result = new Val(false, TYPE_BOOL); + result = val_mgr->GetFalse(); break; } } @@ -478,7 +478,7 @@ Val* BroFunc::Call(val_list* args, Frame* parent) const if ( Flavor() == FUNC_FLAVOR_HOOK ) { if ( ! result ) - result = new Val(true, TYPE_BOOL); + result = val_mgr->GetTrue(); } // Warn if the function returns something, but we returned from diff --git a/src/IP.cc b/src/IP.cc index 79e1cf4fba..689876339b 100644 --- a/src/IP.cc +++ b/src/IP.cc @@ -46,13 +46,13 @@ static VectorVal* BuildOptionsVal(const u_char* data, int len) { const struct ip6_opt* opt = (const struct ip6_opt*) data; RecordVal* rv = new RecordVal(hdrType(ip6_option_type, "ip6_option")); - rv->Assign(0, new Val(opt->ip6o_type, TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount(opt->ip6o_type)); if ( opt->ip6o_type == 0 ) { // Pad1 option - rv->Assign(1, new Val(0, TYPE_COUNT)); - rv->Assign(2, new StringVal("")); + rv->Assign(1, val_mgr->GetCount(0)); + rv->Assign(2, val_mgr->GetEmptyString()); data += sizeof(uint8); len -= sizeof(uint8); } @@ -60,7 +60,7 @@ static VectorVal* BuildOptionsVal(const u_char* data, int len) { // PadN or other option uint16 off = 2 * sizeof(uint8); - rv->Assign(1, new Val(opt->ip6o_len, TYPE_COUNT)); + rv->Assign(1, val_mgr->GetCount(opt->ip6o_len)); rv->Assign(2, new StringVal( new BroString(data + off, opt->ip6o_len, 1))); data += opt->ip6o_len + off; @@ -82,11 +82,11 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const { rv = new RecordVal(hdrType(ip6_hdr_type, "ip6_hdr")); const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data; - rv->Assign(0, new Val((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20, TYPE_COUNT)); - rv->Assign(1, new Val(ntohl(ip6->ip6_flow) & 0x000fffff, TYPE_COUNT)); - rv->Assign(2, new Val(ntohs(ip6->ip6_plen), TYPE_COUNT)); - rv->Assign(3, new Val(ip6->ip6_nxt, TYPE_COUNT)); - rv->Assign(4, new Val(ip6->ip6_hlim, TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20)); + rv->Assign(1, val_mgr->GetCount(ntohl(ip6->ip6_flow) & 0x000fffff)); + rv->Assign(2, val_mgr->GetCount(ntohs(ip6->ip6_plen))); + rv->Assign(3, val_mgr->GetCount(ip6->ip6_nxt)); + rv->Assign(4, val_mgr->GetCount(ip6->ip6_hlim)); rv->Assign(5, new AddrVal(IPAddr(ip6->ip6_src))); rv->Assign(6, new AddrVal(IPAddr(ip6->ip6_dst))); if ( ! chain ) @@ -100,8 +100,8 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const { rv = new RecordVal(hdrType(ip6_hopopts_type, "ip6_hopopts")); const struct ip6_hbh* hbh = (const struct ip6_hbh*)data; - rv->Assign(0, new Val(hbh->ip6h_nxt, TYPE_COUNT)); - rv->Assign(1, new Val(hbh->ip6h_len, TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount(hbh->ip6h_nxt)); + rv->Assign(1, val_mgr->GetCount(hbh->ip6h_len)); uint16 off = 2 * sizeof(uint8); rv->Assign(2, BuildOptionsVal(data + off, Length() - off)); @@ -112,8 +112,8 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const { rv = new RecordVal(hdrType(ip6_dstopts_type, "ip6_dstopts")); const struct ip6_dest* dst = (const struct ip6_dest*)data; - rv->Assign(0, new Val(dst->ip6d_nxt, TYPE_COUNT)); - rv->Assign(1, new Val(dst->ip6d_len, TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount(dst->ip6d_nxt)); + rv->Assign(1, val_mgr->GetCount(dst->ip6d_len)); uint16 off = 2 * sizeof(uint8); rv->Assign(2, BuildOptionsVal(data + off, Length() - off)); } @@ -123,10 +123,10 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const { rv = new RecordVal(hdrType(ip6_routing_type, "ip6_routing")); const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data; - rv->Assign(0, new Val(rt->ip6r_nxt, TYPE_COUNT)); - rv->Assign(1, new Val(rt->ip6r_len, TYPE_COUNT)); - rv->Assign(2, new Val(rt->ip6r_type, TYPE_COUNT)); - rv->Assign(3, new Val(rt->ip6r_segleft, TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount(rt->ip6r_nxt)); + rv->Assign(1, val_mgr->GetCount(rt->ip6r_len)); + rv->Assign(2, val_mgr->GetCount(rt->ip6r_type)); + rv->Assign(3, val_mgr->GetCount(rt->ip6r_segleft)); uint16 off = 4 * sizeof(uint8); rv->Assign(4, new StringVal(new BroString(data + off, Length() - off, 1))); } @@ -136,28 +136,28 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const { rv = new RecordVal(hdrType(ip6_fragment_type, "ip6_fragment")); const struct ip6_frag* frag = (const struct ip6_frag*)data; - rv->Assign(0, new Val(frag->ip6f_nxt, TYPE_COUNT)); - rv->Assign(1, new Val(frag->ip6f_reserved, TYPE_COUNT)); - rv->Assign(2, new Val((ntohs(frag->ip6f_offlg) & 0xfff8)>>3, TYPE_COUNT)); - rv->Assign(3, new Val((ntohs(frag->ip6f_offlg) & 0x0006)>>1, TYPE_COUNT)); - rv->Assign(4, new Val(ntohs(frag->ip6f_offlg) & 0x0001, TYPE_BOOL)); - rv->Assign(5, new Val(ntohl(frag->ip6f_ident), TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount(frag->ip6f_nxt)); + rv->Assign(1, val_mgr->GetCount(frag->ip6f_reserved)); + rv->Assign(2, val_mgr->GetCount((ntohs(frag->ip6f_offlg) & 0xfff8)>>3)); + rv->Assign(3, val_mgr->GetCount((ntohs(frag->ip6f_offlg) & 0x0006)>>1)); + rv->Assign(4, val_mgr->GetBool(ntohs(frag->ip6f_offlg) & 0x0001)); + rv->Assign(5, val_mgr->GetCount(ntohl(frag->ip6f_ident))); } break; case IPPROTO_AH: { rv = new RecordVal(hdrType(ip6_ah_type, "ip6_ah")); - rv->Assign(0, new Val(((ip6_ext*)data)->ip6e_nxt, TYPE_COUNT)); - rv->Assign(1, new Val(((ip6_ext*)data)->ip6e_len, TYPE_COUNT)); - rv->Assign(2, new Val(ntohs(((uint16*)data)[1]), TYPE_COUNT)); - rv->Assign(3, new Val(ntohl(((uint32*)data)[1]), TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount(((ip6_ext*)data)->ip6e_nxt)); + rv->Assign(1, val_mgr->GetCount(((ip6_ext*)data)->ip6e_len)); + rv->Assign(2, val_mgr->GetCount(ntohs(((uint16*)data)[1]))); + rv->Assign(3, val_mgr->GetCount(ntohl(((uint32*)data)[1]))); if ( Length() >= 12 ) { // Sequence Number and ICV fields can only be extracted if // Payload Len was non-zero for this header. - rv->Assign(4, new Val(ntohl(((uint32*)data)[2]), TYPE_COUNT)); + rv->Assign(4, val_mgr->GetCount(ntohl(((uint32*)data)[2]))); uint16 off = 3 * sizeof(uint32); rv->Assign(5, new StringVal(new BroString(data + off, Length() - off, 1))); } @@ -168,8 +168,8 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const { rv = new RecordVal(hdrType(ip6_esp_type, "ip6_esp")); const uint32* esp = (const uint32*)data; - rv->Assign(0, new Val(ntohl(esp[0]), TYPE_COUNT)); - rv->Assign(1, new Val(ntohl(esp[1]), TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount(ntohl(esp[0]))); + rv->Assign(1, val_mgr->GetCount(ntohl(esp[1]))); } break; @@ -178,14 +178,14 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const { rv = new RecordVal(hdrType(ip6_mob_type, "ip6_mobility_hdr")); const struct ip6_mobility* mob = (const struct ip6_mobility*) data; - rv->Assign(0, new Val(mob->ip6mob_payload, TYPE_COUNT)); - rv->Assign(1, new Val(mob->ip6mob_len, TYPE_COUNT)); - rv->Assign(2, new Val(mob->ip6mob_type, TYPE_COUNT)); - rv->Assign(3, new Val(mob->ip6mob_rsv, TYPE_COUNT)); - rv->Assign(4, new Val(ntohs(mob->ip6mob_chksum), TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount(mob->ip6mob_payload)); + rv->Assign(1, val_mgr->GetCount(mob->ip6mob_len)); + rv->Assign(2, val_mgr->GetCount(mob->ip6mob_type)); + rv->Assign(3, val_mgr->GetCount(mob->ip6mob_rsv)); + rv->Assign(4, val_mgr->GetCount(ntohs(mob->ip6mob_chksum))); RecordVal* msg = new RecordVal(hdrType(ip6_mob_msg_type, "ip6_mobility_msg")); - msg->Assign(0, new Val(mob->ip6mob_type, TYPE_COUNT)); + msg->Assign(0, val_mgr->GetCount(mob->ip6mob_type)); uint16 off = sizeof(ip6_mobility); const u_char* msg_data = data + off; @@ -194,7 +194,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case 0: { RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_brr")); - m->Assign(0, new Val(ntohs(*((uint16*)msg_data)), TYPE_COUNT)); + m->Assign(0, val_mgr->GetCount(ntohs(*((uint16*)msg_data)))); off += sizeof(uint16); m->Assign(1, BuildOptionsVal(data + off, Length() - off)); msg->Assign(1, m); @@ -204,8 +204,8 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case 1: { RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_hoti")); - m->Assign(0, new Val(ntohs(*((uint16*)msg_data)), TYPE_COUNT)); - m->Assign(1, new Val(ntohll(*((uint64*)(msg_data + sizeof(uint16)))), TYPE_COUNT)); + m->Assign(0, val_mgr->GetCount(ntohs(*((uint16*)msg_data)))); + m->Assign(1, val_mgr->GetCount(ntohll(*((uint64*)(msg_data + sizeof(uint16)))))); off += sizeof(uint16) + sizeof(uint64); m->Assign(2, BuildOptionsVal(data + off, Length() - off)); msg->Assign(2, m); @@ -215,8 +215,8 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case 2: { RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_coti")); - m->Assign(0, new Val(ntohs(*((uint16*)msg_data)), TYPE_COUNT)); - m->Assign(1, new Val(ntohll(*((uint64*)(msg_data + sizeof(uint16)))), TYPE_COUNT)); + m->Assign(0, val_mgr->GetCount(ntohs(*((uint16*)msg_data)))); + m->Assign(1, val_mgr->GetCount(ntohll(*((uint64*)(msg_data + sizeof(uint16)))))); off += sizeof(uint16) + sizeof(uint64); m->Assign(2, BuildOptionsVal(data + off, Length() - off)); msg->Assign(3, m); @@ -226,9 +226,9 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case 3: { RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_hot")); - m->Assign(0, new Val(ntohs(*((uint16*)msg_data)), TYPE_COUNT)); - m->Assign(1, new Val(ntohll(*((uint64*)(msg_data + sizeof(uint16)))), TYPE_COUNT)); - m->Assign(2, new Val(ntohll(*((uint64*)(msg_data + sizeof(uint16) + sizeof(uint64)))), TYPE_COUNT)); + m->Assign(0, val_mgr->GetCount(ntohs(*((uint16*)msg_data)))); + m->Assign(1, val_mgr->GetCount(ntohll(*((uint64*)(msg_data + sizeof(uint16)))))); + m->Assign(2, val_mgr->GetCount(ntohll(*((uint64*)(msg_data + sizeof(uint16) + sizeof(uint64)))))); off += sizeof(uint16) + 2 * sizeof(uint64); m->Assign(3, BuildOptionsVal(data + off, Length() - off)); msg->Assign(4, m); @@ -238,9 +238,9 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case 4: { RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_cot")); - m->Assign(0, new Val(ntohs(*((uint16*)msg_data)), TYPE_COUNT)); - m->Assign(1, new Val(ntohll(*((uint64*)(msg_data + sizeof(uint16)))), TYPE_COUNT)); - m->Assign(2, new Val(ntohll(*((uint64*)(msg_data + sizeof(uint16) + sizeof(uint64)))), TYPE_COUNT)); + m->Assign(0, val_mgr->GetCount(ntohs(*((uint16*)msg_data)))); + m->Assign(1, val_mgr->GetCount(ntohll(*((uint64*)(msg_data + sizeof(uint16)))))); + m->Assign(2, val_mgr->GetCount(ntohll(*((uint64*)(msg_data + sizeof(uint16) + sizeof(uint64)))))); off += sizeof(uint16) + 2 * sizeof(uint64); m->Assign(3, BuildOptionsVal(data + off, Length() - off)); msg->Assign(5, m); @@ -250,12 +250,12 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case 5: { RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_bu")); - m->Assign(0, new Val(ntohs(*((uint16*)msg_data)), TYPE_COUNT)); - m->Assign(1, new Val(ntohs(*((uint16*)(msg_data + sizeof(uint16)))) & 0x8000, TYPE_BOOL)); - m->Assign(2, new Val(ntohs(*((uint16*)(msg_data + sizeof(uint16)))) & 0x4000, TYPE_BOOL)); - m->Assign(3, new Val(ntohs(*((uint16*)(msg_data + sizeof(uint16)))) & 0x2000, TYPE_BOOL)); - m->Assign(4, new Val(ntohs(*((uint16*)(msg_data + sizeof(uint16)))) & 0x1000, TYPE_BOOL)); - m->Assign(5, new Val(ntohs(*((uint16*)(msg_data + 2*sizeof(uint16)))), TYPE_COUNT)); + m->Assign(0, val_mgr->GetCount(ntohs(*((uint16*)msg_data)))); + m->Assign(1, val_mgr->GetBool(ntohs(*((uint16*)(msg_data + sizeof(uint16)))) & 0x8000)); + m->Assign(2, val_mgr->GetBool(ntohs(*((uint16*)(msg_data + sizeof(uint16)))) & 0x4000)); + m->Assign(3, val_mgr->GetBool(ntohs(*((uint16*)(msg_data + sizeof(uint16)))) & 0x2000)); + m->Assign(4, val_mgr->GetBool(ntohs(*((uint16*)(msg_data + sizeof(uint16)))) & 0x1000)); + m->Assign(5, val_mgr->GetCount(ntohs(*((uint16*)(msg_data + 2*sizeof(uint16)))))); off += 3 * sizeof(uint16); m->Assign(6, BuildOptionsVal(data + off, Length() - off)); msg->Assign(6, m); @@ -265,10 +265,10 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case 6: { RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_back")); - m->Assign(0, new Val(*((uint8*)msg_data), TYPE_COUNT)); - m->Assign(1, new Val(*((uint8*)(msg_data + sizeof(uint8))) & 0x80, TYPE_BOOL)); - m->Assign(2, new Val(ntohs(*((uint16*)(msg_data + sizeof(uint16)))), TYPE_COUNT)); - m->Assign(3, new Val(ntohs(*((uint16*)(msg_data + 2*sizeof(uint16)))), TYPE_COUNT)); + m->Assign(0, val_mgr->GetCount(*((uint8*)msg_data))); + m->Assign(1, val_mgr->GetBool(*((uint8*)(msg_data + sizeof(uint8))) & 0x80)); + m->Assign(2, val_mgr->GetCount(ntohs(*((uint16*)(msg_data + sizeof(uint16)))))); + m->Assign(3, val_mgr->GetCount(ntohs(*((uint16*)(msg_data + 2*sizeof(uint16)))))); off += 3 * sizeof(uint16); m->Assign(4, BuildOptionsVal(data + off, Length() - off)); msg->Assign(7, m); @@ -278,7 +278,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case 7: { RecordVal* m = new RecordVal(hdrType(ip6_mob_brr_type, "ip6_mobility_be")); - m->Assign(0, new Val(*((uint8*)msg_data), TYPE_COUNT)); + m->Assign(0, val_mgr->GetCount(*((uint8*)msg_data))); const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16)); m->Assign(1, new AddrVal(IPAddr(*hoa))); off += sizeof(uint16) + sizeof(in6_addr); @@ -311,12 +311,12 @@ RecordVal* IP_Hdr::BuildIPHdrVal() const if ( ip4 ) { rval = new RecordVal(hdrType(ip4_hdr_type, "ip4_hdr")); - rval->Assign(0, new Val(ip4->ip_hl * 4, TYPE_COUNT)); - rval->Assign(1, new Val(ip4->ip_tos, TYPE_COUNT)); - rval->Assign(2, new Val(ntohs(ip4->ip_len), TYPE_COUNT)); - rval->Assign(3, new Val(ntohs(ip4->ip_id), TYPE_COUNT)); - rval->Assign(4, new Val(ip4->ip_ttl, TYPE_COUNT)); - rval->Assign(5, new Val(ip4->ip_p, TYPE_COUNT)); + rval->Assign(0, val_mgr->GetCount(ip4->ip_hl * 4)); + rval->Assign(1, val_mgr->GetCount(ip4->ip_tos)); + rval->Assign(2, val_mgr->GetCount(ntohs(ip4->ip_len))); + rval->Assign(3, val_mgr->GetCount(ntohs(ip4->ip_id))); + rval->Assign(4, val_mgr->GetCount(ip4->ip_ttl)); + rval->Assign(5, val_mgr->GetCount(ip4->ip_p)); rval->Assign(6, new AddrVal(ip4->ip_src.s_addr)); rval->Assign(7, new AddrVal(ip4->ip_dst.s_addr)); } @@ -370,14 +370,14 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const int tcp_hdr_len = tp->th_off * 4; int data_len = PayloadLen() - tcp_hdr_len; - tcp_hdr->Assign(0, port_mgr->Get(ntohs(tp->th_sport), TRANSPORT_TCP)); - tcp_hdr->Assign(1, port_mgr->Get(ntohs(tp->th_dport), TRANSPORT_TCP)); - tcp_hdr->Assign(2, new Val(uint32(ntohl(tp->th_seq)), TYPE_COUNT)); - tcp_hdr->Assign(3, new Val(uint32(ntohl(tp->th_ack)), TYPE_COUNT)); - tcp_hdr->Assign(4, new Val(tcp_hdr_len, TYPE_COUNT)); - tcp_hdr->Assign(5, new Val(data_len, TYPE_COUNT)); - tcp_hdr->Assign(6, new Val(tp->th_flags, TYPE_COUNT)); - tcp_hdr->Assign(7, new Val(ntohs(tp->th_win), TYPE_COUNT)); + tcp_hdr->Assign(0, val_mgr->GetPort(ntohs(tp->th_sport), TRANSPORT_TCP)); + tcp_hdr->Assign(1, val_mgr->GetPort(ntohs(tp->th_dport), TRANSPORT_TCP)); + tcp_hdr->Assign(2, val_mgr->GetCount(uint32(ntohl(tp->th_seq)))); + tcp_hdr->Assign(3, val_mgr->GetCount(uint32(ntohl(tp->th_ack)))); + tcp_hdr->Assign(4, val_mgr->GetCount(tcp_hdr_len)); + tcp_hdr->Assign(5, val_mgr->GetCount(data_len)); + tcp_hdr->Assign(6, val_mgr->GetCount(tp->th_flags)); + tcp_hdr->Assign(7, val_mgr->GetCount(ntohs(tp->th_win))); pkt_hdr->Assign(sindex + 2, tcp_hdr); break; @@ -388,9 +388,9 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const const struct udphdr* up = (const struct udphdr*) data; RecordVal* udp_hdr = new RecordVal(udp_hdr_type); - udp_hdr->Assign(0, port_mgr->Get(ntohs(up->uh_sport), TRANSPORT_UDP)); - udp_hdr->Assign(1, port_mgr->Get(ntohs(up->uh_dport), TRANSPORT_UDP)); - udp_hdr->Assign(2, new Val(ntohs(up->uh_ulen), TYPE_COUNT)); + udp_hdr->Assign(0, val_mgr->GetPort(ntohs(up->uh_sport), TRANSPORT_UDP)); + udp_hdr->Assign(1, val_mgr->GetPort(ntohs(up->uh_dport), TRANSPORT_UDP)); + udp_hdr->Assign(2, val_mgr->GetCount(ntohs(up->uh_ulen))); pkt_hdr->Assign(sindex + 3, udp_hdr); break; @@ -401,7 +401,7 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const const struct icmp* icmpp = (const struct icmp *) data; RecordVal* icmp_hdr = new RecordVal(icmp_hdr_type); - icmp_hdr->Assign(0, new Val(icmpp->icmp_type, TYPE_COUNT)); + icmp_hdr->Assign(0, val_mgr->GetCount(icmpp->icmp_type)); pkt_hdr->Assign(sindex + 4, icmp_hdr); break; @@ -412,7 +412,7 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*) data; RecordVal* icmp_hdr = new RecordVal(icmp_hdr_type); - icmp_hdr->Assign(0, new Val(icmpp->icmp6_type, TYPE_COUNT)); + icmp_hdr->Assign(0, val_mgr->GetCount(icmpp->icmp6_type)); pkt_hdr->Assign(sindex + 4, icmp_hdr); break; @@ -621,7 +621,7 @@ VectorVal* IPv6_Hdr_Chain::BuildVal() const RecordVal* v = chain[i]->BuildRecordVal(); RecordVal* ext_hdr = new RecordVal(ip6_ext_hdr_type); uint8 type = chain[i]->Type(); - ext_hdr->Assign(0, new Val(type, TYPE_COUNT)); + ext_hdr->Assign(0, val_mgr->GetCount(type)); switch (type) { case IPPROTO_HOPOPTS: diff --git a/src/OpaqueVal.cc b/src/OpaqueVal.cc index ea0c73d297..2ec759001a 100644 --- a/src/OpaqueVal.cc +++ b/src/OpaqueVal.cc @@ -24,7 +24,7 @@ bool HashVal::Init() StringVal* HashVal::Get() { if ( ! valid ) - return new StringVal(""); + return val_mgr->GetEmptyString(); StringVal* result = DoGet(); valid = false; @@ -55,7 +55,7 @@ bool HashVal::DoFeed(const void*, size_t) StringVal* HashVal::DoGet() { assert(! "missing implementation of DoGet()"); - return new StringVal(""); + return val_mgr->GetEmptyString(); } HashVal::HashVal(OpaqueType* t) : OpaqueVal(t) @@ -135,7 +135,7 @@ bool MD5Val::DoFeed(const void* data, size_t size) StringVal* MD5Val::DoGet() { if ( ! IsValid() ) - return new StringVal(""); + return val_mgr->GetEmptyString(); u_char digest[MD5_DIGEST_LENGTH]; md5_final(&ctx, digest); @@ -245,7 +245,7 @@ bool SHA1Val::DoFeed(const void* data, size_t size) StringVal* SHA1Val::DoGet() { if ( ! IsValid() ) - return new StringVal(""); + return val_mgr->GetEmptyString(); u_char digest[SHA_DIGEST_LENGTH]; sha1_final(&ctx, digest); @@ -357,7 +357,7 @@ bool SHA256Val::DoFeed(const void* data, size_t size) StringVal* SHA256Val::DoGet() { if ( ! IsValid() ) - return new StringVal(""); + return val_mgr->GetEmptyString(); u_char digest[SHA256_DIGEST_LENGTH]; sha256_final(&ctx, digest); diff --git a/src/PersistenceSerializer.cc b/src/PersistenceSerializer.cc index 52778ed10c..ae5c531aa7 100644 --- a/src/PersistenceSerializer.cc +++ b/src/PersistenceSerializer.cc @@ -191,7 +191,7 @@ void PersistenceSerializer::RaiseFinishedSendState() { val_list* vl = new val_list; vl->append(new AddrVal(htonl(remote_host))); - vl->append(port_mgr->Get(remote_port)); + vl->append(val_mgr->GetPort(remote_port)); mgr.QueueEvent(finished_send_state, vl); reporter->Log("Serialization done."); diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 392bdb8f6f..f55fba167c 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -1806,12 +1806,12 @@ void RemoteSerializer::PeerConnected(Peer* peer) RecordVal* RemoteSerializer::MakePeerVal(Peer* peer) { RecordVal* v = new RecordVal(::peer); - v->Assign(0, new Val(uint32(peer->id), TYPE_COUNT)); + v->Assign(0, val_mgr->GetCount(uint32(peer->id))); // Sic! Network order for AddrVal, host order for PortVal. v->Assign(1, new AddrVal(peer->ip)); - v->Assign(2, port_mgr->Get(peer->port, TRANSPORT_TCP)); - v->Assign(3, new Val(false, TYPE_BOOL)); - v->Assign(4, new StringVal("")); // set when received + v->Assign(2, val_mgr->GetPort(peer->port, TRANSPORT_TCP)); + v->Assign(3, val_mgr->GetFalse()); + v->Assign(4, val_mgr->GetEmptyString()); // set when received v->Assign(5, peer->peer_class.size() ? new StringVal(peer->peer_class.c_str()) : 0); return v; @@ -2262,7 +2262,7 @@ bool RemoteSerializer::ProcessPongMsg() val_list* vl = new val_list; vl->append(current_peer->val->Ref()); - vl->append(new Val((unsigned int) ntohl(args->seq), TYPE_COUNT)); + vl->append(val_mgr->GetCount((unsigned int) ntohl(args->seq))); vl->append(new Val(current_time(true) - ntohd(args->time1), TYPE_INTERVAL)); vl->append(new Val(ntohd(args->time2), TYPE_INTERVAL)); @@ -2727,8 +2727,8 @@ bool RemoteSerializer::ProcessLogCreateWriter() fmt.EndRead(); - id_val = new EnumVal(id, internal_type("Log::ID")->AsEnumType()); - writer_val = new EnumVal(writer, internal_type("Log::Writer")->AsEnumType()); + id_val = internal_type("Log::ID")->AsEnumType()->GetVal(id); + writer_val = internal_type("Log::Writer")->AsEnumType()->GetVal(writer); if ( ! log_mgr->CreateWriterForRemoteLog(id_val, writer_val, info, num_fields, fields) ) { @@ -2800,8 +2800,8 @@ bool RemoteSerializer::ProcessLogWrite() } } - id_val = new EnumVal(id, internal_type("Log::ID")->AsEnumType()); - writer_val = new EnumVal(writer, internal_type("Log::Writer")->AsEnumType()); + id_val = internal_type("Log::ID")->AsEnumType()->GetVal(id); + writer_val = internal_type("Log::Writer")->AsEnumType()->GetVal(writer); success = log_mgr->WriteFromRemote(id_val, writer_val, path, num_fields, vals); @@ -3008,16 +3008,16 @@ void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer, { val_list* vl = new val_list(); vl->append(peer->val->Ref()); - vl->append(new Val(level, TYPE_COUNT)); - vl->append(new Val(src, TYPE_COUNT)); + vl->append(val_mgr->GetCount(level)); + vl->append(val_mgr->GetCount(src)); vl->append(new StringVal(msg)); mgr.QueueEvent(remote_log_peer, vl); } else { val_list* vl = new val_list(); - vl->append(new Val(level, TYPE_COUNT)); - vl->append(new Val(src, TYPE_COUNT)); + vl->append(val_mgr->GetCount(level)); + vl->append(val_mgr->GetCount(src)); vl->append(new StringVal(msg)); mgr.QueueEvent(remote_log, vl); } diff --git a/src/RuleAction.cc b/src/RuleAction.cc index bac38a1236..e67c51b514 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -24,7 +24,7 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state, if ( data ) vl->append(new StringVal(len, (const char*)data)); else - vl->append(new StringVal("")); + vl->append(val_mgr->GetEmptyString()); mgr.QueueEvent(signature_match, vl); } diff --git a/src/RuleCondition.cc b/src/RuleCondition.cc index d9a8608e8c..0534570ed7 100644 --- a/src/RuleCondition.cc +++ b/src/RuleCondition.cc @@ -168,7 +168,7 @@ bool RuleConditionEval::DoMatch(Rule* rule, RuleEndpointState* state, if ( data ) args.append(new StringVal(len, (const char*) data)); else - args.append(new StringVal("")); + args.append(val_mgr->GetEmptyString()); bool result = 0; diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 3ee7306fb5..54228d58dd 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -65,8 +65,8 @@ Val* RuleMatcher::BuildRuleStateValue(const Rule* rule, RecordVal* val = new RecordVal(signature_state); val->Assign(0, new StringVal(rule->ID())); val->Assign(1, state->GetAnalyzer()->BuildConnVal()); - val->Assign(2, new Val(state->is_orig, TYPE_BOOL)); - val->Assign(3, new Val(state->payload_size, TYPE_COUNT)); + val->Assign(2, val_mgr->GetBool(state->is_orig)); + val->Assign(3, val_mgr->GetCount(state->payload_size)); return val; } diff --git a/src/Sessions.cc b/src/Sessions.cc index 2cab543fa9..5709ad5f28 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -979,7 +979,7 @@ FragReassembler* NetSessions::NextFragment(double t, const IP_Hdr* ip, ListVal* key = new ListVal(TYPE_ANY); key->Append(new AddrVal(ip->SrcAddr())); key->Append(new AddrVal(ip->DstAddr())); - key->Append(new Val(frag_id, TYPE_COUNT)); + key->Append(val_mgr->GetCount(frag_id)); HashKey* h = ch->ComputeHash(key, 1); if ( ! h ) diff --git a/src/SmithWaterman.cc b/src/SmithWaterman.cc index ae57bab00c..fba3abfc13 100644 --- a/src/SmithWaterman.cc +++ b/src/SmithWaterman.cc @@ -94,13 +94,13 @@ VectorVal* BroSubstring::VecToPolicy(Vec* vec) RecordVal* align_val = new RecordVal(sw_align_type); align_val->Assign(0, new StringVal(new BroString(*align.string))); - align_val->Assign(1, new Val(align.index, TYPE_COUNT)); + align_val->Assign(1, val_mgr->GetCount(align.index)); aligns->Assign(j+1, align_val); } st_val->Assign(1, aligns); - st_val->Assign(2, new Val(bst->IsNewAlignment(), TYPE_BOOL)); + st_val->Assign(2, val_mgr->GetBool(bst->IsNewAlignment())); result->Assign(i+1, st_val); } } diff --git a/src/StateAccess.cc b/src/StateAccess.cc index 6e73c8cf61..874ed9c5c2 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -252,6 +252,14 @@ bool StateAccess::MergeTables(TableVal* dst, Val* src) return true; } +static Val* GetInteger(bro_int_t n, TypeTag t) + { + if ( t == TYPE_INT ) + return val_mgr->GetInt(n); + + return val_mgr->GetCount(n); + } + void StateAccess::Replay() { // For simplicity we assume that we only replay unserialized accesses. @@ -298,7 +306,7 @@ void StateAccess::Replay() bro_int_t amount = op1.val->CoerceToInt() - op2->CoerceToInt(); - target.id->SetVal(new Val(v->CoerceToInt() + amount, t), + target.id->SetVal(GetInteger(v->CoerceToInt() + amount, t), OP_INCR); } break; @@ -392,7 +400,7 @@ void StateAccess::Replay() t = v->Type()->AsTableType()->YieldType()->Tag(); Val* lookup_op1 = v->AsTableVal()->Lookup(op1.val); int delta = lookup_op1->CoerceToInt() + amount; - Val* new_val = new Val(delta, t); + Val* new_val = GetInteger(delta, t); v->AsTableVal()->Assign(op1.val, new_val, OP_INCR ); } @@ -407,7 +415,7 @@ void StateAccess::Replay() v->AsRecordVal()->Lookup(idx); bro_int_t delta = lookup_field->CoerceToInt() + amount; - Val* new_val = new Val(delta, t); + Val* new_val = GetInteger(delta, t); v->AsRecordVal()->Assign(idx, new_val, OP_INCR); } else @@ -420,7 +428,7 @@ void StateAccess::Replay() t = v->Type()->AsVectorType()->YieldType()->Tag(); Val* lookup_op1 = v->AsVectorVal()->Lookup(index); int delta = lookup_op1->CoerceToInt() + amount; - Val* new_val = new Val(delta, t); + Val* new_val = GetInteger(delta, t); v->AsVectorVal()->Assign(index, new_val); } diff --git a/src/Stats.cc b/src/Stats.cc index b1d5c427a9..780ffdc39b 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -313,7 +313,7 @@ void ProfileLogger::Log() val_list* vl = new val_list; Ref(file); vl->append(new Val(file)); - vl->append(new Val(expensive, TYPE_BOOL)); + vl->append(val_mgr->GetBool(expensive)); mgr.Dispatch(new Event(profiling_update, vl)); } } @@ -372,7 +372,7 @@ void SampleLogger::SegmentProfile(const char* /* name */, val_list* vl = new val_list(2); vl->append(load_samples->Ref()); vl->append(new IntervalVal(dtime, Seconds)); - vl->append(new Val(dmem, TYPE_INT)); + vl->append(val_mgr->GetInt(dmem)); mgr.QueueEvent(load_sample, vl); } diff --git a/src/Stmt.cc b/src/Stmt.cc index 162cc52d62..5e6ac3fb39 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -1479,7 +1479,7 @@ Val* ForStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const // Set the loop variable to the current index, and make // another pass over the loop body. f->SetElement((*loop_vars)[0]->Offset(), - new Val(i, TYPE_COUNT)); + val_mgr->GetCount(i)); flow = FLOW_NEXT; ret = body->Exec(f, flow); diff --git a/src/Tag.cc b/src/Tag.cc index 04eb0c79b0..a0ae033005 100644 --- a/src/Tag.cc +++ b/src/Tag.cc @@ -11,7 +11,7 @@ Tag::Tag(EnumType* etype, type_t arg_type, subtype_t arg_subtype) subtype = arg_subtype; int64_t i = (int64)(type) | ((int64)subtype << 31); Ref(etype); - val = new EnumVal(i, etype); + val = etype->GetVal(i); } Tag::Tag(EnumVal* arg_val) @@ -85,7 +85,7 @@ EnumVal* Tag::AsEnumVal(EnumType* etype) const { assert(type == 0 && subtype == 0); Ref(etype); - val = new EnumVal(0, etype); + val = etype->GetVal(0); } return val; diff --git a/src/TunnelEncapsulation.cc b/src/TunnelEncapsulation.cc index 556de9382a..724a69cca9 100644 --- a/src/TunnelEncapsulation.cc +++ b/src/TunnelEncapsulation.cc @@ -22,11 +22,11 @@ RecordVal* EncapsulatingConn::GetRecordVal() const RecordVal* id_val = new RecordVal(conn_id); id_val->Assign(0, new AddrVal(src_addr)); - id_val->Assign(1, port_mgr->Get(ntohs(src_port), proto)); + id_val->Assign(1, val_mgr->GetPort(ntohs(src_port), proto)); id_val->Assign(2, new AddrVal(dst_addr)); - id_val->Assign(3, port_mgr->Get(ntohs(dst_port), proto)); + id_val->Assign(3, val_mgr->GetPort(ntohs(dst_port), proto)); rv->Assign(0, id_val); - rv->Assign(1, new EnumVal(type, BifType::Enum::Tunnel::Type)); + rv->Assign(1, BifType::Enum::Tunnel::Type->GetVal(type)); rv->Assign(2, new StringVal(uid.Base62("C").c_str())); diff --git a/src/Type.cc b/src/Type.cc index 7ddca8f907..6ed1ce08b8 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1445,10 +1445,14 @@ EnumType::EnumType(EnumType* e) for ( NameMap::iterator it = e->names.begin(); it != e->names.end(); ++it ) names[it->first] = it->second; + + vals = e->vals; } EnumType::~EnumType() { + for ( auto& kv : vals ) + Unref(kv.second); } // Note, we use reporter->Error() here (not Error()) to include the current script @@ -1524,6 +1528,9 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, AddNameInternal(module_name, name, val, is_export); + if ( vals.find(val) == vals.end() ) + vals[val] = new EnumVal(this, val); + set types = BroType::GetAliases(GetName()); set::const_iterator it; @@ -1571,6 +1578,23 @@ EnumType::enum_name_list EnumType::Names() const return n; } +EnumVal* EnumType::GetVal(bro_int_t i) + { + auto it = vals.find(i); + EnumVal* rval; + + if ( it == vals.end() ) + { + rval = new EnumVal(this, i); + vals[i] = rval; + } + else + rval = it->second; + + ::Ref(rval); + return rval; + } + void EnumType::DescribeReST(ODesc* d, bool roles_only) const { d->Add(":bro:type:`enum`"); @@ -1690,6 +1714,7 @@ bool EnumType::DoUnserialize(UnserialInfo* info) names[name] = val; delete [] name; // names[name] converts to std::string + vals[val] = new EnumVal(this, val); } return true; diff --git a/src/Type.h b/src/Type.h index 9366548902..bc13997461 100644 --- a/src/Type.h +++ b/src/Type.h @@ -5,6 +5,7 @@ #include #include +#include #include #include @@ -75,6 +76,7 @@ class Serializer; class VectorType; class TypeType; class OpaqueType; +class EnumVal; const int DOES_NOT_MATCH_INDEX = 0; const int MATCHES_INDEX_SCALAR = 1; @@ -572,6 +574,8 @@ public: void DescribeReST(ODesc* d, bool roles_only = false) const override; + EnumVal* GetVal(bro_int_t i); + protected: EnumType() { counter = 0; } @@ -587,6 +591,9 @@ protected: typedef std::map NameMap; NameMap names; + using ValMap = std::unordered_map; + ValMap vals; + // The counter is initialized to 0 and incremented on every implicit // auto-increment name that gets added (thus its > 0 if // auto-increment is used). Once an explicit value has been diff --git a/src/Val.cc b/src/Val.cc index b0669704fe..3475ab5dc7 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -417,19 +417,19 @@ Val* Val::SizeVal() const // Return abs value. However abs() only works on ints and llabs // doesn't work on Mac OS X 10.5. So we do it by hand if ( val.int_val < 0 ) - return new Val(-val.int_val, TYPE_COUNT); + return val_mgr->GetCount(-val.int_val); else - return new Val(val.int_val, TYPE_COUNT); + return val_mgr->GetCount(val.int_val); case TYPE_INTERNAL_UNSIGNED: - return new Val(val.uint_val, TYPE_COUNT); + return val_mgr->GetCount(val.uint_val); case TYPE_INTERNAL_DOUBLE: return new Val(fabs(val.double_val), TYPE_DOUBLE); case TYPE_INTERNAL_OTHER: if ( type->Tag() == TYPE_FUNC ) - return new Val(val.func_val->FType()->ArgTypes()->Types()->length(), TYPE_COUNT); + return val_mgr->GetCount(val.func_val->FType()->ArgTypes()->Types()->length()); if ( type->Tag() == TYPE_FILE ) return new Val(val.file_val->Size(), TYPE_DOUBLE); @@ -439,7 +439,7 @@ Val* Val::SizeVal() const break; } - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); } unsigned int Val::MemoryAllocation() const @@ -764,54 +764,17 @@ bool IntervalVal::DoUnserialize(UnserialInfo* info) return true; } -PortManager::PortManager() - { - for ( auto i = 0u; i < ports.size(); ++i ) - { - auto& arr = ports[i]; - auto port_type = (TransportProto)i; - - for ( auto j = 0u; j < arr.size(); ++j ) - arr[j] = new PortVal(Mask(j, port_type), true); - } - } - -PortManager::~PortManager() - { - for ( auto& arr : ports ) - for ( auto& pv : arr ) - Unref(pv); - } - PortVal* PortManager::Get(uint32 port_num) const { - auto mask = port_num & PORT_SPACE_MASK; - port_num &= ~PORT_SPACE_MASK; - - if ( mask == TCP_PORT_MASK ) - return Get(port_num, TRANSPORT_TCP); - else if ( mask == UDP_PORT_MASK ) - return Get(port_num, TRANSPORT_UDP); - else if ( mask == ICMP_PORT_MASK ) - return Get(port_num, TRANSPORT_ICMP); - else - return Get(port_num, TRANSPORT_UNKNOWN); + return val_mgr->GetPort(port_num); } PortVal* PortManager::Get(uint32 port_num, TransportProto port_type) const { - if ( port_num >= 65536 ) - { - reporter->Warning("bad port number %d", port_num); - port_num = 0; - } - - auto rval = ports[port_type][port_num]; - ::Ref(rval); - return rval; + return val_mgr->GetPort(port_num, port_type); } -uint32 PortManager::Mask(uint32 port_num, TransportProto port_type) const +uint32 PortVal::Mask(uint32 port_num, TransportProto port_type) { // Note, for ICMP one-way connections: // src_port = icmp_type, dst_port = icmp_code. @@ -844,7 +807,7 @@ uint32 PortManager::Mask(uint32 port_num, TransportProto port_type) const PortVal::PortVal(uint32 p, TransportProto port_type) : Val(TYPE_PORT) { - auto port_num = port_mgr->Mask(p, port_type); + auto port_num = PortVal::Mask(p, port_type); val.uint_val = static_cast(port_num); } @@ -952,9 +915,9 @@ unsigned int AddrVal::MemoryAllocation() const Val* AddrVal::SizeVal() const { if ( val.addr_val->GetFamily() == IPv4 ) - return new Val(32, TYPE_COUNT); + return val_mgr->GetCount(32); else - return new Val(128, TYPE_COUNT); + return val_mgr->GetCount(128); } IMPLEMENT_SERIAL(AddrVal, SER_ADDR_VAL); @@ -1601,7 +1564,7 @@ int TableVal::Assign(Val* index, HashKey* k, Val* new_val, Opcode op) // A set. if ( old_entry_val && remote_check_sync_consistency ) { - Val* has_old_val = new Val(1, TYPE_INT); + Val* has_old_val = val_mgr->GetInt(1); StateAccess::Log( new StateAccess(OP_ADD, this, index, has_old_val)); @@ -2101,7 +2064,7 @@ Val* TableVal::Delete(const Val* index) else { // A set. - Val* has_old_val = new Val(1, TYPE_INT); + Val* has_old_val = val_mgr->GetInt(1); StateAccess::Log( new StateAccess(OP_DEL, this, index, has_old_val)); @@ -3271,7 +3234,7 @@ bool VectorVal::Assign(unsigned int index, Val* element, Opcode op) { if ( LoggingAccess() && op != OP_NONE ) { - Val* ival = new Val(index, TYPE_COUNT); + Val* ival = val_mgr->GetCount(index); StateAccess::Log(new StateAccess(OP_ASSIGN_IDX, this, ival, element, (*val.vector_val)[index])); @@ -3296,7 +3259,7 @@ bool VectorVal::Assign(unsigned int index, Val* element, Opcode op) if ( element->IsMutableVal() ) element->AsMutableVal()->AddProperties(GetProperties()); - Val* ival = new Val(index, TYPE_COUNT); + Val* ival = val_mgr->GetCount(index); StateAccess::Log(new StateAccess(op == OP_INCR ? OP_INCR_IDX : OP_ASSIGN_IDX, @@ -3557,11 +3520,29 @@ Val* check_and_promote(Val* v, const BroType* t, int is_init) Val* promoted_v; switch ( it ) { case TYPE_INTERNAL_INT: - promoted_v = new Val(v->CoerceToInt(), t_tag); + if ( t_tag == TYPE_INT ) + promoted_v = val_mgr->GetInt(v->CoerceToInt()); + else if ( t_tag == TYPE_BOOL ) + promoted_v = val_mgr->GetBool(v->CoerceToInt()); + else // enum + { + reporter->InternalError("bad internal type in check_and_promote()"); + Unref(v); + return 0; + } + break; case TYPE_INTERNAL_UNSIGNED: - promoted_v = new Val(v->CoerceToUnsigned(), t_tag); + if ( t_tag == TYPE_COUNT || t_tag == TYPE_COUNTER ) + promoted_v = val_mgr->GetCount(v->CoerceToUnsigned()); + else // port + { + reporter->InternalError("bad internal type in check_and_promote()"); + Unref(v); + return 0; + } + break; case TYPE_INTERNAL_DOUBLE: @@ -3716,3 +3697,80 @@ bool can_cast_value_to_type(const BroType* s, BroType* t) return false; } +ValManager::ValManager() + { + empty_string = new StringVal(""); + b_false = Val::MakeBool(false); + b_true = Val::MakeBool(true); + counts = new Val*[PREALLOCATED_COUNTS]; + ints = new Val*[PREALLOCATED_INTS]; + + for ( auto i = 0u; i < PREALLOCATED_COUNTS; ++i ) + counts[i] = Val::MakeCount(i); + + for ( auto i = 0u; i < PREALLOCATED_INTS; ++i ) + ints[i] = Val::MakeInt(PREALLOCATED_INT_LOWEST + i); + + for ( auto i = 0u; i < ports.size(); ++i ) + { + auto& arr = ports[i]; + auto port_type = (TransportProto)i; + + for ( auto j = 0u; j < arr.size(); ++j ) + arr[j] = new PortVal(PortVal::Mask(j, port_type), true); + } + } + +ValManager::~ValManager() + { + Unref(empty_string); + Unref(b_true); + Unref(b_false); + + for ( auto i = 0u; i < PREALLOCATED_COUNTS; ++i ) + Unref(counts[i]); + + for ( auto i = 0u; i < PREALLOCATED_INTS; ++i ) + Unref(ints[i]); + + delete [] counts; + delete [] ints; + + for ( auto& arr : ports ) + for ( auto& pv : arr ) + Unref(pv); + } + +StringVal* ValManager::GetEmptyString() const + { + ::Ref(empty_string); + return empty_string; + } + +PortVal* ValManager::GetPort(uint32 port_num, TransportProto port_type) const + { + if ( port_num >= 65536 ) + { + reporter->Warning("bad port number %d", port_num); + port_num = 0; + } + + auto rval = ports[port_type][port_num]; + ::Ref(rval); + return rval; + } + +PortVal* ValManager::GetPort(uint32 port_num) const + { + auto mask = port_num & PORT_SPACE_MASK; + port_num &= ~PORT_SPACE_MASK; + + if ( mask == TCP_PORT_MASK ) + return GetPort(port_num, TRANSPORT_TCP); + else if ( mask == UDP_PORT_MASK ) + return GetPort(port_num, TRANSPORT_UDP); + else if ( mask == ICMP_PORT_MASK ) + return GetPort(port_num, TRANSPORT_ICMP); + else + return GetPort(port_num, TRANSPORT_UNKNOWN); + } diff --git a/src/Val.h b/src/Val.h index f189668b28..63e790848d 100644 --- a/src/Val.h +++ b/src/Val.h @@ -21,6 +21,16 @@ #include "StateAccess.h" #include "IPAddr.h" +// We have four different port name spaces: TCP, UDP, ICMP, and UNKNOWN. +// We distinguish between them based on the bits specified in the *_PORT_MASK +// entries specified below. +#define NUM_PORT_SPACES 4 +#define PORT_SPACE_MASK 0x30000 + +#define TCP_PORT_MASK 0x10000 +#define UDP_PORT_MASK 0x20000 +#define ICMP_PORT_MASK 0x30000 + class Val; class Func; class BroFile; @@ -52,7 +62,7 @@ typedef union { // Used for bool, int, enum. bro_int_t int_val; - // Used for count, counter, port, subnet. + // Used for count, counter, port. bro_uint_t uint_val; // Used for addr @@ -77,6 +87,7 @@ typedef union { class Val : public BroObj { public: + BRO_DEPRECATED("use val_mgr->GetBool, GetFalse/GetTrue, GetInt, or GetCount instead") Val(bool b, TypeTag t) { val.int_val = b; @@ -86,6 +97,7 @@ public: #endif } + BRO_DEPRECATED("use val_mgr->GetBool, GetFalse/GetTrue, GetInt, or GetCount instead") Val(int32 i, TypeTag t) { val.int_val = bro_int_t(i); @@ -95,6 +107,7 @@ public: #endif } + BRO_DEPRECATED("use val_mgr->GetBool, GetFalse/GetTrue, GetInt, or GetCount instead") Val(uint32 u, TypeTag t) { val.uint_val = bro_uint_t(u); @@ -104,6 +117,7 @@ public: #endif } + BRO_DEPRECATED("use val_mgr->GetBool, GetFalse/GetTrue, GetInt, or GetCount instead") Val(int64 i, TypeTag t) { val.int_val = i; @@ -113,6 +127,7 @@ public: #endif } + BRO_DEPRECATED("use val_mgr->GetBool, GetFalse/GetTrue, GetInt, or GetCount instead") Val(uint64 u, TypeTag t) { val.uint_val = u; @@ -353,18 +368,34 @@ public: #endif protected: - Val(BroString* s, TypeTag t) - { - val.string_val = s; - type = base_type(t); -#ifdef DEBUG - bound_id = 0; -#endif - } + + friend class EnumType; + friend class ValManager; virtual void ValDescribe(ODesc* d) const; virtual void ValDescribeReST(ODesc* d) const; + static Val* MakeBool(bool b) + { + auto rval = new Val(TYPE_BOOL); + rval->val.int_val = b; + return rval; + } + + static Val* MakeInt(bro_int_t i) + { + auto rval = new Val(TYPE_INT); + rval->val.int_val = i; + return rval; + } + + static Val* MakeCount(bro_uint_t u) + { + auto rval = new Val(TYPE_COUNT); + rval->val.uint_val = u; + return rval; + } + explicit Val(TypeTag t) { type = base_type(t); @@ -398,6 +429,78 @@ protected: }; +class PortManager { +public: + // Port number given in host order. + BRO_DEPRECATED("use val_mgr->GetPort() instead") + PortVal* Get(uint32 port_num, TransportProto port_type) const; + + // Host-order port number already masked with port space protocol mask. + BRO_DEPRECATED("use val_mgr->GetPort() instead") + PortVal* Get(uint32 port_num) const; + + // Returns a masked port number + BRO_DEPRECATED("use PortVal::Mask() instead") + uint32 Mask(uint32 port_num, TransportProto port_type) const; +}; + +extern PortManager* port_mgr; + +// Holds pre-allocated Val objects for those where it's more optimal to +// re-use existing ones rather than allocate anew. +class ValManager { +public: + + static constexpr bro_uint_t PREALLOCATED_COUNTS = 4096; + static constexpr bro_uint_t PREALLOCATED_INTS = 512; + static constexpr bro_int_t PREALLOCATED_INT_LOWEST = -255; + static constexpr bro_int_t PREALLOCATED_INT_HIGHEST = + PREALLOCATED_INT_LOWEST + PREALLOCATED_INTS - 1; + + ValManager(); + + ~ValManager(); + + inline Val* GetTrue() const + { return b_true->Ref(); } + + inline Val* GetFalse() const + { return b_false->Ref(); } + + inline Val* GetBool(bool b) const + { return b ? b_true->Ref() : b_false->Ref(); } + + inline Val* GetInt(int64 i) const + { + return i < PREALLOCATED_INT_LOWEST || i > PREALLOCATED_INT_HIGHEST ? + Val::MakeInt(i) : ints[i - PREALLOCATED_INT_LOWEST]->Ref(); + } + + inline Val* GetCount(uint64 i) const + { + return i >= PREALLOCATED_COUNTS ? Val::MakeCount(i) : counts[i]->Ref(); + } + + StringVal* GetEmptyString() const; + + // Port number given in host order. + PortVal* GetPort(uint32 port_num, TransportProto port_type) const; + + // Host-order port number already masked with port space protocol mask. + PortVal* GetPort(uint32 port_num) const; + +private: + + std::array, NUM_PORT_SPACES> ports; + StringVal* empty_string; + Val* b_true; + Val* b_false; + Val** counts; + Val** ints; +}; + +extern ValManager* val_mgr; + class MutableVal : public Val { public: // Each MutableVal gets a globally unique ID that can be used to @@ -494,47 +597,17 @@ protected: }; -// We have four different port name spaces: TCP, UDP, ICMP, and UNKNOWN. -// We distinguish between them based on the bits specified in the *_PORT_MASK -// entries specified below. -#define NUM_PORT_SPACES 4 -#define PORT_SPACE_MASK 0x30000 - -#define TCP_PORT_MASK 0x10000 -#define UDP_PORT_MASK 0x20000 -#define ICMP_PORT_MASK 0x30000 - -class PortManager { -public: - PortManager(); - ~PortManager(); - - // Port number given in host order. - PortVal* Get(uint32 port_num, TransportProto port_type) const; - - // Host-order port number already masked with port space protocol mask. - PortVal* Get(uint32 port_num) const; - - // Returns a masked port number - uint32 Mask(uint32 port_num, TransportProto port_type) const; - -private: - std::array, NUM_PORT_SPACES> ports; -}; - -extern PortManager* port_mgr; - class PortVal : public Val { public: // Port number given in host order. - BRO_DEPRECATED("use port_mgr->Get() instead") + BRO_DEPRECATED("use val_mgr->GetPort() instead") PortVal(uint32 p, TransportProto port_type); // Host-order port number already masked with port space protocol mask. - BRO_DEPRECATED("use port_mgr->Get() instead") + BRO_DEPRECATED("use val_mgr->GetPort() instead") explicit PortVal(uint32 p); - Val* SizeVal() const override { return new Val(val.uint_val, TYPE_INT); } + Val* SizeVal() const override { return val_mgr->GetInt(val.uint_val); } // Returns the port number in host order (not including the mask). uint32 Port() const; @@ -556,9 +629,12 @@ public: return TRANSPORT_UNKNOWN; } + // Returns a masked port number + static uint32 Mask(uint32 port_num, TransportProto port_type); + protected: friend class Val; - friend class PortManager; + friend class ValManager; PortVal() {} PortVal(uint32 p, bool unused); @@ -628,7 +704,7 @@ public: StringVal(int length, const char* s); Val* SizeVal() const override - { return new Val(val.string_val->Len(), TYPE_COUNT); } + { return val_mgr->GetCount(val.string_val->Len()); } int Len() { return AsString()->Len(); } const u_char* Bytes() { return AsString()->Bytes(); } @@ -681,7 +757,7 @@ public: TypeTag BaseTag() const { return tag; } - Val* SizeVal() const override { return new Val(vals.length(), TYPE_COUNT); } + Val* SizeVal() const override { return val_mgr->GetCount(vals.length()); } int Length() const { return vals.length(); } Val* Index(const int n) { return vals[n]; } @@ -789,7 +865,7 @@ public: int Assign(Val* index, Val* new_val, Opcode op = OP_ASSIGN); int Assign(Val* index, HashKey* k, Val* new_val, Opcode op = OP_ASSIGN); - Val* SizeVal() const override { return new Val(Size(), TYPE_COUNT); } + Val* SizeVal() const override { return val_mgr->GetCount(Size()); } // Add the entire contents of the table to the given value, // which must also be a TableVal. @@ -940,7 +1016,7 @@ public: ~RecordVal() override; Val* SizeVal() const override - { return new Val(record_type->NumFields(), TYPE_COUNT); } + { return val_mgr->GetCount(record_type->NumFields()); } void Assign(int field, Val* new_val, Opcode op = OP_ASSIGN); Val* Lookup(int field) const; // Does not Ref() value. @@ -1003,16 +1079,24 @@ protected: class EnumVal : public Val { public: + + BRO_DEPRECATED("use t->GetVal(i) instead") EnumVal(int i, EnumType* t) : Val(t) { val.int_val = i; - type = t; } - Val* SizeVal() const override { return new Val(val.int_val, TYPE_INT); } + Val* SizeVal() const override { return val_mgr->GetInt(val.int_val); } protected: friend class Val; + friend class EnumType; + + EnumVal(EnumType* t, int i) : Val(t) + { + val.int_val = i; + } + EnumVal() {} void ValDescribe(ODesc* d) const override; @@ -1027,7 +1111,7 @@ public: ~VectorVal() override; Val* SizeVal() const override - { return new Val(uint32(val.vector_val->size()), TYPE_COUNT); } + { return val_mgr->GetCount(uint32(val.vector_val->size())); } // Returns false if the type of the argument was wrong. // The vector will automatically grow to accomodate the index. diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index 1dc9df5872..1fe0dc82bf 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -668,7 +668,7 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag) val_list* vl = new val_list; vl->append(BuildConnVal()); vl->append(tval); - vl->append(new Val(id, TYPE_COUNT)); + vl->append(val_mgr->GetCount(id)); mgr.QueueEvent(protocol_confirmation, vl); protocol_confirmed = true; @@ -695,7 +695,7 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) val_list* vl = new val_list; vl->append(BuildConnVal()); vl->append(tval); - vl->append(new Val(id, TYPE_COUNT)); + vl->append(val_mgr->GetCount(id)); vl->append(r); mgr.QueueEvent(protocol_violation, vl); } diff --git a/src/analyzer/Manager.cc b/src/analyzer/Manager.cc index 4b5441f395..286c5eee9f 100644 --- a/src/analyzer/Manager.cc +++ b/src/analyzer/Manager.cc @@ -434,7 +434,7 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn) if ( tcp_contents && ! reass ) { - auto dport = port_mgr->Get(ntohs(conn->RespPort()), TRANSPORT_TCP); + auto dport = val_mgr->GetPort(ntohs(conn->RespPort()), TRANSPORT_TCP); Val* result; if ( ! reass ) diff --git a/src/analyzer/analyzer.bif b/src/analyzer/analyzer.bif index ebf8083624..f4c69fba91 100644 --- a/src/analyzer/analyzer.bif +++ b/src/analyzer/analyzer.bif @@ -11,13 +11,13 @@ module Analyzer; function Analyzer::__enable_analyzer%(id: Analyzer::Tag%) : bool %{ bool result = analyzer_mgr->EnableAnalyzer(id->AsEnumVal()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} function Analyzer::__disable_analyzer%(id: Analyzer::Tag%) : bool %{ bool result = analyzer_mgr->DisableAnalyzer(id->AsEnumVal()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} function Analyzer::__disable_all_analyzers%(%) : any @@ -29,14 +29,14 @@ function Analyzer::__disable_all_analyzers%(%) : any function Analyzer::__register_for_port%(id: Analyzer::Tag, p: port%) : bool %{ bool result = analyzer_mgr->RegisterAnalyzerForPort(id->AsEnumVal(), p); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} function Analyzer::__schedule_analyzer%(orig: addr, resp: addr, resp_p: port, analyzer: Analyzer::Tag, tout: interval%) : bool %{ analyzer_mgr->ScheduleAnalyzer(orig->AsAddr(), resp->AsAddr(), resp_p, analyzer->AsEnumVal(), tout); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function __name%(atype: Analyzer::Tag%) : string diff --git a/src/analyzer/protocol/asn1/asn1.pac b/src/analyzer/protocol/asn1/asn1.pac index 07d9c1bbc3..abf766d2f3 100644 --- a/src/analyzer/protocol/asn1/asn1.pac +++ b/src/analyzer/protocol/asn1/asn1.pac @@ -109,7 +109,20 @@ Val* asn1_integer_to_val(const ASN1Integer* i, TypeTag t) Val* asn1_integer_to_val(const ASN1Encoding* i, TypeTag t) { - return new Val(binary_to_int64(i->content()), t); + auto v = binary_to_int64(i->content()); + + switch ( t ) { + case TYPE_BOOL: + return val_mgr->GetBool(v); + case TYPE_INT: + return val_mgr->GetInt(v); + case TYPE_COUNT: + case TYPE_COUNTER: + return val_mgr->GetCount(v); + default: + reporter->Error("bad asn1_integer_to_val tag: %s", type_name(t)); + return val_mgr->GetCount(v); + } } StringVal* asn1_oid_to_val(const ASN1ObjectIdentifier* oid) @@ -139,7 +152,7 @@ StringVal* asn1_oid_to_val(const ASN1Encoding* oid) if ( ! subidentifier.empty() || subidentifiers.size() < 1 ) // Underflow. - return new StringVal(""); + return val_mgr->GetEmptyString(); for ( size_t i = 0; i < subidentifiers.size(); ++i ) { diff --git a/src/analyzer/protocol/backdoor/BackDoor.cc b/src/analyzer/protocol/backdoor/BackDoor.cc index 4119b66121..ecfb660b94 100644 --- a/src/analyzer/protocol/backdoor/BackDoor.cc +++ b/src/analyzer/protocol/backdoor/BackDoor.cc @@ -112,14 +112,14 @@ RecordVal* BackDoorEndpoint::BuildStats() { RecordVal* stats = new RecordVal(backdoor_endp_stats); - stats->Assign(0, new Val(is_partial, TYPE_BOOL)); - stats->Assign(1, new Val(num_pkts, TYPE_COUNT)); - stats->Assign(2, new Val(num_8k0_pkts, TYPE_COUNT)); - stats->Assign(3, new Val(num_8k4_pkts, TYPE_COUNT)); - stats->Assign(4, new Val(num_lines, TYPE_COUNT)); - stats->Assign(5, new Val(num_normal_lines, TYPE_COUNT)); - stats->Assign(6, new Val(num_bytes, TYPE_COUNT)); - stats->Assign(7, new Val(num_7bit_ascii, TYPE_COUNT)); + stats->Assign(0, val_mgr->GetBool(is_partial)); + stats->Assign(1, val_mgr->GetCount(num_pkts)); + stats->Assign(2, val_mgr->GetCount(num_8k0_pkts)); + stats->Assign(3, val_mgr->GetCount(num_8k4_pkts)); + stats->Assign(4, val_mgr->GetCount(num_lines)); + stats->Assign(5, val_mgr->GetCount(num_normal_lines)); + stats->Assign(6, val_mgr->GetCount(num_bytes)); + stats->Assign(7, val_mgr->GetCount(num_7bit_ascii)); return stats; } @@ -248,9 +248,9 @@ void BackDoorEndpoint::RloginSignatureFound(int len) val_list* vl = new val_list; vl->append(endp->TCP()->BuildConnVal()); - vl->append(new Val(endp->IsOrig(), TYPE_BOOL)); - vl->append(new Val(rlogin_num_null, TYPE_COUNT)); - vl->append(new Val(len, TYPE_COUNT)); + vl->append(val_mgr->GetBool(endp->IsOrig())); + vl->append(val_mgr->GetCount(rlogin_num_null)); + vl->append(val_mgr->GetCount(len)); endp->TCP()->ConnectionEvent(rlogin_signature_found, vl); } @@ -340,8 +340,8 @@ void BackDoorEndpoint::TelnetSignatureFound(int len) { val_list* vl = new val_list; vl->append(endp->TCP()->BuildConnVal()); - vl->append(new Val(endp->IsOrig(), TYPE_BOOL)); - vl->append(new Val(len, TYPE_COUNT)); + vl->append(val_mgr->GetBool(endp->IsOrig())); + vl->append(val_mgr->GetCount(len)); endp->TCP()->ConnectionEvent(telnet_signature_found, vl); } @@ -647,7 +647,7 @@ void BackDoorEndpoint::SignatureFound(EventHandlerPtr e, int do_orig) vl->append(endp->TCP()->BuildConnVal()); if ( do_orig ) - vl->append(new Val(endp->IsOrig(), TYPE_BOOL)); + vl->append(val_mgr->GetBool(endp->IsOrig())); endp->TCP()->ConnectionEvent(e, vl); } diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.cc b/src/analyzer/protocol/bittorrent/BitTorrent.cc index cb6fc0945e..fd2d5fa914 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc @@ -122,7 +122,7 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(msg)); ConnectionEvent(bittorrent_peer_weird, vl); } diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index 452fb0fe6c..0a3cda37fd 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -249,7 +249,7 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(msg)); ConnectionEvent(bt_tracker_weird, vl); } @@ -405,7 +405,7 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(res_status, TYPE_COUNT)); + vl->append(val_mgr->GetCount(res_status)); vl->append(res_val_headers); ConnectionEvent(bt_tracker_response_not_ok, vl); res_val_headers = 0; @@ -482,7 +482,7 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name, RecordVal* peer = new RecordVal(bittorrent_peer); peer->Assign(0, new AddrVal(ad)); - peer->Assign(1, port_mgr->Get(pt, TRANSPORT_TCP)); + peer->Assign(1, val_mgr->GetPort(pt, TRANSPORT_TCP)); res_val_peers->Assign(peer, 0); Unref(peer); @@ -505,7 +505,7 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name, RecordVal* benc_value = new RecordVal(bittorrent_benc_value); StringVal* name_ = new StringVal(name_len, name); - benc_value->Assign(type, new Val(value, TYPE_INT)); + benc_value->Assign(type, val_mgr->GetInt(value)); res_val_benc->Assign(name_, benc_value); Unref(name_); @@ -791,7 +791,7 @@ void BitTorrentTracker_Analyzer::EmitResponse(void) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(res_status, TYPE_COUNT)); + vl->append(val_mgr->GetCount(res_status)); vl->append(res_val_headers); vl->append(res_val_peers); vl->append(res_val_benc); diff --git a/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac b/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac index 6040577d39..c3ba226908 100644 --- a/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac +++ b/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac @@ -222,7 +222,7 @@ flow BitTorrent_Flow(is_orig: bool) { connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), - port_mgr->Get(listen_port, TRANSPORT_TCP)); + val_mgr->GetPort(listen_port, TRANSPORT_TCP)); } return true; diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index 4fd4154c05..52d81e3111 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -49,8 +49,8 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64 threshold, bool val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(threshold, TYPE_COUNT)); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetCount(threshold)); + vl->append(val_mgr->GetBool(is_orig)); ConnectionEvent(f, vl); } @@ -159,10 +159,10 @@ void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val) if ( bytesidx < 0 ) reporter->InternalError("'endpoint' record missing 'num_bytes_ip' field"); - orig_endp->Assign(pktidx, new Val(orig_pkts, TYPE_COUNT)); - orig_endp->Assign(bytesidx, new Val(orig_bytes, TYPE_COUNT)); - resp_endp->Assign(pktidx, new Val(resp_pkts, TYPE_COUNT)); - resp_endp->Assign(bytesidx, new Val(resp_bytes, TYPE_COUNT)); + orig_endp->Assign(pktidx, val_mgr->GetCount(orig_pkts)); + orig_endp->Assign(bytesidx, val_mgr->GetCount(orig_bytes)); + resp_endp->Assign(pktidx, val_mgr->GetCount(resp_pkts)); + resp_endp->Assign(bytesidx, val_mgr->GetCount(resp_bytes)); Analyzer::UpdateConnVal(conn_val); } diff --git a/src/analyzer/protocol/conn-size/functions.bif b/src/analyzer/protocol/conn-size/functions.bif index 225e9db913..d4ad045da7 100644 --- a/src/analyzer/protocol/conn-size/functions.bif +++ b/src/analyzer/protocol/conn-size/functions.bif @@ -32,11 +32,11 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or %{ analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); if ( ! a ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); static_cast(a)->SetThreshold(threshold, 1, is_orig); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Sets a threshold for connection packets, overwtiting any potential old thresholds. @@ -55,11 +55,11 @@ function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_ %{ analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); if ( ! a ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); static_cast(a)->SetThreshold(threshold, 0, is_orig); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Gets the current byte threshold size for a connection. @@ -76,11 +76,9 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count %{ analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); if ( ! a ) - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); - return new Val( - static_cast(a)->GetThreshold(1, is_orig), - TYPE_COUNT); + return val_mgr->GetCount(static_cast(a)->GetThreshold(1, is_orig)); %} ## Gets the current packet threshold size for a connection. @@ -97,10 +95,8 @@ function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): coun %{ analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); if ( ! a ) - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); - return new Val( - static_cast(a)->GetThreshold(0, is_orig), - TYPE_COUNT); + return val_mgr->GetCount(static_cast(a)->GetThreshold(0, is_orig)); %} diff --git a/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac b/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac index 2bf8550ce5..70165054f6 100644 --- a/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac +++ b/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac @@ -42,7 +42,7 @@ refine connection DCE_RPC_Conn += { ${header.is_orig}, fid, ${header.PTYPE}, - new EnumVal(${header.PTYPE}, BifType::Enum::DCE_RPC::PType)); + BifType::Enum::DCE_RPC::PType->GetVal(${header.PTYPE})); } return true; %} diff --git a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac index 93966fabeb..82218ebacb 100644 --- a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac +++ b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac @@ -36,7 +36,7 @@ refine flow DHCP_Flow += { if ( code != 255 ) all_options->Assign(all_options->Size(), - new Val(code, TYPE_COUNT)); + val_mgr->GetCount(code)); return true; %} @@ -58,11 +58,11 @@ refine flow DHCP_Flow += { double secs = static_cast(${msg.secs}); auto dhcp_msg_val = new RecordVal(BifType::Record::DHCP::Msg); - dhcp_msg_val->Assign(0, new Val(${msg.op}, TYPE_COUNT)); - dhcp_msg_val->Assign(1, new Val(${msg.type}, TYPE_COUNT)); - dhcp_msg_val->Assign(2, new Val(${msg.xid}, TYPE_COUNT)); + dhcp_msg_val->Assign(0, val_mgr->GetCount(${msg.op})); + dhcp_msg_val->Assign(1, val_mgr->GetCount(${msg.type})); + dhcp_msg_val->Assign(2, val_mgr->GetCount(${msg.xid})); dhcp_msg_val->Assign(3, new Val(secs, TYPE_INTERVAL)); - dhcp_msg_val->Assign(4, new Val(${msg.flags}, TYPE_COUNT)); + dhcp_msg_val->Assign(4, val_mgr->GetCount(${msg.flags})); dhcp_msg_val->Assign(5, new AddrVal(htonl(${msg.ciaddr}))); dhcp_msg_val->Assign(6, new AddrVal(htonl(${msg.yiaddr}))); dhcp_msg_val->Assign(7, new AddrVal(htonl(${msg.siaddr}))); diff --git a/src/analyzer/protocol/dhcp/dhcp-options.pac b/src/analyzer/protocol/dhcp/dhcp-options.pac index c154498dbf..75236b311c 100644 --- a/src/analyzer/protocol/dhcp/dhcp-options.pac +++ b/src/analyzer/protocol/dhcp/dhcp-options.pac @@ -159,7 +159,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_forwarding_option(v: OptionValue): bool %{ - ${context.flow}->options->Assign(6, new Val(${v.forwarding} == 0 ? false : true, TYPE_BOOL)); + ${context.flow}->options->Assign(6, val_mgr->GetBool(${v.forwarding} == 0 ? false : true)); return true; %} @@ -345,7 +345,7 @@ refine flow DHCP_Flow += { for ( int i = 0; i < num_parms; ++i ) { uint8 param = (*plist)[i]; - params->Assign(i, new Val(param, TYPE_COUNT)); + params->Assign(i, val_mgr->GetCount(param)); } ${context.flow}->options->Assign(13, params); @@ -397,7 +397,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_max_message_size_option(v: OptionValue): bool %{ - ${context.flow}->options->Assign(15, new Val(${v.max_msg_size}, TYPE_COUNT)); + ${context.flow}->options->Assign(15, val_mgr->GetCount(${v.max_msg_size})); return true; %} @@ -502,7 +502,7 @@ refine flow DHCP_Flow += { function process_client_id_option(v: OptionValue): bool %{ RecordVal* client_id = new RecordVal(BifType::Record::DHCP::ClientID); - client_id->Assign(0, new Val(${v.client_id.hwtype}, TYPE_COUNT)); + client_id->Assign(0, val_mgr->GetCount(${v.client_id.hwtype})); client_id->Assign(1, new StringVal(fmt_mac(${v.client_id.hwaddr}.begin(), ${v.client_id.hwaddr}.length()))); ${context.flow}->options->Assign(19, client_id); @@ -562,9 +562,9 @@ refine flow DHCP_Flow += { function process_client_fqdn_option(v: OptionValue): bool %{ RecordVal* client_fqdn = new RecordVal(BifType::Record::DHCP::ClientFQDN); - client_fqdn->Assign(0, new Val(${v.client_fqdn.flags}, TYPE_COUNT)); - client_fqdn->Assign(1, new Val(${v.client_fqdn.rcode1}, TYPE_COUNT)); - client_fqdn->Assign(2, new Val(${v.client_fqdn.rcode2}, TYPE_COUNT)); + client_fqdn->Assign(0, val_mgr->GetCount(${v.client_fqdn.flags})); + client_fqdn->Assign(1, val_mgr->GetCount(${v.client_fqdn.rcode1})); + client_fqdn->Assign(2, val_mgr->GetCount(${v.client_fqdn.rcode2})); const char* domain_name = reinterpret_cast(${v.client_fqdn.domain_name}.begin()); client_fqdn->Assign(3, new StringVal(${v.client_fqdn.domain_name}.length(), domain_name)); @@ -627,7 +627,7 @@ refine flow DHCP_Flow += { ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt ) { auto r = new RecordVal(BifType::Record::DHCP::SubOpt); - r->Assign(0, new Val((*ptrsubopt)->code(), TYPE_COUNT)); + r->Assign(0, val_mgr->GetCount((*ptrsubopt)->code())); r->Assign(1, bytestring_to_val((*ptrsubopt)->value())); relay_agent_sub_opt->Assign(i, r); @@ -657,7 +657,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_auto_config_option(v: OptionValue): bool %{ - ${context.flow}->options->Assign(23, new Val(${v.auto_config} == 0 ? false : true, TYPE_BOOL)); + ${context.flow}->options->Assign(23, val_mgr->GetBool(${v.auto_config} == 0 ? false : true)); return true; %} diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 853be8f083..944ce92731 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -48,9 +48,9 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) { val_list* vl = new val_list(); vl->append(analyzer->BuildConnVal()); - vl->append(new Val(is_query, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_query)); vl->append(msg.BuildHdrVal()); - vl->append(new Val(len, TYPE_COUNT)); + vl->append(val_mgr->GetCount(len)); analyzer->ConnectionEvent(dns_message, vl); } @@ -608,7 +608,7 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, r->Assign(0, new StringVal(new BroString(mname, mname_end - mname, 1))); r->Assign(1, new StringVal(new BroString(rname, rname_end - rname, 1))); - r->Assign(2, new Val(serial, TYPE_COUNT)); + r->Assign(2, val_mgr->GetCount(serial)); r->Assign(3, new IntervalVal(double(refresh), Seconds)); r->Assign(4, new IntervalVal(double(retry), Seconds)); r->Assign(5, new IntervalVal(double(expire), Seconds)); @@ -648,7 +648,7 @@ int DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg, vl->append(msg->BuildHdrVal()); vl->append(msg->BuildAnswerVal()); vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(new Val(preference, TYPE_COUNT)); + vl->append(val_mgr->GetCount(preference)); analyzer->ConnectionEvent(dns_MX_reply, vl); } @@ -692,9 +692,9 @@ int DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg, vl->append(msg->BuildHdrVal()); vl->append(msg->BuildAnswerVal()); vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(new Val(priority, TYPE_COUNT)); - vl->append(new Val(weight, TYPE_COUNT)); - vl->append(new Val(port, TYPE_COUNT)); + vl->append(val_mgr->GetCount(priority)); + vl->append(val_mgr->GetCount(weight)); + vl->append(val_mgr->GetCount(port)); analyzer->ConnectionEvent(dns_SRV_reply, vl); } @@ -1364,7 +1364,7 @@ int DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg, vl->append(analyzer->BuildConnVal()); vl->append(msg->BuildHdrVal()); vl->append(msg->BuildAnswerVal()); - vl->append(new Val(flags, TYPE_COUNT)); + vl->append(val_mgr->GetCount(flags)); vl->append(new StringVal(tag)); vl->append(new StringVal(value)); @@ -1386,8 +1386,8 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg, vl->append(analyzer->BuildConnVal()); vl->append(msg->BuildHdrVal()); vl->append(new StringVal(question_name)); - vl->append(new Val(qtype, TYPE_COUNT)); - vl->append(new Val(qclass, TYPE_COUNT)); + vl->append(val_mgr->GetCount(qtype)); + vl->append(val_mgr->GetCount(qclass)); analyzer->ConnectionEvent(event, vl); } @@ -1435,19 +1435,19 @@ Val* DNS_MsgInfo::BuildHdrVal() { RecordVal* r = new RecordVal(dns_msg); - r->Assign(0, new Val(id, TYPE_COUNT)); - r->Assign(1, new Val(opcode, TYPE_COUNT)); - r->Assign(2, new Val(rcode, TYPE_COUNT)); - r->Assign(3, new Val(QR, TYPE_BOOL)); - r->Assign(4, new Val(AA, TYPE_BOOL)); - r->Assign(5, new Val(TC, TYPE_BOOL)); - r->Assign(6, new Val(RD, TYPE_BOOL)); - r->Assign(7, new Val(RA, TYPE_BOOL)); - r->Assign(8, new Val(Z, TYPE_COUNT)); - r->Assign(9, new Val(qdcount, TYPE_COUNT)); - r->Assign(10, new Val(ancount, TYPE_COUNT)); - r->Assign(11, new Val(nscount, TYPE_COUNT)); - r->Assign(12, new Val(arcount, TYPE_COUNT)); + r->Assign(0, val_mgr->GetCount(id)); + r->Assign(1, val_mgr->GetCount(opcode)); + r->Assign(2, val_mgr->GetCount(rcode)); + r->Assign(3, val_mgr->GetBool(QR)); + r->Assign(4, val_mgr->GetBool(AA)); + r->Assign(5, val_mgr->GetBool(TC)); + r->Assign(6, val_mgr->GetBool(RD)); + r->Assign(7, val_mgr->GetBool(RA)); + r->Assign(8, val_mgr->GetCount(Z)); + r->Assign(9, val_mgr->GetCount(qdcount)); + r->Assign(10, val_mgr->GetCount(ancount)); + r->Assign(11, val_mgr->GetCount(nscount)); + r->Assign(12, val_mgr->GetCount(arcount)); return r; } @@ -1457,10 +1457,10 @@ Val* DNS_MsgInfo::BuildAnswerVal() RecordVal* r = new RecordVal(dns_answer); Ref(query_name); - r->Assign(0, new Val(int(answer_type), TYPE_COUNT)); + r->Assign(0, val_mgr->GetCount(int(answer_type))); r->Assign(1, query_name); - r->Assign(2, new Val(atype, TYPE_COUNT)); - r->Assign(3, new Val(aclass, TYPE_COUNT)); + r->Assign(2, val_mgr->GetCount(atype)); + r->Assign(3, val_mgr->GetCount(aclass)); r->Assign(4, new IntervalVal(double(ttl), Seconds)); return r; @@ -1473,14 +1473,14 @@ Val* DNS_MsgInfo::BuildEDNS_Val() RecordVal* r = new RecordVal(dns_edns_additional); Ref(query_name); - r->Assign(0, new Val(int(answer_type), TYPE_COUNT)); + r->Assign(0, val_mgr->GetCount(int(answer_type))); r->Assign(1, query_name); // type = 0x29 or 41 = EDNS - r->Assign(2, new Val(atype, TYPE_COUNT)); + r->Assign(2, val_mgr->GetCount(atype)); // sender's UDP payload size, per RFC 2671 4.3 - r->Assign(3, new Val(aclass, TYPE_COUNT)); + r->Assign(3, val_mgr->GetCount(aclass)); // Need to break the TTL field into three components: // initial: [------------- ttl (32) ---------------------] @@ -1493,11 +1493,11 @@ Val* DNS_MsgInfo::BuildEDNS_Val() unsigned int return_error = (ercode << 8) | rcode; - r->Assign(4, new Val(return_error, TYPE_COUNT)); - r->Assign(5, new Val(version, TYPE_COUNT)); - r->Assign(6, new Val(z, TYPE_COUNT)); + r->Assign(4, val_mgr->GetCount(return_error)); + r->Assign(5, val_mgr->GetCount(version)); + r->Assign(6, val_mgr->GetCount(z)); r->Assign(7, new IntervalVal(double(ttl), Seconds)); - r->Assign(8, new Val(is_query, TYPE_COUNT)); + r->Assign(8, val_mgr->GetCount(is_query)); return r; } @@ -1508,16 +1508,16 @@ Val* DNS_MsgInfo::BuildTSIG_Val() double rtime = tsig->time_s + tsig->time_ms / 1000.0; Ref(query_name); - // r->Assign(0, new Val(int(answer_type), TYPE_COUNT)); + // r->Assign(0, val_mgr->GetCount(int(answer_type))); r->Assign(0, query_name); - r->Assign(1, new Val(int(answer_type), TYPE_COUNT)); + r->Assign(1, val_mgr->GetCount(int(answer_type))); r->Assign(2, new StringVal(tsig->alg_name)); r->Assign(3, new StringVal(tsig->sig)); r->Assign(4, new Val(rtime, TYPE_TIME)); r->Assign(5, new Val(double(tsig->fudge), TYPE_TIME)); - r->Assign(6, new Val(tsig->orig_id, TYPE_COUNT)); - r->Assign(7, new Val(tsig->rr_error, TYPE_COUNT)); - r->Assign(8, new Val(is_query, TYPE_COUNT)); + r->Assign(6, val_mgr->GetCount(tsig->orig_id)); + r->Assign(7, val_mgr->GetCount(tsig->rr_error)); + r->Assign(8, val_mgr->GetCount(is_query)); delete tsig; tsig = 0; @@ -1531,17 +1531,17 @@ Val* DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig) Ref(query_name); r->Assign(0, query_name); - r->Assign(1, new Val(int(answer_type), TYPE_COUNT)); - r->Assign(2, new Val(rrsig->type_covered, TYPE_COUNT)); - r->Assign(3, new Val(rrsig->algorithm, TYPE_COUNT)); - r->Assign(4, new Val(rrsig->labels, TYPE_COUNT)); + r->Assign(1, val_mgr->GetCount(int(answer_type))); + r->Assign(2, val_mgr->GetCount(rrsig->type_covered)); + r->Assign(3, val_mgr->GetCount(rrsig->algorithm)); + r->Assign(4, val_mgr->GetCount(rrsig->labels)); r->Assign(5, new IntervalVal(double(rrsig->orig_ttl), Seconds)); r->Assign(6, new Val(double(rrsig->sig_exp), TYPE_TIME)); r->Assign(7, new Val(double(rrsig->sig_incep), TYPE_TIME)); - r->Assign(8, new Val(rrsig->key_tag, TYPE_COUNT)); + r->Assign(8, val_mgr->GetCount(rrsig->key_tag)); r->Assign(9, new StringVal(rrsig->signer_name)); r->Assign(10, new StringVal(rrsig->signature)); - r->Assign(11, new Val(is_query, TYPE_COUNT)); + r->Assign(11, val_mgr->GetCount(is_query)); return r; } @@ -1552,12 +1552,12 @@ Val* DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey) Ref(query_name); r->Assign(0, query_name); - r->Assign(1, new Val(int(answer_type), TYPE_COUNT)); - r->Assign(2, new Val(dnskey->dflags, TYPE_COUNT)); - r->Assign(3, new Val(dnskey->dprotocol, TYPE_COUNT)); - r->Assign(4, new Val(dnskey->dalgorithm, TYPE_COUNT)); + r->Assign(1, val_mgr->GetCount(int(answer_type))); + r->Assign(2, val_mgr->GetCount(dnskey->dflags)); + r->Assign(3, val_mgr->GetCount(dnskey->dprotocol)); + r->Assign(4, val_mgr->GetCount(dnskey->dalgorithm)); r->Assign(5, new StringVal(dnskey->public_key)); - r->Assign(6, new Val(is_query, TYPE_COUNT)); + r->Assign(6, val_mgr->GetCount(is_query)); return r; } @@ -1568,16 +1568,16 @@ Val* DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3) Ref(query_name); r->Assign(0, query_name); - r->Assign(1, new Val(int(answer_type), TYPE_COUNT)); - r->Assign(2, new Val(nsec3->nsec_flags, TYPE_COUNT)); - r->Assign(3, new Val(nsec3->nsec_hash_algo, TYPE_COUNT)); - r->Assign(4, new Val(nsec3->nsec_iter, TYPE_COUNT)); - r->Assign(5, new Val(nsec3->nsec_salt_len, TYPE_COUNT)); + r->Assign(1, val_mgr->GetCount(int(answer_type))); + r->Assign(2, val_mgr->GetCount(nsec3->nsec_flags)); + r->Assign(3, val_mgr->GetCount(nsec3->nsec_hash_algo)); + r->Assign(4, val_mgr->GetCount(nsec3->nsec_iter)); + r->Assign(5, val_mgr->GetCount(nsec3->nsec_salt_len)); r->Assign(6, new StringVal(nsec3->nsec_salt)); - r->Assign(7, new Val(nsec3->nsec_hlen, TYPE_COUNT)); + r->Assign(7, val_mgr->GetCount(nsec3->nsec_hlen)); r->Assign(8, new StringVal(nsec3->nsec_hash)); r->Assign(9, nsec3->bitmaps); - r->Assign(10, new Val(is_query, TYPE_COUNT)); + r->Assign(10, val_mgr->GetCount(is_query)); return r; } @@ -1588,12 +1588,12 @@ Val* DNS_MsgInfo::BuildDS_Val(DS_DATA* ds) Ref(query_name); r->Assign(0, query_name); - r->Assign(1, new Val(int(answer_type), TYPE_COUNT)); - r->Assign(2, new Val(ds->key_tag, TYPE_COUNT)); - r->Assign(3, new Val(ds->algorithm, TYPE_COUNT)); - r->Assign(4, new Val(ds->digest_type, TYPE_COUNT)); + r->Assign(1, val_mgr->GetCount(int(answer_type))); + r->Assign(2, val_mgr->GetCount(ds->key_tag)); + r->Assign(3, val_mgr->GetCount(ds->algorithm)); + r->Assign(4, val_mgr->GetCount(ds->digest_type)); r->Assign(5, new StringVal(ds->digest_val)); - r->Assign(6, new Val(is_query, TYPE_COUNT)); + r->Assign(6, val_mgr->GetCount(is_query)); return r; } diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index 0aeb544a8a..6729c34448 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -68,7 +68,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(long_cnt, TYPE_BOOL)); + vl->append(val_mgr->GetBool(long_cnt)); vl->append(new StringVal(at - line, line)); vl->append(new StringVal(end_of_line - host, host)); diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index b062f5aa7e..f28dadf670 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -171,9 +171,9 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) } } - vl->append(new Val(reply_code, TYPE_COUNT)); + vl->append(val_mgr->GetCount(reply_code)); vl->append(new StringVal(end_of_line - line, line)); - vl->append(new Val(cont_resp, TYPE_BOOL)); + vl->append(val_mgr->GetBool(cont_resp)); f = ftp_reply; } diff --git a/src/analyzer/protocol/ftp/functions.bif b/src/analyzer/protocol/ftp/functions.bif index 9508061102..20c26b7c57 100644 --- a/src/analyzer/protocol/ftp/functions.bif +++ b/src/analyzer/protocol/ftp/functions.bif @@ -33,14 +33,14 @@ static Val* parse_port(const char* line) } r->Assign(0, new AddrVal(htonl(addr))); - r->Assign(1, port_mgr->Get(port, TRANSPORT_TCP)); - r->Assign(2, new Val(good, TYPE_BOOL)); + r->Assign(1, val_mgr->GetPort(port, TRANSPORT_TCP)); + r->Assign(2, val_mgr->GetBool(good)); } else { r->Assign(0, new AddrVal(uint32(0))); - r->Assign(1, port_mgr->Get(0, TRANSPORT_TCP)); - r->Assign(2, new Val(0, TYPE_BOOL)); + r->Assign(1, val_mgr->GetPort(0, TRANSPORT_TCP)); + r->Assign(2, val_mgr->GetBool(0)); } return r; @@ -109,8 +109,8 @@ static Val* parse_eftp(const char* line) } r->Assign(0, new AddrVal(addr)); - r->Assign(1, port_mgr->Get(port, TRANSPORT_TCP)); - r->Assign(2, new Val(good, TYPE_BOOL)); + r->Assign(1, val_mgr->GetPort(port, TRANSPORT_TCP)); + r->Assign(2, val_mgr->GetBool(good)); return r; } @@ -214,7 +214,7 @@ function fmt_ftp_port%(a: addr, p: port%): string { builtin_error("conversion of non-IPv4 address in fmt_ftp_port", @ARG@[0]); - return new StringVal(""); + return val_mgr->GetEmptyString(); } %} diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index 60c5475d4a..e7c11b40bb 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -82,8 +82,8 @@ void Gnutella_Analyzer::Done() vl->append(BuildConnVal()); vl->append(new StringVal(p->msg)); - vl->append(new Val((i == 0), TYPE_BOOL)); - vl->append(new Val(p->msg_pos, TYPE_COUNT)); + vl->append(val_mgr->GetBool((i == 0))); + vl->append(val_mgr->GetCount(p->msg_pos)); ConnectionEvent(gnutella_partial_binary_msg, vl); } @@ -195,7 +195,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(ms->headers.data())); ConnectionEvent(gnutella_text_msg, vl); @@ -240,17 +240,16 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); - vl->append(new Val(p->msg_type, TYPE_COUNT)); - vl->append(new Val(p->msg_ttl, TYPE_COUNT)); - vl->append(new Val(p->msg_hops, TYPE_COUNT)); - vl->append(new Val(p->msg_len, TYPE_COUNT)); + vl->append(val_mgr->GetBool(is_orig)); + vl->append(val_mgr->GetCount(p->msg_type)); + vl->append(val_mgr->GetCount(p->msg_ttl)); + vl->append(val_mgr->GetCount(p->msg_hops)); + vl->append(val_mgr->GetCount(p->msg_len)); vl->append(new StringVal(p->payload)); - vl->append(new Val(p->payload_len, TYPE_COUNT)); - vl->append(new Val((p->payload_len < - min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD)), - TYPE_BOOL)); - vl->append(new Val((p->payload_left == 0), TYPE_BOOL)); + vl->append(val_mgr->GetCount(p->payload_len)); + vl->append(val_mgr->GetBool( + (p->payload_len < min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD)))); + vl->append(val_mgr->GetBool((p->payload_left == 0))); ConnectionEvent(gnutella_binary_msg, vl); } diff --git a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac index c0d9b6e32f..37b7cee0b1 100644 --- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac +++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac @@ -4,21 +4,21 @@ RecordVal* BuildGTPv1Hdr(const GTPv1_Header* pdu) { RecordVal* rv = new RecordVal(BifType::Record::gtpv1_hdr); - rv->Assign(0, new Val(pdu->version(), TYPE_COUNT)); - rv->Assign(1, new Val(pdu->pt_flag(), TYPE_BOOL)); - rv->Assign(2, new Val(pdu->rsv(), TYPE_BOOL)); - rv->Assign(3, new Val(pdu->e_flag(), TYPE_BOOL)); - rv->Assign(4, new Val(pdu->s_flag(), TYPE_BOOL)); - rv->Assign(5, new Val(pdu->pn_flag(), TYPE_BOOL)); - rv->Assign(6, new Val(pdu->msg_type(), TYPE_COUNT)); - rv->Assign(7, new Val(pdu->length(), TYPE_COUNT)); - rv->Assign(8, new Val(pdu->teid(), TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount(pdu->version())); + rv->Assign(1, val_mgr->GetBool(pdu->pt_flag())); + rv->Assign(2, val_mgr->GetBool(pdu->rsv())); + rv->Assign(3, val_mgr->GetBool(pdu->e_flag())); + rv->Assign(4, val_mgr->GetBool(pdu->s_flag())); + rv->Assign(5, val_mgr->GetBool(pdu->pn_flag())); + rv->Assign(6, val_mgr->GetCount(pdu->msg_type())); + rv->Assign(7, val_mgr->GetCount(pdu->length())); + rv->Assign(8, val_mgr->GetCount(pdu->teid())); if ( pdu->has_opt() ) { - rv->Assign(9, new Val(pdu->opt_hdr()->seq(), TYPE_COUNT)); - rv->Assign(10, new Val(pdu->opt_hdr()->n_pdu(), TYPE_COUNT)); - rv->Assign(11, new Val(pdu->opt_hdr()->next_type(), TYPE_COUNT)); + rv->Assign(9, val_mgr->GetCount(pdu->opt_hdr()->seq())); + rv->Assign(10, val_mgr->GetCount(pdu->opt_hdr()->n_pdu())); + rv->Assign(11, val_mgr->GetCount(pdu->opt_hdr()->next_type())); } return rv; @@ -26,64 +26,64 @@ RecordVal* BuildGTPv1Hdr(const GTPv1_Header* pdu) Val* BuildIMSI(const InformationElement* ie) { - return new Val(ie->imsi()->value(), TYPE_COUNT); + return val_mgr->GetCount(ie->imsi()->value()); } Val* BuildRAI(const InformationElement* ie) { RecordVal* ev = new RecordVal(BifType::Record::gtp_rai); - ev->Assign(0, new Val(ie->rai()->mcc(), TYPE_COUNT)); - ev->Assign(1, new Val(ie->rai()->mnc(), TYPE_COUNT)); - ev->Assign(2, new Val(ie->rai()->lac(), TYPE_COUNT)); - ev->Assign(3, new Val(ie->rai()->rac(), TYPE_COUNT)); + ev->Assign(0, val_mgr->GetCount(ie->rai()->mcc())); + ev->Assign(1, val_mgr->GetCount(ie->rai()->mnc())); + ev->Assign(2, val_mgr->GetCount(ie->rai()->lac())); + ev->Assign(3, val_mgr->GetCount(ie->rai()->rac())); return ev; } Val* BuildRecovery(const InformationElement* ie) { - return new Val(ie->recovery()->restart_counter(), TYPE_COUNT); + return val_mgr->GetCount(ie->recovery()->restart_counter()); } Val* BuildSelectionMode(const InformationElement* ie) { - return new Val(ie->selection_mode()->mode(), TYPE_COUNT); + return val_mgr->GetCount(ie->selection_mode()->mode()); } Val* BuildTEID1(const InformationElement* ie) { - return new Val(ie->teid1()->value(), TYPE_COUNT); + return val_mgr->GetCount(ie->teid1()->value()); } Val* BuildTEID_ControlPlane(const InformationElement* ie) { - return new Val(ie->teidcp()->value(), TYPE_COUNT); + return val_mgr->GetCount(ie->teidcp()->value()); } Val* BuildNSAPI(const InformationElement* ie) { - return new Val(ie->nsapi()->nsapi(), TYPE_COUNT); + return val_mgr->GetCount(ie->nsapi()->nsapi()); } Val* BuildChargingCharacteristics(const InformationElement* ie) { - return new Val(ie->charging_characteristics()->value(), TYPE_COUNT); + return val_mgr->GetCount(ie->charging_characteristics()->value()); } Val* BuildTraceReference(const InformationElement* ie) { - return new Val(ie->trace_reference()->value(), TYPE_COUNT); + return val_mgr->GetCount(ie->trace_reference()->value()); } Val* BuildTraceType(const InformationElement* ie) { - return new Val(ie->trace_type()->value(), TYPE_COUNT); + return val_mgr->GetCount(ie->trace_type()->value()); } Val* BuildEndUserAddr(const InformationElement* ie) { RecordVal* ev = new RecordVal(BifType::Record::gtp_end_user_addr); - ev->Assign(0, new Val(ie->end_user_addr()->pdp_type_org(), TYPE_COUNT)); - ev->Assign(1, new Val(ie->end_user_addr()->pdp_type_num(), TYPE_COUNT)); + ev->Assign(0, val_mgr->GetCount(ie->end_user_addr()->pdp_type_org())); + ev->Assign(1, val_mgr->GetCount(ie->end_user_addr()->pdp_type_num())); int len = ie->end_user_addr()->pdp_addr().length(); @@ -157,8 +157,7 @@ Val* BuildQoS_Profile(const InformationElement* ie) const u_char* d = (const u_char*) ie->qos_profile()->data().data(); int len = ie->qos_profile()->data().length(); - ev->Assign(0, new Val(ie->qos_profile()->alloc_retention_priority(), - TYPE_COUNT)); + ev->Assign(0, val_mgr->GetCount(ie->qos_profile()->alloc_retention_priority())); ev->Assign(1, new StringVal(new BroString(d, len, 0))); return ev; @@ -192,7 +191,7 @@ Val* BuildPrivateExt(const InformationElement* ie) const uint8* d = ie->private_ext()->value().data(); int len = ie->private_ext()->value().length(); - ev->Assign(0, new Val(ie->private_ext()->id(), TYPE_COUNT)); + ev->Assign(0, val_mgr->GetCount(ie->private_ext()->id())); ev->Assign(1, new StringVal(new BroString((const u_char*) d, len, 0))); return ev; @@ -200,17 +199,17 @@ Val* BuildPrivateExt(const InformationElement* ie) Val* BuildCause(const InformationElement* ie) { - return new Val(ie->cause()->value(), TYPE_COUNT); + return val_mgr->GetCount(ie->cause()->value()); } Val* BuildReorderReq(const InformationElement* ie) { - return new Val(ie->reorder_req()->req(), TYPE_BOOL); + return val_mgr->GetBool(ie->reorder_req()->req()); } Val* BuildChargingID(const InformationElement* ie) { - return new Val(ie->charging_id()->value(), TYPE_COUNT);; + return val_mgr->GetCount(ie->charging_id()->value());; } Val* BuildChargingGatewayAddr(const InformationElement* ie) @@ -227,7 +226,7 @@ Val* BuildChargingGatewayAddr(const InformationElement* ie) Val* BuildTeardownInd(const InformationElement* ie) { - return new Val(ie->teardown_ind()->ind(), TYPE_BOOL); + return val_mgr->GetBool(ie->teardown_ind()->ind()); } void CreatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu) diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 4e1e5a2218..4706286914 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -614,11 +614,11 @@ Val* HTTP_Message::BuildMessageStat(const int interrupted, const char* msg) RecordVal* stat = new RecordVal(http_message_stat); int field = 0; stat->Assign(field++, new Val(start_time, TYPE_TIME)); - stat->Assign(field++, new Val(interrupted, TYPE_BOOL)); + stat->Assign(field++, val_mgr->GetBool(interrupted)); stat->Assign(field++, new StringVal(msg)); - stat->Assign(field++, new Val(body_length, TYPE_COUNT)); - stat->Assign(field++, new Val(content_gap_length, TYPE_COUNT)); - stat->Assign(field++, new Val(header_length, TYPE_COUNT)); + stat->Assign(field++, val_mgr->GetCount(body_length)); + stat->Assign(field++, val_mgr->GetCount(content_gap_length)); + stat->Assign(field++, val_mgr->GetCount(header_length)); return stat; } @@ -648,7 +648,7 @@ void HTTP_Message::Done(const int interrupted, const char* detail) { val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); vl->append(BuildMessageStat(interrupted, detail)); GetAnalyzer()->ConnectionEvent(http_message_done, vl); } @@ -681,7 +681,7 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity) { val_list* vl = new val_list(); vl->append(analyzer->BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); analyzer->ConnectionEvent(http_begin_entity, vl); } } @@ -698,7 +698,7 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity) { val_list* vl = new val_list(); vl->append(analyzer->BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); analyzer->ConnectionEvent(http_end_entity, vl); } @@ -739,7 +739,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) { val_list* vl = new val_list(); vl->append(analyzer->BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); vl->append(BuildHeaderTable(hlist)); analyzer->ConnectionEvent(http_all_headers, vl); } @@ -753,7 +753,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) val_list* vl = new val_list(); vl->append(analyzer->BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); vl->append(ty); vl->append(subty); analyzer->ConnectionEvent(http_content_type, vl); @@ -1177,8 +1177,8 @@ void HTTP_Analyzer::GenStats() if ( http_stats ) { RecordVal* r = new RecordVal(http_stats_rec); - r->Assign(0, new Val(num_requests, TYPE_COUNT)); - r->Assign(1, new Val(num_replies, TYPE_COUNT)); + r->Assign(0, val_mgr->GetCount(num_requests)); + r->Assign(1, val_mgr->GetCount(num_replies)); r->Assign(2, new Val(request_version, TYPE_DOUBLE)); r->Assign(3, new Val(reply_version, TYPE_DOUBLE)); @@ -1447,7 +1447,7 @@ void HTTP_Analyzer::HTTP_Reply() val_list* vl = new val_list; vl->append(BuildConnVal()); vl->append(new StringVal(fmt("%.1f", reply_version))); - vl->append(new Val(reply_code, TYPE_COUNT)); + vl->append(val_mgr->GetCount(reply_code)); if ( reply_reason_phrase ) vl->append(reply_reason_phrase->Ref()); else @@ -1699,7 +1699,7 @@ void HTTP_Analyzer::HTTP_Header(int is_orig, mime::MIME_Header* h) val_list* vl = new val_list(); vl->append(BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); vl->append(mime::new_string_val(h->get_name())->ToUpper()); vl->append(mime::new_string_val(h->get_value())); if ( DEBUG_http ) @@ -1835,8 +1835,8 @@ void HTTP_Analyzer::HTTP_EntityData(int is_orig, BroString* entity_data) { val_list* vl = new val_list(); vl->append(BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); - vl->append(new Val(entity_data->Len(), TYPE_COUNT)); + vl->append(val_mgr->GetBool(is_orig)); + vl->append(val_mgr->GetCount(entity_data->Len())); vl->append(new StringVal(entity_data)); ConnectionEvent(http_entity_data, vl); } diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index cd95cd88b1..1832b324b2 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -225,11 +225,11 @@ RecordVal* ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len, icmp_conn_val->Assign(0, new AddrVal(Conn()->OrigAddr())); icmp_conn_val->Assign(1, new AddrVal(Conn()->RespAddr())); - icmp_conn_val->Assign(2, new Val(icmpp->icmp_type, TYPE_COUNT)); - icmp_conn_val->Assign(3, new Val(icmpp->icmp_code, TYPE_COUNT)); - icmp_conn_val->Assign(4, new Val(len, TYPE_COUNT)); - icmp_conn_val->Assign(5, new Val(ip_hdr->TTL(), TYPE_COUNT)); - icmp_conn_val->Assign(6, new Val(icmpv6, TYPE_BOOL)); + icmp_conn_val->Assign(2, val_mgr->GetCount(icmpp->icmp_type)); + icmp_conn_val->Assign(3, val_mgr->GetCount(icmpp->icmp_code)); + icmp_conn_val->Assign(4, val_mgr->GetCount(len)); + icmp_conn_val->Assign(5, val_mgr->GetCount(ip_hdr->TTL())); + icmp_conn_val->Assign(6, val_mgr->GetBool(icmpv6)); } Ref(icmp_conn_val); @@ -352,18 +352,18 @@ RecordVal* ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data) RecordVal* id_val = new RecordVal(conn_id); id_val->Assign(0, new AddrVal(src_addr)); - id_val->Assign(1, port_mgr->Get(src_port, proto)); + id_val->Assign(1, val_mgr->GetPort(src_port, proto)); id_val->Assign(2, new AddrVal(dst_addr)); - id_val->Assign(3, port_mgr->Get(dst_port, proto)); + id_val->Assign(3, val_mgr->GetPort(dst_port, proto)); iprec->Assign(0, id_val); - iprec->Assign(1, new Val(ip_len, TYPE_COUNT)); - iprec->Assign(2, new Val(proto, TYPE_COUNT)); - iprec->Assign(3, new Val(frag_offset, TYPE_COUNT)); - iprec->Assign(4, new Val(bad_hdr_len, TYPE_BOOL)); - iprec->Assign(5, new Val(bad_checksum, TYPE_BOOL)); - iprec->Assign(6, new Val(MF, TYPE_BOOL)); - iprec->Assign(7, new Val(DF, TYPE_BOOL)); + iprec->Assign(1, val_mgr->GetCount(ip_len)); + iprec->Assign(2, val_mgr->GetCount(proto)); + iprec->Assign(3, val_mgr->GetCount(frag_offset)); + iprec->Assign(4, val_mgr->GetBool(bad_hdr_len)); + iprec->Assign(5, val_mgr->GetBool(bad_checksum)); + iprec->Assign(6, val_mgr->GetBool(MF)); + iprec->Assign(7, val_mgr->GetBool(DF)); return iprec; } @@ -411,19 +411,19 @@ RecordVal* ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data) RecordVal* id_val = new RecordVal(conn_id); id_val->Assign(0, new AddrVal(src_addr)); - id_val->Assign(1, port_mgr->Get(src_port, proto)); + id_val->Assign(1, val_mgr->GetPort(src_port, proto)); id_val->Assign(2, new AddrVal(dst_addr)); - id_val->Assign(3, port_mgr->Get(dst_port, proto)); + id_val->Assign(3, val_mgr->GetPort(dst_port, proto)); iprec->Assign(0, id_val); - iprec->Assign(1, new Val(ip_len, TYPE_COUNT)); - iprec->Assign(2, new Val(proto, TYPE_COUNT)); - iprec->Assign(3, new Val(frag_offset, TYPE_COUNT)); - iprec->Assign(4, new Val(bad_hdr_len, TYPE_BOOL)); + iprec->Assign(1, val_mgr->GetCount(ip_len)); + iprec->Assign(2, val_mgr->GetCount(proto)); + iprec->Assign(3, val_mgr->GetCount(frag_offset)); + iprec->Assign(4, val_mgr->GetBool(bad_hdr_len)); // bad_checksum is always false since IPv6 layer doesn't have a checksum. - iprec->Assign(5, new Val(0, TYPE_BOOL)); - iprec->Assign(6, new Val(MF, TYPE_BOOL)); - iprec->Assign(7, new Val(DF, TYPE_BOOL)); + iprec->Assign(5, val_mgr->GetBool(0)); + iprec->Assign(6, val_mgr->GetBool(MF)); + iprec->Assign(7, val_mgr->GetBool(DF)); return iprec; } @@ -471,14 +471,14 @@ void ICMP_Analyzer::UpdateEndpointVal(RecordVal* endp, int is_orig) int size = is_orig ? request_len : reply_len; if ( size < 0 ) { - endp->Assign(0, new Val(0, TYPE_COUNT)); - endp->Assign(1, new Val(int(ICMP_INACTIVE), TYPE_COUNT)); + endp->Assign(0, val_mgr->GetCount(0)); + endp->Assign(1, val_mgr->GetCount(int(ICMP_INACTIVE))); } else { - endp->Assign(0, new Val(size, TYPE_COUNT)); - endp->Assign(1, new Val(int(ICMP_ACTIVE), TYPE_COUNT)); + endp->Assign(0, val_mgr->GetCount(size)); + endp->Assign(1, val_mgr->GetCount(int(ICMP_ACTIVE))); } } @@ -514,8 +514,8 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, val_list* vl = new val_list; vl->append(BuildConnVal()); vl->append(BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr)); - vl->append(new Val(iid, TYPE_COUNT)); - vl->append(new Val(iseq, TYPE_COUNT)); + vl->append(val_mgr->GetCount(iid)); + vl->append(val_mgr->GetCount(iseq)); vl->append(new StringVal(payload)); ConnectionEvent(f, vl); @@ -537,13 +537,13 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, val_list* vl = new val_list; vl->append(BuildConnVal()); vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new Val(icmpp->icmp_num_addrs, TYPE_COUNT)); // Cur Hop Limit - vl->append(new Val(icmpp->icmp_wpa & 0x80, TYPE_BOOL)); // Managed - vl->append(new Val(icmpp->icmp_wpa & 0x40, TYPE_BOOL)); // Other - vl->append(new Val(icmpp->icmp_wpa & 0x20, TYPE_BOOL)); // Home Agent - vl->append(new Val((icmpp->icmp_wpa & 0x18)>>3, TYPE_COUNT)); // Pref - vl->append(new Val(icmpp->icmp_wpa & 0x04, TYPE_BOOL)); // Proxy - vl->append(new Val(icmpp->icmp_wpa & 0x02, TYPE_COUNT)); // Reserved + vl->append(val_mgr->GetCount(icmpp->icmp_num_addrs)); // Cur Hop Limit + vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x80)); // Managed + vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x40)); // Other + vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x20)); // Home Agent + vl->append(val_mgr->GetCount((icmpp->icmp_wpa & 0x18)>>3)); // Pref + vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x04)); // Proxy + vl->append(val_mgr->GetCount(icmpp->icmp_wpa & 0x02)); // Reserved vl->append(new IntervalVal((double)ntohs(icmpp->icmp_lifetime), Seconds)); vl->append(new IntervalVal((double)ntohl(reachable), Milliseconds)); vl->append(new IntervalVal((double)ntohl(retrans), Milliseconds)); @@ -567,9 +567,9 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, val_list* vl = new val_list; vl->append(BuildConnVal()); vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new Val(icmpp->icmp_num_addrs & 0x80, TYPE_BOOL)); // Router - vl->append(new Val(icmpp->icmp_num_addrs & 0x40, TYPE_BOOL)); // Solicited - vl->append(new Val(icmpp->icmp_num_addrs & 0x20, TYPE_BOOL)); // Override + vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80)); // Router + vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x40)); // Solicited + vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x20)); // Override vl->append(new AddrVal(tgtaddr)); int opt_offset = sizeof(in6_addr); @@ -660,7 +660,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, val_list* vl = new val_list; vl->append(BuildConnVal()); vl->append(BuildICMPVal(icmpp, len, 0, ip_hdr)); - vl->append(new Val(icmpp->icmp_code, TYPE_COUNT)); + vl->append(val_mgr->GetCount(icmpp->icmp_code)); vl->append(ExtractICMP4Context(caplen, data)); ConnectionEvent(f, vl); } @@ -700,7 +700,7 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, val_list* vl = new val_list; vl->append(BuildConnVal()); vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new Val(icmpp->icmp_code, TYPE_COUNT)); + vl->append(val_mgr->GetCount(icmpp->icmp_code)); vl->append(ExtractICMP6Context(caplen, data)); ConnectionEvent(f, vl); } @@ -740,8 +740,8 @@ VectorVal* ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data) } RecordVal* rv = new RecordVal(icmp6_nd_option_type); - rv->Assign(0, new Val(type, TYPE_COUNT)); - rv->Assign(1, new Val(length, TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount(type)); + rv->Assign(1, val_mgr->GetCount(length)); // Adjust length to be in units of bytes, exclude type/length fields. length = length * 8 - 2; @@ -780,9 +780,9 @@ VectorVal* ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data) uint32 valid_life = *((const uint32*)(data + 2)); uint32 prefer_life = *((const uint32*)(data + 6)); in6_addr prefix = *((const in6_addr*)(data + 14)); - info->Assign(0, new Val(prefix_len, TYPE_COUNT)); - info->Assign(1, new Val(L_flag, TYPE_BOOL)); - info->Assign(2, new Val(A_flag, TYPE_BOOL)); + info->Assign(0, val_mgr->GetCount(prefix_len)); + info->Assign(1, val_mgr->GetBool(L_flag)); + info->Assign(2, val_mgr->GetBool(A_flag)); info->Assign(3, new IntervalVal((double)ntohl(valid_life), Seconds)); info->Assign(4, new IntervalVal((double)ntohl(prefer_life), Seconds)); info->Assign(5, new AddrVal(IPAddr(prefix))); @@ -813,8 +813,7 @@ VectorVal* ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data) // MTU option { if ( caplen >= 6 ) - rv->Assign(5, new Val(ntohl(*((const uint32*)(data + 2))), - TYPE_COUNT)); + rv->Assign(5, val_mgr->GetCount(ntohl(*((const uint32*)(data + 2))))); else set_payload_field = true; diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index 423028968c..125f2d7f64 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -85,8 +85,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(port_mgr->Get(local_port, TRANSPORT_TCP)); - vl->append(port_mgr->Get(remote_port, TRANSPORT_TCP)); + vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); + vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); ConnectionEvent(ident_request, vl); @@ -146,8 +146,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(port_mgr->Get(local_port, TRANSPORT_TCP)); - vl->append(port_mgr->Get(remote_port, TRANSPORT_TCP)); + vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); + vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); vl->append(new StringVal(end_of_line - line, line)); ConnectionEvent(ident_error, vl); @@ -180,8 +180,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(port_mgr->Get(local_port, TRANSPORT_TCP)); - vl->append(port_mgr->Get(remote_port, TRANSPORT_TCP)); + vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); + vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); vl->append(new StringVal(end_of_line - line, line)); vl->append(new StringVal(sys_type_s)); diff --git a/src/analyzer/protocol/interconn/InterConn.cc b/src/analyzer/protocol/interconn/InterConn.cc index c1bf0f37f5..8d9dd72774 100644 --- a/src/analyzer/protocol/interconn/InterConn.cc +++ b/src/analyzer/protocol/interconn/InterConn.cc @@ -127,16 +127,16 @@ RecordVal* InterConnEndpoint::BuildStats() { RecordVal* stats = new RecordVal(interconn_endp_stats); - stats->Assign(0, new Val(num_pkts, TYPE_COUNT)); - stats->Assign(1, new Val(num_keystrokes_two_in_a_row, TYPE_COUNT)); - stats->Assign(2, new Val(num_normal_interarrivals, TYPE_COUNT)); - stats->Assign(3, new Val(num_8k0_pkts, TYPE_COUNT)); - stats->Assign(4, new Val(num_8k4_pkts, TYPE_COUNT)); - stats->Assign(5, new Val(is_partial, TYPE_BOOL)); - stats->Assign(6, new Val(num_bytes, TYPE_COUNT)); - stats->Assign(7, new Val(num_7bit_ascii, TYPE_COUNT)); - stats->Assign(8, new Val(num_lines, TYPE_COUNT)); - stats->Assign(9, new Val(num_normal_lines, TYPE_COUNT)); + stats->Assign(0, val_mgr->GetCount(num_pkts)); + stats->Assign(1, val_mgr->GetCount(num_keystrokes_two_in_a_row)); + stats->Assign(2, val_mgr->GetCount(num_normal_interarrivals)); + stats->Assign(3, val_mgr->GetCount(num_8k0_pkts)); + stats->Assign(4, val_mgr->GetCount(num_8k4_pkts)); + stats->Assign(5, val_mgr->GetBool(is_partial)); + stats->Assign(6, val_mgr->GetCount(num_bytes)); + stats->Assign(7, val_mgr->GetCount(num_7bit_ascii)); + stats->Assign(8, val_mgr->GetCount(num_lines)); + stats->Assign(9, val_mgr->GetCount(num_normal_lines)); return stats; } diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index a46bbb93d6..25d568d627 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -235,10 +235,10 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); - vl->append(new Val(users, TYPE_INT)); - vl->append(new Val(services, TYPE_INT)); - vl->append(new Val(servers, TYPE_INT)); + vl->append(val_mgr->GetBool(orig)); + vl->append(val_mgr->GetInt(users)); + vl->append(val_mgr->GetInt(services)); + vl->append(val_mgr->GetInt(servers)); ConnectionEvent(irc_network_info, vl); } @@ -273,7 +273,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(type.c_str())); vl->append(new StringVal(channel.c_str())); @@ -318,10 +318,10 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); - vl->append(new Val(users, TYPE_INT)); - vl->append(new Val(services, TYPE_INT)); - vl->append(new Val(servers, TYPE_INT)); + vl->append(val_mgr->GetBool(orig)); + vl->append(val_mgr->GetInt(users)); + vl->append(val_mgr->GetInt(services)); + vl->append(val_mgr->GetInt(servers)); ConnectionEvent(irc_server_info, vl); } @@ -341,8 +341,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); - vl->append(new Val(channels, TYPE_INT)); + vl->append(val_mgr->GetBool(orig)); + vl->append(val_mgr->GetInt(channels)); ConnectionEvent(irc_channel_info, vl); } @@ -374,7 +374,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(eop - prefix, prefix)); vl->append(new StringVal(++msg)); ConnectionEvent(irc_global_users, vl); @@ -399,7 +399,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(parts[0].c_str())); vl->append(new StringVal(parts[1].c_str())); vl->append(new StringVal(parts[2].c_str())); @@ -438,7 +438,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(parts[0].c_str())); ConnectionEvent(irc_whois_operator_line, vl); @@ -469,7 +469,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(nick.c_str())); TableVal* set = new TableVal(string_set); for ( unsigned int i = 0; i < parts.size(); ++i ) @@ -505,7 +505,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(parts[1].c_str())); const char* t = topic.c_str(); @@ -539,7 +539,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(parts[0].c_str())); vl->append(new StringVal(parts[1].c_str())); if ( parts[2][0] == '~' ) @@ -551,7 +551,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vl->append(new StringVal(parts[6].c_str())); if ( parts[7][0] == ':' ) parts[7] = parts[7].substr(1); - vl->append(new Val(atoi(parts[7].c_str()), TYPE_INT)); + vl->append(val_mgr->GetInt(atoi(parts[7].c_str()))); vl->append(new StringVal(parts[8].c_str())); ConnectionEvent(irc_who_line, vl); @@ -567,7 +567,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); ConnectionEvent(irc_invalid_nick, vl); } break; @@ -579,8 +579,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); - vl->append(new Val(code == 381, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); + vl->append(val_mgr->GetBool(code == 381)); ConnectionEvent(irc_oper_response, vl); } break; @@ -594,9 +594,9 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) default: val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); - vl->append(new Val(code, TYPE_COUNT)); + vl->append(val_mgr->GetCount(code)); vl->append(new StringVal(params.c_str())); ConnectionEvent(irc_reply, vl); @@ -664,18 +664,17 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); vl->append(new StringVal(target.c_str())); vl->append(new StringVal(parts[1].c_str())); vl->append(new StringVal(parts[2].c_str())); vl->append(new AddrVal(htonl(raw_ip))); - vl->append(new Val(atoi(parts[4].c_str()), TYPE_COUNT)); + vl->append(val_mgr->GetCount(atoi(parts[4].c_str()))); if ( parts.size() >= 6 ) - vl->append(new Val(atoi(parts[5].c_str()), - TYPE_COUNT)); + vl->append(val_mgr->GetCount(atoi(parts[5].c_str()))); else - vl->append(new Val(0, TYPE_COUNT)); + vl->append(val_mgr->GetCount(0)); ConnectionEvent(irc_dcc_message, vl); } @@ -684,7 +683,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); vl->append(new StringVal(target.c_str())); vl->append(new StringVal(message.c_str())); @@ -710,7 +709,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); vl->append(new StringVal(target.c_str())); vl->append(new StringVal(message.c_str())); @@ -735,7 +734,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); vl->append(new StringVal(target.c_str())); vl->append(new StringVal(message.c_str())); @@ -749,19 +748,19 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vector parts = SplitWords(params, ' '); val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); if ( parts.size() > 0 ) vl->append(new StringVal(parts[0].c_str())); - else vl->append(new StringVal("")); + else vl->append(val_mgr->GetEmptyString()); if ( parts.size() > 1 ) vl->append(new StringVal(parts[1].c_str())); - else vl->append(new StringVal("")); + else vl->append(val_mgr->GetEmptyString()); if ( parts.size() > 2 ) vl->append(new StringVal(parts[2].c_str())); - else vl->append(new StringVal("")); + else vl->append(val_mgr->GetEmptyString()); string realname; for ( unsigned int i = 3; i < parts.size(); i++ ) @@ -785,7 +784,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(parts[0].c_str())); vl->append(new StringVal(parts[1].c_str())); @@ -808,7 +807,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); vl->append(new StringVal(parts[0].c_str())); vl->append(new StringVal(parts[1].c_str())); @@ -824,7 +823,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vl->append(new StringVal(comment.c_str())); } else - vl->append(new StringVal("")); + vl->append(val_mgr->GetEmptyString()); ConnectionEvent(irc_kick_message, vl); } @@ -852,7 +851,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); TableVal* list = new TableVal(irc_join_list); vector channels = SplitWords(parts[0], ','); @@ -899,7 +898,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); TableVal* list = new TableVal(irc_join_list); string empty_string = ""; @@ -980,7 +979,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(nick.c_str())); vl->append(set); vl->append(new StringVal(message.c_str())); @@ -1004,7 +1003,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(nickname.c_str())); vl->append(new StringVal(message.c_str())); @@ -1019,7 +1018,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); vl->append(new StringVal(nick.c_str())); @@ -1045,12 +1044,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); if ( parts.size() > 0 ) vl->append(new StringVal(parts[0].c_str())); else - vl->append(new StringVal("")); - vl->append(new Val(oper, TYPE_BOOL)); + vl->append(val_mgr->GetEmptyString()); + vl->append(val_mgr->GetBool(oper)); ConnectionEvent(irc_who_message, vl); } @@ -1077,7 +1076,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(server.c_str())); vl->append(new StringVal(users.c_str())); @@ -1088,7 +1087,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); if ( params[0] == ':' ) params = params.substr(1); @@ -1107,7 +1106,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); vl->append(new StringVal(parts[0].c_str())); vl->append(new StringVal(parts[1].c_str())); @@ -1124,7 +1123,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); vl->append(new StringVal(params.c_str())); @@ -1139,7 +1138,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(params.c_str())); ConnectionEvent(irc_password_message, vl); } @@ -1161,7 +1160,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); vl->append(new StringVal(server.c_str())); vl->append(new StringVal(message.c_str())); @@ -1176,7 +1175,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); vl->append(new StringVal(command.c_str())); vl->append(new StringVal(params.c_str())); @@ -1191,7 +1190,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(prefix.c_str())); vl->append(new StringVal(command.c_str())); vl->append(new StringVal(params.c_str())); diff --git a/src/analyzer/protocol/krb/KRB_TCP.h b/src/analyzer/protocol/krb/KRB_TCP.h index f6c679be63..e7fa34a7cd 100644 --- a/src/analyzer/protocol/krb/KRB_TCP.h +++ b/src/analyzer/protocol/krb/KRB_TCP.h @@ -22,7 +22,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - StringVal* GetAuthenticationInfo(const BroString* principal, const BroString* ciphertext, const bro_uint_t enctype) { return new StringVal(""); } + StringVal* GetAuthenticationInfo(const BroString* principal, const BroString* ciphertext, const bro_uint_t enctype) { return val_mgr->GetEmptyString(); } static analyzer::Analyzer* Instantiate(Connection* conn) { return new KRB_Analyzer(conn); } diff --git a/src/analyzer/protocol/krb/krb-analyzer.pac b/src/analyzer/protocol/krb/krb-analyzer.pac index 7c59a6a99e..85b80eeb08 100644 --- a/src/analyzer/protocol/krb/krb-analyzer.pac +++ b/src/analyzer/protocol/krb/krb-analyzer.pac @@ -10,19 +10,19 @@ RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts) { RecordVal* rv = new RecordVal(BifType::Record::KRB::KDC_Options); - rv->Assign(0, new Val(opts->forwardable(), TYPE_BOOL)); - rv->Assign(1, new Val(opts->forwarded(), TYPE_BOOL)); - rv->Assign(2, new Val(opts->proxiable(), TYPE_BOOL)); - rv->Assign(3, new Val(opts->proxy(), TYPE_BOOL)); - rv->Assign(4, new Val(opts->allow_postdate(), TYPE_BOOL)); - rv->Assign(5, new Val(opts->postdated(), TYPE_BOOL)); - rv->Assign(6, new Val(opts->renewable(), TYPE_BOOL)); - rv->Assign(7, new Val(opts->opt_hardware_auth(), TYPE_BOOL)); - rv->Assign(8, new Val(opts->disable_transited_check(), TYPE_BOOL)); - rv->Assign(9, new Val(opts->renewable_ok(), TYPE_BOOL)); - rv->Assign(10, new Val(opts->enc_tkt_in_skey(), TYPE_BOOL)); - rv->Assign(11, new Val(opts->renew(), TYPE_BOOL)); - rv->Assign(12, new Val(opts->validate(), TYPE_BOOL)); + rv->Assign(0, val_mgr->GetBool(opts->forwardable())); + rv->Assign(1, val_mgr->GetBool(opts->forwarded())); + rv->Assign(2, val_mgr->GetBool(opts->proxiable())); + rv->Assign(3, val_mgr->GetBool(opts->proxy())); + rv->Assign(4, val_mgr->GetBool(opts->allow_postdate())); + rv->Assign(5, val_mgr->GetBool(opts->postdated())); + rv->Assign(6, val_mgr->GetBool(opts->renewable())); + rv->Assign(7, val_mgr->GetBool(opts->opt_hardware_auth())); + rv->Assign(8, val_mgr->GetBool(opts->disable_transited_check())); + rv->Assign(9, val_mgr->GetBool(opts->renewable_ok())); + rv->Assign(10, val_mgr->GetBool(opts->enc_tkt_in_skey())); + rv->Assign(11, val_mgr->GetBool(opts->renew())); + rv->Assign(12, val_mgr->GetBool(opts->validate())); return rv; } @@ -242,8 +242,8 @@ refine connection KRB_Conn += { if ( krb_ap_request ) { RecordVal* rv = new RecordVal(BifType::Record::KRB::AP_Options); - rv->Assign(0, new Val(${msg.ap_options.use_session_key}, TYPE_BOOL)); - rv->Assign(1, new Val(${msg.ap_options.mutual_required}, TYPE_BOOL)); + rv->Assign(0, val_mgr->GetBool(${msg.ap_options.use_session_key})); + rv->Assign(1, val_mgr->GetBool(${msg.ap_options.mutual_required})); RecordVal* rvticket = proc_ticket(${msg.ticket}); StringVal* authenticationinfo = bro_analyzer()->GetAuthenticationInfo(rvticket->Lookup(2)->AsString(), rvticket->Lookup(4)->AsString(), rvticket->Lookup(3)->AsCount()); diff --git a/src/analyzer/protocol/krb/krb-padata.pac b/src/analyzer/protocol/krb/krb-padata.pac index 271958fcb4..feb1089815 100644 --- a/src/analyzer/protocol/krb/krb-padata.pac +++ b/src/analyzer/protocol/krb/krb-padata.pac @@ -36,7 +36,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a case PA_PW_SALT: { RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); - type_val->Assign(0, new Val(element->data_type(), TYPE_COUNT)); + type_val->Assign(0, val_mgr->GetCount(element->data_type())); type_val->Assign(1, bytestring_to_val(element->pa_data_element()->pa_pw_salt()->encoding()->content())); vv->Assign(vv->Size(), type_val); break; @@ -44,7 +44,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a case PA_ENCTYPE_INFO: { RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); - type_val->Assign(0, new Val(element->data_type(), TYPE_COUNT)); + type_val->Assign(0, val_mgr->GetCount(element->data_type())); type_val->Assign(1, bytestring_to_val(element->pa_data_element()->pf_enctype_info()->salt())); vv->Assign(vv->Size(), type_val); break; @@ -52,7 +52,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a case PA_ENCTYPE_INFO2: { RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); - type_val->Assign(0, new Val(element->data_type(), TYPE_COUNT)); + type_val->Assign(0, val_mgr->GetCount(element->data_type())); type_val->Assign(1, bytestring_to_val(element->pa_data_element()->pf_enctype_info2()->salt())); vv->Assign(vv->Size(), type_val); break; @@ -110,7 +110,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a if ( ! is_error && element->pa_data_element()->unknown()->meta()->length() > 0 ) { RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); - type_val->Assign(0, new Val(element->data_type(), TYPE_COUNT)); + type_val->Assign(0, val_mgr->GetCount(element->data_type())); type_val->Assign(1, bytestring_to_val(element->pa_data_element()->unknown()->content())); vv->Assign(vv->Size(), type_val); } diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index c39c4cf383..f8eb233a29 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -437,7 +437,7 @@ void Login_Analyzer::LoginEvent(EventHandlerPtr f, const char* line, vl->append(BuildConnVal()); vl->append(username->Ref()); - vl->append(client_name ? client_name->Ref() : new StringVal("")); + vl->append(client_name ? client_name->Ref() : val_mgr->GetEmptyString()); vl->append(password); vl->append(new StringVal(line)); @@ -612,7 +612,7 @@ Val* Login_Analyzer::PopUserTextVal() if ( s ) return new StringVal(new BroString(1, byte_vec(s), strlen(s))); else - return new StringVal(""); + return val_mgr->GetEmptyString(); } int Login_Analyzer::MatchesTypeahead(const char* line) const diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index ff8e6bad3e..0afacb2f2b 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -169,9 +169,9 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { if ( contents_orig->RshSaveState() == RSH_SERVER_USER_NAME ) // First input - vl->append(new Val(true, TYPE_BOOL)); + vl->append(val_mgr->GetTrue()); else - vl->append(new Val(false, TYPE_BOOL)); + vl->append(val_mgr->GetFalse()); ConnectionEvent(rsh_request, vl); } diff --git a/src/analyzer/protocol/login/functions.bif b/src/analyzer/protocol/login/functions.bif index c3d7cbf82b..bc4b2a7104 100644 --- a/src/analyzer/protocol/login/functions.bif +++ b/src/analyzer/protocol/login/functions.bif @@ -26,14 +26,13 @@ function get_login_state%(cid: conn_id%): count %{ Connection* c = sessions->FindConnection(cid); if ( ! c ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); analyzer::Analyzer* la = c->FindAnalyzer("Login"); if ( ! la ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); - return new Val(int(static_cast(la)->LoginState()), - TYPE_COUNT); + return val_mgr->GetCount(int(static_cast(la)->LoginState())); %} ## Sets the login state of a connection with a login analyzer. @@ -51,12 +50,12 @@ function set_login_state%(cid: conn_id, new_state: count%): bool %{ Connection* c = sessions->FindConnection(cid); if ( ! c ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); analyzer::Analyzer* la = c->FindAnalyzer("Login"); if ( ! la ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); static_cast(la)->SetLoginState(analyzer::login::login_state(new_state)); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index 19d3dbe5d3..e9655fd26c 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1296,7 +1296,7 @@ TableVal* MIME_Message::BuildHeaderTable(MIME_HeaderList& hlist) for ( unsigned int i = 0; i < hlist.size(); ++i ) { - Val* index = new Val(i+1, TYPE_COUNT); // index starting from 1 + Val* index = val_mgr->GetCount(i+1); // index starting from 1 MIME_Header* h = hlist[i]; RecordVal* header_record = BuildHeaderVal(h); @@ -1359,7 +1359,7 @@ void MIME_Mail::Done() val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); - vl->append(new Val(content_hash_length, TYPE_COUNT)); + vl->append(val_mgr->GetCount(content_hash_length)); vl->append(new StringVal(new BroString(1, digest, 16))); analyzer->ConnectionEvent(mime_content_hash, vl); } @@ -1400,7 +1400,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) val_list* vl = new val_list(); vl->append(analyzer->BuildConnVal()); - vl->append(new Val(s->Len(), TYPE_COUNT)); + vl->append(val_mgr->GetCount(s->Len())); vl->append(new StringVal(s)); analyzer->ConnectionEvent(mime_entity_data, vl); @@ -1476,7 +1476,7 @@ void MIME_Mail::SubmitData(int len, const char* buf) val_list* vl = new val_list(); vl->append(analyzer->BuildConnVal()); - vl->append(new Val(data_len, TYPE_COUNT)); + vl->append(val_mgr->GetCount(data_len)); vl->append(new StringVal(data_len, data)); analyzer->ConnectionEvent(mime_segment_data, vl); } @@ -1523,7 +1523,7 @@ void MIME_Mail::SubmitAllData() val_list* vl = new val_list(); vl->append(analyzer->BuildConnVal()); - vl->append(new Val(s->Len(), TYPE_COUNT)); + vl->append(val_mgr->GetCount(s->Len())); vl->append(new StringVal(s)); analyzer->ConnectionEvent(mime_all_data, vl); diff --git a/src/analyzer/protocol/modbus/modbus-analyzer.pac b/src/analyzer/protocol/modbus/modbus-analyzer.pac index 4f8df7fb9b..d93a40fb87 100644 --- a/src/analyzer/protocol/modbus/modbus-analyzer.pac +++ b/src/analyzer/protocol/modbus/modbus-analyzer.pac @@ -20,7 +20,7 @@ for ( uint i = 0; i < quantity; i++ ) { char currentCoil = (coils[i/8] >> (i % 8)) % 2; - modbus_coils->Assign(i, new Val(currentCoil, TYPE_BOOL)); + modbus_coils->Assign(i, val_mgr->GetBool(currentCoil)); } return modbus_coils; @@ -29,10 +29,10 @@ RecordVal* HeaderToBro(ModbusTCP_TransportHeader *header) { RecordVal* modbus_header = new RecordVal(BifType::Record::ModbusHeaders); - modbus_header->Assign(0, new Val(header->tid(), TYPE_COUNT)); - modbus_header->Assign(1, new Val(header->pid(), TYPE_COUNT)); - modbus_header->Assign(2, new Val(header->uid(), TYPE_COUNT)); - modbus_header->Assign(3, new Val(header->fc(), TYPE_COUNT)); + modbus_header->Assign(0, val_mgr->GetCount(header->tid())); + modbus_header->Assign(1, val_mgr->GetCount(header->pid())); + modbus_header->Assign(2, val_mgr->GetCount(header->uid())); + modbus_header->Assign(3, val_mgr->GetCount(header->fc())); return modbus_header; } @@ -213,7 +213,7 @@ refine flow ModbusTCP_Flow += { VectorVal* t = new VectorVal(BifType::Vector::ModbusRegisters); for ( unsigned int i=0; i < ${message.registers}->size(); ++i ) { - Val* r = new Val(${message.registers[i]}, TYPE_COUNT); + Val* r = val_mgr->GetCount(${message.registers[i]}); t->Assign(i, r); } @@ -256,7 +256,7 @@ refine flow ModbusTCP_Flow += { VectorVal* t = new VectorVal(BifType::Vector::ModbusRegisters); for ( unsigned int i=0; i < (${message.registers})->size(); ++i ) { - Val* r = new Val(${message.registers[i]}, TYPE_COUNT); + Val* r = val_mgr->GetCount(${message.registers[i]}); t->Assign(i, r); } @@ -399,7 +399,7 @@ refine flow ModbusTCP_Flow += { VectorVal * t = new VectorVal(BifType::Vector::ModbusRegisters); for ( unsigned int i = 0; i < (${message.registers}->size()); ++i ) { - Val* r = new Val(${message.registers[i]}, TYPE_COUNT); + Val* r = val_mgr->GetCount(${message.registers[i]}); t->Assign(i, r); } @@ -435,13 +435,13 @@ refine flow ModbusTCP_Flow += { //VectorVal *t = create_vector_of_count(); //for ( unsigned int i = 0; i < (${message.references}->size()); ++i ) // { - // Val* r = new Val((${message.references[i].ref_type}), TYPE_COUNT); + // Val* r = val_mgr->GetCount((${message.references[i].ref_type})); // t->Assign(i, r); // - // Val* k = new Val((${message.references[i].file_num}), TYPE_COUNT); + // Val* k = val_mgr->GetCount((${message.references[i].file_num})); // t->Assign(i, k); // - // Val* l = new Val((${message.references[i].record_num}), TYPE_COUNT); + // Val* l = val_mgr->GetCount((${message.references[i].record_num})); // t->Assign(i, l); // } @@ -462,7 +462,7 @@ refine flow ModbusTCP_Flow += { //for ( unsigned int i = 0; i < ${message.references}->size(); ++i ) // { // //TODO: work the reference type in here somewhere - // Val* r = new Val(${message.references[i].record_data}), TYPE_COUNT); + // Val* r = val_mgr->GetCount(${message.references[i].record_data})); // t->Assign(i, r); // } @@ -482,18 +482,18 @@ refine flow ModbusTCP_Flow += { //VectorVal* t = create_vector_of_count(); //for ( unsigned int i = 0; i < (${message.references}->size()); ++i ) // { - // Val* r = new Val((${message.references[i].ref_type}), TYPE_COUNT); + // Val* r = val_mgr->GetCount((${message.references[i].ref_type})); // t->Assign(i, r); // - // Val* k = new Val((${message.references[i].file_num}), TYPE_COUNT); + // Val* k = val_mgr->GetCount((${message.references[i].file_num})); // t->Assign(i, k); // - // Val* n = new Val((${message.references[i].record_num}), TYPE_COUNT); + // Val* n = val_mgr->GetCount((${message.references[i].record_num})); // t->Assign(i, n); // // for ( unsigned int j = 0; j < (${message.references[i].register_value}->size()); ++j ) // { - // k = new Val((${message.references[i].register_value[j]}), TYPE_COUNT); + // k = val_mgr->GetCount((${message.references[i].register_value[j]})); // t->Assign(i, k); // } // } @@ -515,18 +515,18 @@ refine flow ModbusTCP_Flow += { //VectorVal* t = create_vector_of_count(); //for ( unsigned int i = 0; i < (${messages.references}->size()); ++i ) // { - // Val* r = new Val((${message.references[i].ref_type}), TYPE_COUNT); + // Val* r = val_mgr->GetCount((${message.references[i].ref_type})); // t->Assign(i, r); // - // Val* f = new Val((${message.references[i].file_num}), TYPE_COUNT); + // Val* f = val_mgr->GetCount((${message.references[i].file_num})); // t->Assign(i, f); // - // Val* rn = new Val((${message.references[i].record_num}), TYPE_COUNT); + // Val* rn = val_mgr->GetCount((${message.references[i].record_num})); // t->Assign(i, rn); // // for ( unsigned int j = 0; j<(${message.references[i].register_value}->size()); ++j ) // { - // Val* k = new Val((${message.references[i].register_value[j]}), TYPE_COUNT); + // Val* k = val_mgr->GetCount((${message.references[i].register_value[j]})); // t->Assign(i, k); // } @@ -583,7 +583,7 @@ refine flow ModbusTCP_Flow += { VectorVal* t = new VectorVal(BifType::Vector::ModbusRegisters); for ( unsigned int i = 0; i < ${message.write_register_values}->size(); ++i ) { - Val* r = new Val(${message.write_register_values[i]}, TYPE_COUNT); + Val* r = val_mgr->GetCount(${message.write_register_values[i]}); t->Assign(i, r); } @@ -614,7 +614,7 @@ refine flow ModbusTCP_Flow += { VectorVal* t = new VectorVal(BifType::Vector::ModbusRegisters); for ( unsigned int i = 0; i < ${message.registers}->size(); ++i ) { - Val* r = new Val(${message.registers[i]}, TYPE_COUNT); + Val* r = val_mgr->GetCount(${message.registers[i]}); t->Assign(i, r); } @@ -657,7 +657,7 @@ refine flow ModbusTCP_Flow += { VectorVal* t = create_vector_of_count(); for ( unsigned int i = 0; i < (${message.register_data})->size(); ++i ) { - Val* r = new Val(${message.register_data[i]}, TYPE_COUNT); + Val* r = val_mgr->GetCount(${message.register_data[i]}); t->Assign(i, r); } diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index e8672e7ebe..b59358b703 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -63,17 +63,16 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame) { val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); - vl->append(new Val(frame->frame_type(), TYPE_COUNT)); - vl->append(new Val(frame->body_length(), TYPE_COUNT)); + vl->append(val_mgr->GetCount(frame->frame_type())); + vl->append(val_mgr->GetCount(frame->body_length())); if ( frame->is_orig() ) - vl->append(new Val(req_func, TYPE_COUNT)); + vl->append(val_mgr->GetCount(req_func)); else { - vl->append(new Val(req_frame_type, TYPE_COUNT)); - vl->append(new Val(req_func, TYPE_COUNT)); - vl->append(new Val(frame->reply()->completion_code(), - TYPE_COUNT)); + vl->append(val_mgr->GetCount(req_frame_type)); + vl->append(val_mgr->GetCount(req_func)); + vl->append(val_mgr->GetCount(frame->reply()->completion_code())); } analyzer->ConnectionEvent(f, vl); diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 2153b9cad7..07c81f6839 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -60,9 +60,9 @@ int NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags, { val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); - vl->append(new Val(is_query, TYPE_BOOL)); - vl->append(new Val(type, TYPE_COUNT)); - vl->append(new Val(len, TYPE_COUNT)); + vl->append(val_mgr->GetBool(is_query)); + vl->append(val_mgr->GetCount(type)); + vl->append(val_mgr->GetCount(len)); analyzer->ConnectionEvent(netbios_session_message, vl); } @@ -331,7 +331,7 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data, val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); if ( is_orig >= 0 ) - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); vl->append(new StringVal(new BroString(data, len, 0))); analyzer->ConnectionEvent(event, vl); diff --git a/src/analyzer/protocol/netbios/functions.bif b/src/analyzer/protocol/netbios/functions.bif index d4316d0c66..f92402a3e8 100644 --- a/src/analyzer/protocol/netbios/functions.bif +++ b/src/analyzer/protocol/netbios/functions.bif @@ -46,5 +46,5 @@ function decode_netbios_name_type%(name: string%): count %{ const u_char* s = name->Bytes(); char return_val = ((toupper(s[30]) - 'A') << 4) + (toupper(s[31]) - 'A'); - return new Val(return_val, TYPE_COUNT); + return val_mgr->GetCount(return_val); %} diff --git a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac index 55756b61e9..c72a9d249a 100644 --- a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac +++ b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac @@ -16,10 +16,10 @@ refine connection NTLM_Conn += { function build_version_record(val: NTLM_Version): BroVal %{ RecordVal* result = new RecordVal(BifType::Record::NTLM::Version); - result->Assign(0, new Val(${val.major_version}, TYPE_COUNT)); - result->Assign(1, new Val(${val.minor_version}, TYPE_COUNT)); - result->Assign(2, new Val(${val.build_number}, TYPE_COUNT)); - result->Assign(3, new Val(${val.ntlm_revision}, TYPE_COUNT)); + result->Assign(0, val_mgr->GetCount(${val.major_version})); + result->Assign(1, val_mgr->GetCount(${val.minor_version})); + result->Assign(2, val_mgr->GetCount(${val.build_number})); + result->Assign(3, val_mgr->GetCount(${val.ntlm_revision})); return result; %} @@ -47,13 +47,13 @@ refine connection NTLM_Conn += { result->Assign(4, utf16_bytestring_to_utf8_val(bro_analyzer()->Conn(), ${val.pairs[i].dns_tree_name.data})); break; case 6: - result->Assign(5, new Val(${val.pairs[i].constrained_auth}, TYPE_BOOL)); + result->Assign(5, val_mgr->GetBool(${val.pairs[i].constrained_auth})); break; case 7: result->Assign(6, filetime2brotime(${val.pairs[i].timestamp})); break; case 8: - result->Assign(7, new Val(${val.pairs[i].single_host.machine_id}, TYPE_COUNT)); + result->Assign(7, val_mgr->GetCount(${val.pairs[i].single_host.machine_id})); break; case 9: result->Assign(8, utf16_bytestring_to_utf8_val(bro_analyzer()->Conn(), ${val.pairs[i].target_name.data})); @@ -66,28 +66,28 @@ refine connection NTLM_Conn += { function build_negotiate_flag_record(val: NTLM_Negotiate_Flags): BroVal %{ RecordVal* flags = new RecordVal(BifType::Record::NTLM::NegotiateFlags); - flags->Assign(0, new Val(${val.negotiate_56}, TYPE_BOOL)); - flags->Assign(1, new Val(${val.negotiate_key_exch}, TYPE_BOOL)); - flags->Assign(2, new Val(${val.negotiate_128}, TYPE_BOOL)); - flags->Assign(3, new Val(${val.negotiate_version}, TYPE_BOOL)); - flags->Assign(4, new Val(${val.negotiate_target_info}, TYPE_BOOL)); - flags->Assign(5, new Val(${val.request_non_nt_session_key}, TYPE_BOOL)); - flags->Assign(6, new Val(${val.negotiate_identify}, TYPE_BOOL)); - flags->Assign(7, new Val(${val.negotiate_extended_sessionsecurity}, TYPE_BOOL)); - flags->Assign(8, new Val(${val.target_type_server}, TYPE_BOOL)); - flags->Assign(9, new Val(${val.target_type_domain}, TYPE_BOOL)); - flags->Assign(10, new Val(${val.negotiate_always_sign}, TYPE_BOOL)); - flags->Assign(11, new Val(${val.negotiate_oem_workstation_supplied}, TYPE_BOOL)); - flags->Assign(12, new Val(${val.negotiate_oem_domain_supplied}, TYPE_BOOL)); - flags->Assign(13, new Val(${val.negotiate_anonymous_connection}, TYPE_BOOL)); - flags->Assign(14, new Val(${val.negotiate_ntlm}, TYPE_BOOL)); - flags->Assign(15, new Val(${val.negotiate_lm_key}, TYPE_BOOL)); - flags->Assign(16, new Val(${val.negotiate_datagram}, TYPE_BOOL)); - flags->Assign(17, new Val(${val.negotiate_seal}, TYPE_BOOL)); - flags->Assign(18, new Val(${val.negotiate_sign}, TYPE_BOOL)); - flags->Assign(19, new Val(${val.request_target}, TYPE_BOOL)); - flags->Assign(20, new Val(${val.negotiate_oem}, TYPE_BOOL)); - flags->Assign(21, new Val(${val.negotiate_unicode}, TYPE_BOOL)); + flags->Assign(0, val_mgr->GetBool(${val.negotiate_56})); + flags->Assign(1, val_mgr->GetBool(${val.negotiate_key_exch})); + flags->Assign(2, val_mgr->GetBool(${val.negotiate_128})); + flags->Assign(3, val_mgr->GetBool(${val.negotiate_version})); + flags->Assign(4, val_mgr->GetBool(${val.negotiate_target_info})); + flags->Assign(5, val_mgr->GetBool(${val.request_non_nt_session_key})); + flags->Assign(6, val_mgr->GetBool(${val.negotiate_identify})); + flags->Assign(7, val_mgr->GetBool(${val.negotiate_extended_sessionsecurity})); + flags->Assign(8, val_mgr->GetBool(${val.target_type_server})); + flags->Assign(9, val_mgr->GetBool(${val.target_type_domain})); + flags->Assign(10, val_mgr->GetBool(${val.negotiate_always_sign})); + flags->Assign(11, val_mgr->GetBool(${val.negotiate_oem_workstation_supplied})); + flags->Assign(12, val_mgr->GetBool(${val.negotiate_oem_domain_supplied})); + flags->Assign(13, val_mgr->GetBool(${val.negotiate_anonymous_connection})); + flags->Assign(14, val_mgr->GetBool(${val.negotiate_ntlm})); + flags->Assign(15, val_mgr->GetBool(${val.negotiate_lm_key})); + flags->Assign(16, val_mgr->GetBool(${val.negotiate_datagram})); + flags->Assign(17, val_mgr->GetBool(${val.negotiate_seal})); + flags->Assign(18, val_mgr->GetBool(${val.negotiate_sign})); + flags->Assign(19, val_mgr->GetBool(${val.request_target})); + flags->Assign(20, val_mgr->GetBool(${val.negotiate_oem})); + flags->Assign(21, val_mgr->GetBool(${val.negotiate_unicode})); return flags; %} diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index d46972b8cb..631d5bc3e9 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -66,11 +66,11 @@ void NTP_Analyzer::Message(const u_char* data, int len) unsigned int code = ntp_data->status & 0x7; - msg->Assign(0, new Val((unsigned int) (ntohl(ntp_data->refid)), TYPE_COUNT)); - msg->Assign(1, new Val(code, TYPE_COUNT)); - msg->Assign(2, new Val((unsigned int) ntp_data->stratum, TYPE_COUNT)); - msg->Assign(3, new Val((unsigned int) ntp_data->ppoll, TYPE_COUNT)); - msg->Assign(4, new Val((unsigned int) ntp_data->precision, TYPE_INT)); + msg->Assign(0, val_mgr->GetCount((unsigned int) (ntohl(ntp_data->refid)))); + msg->Assign(1, val_mgr->GetCount(code)); + msg->Assign(2, val_mgr->GetCount((unsigned int) ntp_data->stratum)); + msg->Assign(3, val_mgr->GetCount((unsigned int) ntp_data->ppoll)); + msg->Assign(4, val_mgr->GetInt((unsigned int) ntp_data->precision)); msg->Assign(5, new Val(ShortFloat(ntp_data->distance), TYPE_INTERVAL)); msg->Assign(6, new Val(ShortFloat(ntp_data->dispersion), TYPE_INTERVAL)); msg->Assign(7, new Val(LongFloat(ntp_data->reftime), TYPE_TIME)); diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index 4f5e5819a6..2cd5041a70 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -929,7 +929,7 @@ void POP3_Analyzer::POP3Event(EventHandlerPtr event, bool is_orig, val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); if ( arg1 ) vl->append(new StringVal(arg1)); if ( arg2 ) diff --git a/src/analyzer/protocol/radius/radius-analyzer.pac b/src/analyzer/protocol/radius/radius-analyzer.pac index edeb509436..e727bc4f02 100644 --- a/src/analyzer/protocol/radius/radius-analyzer.pac +++ b/src/analyzer/protocol/radius/radius-analyzer.pac @@ -8,8 +8,8 @@ refine flow RADIUS_Flow += { return false; RecordVal* result = new RecordVal(BifType::Record::RADIUS::Message); - result->Assign(0, new Val(${msg.code}, TYPE_COUNT)); - result->Assign(1, new Val(${msg.trans_id}, TYPE_COUNT)); + result->Assign(0, val_mgr->GetCount(${msg.code})); + result->Assign(1, val_mgr->GetCount(${msg.trans_id})); result->Assign(2, bytestring_to_val(${msg.authenticator})); if ( ${msg.attributes}->size() ) @@ -17,7 +17,7 @@ refine flow RADIUS_Flow += { TableVal* attributes = new TableVal(BifType::Table::RADIUS::Attributes); for ( uint i = 0; i < ${msg.attributes}->size(); ++i ) { - Val* index = new Val(${msg.attributes[i].code}, TYPE_COUNT); + Val* index = val_mgr->GetCount(${msg.attributes[i].code}); // Do we already have a vector of attributes for this type? Val* current = attributes->Lookup(index); diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac index 1ba2c465d8..9c370887a2 100644 --- a/src/analyzer/protocol/rdp/rdp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -61,35 +61,35 @@ refine flow RDP_Flow += { if ( rdp_client_core_data ) { RecordVal* ec_flags = new RecordVal(BifType::Record::RDP::EarlyCapabilityFlags); - ec_flags->Assign(0, new Val(${ccore.SUPPORT_ERRINFO_PDU}, TYPE_BOOL)); - ec_flags->Assign(1, new Val(${ccore.WANT_32BPP_SESSION}, TYPE_BOOL)); - ec_flags->Assign(2, new Val(${ccore.SUPPORT_STATUSINFO_PDU}, TYPE_BOOL)); - ec_flags->Assign(3, new Val(${ccore.STRONG_ASYMMETRIC_KEYS}, TYPE_BOOL)); - ec_flags->Assign(4, new Val(${ccore.SUPPORT_MONITOR_LAYOUT_PDU}, TYPE_BOOL)); - ec_flags->Assign(5, new Val(${ccore.SUPPORT_NETCHAR_AUTODETECT}, TYPE_BOOL)); - ec_flags->Assign(6, new Val(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL}, TYPE_BOOL)); - ec_flags->Assign(7, new Val(${ccore.SUPPORT_DYNAMIC_TIME_ZONE}, TYPE_BOOL)); - ec_flags->Assign(8, new Val(${ccore.SUPPORT_HEARTBEAT_PDU}, TYPE_BOOL)); + ec_flags->Assign(0, val_mgr->GetBool(${ccore.SUPPORT_ERRINFO_PDU})); + ec_flags->Assign(1, val_mgr->GetBool(${ccore.WANT_32BPP_SESSION})); + ec_flags->Assign(2, val_mgr->GetBool(${ccore.SUPPORT_STATUSINFO_PDU})); + ec_flags->Assign(3, val_mgr->GetBool(${ccore.STRONG_ASYMMETRIC_KEYS})); + ec_flags->Assign(4, val_mgr->GetBool(${ccore.SUPPORT_MONITOR_LAYOUT_PDU})); + ec_flags->Assign(5, val_mgr->GetBool(${ccore.SUPPORT_NETCHAR_AUTODETECT})); + ec_flags->Assign(6, val_mgr->GetBool(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL})); + ec_flags->Assign(7, val_mgr->GetBool(${ccore.SUPPORT_DYNAMIC_TIME_ZONE})); + ec_flags->Assign(8, val_mgr->GetBool(${ccore.SUPPORT_HEARTBEAT_PDU})); RecordVal* ccd = new RecordVal(BifType::Record::RDP::ClientCoreData); - ccd->Assign(0, new Val(${ccore.version_major}, TYPE_COUNT)); - ccd->Assign(1, new Val(${ccore.version_minor}, TYPE_COUNT)); - ccd->Assign(2, new Val(${ccore.desktop_width}, TYPE_COUNT)); - ccd->Assign(3, new Val(${ccore.desktop_height}, TYPE_COUNT)); - ccd->Assign(4, new Val(${ccore.color_depth}, TYPE_COUNT)); - ccd->Assign(5, new Val(${ccore.sas_sequence}, TYPE_COUNT)); - ccd->Assign(6, new Val(${ccore.keyboard_layout}, TYPE_COUNT)); - ccd->Assign(7, new Val(${ccore.client_build}, TYPE_COUNT)); + ccd->Assign(0, val_mgr->GetCount(${ccore.version_major})); + ccd->Assign(1, val_mgr->GetCount(${ccore.version_minor})); + ccd->Assign(2, val_mgr->GetCount(${ccore.desktop_width})); + ccd->Assign(3, val_mgr->GetCount(${ccore.desktop_height})); + ccd->Assign(4, val_mgr->GetCount(${ccore.color_depth})); + ccd->Assign(5, val_mgr->GetCount(${ccore.sas_sequence})); + ccd->Assign(6, val_mgr->GetCount(${ccore.keyboard_layout})); + ccd->Assign(7, val_mgr->GetCount(${ccore.client_build})); ccd->Assign(8, utf16_bytestring_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.client_name})); - ccd->Assign(9, new Val(${ccore.keyboard_type}, TYPE_COUNT)); - ccd->Assign(10, new Val(${ccore.keyboard_sub}, TYPE_COUNT)); - ccd->Assign(11, new Val(${ccore.keyboard_function_key}, TYPE_COUNT)); + ccd->Assign(9, val_mgr->GetCount(${ccore.keyboard_type})); + ccd->Assign(10, val_mgr->GetCount(${ccore.keyboard_sub})); + ccd->Assign(11, val_mgr->GetCount(${ccore.keyboard_function_key})); ccd->Assign(12, utf16_bytestring_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.ime_file_name})); - ccd->Assign(13, new Val(${ccore.post_beta2_color_depth}, TYPE_COUNT)); - ccd->Assign(14, new Val(${ccore.client_product_id}, TYPE_COUNT)); - ccd->Assign(15, new Val(${ccore.serial_number}, TYPE_COUNT)); - ccd->Assign(16, new Val(${ccore.high_color_depth}, TYPE_COUNT)); - ccd->Assign(17, new Val(${ccore.supported_color_depths}, TYPE_COUNT)); + ccd->Assign(13, val_mgr->GetCount(${ccore.post_beta2_color_depth})); + ccd->Assign(14, val_mgr->GetCount(${ccore.client_product_id})); + ccd->Assign(15, val_mgr->GetCount(${ccore.serial_number})); + ccd->Assign(16, val_mgr->GetCount(${ccore.high_color_depth})); + ccd->Assign(17, val_mgr->GetCount(${ccore.supported_color_depths})); ccd->Assign(18, ec_flags); ccd->Assign(19, utf16_bytestring_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.dig_product_id})); diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index dd2fcdc959..f32f4449af 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -138,7 +138,7 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status // Otherwise DeliverRPC would complain about // excess_RPC. n = 0; - reply = new EnumVal(c->Proc(), BifType::Enum::MOUNT3::proc_t); + reply = BifType::Enum::MOUNT3::proc_t->GetVal(c->Proc()); event = mount_proc_not_implemented; } else @@ -194,21 +194,21 @@ val_list* MOUNT_Interp::event_common_vl(RPC_CallInfo *c, for (size_t i = 0; i < c->AuxGIDs().size(); ++i) { - auxgids->Assign(i, new Val(c->AuxGIDs()[i], TYPE_COUNT)); + auxgids->Assign(i, val_mgr->GetCount(c->AuxGIDs()[i])); } RecordVal* info = new RecordVal(BifType::Record::MOUNT3::info_t); - info->Assign(0, new EnumVal(rpc_status, BifType::Enum::rpc_status)); - info->Assign(1, new EnumVal(mount_status, BifType::Enum::MOUNT3::status_t)); + info->Assign(0, BifType::Enum::rpc_status->GetVal(rpc_status)); + info->Assign(1, BifType::Enum::MOUNT3::status_t->GetVal(mount_status)); info->Assign(2, new Val(c->StartTime(), TYPE_TIME)); info->Assign(3, new Val(c->LastTime() - c->StartTime(), TYPE_INTERVAL)); - info->Assign(4, new Val(c->RPCLen(), TYPE_COUNT)); + info->Assign(4, val_mgr->GetCount(c->RPCLen())); info->Assign(5, new Val(rep_start_time, TYPE_TIME)); info->Assign(6, new Val(rep_last_time - rep_start_time, TYPE_INTERVAL)); - info->Assign(7, new Val(reply_len, TYPE_COUNT)); - info->Assign(8, new Val(c->Uid(), TYPE_COUNT)); - info->Assign(9, new Val(c->Gid(), TYPE_COUNT)); - info->Assign(10, new Val(c->Stamp(), TYPE_COUNT)); + info->Assign(7, val_mgr->GetCount(reply_len)); + info->Assign(8, val_mgr->GetCount(c->Uid())); + info->Assign(9, val_mgr->GetCount(c->Gid())); + info->Assign(10, val_mgr->GetCount(c->Stamp())); info->Assign(11, new StringVal(c->MachineName())); info->Assign(12, auxgids); @@ -219,7 +219,7 @@ val_list* MOUNT_Interp::event_common_vl(RPC_CallInfo *c, EnumVal* MOUNT_Interp::mount3_auth_flavor(const u_char*& buf, int& n) { BifEnum::MOUNT3::auth_flavor_t t = (BifEnum::MOUNT3::auth_flavor_t)extract_XDR_uint32(buf, n); - return new EnumVal(t, BifType::Enum::MOUNT3::auth_flavor_t); + return BifType::Enum::MOUNT3::auth_flavor_t->GetVal(t); } StringVal* MOUNT_Interp::mount3_fh(const u_char*& buf, int& n) diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index 322f593e86..6d0841900c 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -250,7 +250,7 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, // Otherwise DeliverRPC would complain about // excess_RPC. n = 0; - reply = new EnumVal(c->Proc(), BifType::Enum::NFS3::proc_t); + reply = BifType::Enum::NFS3::proc_t->GetVal(c->Proc()); event = nfs_proc_not_implemented; } else @@ -329,20 +329,20 @@ val_list* NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_s VectorVal* auxgids = new VectorVal(internal_type("index_vec")->AsVectorType()); for ( size_t i = 0; i < c->AuxGIDs().size(); ++i ) - auxgids->Assign(i, new Val(c->AuxGIDs()[i], TYPE_COUNT)); + auxgids->Assign(i, val_mgr->GetCount(c->AuxGIDs()[i])); RecordVal *info = new RecordVal(BifType::Record::NFS3::info_t); - info->Assign(0, new EnumVal(rpc_status, BifType::Enum::rpc_status)); - info->Assign(1, new EnumVal(nfs_status, BifType::Enum::NFS3::status_t)); + info->Assign(0, BifType::Enum::rpc_status->GetVal(rpc_status)); + info->Assign(1, BifType::Enum::NFS3::status_t->GetVal(nfs_status)); info->Assign(2, new Val(c->StartTime(), TYPE_TIME)); info->Assign(3, new Val(c->LastTime()-c->StartTime(), TYPE_INTERVAL)); - info->Assign(4, new Val(c->RPCLen(), TYPE_COUNT)); + info->Assign(4, val_mgr->GetCount(c->RPCLen())); info->Assign(5, new Val(rep_start_time, TYPE_TIME)); info->Assign(6, new Val(rep_last_time-rep_start_time, TYPE_INTERVAL)); - info->Assign(7, new Val(reply_len, TYPE_COUNT)); - info->Assign(8, new Val(c->Uid(), TYPE_COUNT)); - info->Assign(9, new Val(c->Gid(), TYPE_COUNT)); - info->Assign(10, new Val(c->Stamp(), TYPE_COUNT)); + info->Assign(7, val_mgr->GetCount(reply_len)); + info->Assign(8, val_mgr->GetCount(c->Uid())); + info->Assign(9, val_mgr->GetCount(c->Gid())); + info->Assign(10, val_mgr->GetCount(c->Stamp())); info->Assign(11, new StringVal(c->MachineName())); info->Assign(12, auxgids); @@ -436,13 +436,13 @@ RecordVal* NFS_Interp::nfs3_fattr(const u_char*& buf, int& n) EnumVal* NFS_Interp::nfs3_time_how(const u_char*& buf, int& n) { BifEnum::NFS3::time_how_t t = (BifEnum::NFS3::time_how_t)extract_XDR_uint32(buf, n); - return new EnumVal(t, BifType::Enum::NFS3::time_how_t); + return BifType::Enum::NFS3::time_how_t->GetVal(t); } EnumVal* NFS_Interp::nfs3_ftype(const u_char*& buf, int& n) { BifEnum::NFS3::file_type_t t = (BifEnum::NFS3::file_type_t)extract_XDR_uint32(buf, n); - return new EnumVal(t, BifType::Enum::NFS3::file_type_t); + return BifType::Enum::NFS3::file_type_t->GetVal(t); } RecordVal* NFS_Interp::nfs3_wcc_attr(const u_char*& buf, int& n) @@ -531,7 +531,7 @@ RecordVal* NFS_Interp::nfs3_pre_op_attr(const u_char*& buf, int& n) EnumVal *NFS_Interp::nfs3_stable_how(const u_char*& buf, int& n) { BifEnum::NFS3::stable_how_t stable = (BifEnum::NFS3::stable_how_t)extract_XDR_uint32(buf, n); - return new EnumVal(stable, BifType::Enum::NFS3::stable_how_t); + return BifType::Enum::NFS3::stable_how_t->GetVal(stable); } RecordVal* NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status) @@ -575,7 +575,7 @@ RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3 rep->Assign(0, nfs3_post_op_attr(buf, n)); bytes_read = extract_XDR_uint32(buf, n); - rep->Assign(1, new Val(bytes_read, TYPE_COUNT)); + rep->Assign(1, val_mgr->GetCount(bytes_read)); rep->Assign(2, ExtractBool(buf, n)); rep->Assign(3, nfs3_file_data(buf, n, offset, bytes_read)); } @@ -658,9 +658,9 @@ RecordVal *NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n) writeargs->Assign(0, nfs3_fh(buf, n)); offset = extract_XDR_uint64(buf, n); - writeargs->Assign(1, new Val(offset, TYPE_COUNT)); // offset + writeargs->Assign(1, val_mgr->GetCount(offset)); // offset bytes = extract_XDR_uint32(buf, n); - writeargs->Assign(2, new Val(bytes, TYPE_COUNT)); // size + writeargs->Assign(2, val_mgr->GetCount(bytes)); // size writeargs->Assign(3, nfs3_stable_how(buf, n)); writeargs->Assign(4, nfs3_file_data(buf, n, offset, bytes)); @@ -745,7 +745,7 @@ RecordVal* NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n) { RecordVal *args = new RecordVal(BifType::Record::NFS3::readdirargs_t); - args->Assign(0, new Val(isplus, TYPE_BOOL)); + args->Assign(0, val_mgr->GetBool(isplus)); args->Assign(1, nfs3_fh(buf, n)); args->Assign(2, ExtractUint64(buf,n)); // cookie args->Assign(3, ExtractUint64(buf,n)); // cookieverf @@ -762,7 +762,7 @@ RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf, { RecordVal *rep = new RecordVal(BifType::Record::NFS3::readdir_reply_t); - rep->Assign(0, new Val(isplus, TYPE_BOOL)); + rep->Assign(0, val_mgr->GetBool(isplus)); if ( status == BifEnum::NFS3::NFS3ERR_OK ) { @@ -804,12 +804,12 @@ RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf, Val* NFS_Interp::ExtractUint32(const u_char*& buf, int& n) { - return new Val(extract_XDR_uint32(buf, n), TYPE_COUNT); + return val_mgr->GetCount(extract_XDR_uint32(buf, n)); } Val* NFS_Interp::ExtractUint64(const u_char*& buf, int& n) { - return new Val(extract_XDR_uint64(buf, n), TYPE_COUNT); + return val_mgr->GetCount(extract_XDR_uint64(buf, n)); } Val* NFS_Interp::ExtractTime(const u_char*& buf, int& n) @@ -824,7 +824,7 @@ Val* NFS_Interp::ExtractInterval(const u_char*& buf, int& n) Val* NFS_Interp::ExtractBool(const u_char*& buf, int& n) { - return new Val(extract_XDR_uint32(buf, n), TYPE_BOOL); + return val_mgr->GetBool(extract_XDR_uint32(buf, n)); } diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 9f52394ac4..95beab6b62 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -94,7 +94,7 @@ int PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status status if ( ! buf ) return 0; - reply = new Val(status, TYPE_BOOL); + reply = val_mgr->GetBool(status); event = pm_request_set; } else @@ -109,7 +109,7 @@ int PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status status if ( ! buf ) return 0; - reply = new Val(status, TYPE_BOOL); + reply = val_mgr->GetBool(status); event = pm_request_unset; } else @@ -126,7 +126,7 @@ int PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status status RecordVal* rv = c->RequestVal()->AsRecordVal(); Val* is_tcp = rv->Lookup(2); - reply = port_mgr->Get(CheckPort(port), + reply = val_mgr->GetPort(CheckPort(port), is_tcp->IsOne() ? TRANSPORT_TCP : TRANSPORT_UDP); event = pm_request_getport; @@ -150,7 +150,7 @@ int PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status status if ( ! m ) break; - Val* index = new Val(++nmap, TYPE_COUNT); + Val* index = val_mgr->GetCount(++nmap); mappings->Assign(index, m); Unref(index); } @@ -178,7 +178,7 @@ int PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status status if ( ! opaque_reply ) return 0; - reply = port_mgr->Get(CheckPort(port), TRANSPORT_UDP); + reply = val_mgr->GetPort(CheckPort(port), TRANSPORT_UDP); event = pm_request_callit; } else @@ -197,12 +197,12 @@ Val* PortmapperInterp::ExtractMapping(const u_char*& buf, int& len) { RecordVal* mapping = new RecordVal(pm_mapping); - mapping->Assign(0, new Val(extract_XDR_uint32(buf, len), TYPE_COUNT)); - mapping->Assign(1, new Val(extract_XDR_uint32(buf, len), TYPE_COUNT)); + mapping->Assign(0, val_mgr->GetCount(extract_XDR_uint32(buf, len))); + mapping->Assign(1, val_mgr->GetCount(extract_XDR_uint32(buf, len))); int is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP; uint32 port = extract_XDR_uint32(buf, len); - mapping->Assign(2, port_mgr->Get(CheckPort(port), + mapping->Assign(2, val_mgr->GetPort(CheckPort(port), is_tcp ? TRANSPORT_TCP : TRANSPORT_UDP)); if ( ! buf ) @@ -218,11 +218,11 @@ Val* PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len) { RecordVal* pr = new RecordVal(pm_port_request); - pr->Assign(0, new Val(extract_XDR_uint32(buf, len), TYPE_COUNT)); - pr->Assign(1, new Val(extract_XDR_uint32(buf, len), TYPE_COUNT)); + pr->Assign(0, val_mgr->GetCount(extract_XDR_uint32(buf, len))); + pr->Assign(1, val_mgr->GetCount(extract_XDR_uint32(buf, len))); int is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP; - pr->Assign(2, new Val(is_tcp, TYPE_BOOL)); + pr->Assign(2, val_mgr->GetBool(is_tcp)); (void) extract_XDR_uint32(buf, len); // consume the bogus port if ( ! buf ) @@ -238,13 +238,13 @@ Val* PortmapperInterp::ExtractCallItRequest(const u_char*& buf, int& len) { RecordVal* c = new RecordVal(pm_callit_request); - c->Assign(0, new Val(extract_XDR_uint32(buf, len), TYPE_COUNT)); - c->Assign(1, new Val(extract_XDR_uint32(buf, len), TYPE_COUNT)); - c->Assign(2, new Val(extract_XDR_uint32(buf, len), TYPE_COUNT)); + c->Assign(0, val_mgr->GetCount(extract_XDR_uint32(buf, len))); + c->Assign(1, val_mgr->GetCount(extract_XDR_uint32(buf, len))); + c->Assign(2, val_mgr->GetCount(extract_XDR_uint32(buf, len))); int arg_n; (void) extract_XDR_opaque(buf, len, arg_n); - c->Assign(3, new Val(arg_n, TYPE_COUNT)); + c->Assign(3, val_mgr->GetCount(arg_n)); if ( ! buf ) { @@ -263,7 +263,7 @@ uint32 PortmapperInterp::CheckPort(uint32 port) { val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); - vl->append(new Val(port, TYPE_COUNT)); + vl->append(val_mgr->GetCount(port)); analyzer->ConnectionEvent(pm_bad_port, vl); } @@ -295,7 +295,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu } else { - vl->append(new EnumVal(status, BifType::Enum::rpc_status)); + vl->append(BifType::Enum::rpc_status->GetVal(status)); if ( request ) vl->append(request); } diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 74c93337d7..9d86210df6 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -332,13 +332,13 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st { val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); - vl->append(new Val(c->Program(), TYPE_COUNT)); - vl->append(new Val(c->Version(), TYPE_COUNT)); - vl->append(new Val(c->Proc(), TYPE_COUNT)); - vl->append(new EnumVal(status, BifType::Enum::rpc_status)); + vl->append(val_mgr->GetCount(c->Program())); + vl->append(val_mgr->GetCount(c->Version())); + vl->append(val_mgr->GetCount(c->Proc())); + vl->append(BifType::Enum::rpc_status->GetVal(status)); vl->append(new Val(c->StartTime(), TYPE_TIME)); - vl->append(new Val(c->CallLen(), TYPE_COUNT)); - vl->append(new Val(reply_len, TYPE_COUNT)); + vl->append(val_mgr->GetCount(c->CallLen())); + vl->append(val_mgr->GetCount(reply_len)); analyzer->ConnectionEvent(rpc_dialogue, vl); } } @@ -349,11 +349,11 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c) { val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); - vl->append(new Val(c->XID(), TYPE_COUNT)); - vl->append(new Val(c->Program(), TYPE_COUNT)); - vl->append(new Val(c->Version(), TYPE_COUNT)); - vl->append(new Val(c->Proc(), TYPE_COUNT)); - vl->append(new Val(c->CallLen(), TYPE_COUNT)); + vl->append(val_mgr->GetCount(c->XID())); + vl->append(val_mgr->GetCount(c->Program())); + vl->append(val_mgr->GetCount(c->Version())); + vl->append(val_mgr->GetCount(c->Proc())); + vl->append(val_mgr->GetCount(c->CallLen())); analyzer->ConnectionEvent(rpc_call, vl); } } @@ -364,9 +364,9 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status, { val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); - vl->append(new Val(xid, TYPE_COUNT)); - vl->append(new EnumVal(status, BifType::Enum::rpc_status)); - vl->append(new Val(reply_len, TYPE_COUNT)); + vl->append(val_mgr->GetCount(xid)); + vl->append(BifType::Enum::rpc_status->GetVal(status)); + vl->append(val_mgr->GetCount(reply_len)); analyzer->ConnectionEvent(rpc_reply, vl); } } diff --git a/src/analyzer/protocol/sip/sip-analyzer.pac b/src/analyzer/protocol/sip/sip-analyzer.pac index 3174e6a977..1d8e6dad5a 100644 --- a/src/analyzer/protocol/sip/sip-analyzer.pac +++ b/src/analyzer/protocol/sip/sip-analyzer.pac @@ -69,7 +69,7 @@ refine flow SIP_Flow += { for ( unsigned int i = 0; i < headers.size(); ++i ) { // index starting from 1 - Val* index = new Val(i + 1, TYPE_COUNT); + Val* index = val_mgr->GetCount(i + 1); t->Assign(index, headers[i]); Unref(index); } @@ -111,7 +111,7 @@ refine flow SIP_Flow += { } else { - name_val = new StringVal(""); + name_val = val_mgr->GetEmptyString(); } header_record->Assign(0, name_val); diff --git a/src/analyzer/protocol/smb/smb1-com-negotiate.pac b/src/analyzer/protocol/smb/smb1-com-negotiate.pac index 1dd837e328..1b4aab7d71 100644 --- a/src/analyzer/protocol/smb/smb1-com-negotiate.pac +++ b/src/analyzer/protocol/smb/smb1-com-negotiate.pac @@ -46,30 +46,30 @@ refine connection SMB_Conn += { { case 0x01: core = new RecordVal(BifType::Record::SMB1::NegotiateResponseCore); - core->Assign(0, new Val(${val.dialect_index}, TYPE_COUNT)); + core->Assign(0, val_mgr->GetCount(${val.dialect_index})); response->Assign(0, core); break; case 0x0d: security = new RecordVal(BifType::Record::SMB1::NegotiateResponseSecurity); - security->Assign(0, new Val(${val.lanman.security_user_level}, TYPE_BOOL)); - security->Assign(1, new Val(${val.lanman.security_challenge_response}, TYPE_BOOL)); + security->Assign(0, val_mgr->GetBool(${val.lanman.security_user_level})); + security->Assign(1, val_mgr->GetBool(${val.lanman.security_challenge_response})); raw = new RecordVal(BifType::Record::SMB1::NegotiateRawMode); - raw->Assign(0, new Val(${val.lanman.raw_read_supported}, TYPE_BOOL)); - raw->Assign(1, new Val(${val.lanman.raw_write_supported}, TYPE_BOOL)); + raw->Assign(0, val_mgr->GetBool(${val.lanman.raw_read_supported})); + raw->Assign(1, val_mgr->GetBool(${val.lanman.raw_write_supported})); lanman = new RecordVal(BifType::Record::SMB1::NegotiateResponseLANMAN); - lanman->Assign(0, new Val(${val.word_count}, TYPE_COUNT)); - lanman->Assign(1, new Val(${val.dialect_index}, TYPE_COUNT)); + lanman->Assign(0, val_mgr->GetCount(${val.word_count})); + lanman->Assign(1, val_mgr->GetCount(${val.dialect_index})); lanman->Assign(2, security); - lanman->Assign(3, new Val(${val.lanman.max_buffer_size}, TYPE_COUNT)); - lanman->Assign(4, new Val(${val.lanman.max_mpx_count}, TYPE_COUNT)); + lanman->Assign(3, val_mgr->GetCount(${val.lanman.max_buffer_size})); + lanman->Assign(4, val_mgr->GetCount(${val.lanman.max_mpx_count})); - lanman->Assign(5, new Val(${val.lanman.max_number_vcs}, TYPE_COUNT)); + lanman->Assign(5, val_mgr->GetCount(${val.lanman.max_number_vcs})); lanman->Assign(6, raw); - lanman->Assign(7, new Val(${val.lanman.session_key}, TYPE_COUNT)); + lanman->Assign(7, val_mgr->GetCount(${val.lanman.session_key})); lanman->Assign(8, time_from_lanman(${val.lanman.server_time}, ${val.lanman.server_date}, ${val.lanman.server_tz})); lanman->Assign(9, bytestring_to_val(${val.lanman.encryption_key})); @@ -80,44 +80,44 @@ refine connection SMB_Conn += { case 0x11: security = new RecordVal(BifType::Record::SMB1::NegotiateResponseSecurity); - security->Assign(0, new Val(${val.ntlm.security_user_level}, TYPE_BOOL)); - security->Assign(1, new Val(${val.ntlm.security_challenge_response}, TYPE_BOOL)); - security->Assign(2, new Val(${val.ntlm.security_signatures_enabled}, TYPE_BOOL)); - security->Assign(3, new Val(${val.ntlm.security_signatures_required}, TYPE_BOOL)); + security->Assign(0, val_mgr->GetBool(${val.ntlm.security_user_level})); + security->Assign(1, val_mgr->GetBool(${val.ntlm.security_challenge_response})); + security->Assign(2, val_mgr->GetBool(${val.ntlm.security_signatures_enabled})); + security->Assign(3, val_mgr->GetBool(${val.ntlm.security_signatures_required})); capabilities = new RecordVal(BifType::Record::SMB1::NegotiateCapabilities); - capabilities->Assign(0, new Val(${val.ntlm.capabilities_raw_mode}, TYPE_BOOL)); - capabilities->Assign(1, new Val(${val.ntlm.capabilities_mpx_mode}, TYPE_BOOL)); - capabilities->Assign(2, new Val(${val.ntlm.capabilities_unicode}, TYPE_BOOL)); - capabilities->Assign(3, new Val(${val.ntlm.capabilities_large_files}, TYPE_BOOL)); - capabilities->Assign(4, new Val(${val.ntlm.capabilities_nt_smbs}, TYPE_BOOL)); + capabilities->Assign(0, val_mgr->GetBool(${val.ntlm.capabilities_raw_mode})); + capabilities->Assign(1, val_mgr->GetBool(${val.ntlm.capabilities_mpx_mode})); + capabilities->Assign(2, val_mgr->GetBool(${val.ntlm.capabilities_unicode})); + capabilities->Assign(3, val_mgr->GetBool(${val.ntlm.capabilities_large_files})); + capabilities->Assign(4, val_mgr->GetBool(${val.ntlm.capabilities_nt_smbs})); - capabilities->Assign(5, new Val(${val.ntlm.capabilities_rpc_remote_apis}, TYPE_BOOL)); - capabilities->Assign(6, new Val(${val.ntlm.capabilities_status32}, TYPE_BOOL)); - capabilities->Assign(7, new Val(${val.ntlm.capabilities_level_2_oplocks}, TYPE_BOOL)); - capabilities->Assign(8, new Val(${val.ntlm.capabilities_lock_and_read}, TYPE_BOOL)); - capabilities->Assign(9, new Val(${val.ntlm.capabilities_nt_find}, TYPE_BOOL)); + capabilities->Assign(5, val_mgr->GetBool(${val.ntlm.capabilities_rpc_remote_apis})); + capabilities->Assign(6, val_mgr->GetBool(${val.ntlm.capabilities_status32})); + capabilities->Assign(7, val_mgr->GetBool(${val.ntlm.capabilities_level_2_oplocks})); + capabilities->Assign(8, val_mgr->GetBool(${val.ntlm.capabilities_lock_and_read})); + capabilities->Assign(9, val_mgr->GetBool(${val.ntlm.capabilities_nt_find})); - capabilities->Assign(10, new Val(${val.ntlm.capabilities_dfs}, TYPE_BOOL)); - capabilities->Assign(11, new Val(${val.ntlm.capabilities_infolevel_passthru}, TYPE_BOOL)); - capabilities->Assign(12, new Val(${val.ntlm.capabilities_large_readx}, TYPE_BOOL)); - capabilities->Assign(13, new Val(${val.ntlm.capabilities_large_writex}, TYPE_BOOL)); - capabilities->Assign(14, new Val(${val.ntlm.capabilities_unix}, TYPE_BOOL)); + capabilities->Assign(10, val_mgr->GetBool(${val.ntlm.capabilities_dfs})); + capabilities->Assign(11, val_mgr->GetBool(${val.ntlm.capabilities_infolevel_passthru})); + capabilities->Assign(12, val_mgr->GetBool(${val.ntlm.capabilities_large_readx})); + capabilities->Assign(13, val_mgr->GetBool(${val.ntlm.capabilities_large_writex})); + capabilities->Assign(14, val_mgr->GetBool(${val.ntlm.capabilities_unix})); - capabilities->Assign(15, new Val(${val.ntlm.capabilities_bulk_transfer}, TYPE_BOOL)); - capabilities->Assign(16, new Val(${val.ntlm.capabilities_compressed_data}, TYPE_BOOL)); - capabilities->Assign(17, new Val(${val.ntlm.capabilities_extended_security}, TYPE_BOOL)); + capabilities->Assign(15, val_mgr->GetBool(${val.ntlm.capabilities_bulk_transfer})); + capabilities->Assign(16, val_mgr->GetBool(${val.ntlm.capabilities_compressed_data})); + capabilities->Assign(17, val_mgr->GetBool(${val.ntlm.capabilities_extended_security})); ntlm = new RecordVal(BifType::Record::SMB1::NegotiateResponseNTLM); - ntlm->Assign(0, new Val(${val.word_count}, TYPE_COUNT)); - ntlm->Assign(1, new Val(${val.dialect_index}, TYPE_COUNT)); + ntlm->Assign(0, val_mgr->GetCount(${val.word_count})); + ntlm->Assign(1, val_mgr->GetCount(${val.dialect_index})); ntlm->Assign(2, security); - ntlm->Assign(3, new Val(${val.ntlm.max_buffer_size}, TYPE_COUNT)); - ntlm->Assign(4, new Val(${val.ntlm.max_mpx_count}, TYPE_COUNT)); + ntlm->Assign(3, val_mgr->GetCount(${val.ntlm.max_buffer_size})); + ntlm->Assign(4, val_mgr->GetCount(${val.ntlm.max_mpx_count})); - ntlm->Assign(5, new Val(${val.ntlm.max_number_vcs}, TYPE_COUNT)); - ntlm->Assign(6, new Val(${val.ntlm.max_raw_size}, TYPE_COUNT)); - ntlm->Assign(7, new Val(${val.ntlm.session_key}, TYPE_COUNT)); + ntlm->Assign(5, val_mgr->GetCount(${val.ntlm.max_number_vcs})); + ntlm->Assign(6, val_mgr->GetCount(${val.ntlm.max_raw_size})); + ntlm->Assign(7, val_mgr->GetCount(${val.ntlm.session_key})); ntlm->Assign(8, capabilities); ntlm->Assign(9, filetime2brotime(${val.ntlm.server_time})); diff --git a/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac b/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac index 854290d0d0..af802c3bd0 100644 --- a/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac +++ b/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac @@ -15,13 +15,13 @@ refine connection SMB_Conn += { RecordVal* request = new RecordVal(BifType::Record::SMB1::SessionSetupAndXRequest); RecordVal* capabilities; - request->Assign(0, new Val(${val.word_count}, TYPE_COUNT)); + request->Assign(0, val_mgr->GetCount(${val.word_count})); switch ( ${val.word_count} ) { case 10: // pre NT LM 0.12 - request->Assign(1, new Val(${val.lanman.max_buffer_size}, TYPE_COUNT)); - request->Assign(2, new Val(${val.lanman.max_mpx_count}, TYPE_COUNT)); - request->Assign(3, new Val(${val.lanman.vc_number}, TYPE_COUNT)); - request->Assign(4, new Val(${val.lanman.session_key}, TYPE_COUNT)); + request->Assign(1, val_mgr->GetCount(${val.lanman.max_buffer_size})); + request->Assign(2, val_mgr->GetCount(${val.lanman.max_mpx_count})); + request->Assign(3, val_mgr->GetCount(${val.lanman.vc_number})); + request->Assign(4, val_mgr->GetCount(${val.lanman.session_key})); request->Assign(5, smb_string2stringval(${val.lanman.native_os})); request->Assign(6, smb_string2stringval(${val.lanman.native_lanman})); @@ -32,17 +32,17 @@ refine connection SMB_Conn += { break; case 12: // NT LM 0.12 with extended security capabilities = new RecordVal(BifType::Record::SMB1::SessionSetupAndXCapabilities); - capabilities->Assign(0, new Val(${val.ntlm_extended_security.capabilities.unicode}, TYPE_BOOL)); - capabilities->Assign(1, new Val(${val.ntlm_extended_security.capabilities.large_files}, TYPE_BOOL)); - capabilities->Assign(2, new Val(${val.ntlm_extended_security.capabilities.nt_smbs}, TYPE_BOOL)); - capabilities->Assign(3, new Val(${val.ntlm_extended_security.capabilities.status32}, TYPE_BOOL)); - capabilities->Assign(4, new Val(${val.ntlm_extended_security.capabilities.level_2_oplocks}, TYPE_BOOL)); - capabilities->Assign(5, new Val(${val.ntlm_extended_security.capabilities.nt_find}, TYPE_BOOL)); + capabilities->Assign(0, val_mgr->GetBool(${val.ntlm_extended_security.capabilities.unicode})); + capabilities->Assign(1, val_mgr->GetBool(${val.ntlm_extended_security.capabilities.large_files})); + capabilities->Assign(2, val_mgr->GetBool(${val.ntlm_extended_security.capabilities.nt_smbs})); + capabilities->Assign(3, val_mgr->GetBool(${val.ntlm_extended_security.capabilities.status32})); + capabilities->Assign(4, val_mgr->GetBool(${val.ntlm_extended_security.capabilities.level_2_oplocks})); + capabilities->Assign(5, val_mgr->GetBool(${val.ntlm_extended_security.capabilities.nt_find})); - request->Assign(1, new Val(${val.ntlm_extended_security.max_buffer_size}, TYPE_COUNT)); - request->Assign(2, new Val(${val.ntlm_extended_security.max_mpx_count}, TYPE_COUNT)); - request->Assign(3, new Val(${val.ntlm_extended_security.vc_number}, TYPE_COUNT)); - request->Assign(4, new Val(${val.ntlm_extended_security.session_key}, TYPE_COUNT)); + request->Assign(1, val_mgr->GetCount(${val.ntlm_extended_security.max_buffer_size})); + request->Assign(2, val_mgr->GetCount(${val.ntlm_extended_security.max_mpx_count})); + request->Assign(3, val_mgr->GetCount(${val.ntlm_extended_security.vc_number})); + request->Assign(4, val_mgr->GetCount(${val.ntlm_extended_security.session_key})); request->Assign(5, smb_string2stringval(${val.ntlm_extended_security.native_os})); request->Assign(6, smb_string2stringval(${val.ntlm_extended_security.native_lanman})); @@ -52,17 +52,17 @@ refine connection SMB_Conn += { case 13: // NT LM 0.12 without extended security capabilities = new RecordVal(BifType::Record::SMB1::SessionSetupAndXCapabilities); - capabilities->Assign(0, new Val(${val.ntlm_nonextended_security.capabilities.unicode}, TYPE_BOOL)); - capabilities->Assign(1, new Val(${val.ntlm_nonextended_security.capabilities.large_files}, TYPE_BOOL)); - capabilities->Assign(2, new Val(${val.ntlm_nonextended_security.capabilities.nt_smbs}, TYPE_BOOL)); - capabilities->Assign(3, new Val(${val.ntlm_nonextended_security.capabilities.status32}, TYPE_BOOL)); - capabilities->Assign(4, new Val(${val.ntlm_nonextended_security.capabilities.level_2_oplocks}, TYPE_BOOL)); - capabilities->Assign(5, new Val(${val.ntlm_nonextended_security.capabilities.nt_find}, TYPE_BOOL)); + capabilities->Assign(0, val_mgr->GetBool(${val.ntlm_nonextended_security.capabilities.unicode})); + capabilities->Assign(1, val_mgr->GetBool(${val.ntlm_nonextended_security.capabilities.large_files})); + capabilities->Assign(2, val_mgr->GetBool(${val.ntlm_nonextended_security.capabilities.nt_smbs})); + capabilities->Assign(3, val_mgr->GetBool(${val.ntlm_nonextended_security.capabilities.status32})); + capabilities->Assign(4, val_mgr->GetBool(${val.ntlm_nonextended_security.capabilities.level_2_oplocks})); + capabilities->Assign(5, val_mgr->GetBool(${val.ntlm_nonextended_security.capabilities.nt_find})); - request->Assign(1, new Val(${val.ntlm_nonextended_security.max_buffer_size}, TYPE_COUNT)); - request->Assign(2, new Val(${val.ntlm_nonextended_security.max_mpx_count}, TYPE_COUNT)); - request->Assign(3, new Val(${val.ntlm_nonextended_security.vc_number}, TYPE_COUNT)); - request->Assign(4, new Val(${val.ntlm_nonextended_security.session_key}, TYPE_COUNT)); + request->Assign(1, val_mgr->GetCount(${val.ntlm_nonextended_security.max_buffer_size})); + request->Assign(2, val_mgr->GetCount(${val.ntlm_nonextended_security.max_mpx_count})); + request->Assign(3, val_mgr->GetCount(${val.ntlm_nonextended_security.vc_number})); + request->Assign(4, val_mgr->GetCount(${val.ntlm_nonextended_security.session_key})); request->Assign(5, smb_string2stringval(${val.ntlm_nonextended_security.native_os})); request->Assign(6, smb_string2stringval(${val.ntlm_nonextended_security.native_lanman})); @@ -86,17 +86,17 @@ refine connection SMB_Conn += { { RecordVal* response = new RecordVal(BifType::Record::SMB1::SessionSetupAndXResponse); - response->Assign(0, new Val(${val.word_count}, TYPE_COUNT)); + response->Assign(0, val_mgr->GetCount(${val.word_count})); switch ( ${val.word_count} ) { case 3: // pre NT LM 0.12 - response->Assign(1, new Val(${val.lanman.is_guest}, TYPE_BOOL)); - response->Assign(2, ${val.lanman.byte_count} == 0 ? new StringVal("") : smb_string2stringval(${val.lanman.native_os[0]})); - response->Assign(3, ${val.lanman.byte_count} == 0 ? new StringVal("") : smb_string2stringval(${val.lanman.native_lanman[0]})); - response->Assign(4, ${val.lanman.byte_count} == 0 ? new StringVal("") : smb_string2stringval(${val.lanman.primary_domain[0]})); + response->Assign(1, val_mgr->GetBool(${val.lanman.is_guest})); + response->Assign(2, ${val.lanman.byte_count} == 0 ? val_mgr->GetEmptyString() : smb_string2stringval(${val.lanman.native_os[0]})); + response->Assign(3, ${val.lanman.byte_count} == 0 ? val_mgr->GetEmptyString() : smb_string2stringval(${val.lanman.native_lanman[0]})); + response->Assign(4, ${val.lanman.byte_count} == 0 ? val_mgr->GetEmptyString() : smb_string2stringval(${val.lanman.primary_domain[0]})); break; case 4: // NT LM 0.12 - response->Assign(1, new Val(${val.ntlm.is_guest}, TYPE_BOOL)); + response->Assign(1, val_mgr->GetBool(${val.ntlm.is_guest})); response->Assign(2, smb_string2stringval(${val.ntlm.native_os})); response->Assign(3, smb_string2stringval(${val.ntlm.native_lanman})); //response->Assign(4, smb_string2stringval(${val.ntlm.primary_domain})); diff --git a/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac b/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac index e5314d798b..dd26e5a845 100644 --- a/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac +++ b/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac @@ -6,14 +6,14 @@ refine connection SMB_Conn += { return false; RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans_Sec_Args); - args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT)); - args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT)); - args->Assign(2, new Val(${val.param_count}, TYPE_COUNT)); - args->Assign(3, new Val(${val.param_offset}, TYPE_COUNT)); - args->Assign(4, new Val(${val.param_displacement}, TYPE_COUNT)); - args->Assign(5, new Val(${val.data_count}, TYPE_COUNT)); - args->Assign(6, new Val(${val.data_offset}, TYPE_COUNT)); - args->Assign(7, new Val(${val.data_displacement}, TYPE_COUNT)); + args->Assign(0, val_mgr->GetCount(${val.total_param_count})); + args->Assign(1, val_mgr->GetCount(${val.total_data_count})); + args->Assign(2, val_mgr->GetCount(${val.param_count})); + args->Assign(3, val_mgr->GetCount(${val.param_offset})); + args->Assign(4, val_mgr->GetCount(${val.param_displacement})); + args->Assign(5, val_mgr->GetCount(${val.data_count})); + args->Assign(6, val_mgr->GetCount(${val.data_offset})); + args->Assign(7, val_mgr->GetCount(${val.data_displacement})); StringVal* parameters = new StringVal(${val.parameters}.length(), (const char*)${val.parameters}.data()); @@ -42,7 +42,7 @@ refine connection SMB_Conn += { if ( ! payload_str ) { - payload_str = new StringVal(""); + payload_str = val_mgr->GetEmptyString(); } BifEvent::generate_smb1_transaction_secondary_request(bro_analyzer(), diff --git a/src/analyzer/protocol/smb/smb1-com-transaction.pac b/src/analyzer/protocol/smb/smb1-com-transaction.pac index c06a7c8cb0..414066c6ba 100644 --- a/src/analyzer/protocol/smb/smb1-com-transaction.pac +++ b/src/analyzer/protocol/smb/smb1-com-transaction.pac @@ -61,7 +61,7 @@ refine connection SMB_Conn += { if ( ! payload_str ) { - payload_str = new StringVal(""); + payload_str = val_mgr->GetEmptyString(); } BifEvent::generate_smb1_transaction_request(bro_analyzer(), @@ -107,7 +107,7 @@ refine connection SMB_Conn += { if ( ! payload_str ) { - payload_str = new StringVal(""); + payload_str = val_mgr->GetEmptyString(); } BifEvent::generate_smb1_transaction_response(bro_analyzer(), diff --git a/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac b/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac index 0383687651..fa227ce68b 100644 --- a/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac +++ b/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac @@ -6,15 +6,15 @@ refine connection SMB_Conn += { return false; RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans2_Sec_Args); - args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT)); - args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT)); - args->Assign(2, new Val(${val.param_count}, TYPE_COUNT)); - args->Assign(3, new Val(${val.param_offset}, TYPE_COUNT)); - args->Assign(4, new Val(${val.param_displacement}, TYPE_COUNT)); - args->Assign(5, new Val(${val.data_count}, TYPE_COUNT)); - args->Assign(6, new Val(${val.data_offset}, TYPE_COUNT)); - args->Assign(7, new Val(${val.data_displacement}, TYPE_COUNT)); - args->Assign(8, new Val(${val.FID}, TYPE_COUNT)); + args->Assign(0, val_mgr->GetCount(${val.total_param_count})); + args->Assign(1, val_mgr->GetCount(${val.total_data_count})); + args->Assign(2, val_mgr->GetCount(${val.param_count})); + args->Assign(3, val_mgr->GetCount(${val.param_offset})); + args->Assign(4, val_mgr->GetCount(${val.param_displacement})); + args->Assign(5, val_mgr->GetCount(${val.data_count})); + args->Assign(6, val_mgr->GetCount(${val.data_offset})); + args->Assign(7, val_mgr->GetCount(${val.data_displacement})); + args->Assign(8, val_mgr->GetCount(${val.FID})); StringVal* parameters = new StringVal(${val.parameters}.length(), (const char*)${val.parameters}.data()); StringVal* payload = new StringVal(${val.data}.length(), (const char*)${val.data}.data()); diff --git a/src/analyzer/protocol/smb/smb1-com-transaction2.pac b/src/analyzer/protocol/smb/smb1-com-transaction2.pac index 5e77489d10..27a3e1aa09 100644 --- a/src/analyzer/protocol/smb/smb1-com-transaction2.pac +++ b/src/analyzer/protocol/smb/smb1-com-transaction2.pac @@ -25,18 +25,18 @@ refine connection SMB_Conn += { if ( smb1_transaction2_request ) { RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans2_Args); - args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT)); - args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT)); - args->Assign(2, new Val(${val.max_param_count}, TYPE_COUNT)); - args->Assign(3, new Val(${val.max_data_count}, TYPE_COUNT)); - args->Assign(4, new Val(${val.max_setup_count}, TYPE_COUNT)); - args->Assign(5, new Val(${val.flags}, TYPE_COUNT)); - args->Assign(6, new Val(${val.timeout}, TYPE_COUNT)); - args->Assign(7, new Val(${val.param_count}, TYPE_COUNT)); - args->Assign(8, new Val(${val.param_offset}, TYPE_COUNT)); - args->Assign(9, new Val(${val.data_count}, TYPE_COUNT)); - args->Assign(10, new Val(${val.data_offset}, TYPE_COUNT)); - args->Assign(11, new Val(${val.setup_count}, TYPE_COUNT)); + args->Assign(0, val_mgr->GetCount(${val.total_param_count})); + args->Assign(1, val_mgr->GetCount(${val.total_data_count})); + args->Assign(2, val_mgr->GetCount(${val.max_param_count})); + args->Assign(3, val_mgr->GetCount(${val.max_data_count})); + args->Assign(4, val_mgr->GetCount(${val.max_setup_count})); + args->Assign(5, val_mgr->GetCount(${val.flags})); + args->Assign(6, val_mgr->GetCount(${val.timeout})); + args->Assign(7, val_mgr->GetCount(${val.param_count})); + args->Assign(8, val_mgr->GetCount(${val.param_offset})); + args->Assign(9, val_mgr->GetCount(${val.data_count})); + args->Assign(10, val_mgr->GetCount(${val.data_offset})); + args->Assign(11, val_mgr->GetCount(${val.setup_count})); BifEvent::generate_smb1_transaction2_request(bro_analyzer(), bro_analyzer()->Conn(), BuildHeaderVal(header), args, ${val.sub_cmd}); } @@ -128,11 +128,11 @@ refine connection SMB_Conn += { if ( smb1_trans2_find_first2_request ) { RecordVal* result = new RecordVal(BifType::Record::SMB1::Find_First2_Request_Args); - result->Assign(0, new Val(${val.search_attrs}, TYPE_COUNT)); - result->Assign(1, new Val(${val.search_count}, TYPE_COUNT)); - result->Assign(2, new Val(${val.flags}, TYPE_COUNT)); - result->Assign(3, new Val(${val.info_level}, TYPE_COUNT)); - result->Assign(4, new Val(${val.search_storage_type}, TYPE_COUNT)); + result->Assign(0, val_mgr->GetCount(${val.search_attrs})); + result->Assign(1, val_mgr->GetCount(${val.search_count})); + result->Assign(2, val_mgr->GetCount(${val.flags})); + result->Assign(3, val_mgr->GetCount(${val.info_level})); + result->Assign(4, val_mgr->GetCount(${val.search_storage_type})); result->Assign(5, smb_string2stringval(${val.file_name})); BifEvent::generate_smb1_trans2_find_first2_request(bro_analyzer(), bro_analyzer()->Conn(), \ BuildHeaderVal(header), result); diff --git a/src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac b/src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac index 1f29b878fa..c86f138ff8 100644 --- a/src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac +++ b/src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac @@ -23,7 +23,7 @@ refine connection SMB_Conn += { bro_analyzer()->Conn(), BuildHeaderVal(header), service_string, - ${val.byte_count} > ${val.service.a}->size() ? smb_string2stringval(${val.native_file_system[0]}) : new StringVal("")); + ${val.byte_count} > ${val.service.a}->size() ? smb_string2stringval(${val.native_file_system[0]}) : val_mgr->GetEmptyString()); else Unref(service_string); diff --git a/src/analyzer/protocol/smb/smb1-protocol.pac b/src/analyzer/protocol/smb/smb1-protocol.pac index 75db898f73..4ba86d1b75 100644 --- a/src/analyzer/protocol/smb/smb1-protocol.pac +++ b/src/analyzer/protocol/smb/smb1-protocol.pac @@ -21,14 +21,14 @@ refine connection SMB_Conn += { // { // do nothing // } - r->Assign(0, new Val(${hdr.command}, TYPE_COUNT)); - r->Assign(1, new Val(${hdr.status}, TYPE_COUNT)); - r->Assign(2, new Val(${hdr.flags}, TYPE_COUNT)); - r->Assign(3, new Val(${hdr.flags2}, TYPE_COUNT)); - r->Assign(4, new Val(${hdr.tid}, TYPE_COUNT)); - r->Assign(5, new Val(${hdr.pid}, TYPE_COUNT)); - r->Assign(6, new Val(${hdr.uid}, TYPE_COUNT)); - r->Assign(7, new Val(${hdr.mid}, TYPE_COUNT)); + r->Assign(0, val_mgr->GetCount(${hdr.command})); + r->Assign(1, val_mgr->GetCount(${hdr.status})); + r->Assign(2, val_mgr->GetCount(${hdr.flags})); + r->Assign(3, val_mgr->GetCount(${hdr.flags2})); + r->Assign(4, val_mgr->GetCount(${hdr.tid})); + r->Assign(5, val_mgr->GetCount(${hdr.pid})); + r->Assign(6, val_mgr->GetCount(${hdr.uid})); + r->Assign(7, val_mgr->GetCount(${hdr.mid})); return r; %} diff --git a/src/analyzer/protocol/smb/smb2-com-close.pac b/src/analyzer/protocol/smb/smb2-com-close.pac index 0c90897d84..205a9161d1 100644 --- a/src/analyzer/protocol/smb/smb2-com-close.pac +++ b/src/analyzer/protocol/smb/smb2-com-close.pac @@ -22,8 +22,8 @@ refine connection SMB_Conn += { { RecordVal* resp = new RecordVal(BifType::Record::SMB2::CloseResponse); - resp->Assign(0, new Val(${val.alloc_size}, TYPE_COUNT)); - resp->Assign(1, new Val(${val.eof}, TYPE_COUNT)); + resp->Assign(0, val_mgr->GetCount(${val.alloc_size})); + resp->Assign(1, val_mgr->GetCount(${val.eof})); resp->Assign(2, SMB_BuildMACTimes(${val.last_write_time}, ${val.last_access_time}, ${val.creation_time}, diff --git a/src/analyzer/protocol/smb/smb2-com-create.pac b/src/analyzer/protocol/smb/smb2-com-create.pac index 1cc97fb0bd..2f7dfc4d26 100644 --- a/src/analyzer/protocol/smb/smb2-com-create.pac +++ b/src/analyzer/protocol/smb/smb2-com-create.pac @@ -15,8 +15,8 @@ refine connection SMB_Conn += { { RecordVal* requestinfo = new RecordVal(BifType::Record::SMB2::CreateRequest); requestinfo->Assign(0, filename); - requestinfo->Assign(1, new Val(${val.disposition}, TYPE_COUNT)); - requestinfo->Assign(2, new Val(${val.create_options}, TYPE_COUNT)); + requestinfo->Assign(1, val_mgr->GetCount(${val.disposition})); + requestinfo->Assign(2, val_mgr->GetCount(${val.create_options})); BifEvent::generate_smb2_create_request(bro_analyzer(), bro_analyzer()->Conn(), BuildSMB2HeaderVal(h), @@ -36,13 +36,13 @@ refine connection SMB_Conn += { { RecordVal* responseinfo = new RecordVal(BifType::Record::SMB2::CreateResponse); responseinfo->Assign(0, BuildSMB2GUID(${val.file_id})); - responseinfo->Assign(1, new Val(${val.eof}, TYPE_COUNT)); + responseinfo->Assign(1, val_mgr->GetCount(${val.eof})); responseinfo->Assign(2, SMB_BuildMACTimes(${val.last_write_time}, ${val.last_access_time}, ${val.creation_time}, ${val.change_time})); responseinfo->Assign(3, smb2_file_attrs_to_bro(${val.file_attrs})); - responseinfo->Assign(4, new Val(${val.create_action}, TYPE_COUNT)); + responseinfo->Assign(4, val_mgr->GetCount(${val.create_action})); BifEvent::generate_smb2_create_response(bro_analyzer(), bro_analyzer()->Conn(), BuildSMB2HeaderVal(h), diff --git a/src/analyzer/protocol/smb/smb2-com-negotiate.pac b/src/analyzer/protocol/smb/smb2-com-negotiate.pac index ff0f89048e..39311e4ee3 100644 --- a/src/analyzer/protocol/smb/smb2-com-negotiate.pac +++ b/src/analyzer/protocol/smb/smb2-com-negotiate.pac @@ -7,7 +7,7 @@ refine connection SMB_Conn += { VectorVal* dialects = new VectorVal(index_vec); for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i ) { - dialects->Assign(i, new Val((*${val.dialects})[i], TYPE_COUNT)); + dialects->Assign(i, val_mgr->GetCount((*${val.dialects})[i])); } BifEvent::generate_smb2_negotiate_request(bro_analyzer(), bro_analyzer()->Conn(), BuildSMB2HeaderVal(h), @@ -23,8 +23,8 @@ refine connection SMB_Conn += { { RecordVal* nr = new RecordVal(BifType::Record::SMB2::NegotiateResponse); - nr->Assign(0, new Val(${val.dialect_revision}, TYPE_COUNT)); - nr->Assign(1, new Val(${val.security_mode}, TYPE_COUNT)); + nr->Assign(0, val_mgr->GetCount(${val.dialect_revision})); + nr->Assign(1, val_mgr->GetCount(${val.security_mode})); nr->Assign(2, BuildSMB2GUID(${val.server_guid})), nr->Assign(3, filetime2brotime(${val.system_time})); nr->Assign(4, filetime2brotime(${val.server_start_time})); diff --git a/src/analyzer/protocol/smb/smb2-com-session-setup.pac b/src/analyzer/protocol/smb/smb2-com-session-setup.pac index 5b48f10f96..8dd1c62778 100644 --- a/src/analyzer/protocol/smb/smb2-com-session-setup.pac +++ b/src/analyzer/protocol/smb/smb2-com-session-setup.pac @@ -5,7 +5,7 @@ refine connection SMB_Conn += { if ( smb2_session_setup_request ) { RecordVal* req = new RecordVal(BifType::Record::SMB2::SessionSetupRequest); - req->Assign(0, new Val(${val.security_mode}, TYPE_COUNT)); + req->Assign(0, val_mgr->GetCount(${val.security_mode})); BifEvent::generate_smb2_session_setup_request(bro_analyzer(), bro_analyzer()->Conn(), @@ -21,9 +21,9 @@ refine connection SMB_Conn += { if ( smb2_session_setup_response ) { RecordVal* flags = new RecordVal(BifType::Record::SMB2::SessionSetupFlags); - flags->Assign(0, new Val(${val.flag_guest}, TYPE_BOOL)); - flags->Assign(1, new Val(${val.flag_anonymous}, TYPE_BOOL)); - flags->Assign(2, new Val(${val.flag_encrypt}, TYPE_BOOL)); + flags->Assign(0, val_mgr->GetBool(${val.flag_guest})); + flags->Assign(1, val_mgr->GetBool(${val.flag_anonymous})); + flags->Assign(2, val_mgr->GetBool(${val.flag_encrypt})); RecordVal* resp = new RecordVal(BifType::Record::SMB2::SessionSetupResponse); resp->Assign(0, flags); diff --git a/src/analyzer/protocol/smb/smb2-com-tree-connect.pac b/src/analyzer/protocol/smb/smb2-com-tree-connect.pac index fe59ecb74d..cf5468f617 100644 --- a/src/analyzer/protocol/smb/smb2-com-tree-connect.pac +++ b/src/analyzer/protocol/smb/smb2-com-tree-connect.pac @@ -19,7 +19,7 @@ refine connection SMB_Conn += { if ( smb2_tree_connect_response ) { RecordVal* resp = new RecordVal(BifType::Record::SMB2::TreeConnectResponse); - resp->Assign(0, new Val(${val.share_type}, TYPE_COUNT)); + resp->Assign(0, val_mgr->GetCount(${val.share_type})); BifEvent::generate_smb2_tree_connect_response(bro_analyzer(), bro_analyzer()->Conn(), diff --git a/src/analyzer/protocol/smb/smb2-protocol.pac b/src/analyzer/protocol/smb/smb2-protocol.pac index 20414c5a9a..f5095a66d1 100644 --- a/src/analyzer/protocol/smb/smb2-protocol.pac +++ b/src/analyzer/protocol/smb/smb2-protocol.pac @@ -104,15 +104,15 @@ refine connection SMB_Conn += { %{ RecordVal* r = new RecordVal(BifType::Record::SMB2::Header); - r->Assign(0, new Val(${hdr.credit_charge}, TYPE_COUNT)); - r->Assign(1, new Val(${hdr.status}, TYPE_COUNT)); - r->Assign(2, new Val(${hdr.command}, TYPE_COUNT)); - r->Assign(3, new Val(${hdr.credits}, TYPE_COUNT)); - r->Assign(4, new Val(${hdr.flags}, TYPE_COUNT)); - r->Assign(5, new Val(${hdr.message_id}, TYPE_COUNT)); - r->Assign(6, new Val(${hdr.process_id}, TYPE_COUNT)); - r->Assign(7, new Val(${hdr.tree_id}, TYPE_COUNT)); - r->Assign(8, new Val(${hdr.session_id}, TYPE_COUNT)); + r->Assign(0, val_mgr->GetCount(${hdr.credit_charge})); + r->Assign(1, val_mgr->GetCount(${hdr.status})); + r->Assign(2, val_mgr->GetCount(${hdr.command})); + r->Assign(3, val_mgr->GetCount(${hdr.credits})); + r->Assign(4, val_mgr->GetCount(${hdr.flags})); + r->Assign(5, val_mgr->GetCount(${hdr.message_id})); + r->Assign(6, val_mgr->GetCount(${hdr.process_id})); + r->Assign(7, val_mgr->GetCount(${hdr.tree_id})); + r->Assign(8, val_mgr->GetCount(${hdr.session_id})); r->Assign(9, bytestring_to_val(${hdr.signature})); return r; @@ -122,8 +122,8 @@ refine connection SMB_Conn += { %{ RecordVal* r = new RecordVal(BifType::Record::SMB2::GUID); - r->Assign(0, new Val(${file_id.persistent}, TYPE_COUNT)); - r->Assign(1, new Val(${file_id._volatile}, TYPE_COUNT)); + r->Assign(0, val_mgr->GetCount(${file_id.persistent})); + r->Assign(1, val_mgr->GetCount(${file_id._volatile})); return r; %} @@ -170,21 +170,21 @@ function smb2_file_attrs_to_bro(val: SMB2_file_attributes): BroVal %{ RecordVal* r = new RecordVal(BifType::Record::SMB2::FileAttrs); - r->Assign(0, new Val(${val.read_only}, TYPE_BOOL)); - r->Assign(1, new Val(${val.hidden}, TYPE_BOOL)); - r->Assign(2, new Val(${val.system}, TYPE_BOOL)); - r->Assign(3, new Val(${val.directory}, TYPE_BOOL)); - r->Assign(4, new Val(${val.archive}, TYPE_BOOL)); - r->Assign(5, new Val(${val.normal}, TYPE_BOOL)); - r->Assign(6, new Val(${val.temporary}, TYPE_BOOL)); - r->Assign(7, new Val(${val.sparse_file}, TYPE_BOOL)); - r->Assign(8, new Val(${val.reparse_point}, TYPE_BOOL)); - r->Assign(9, new Val(${val.compressed}, TYPE_BOOL)); - r->Assign(10, new Val(${val.offline}, TYPE_BOOL)); - r->Assign(11, new Val(${val.not_content_indexed}, TYPE_BOOL)); - r->Assign(12, new Val(${val.encrypted}, TYPE_BOOL)); - r->Assign(13, new Val(${val.integrity_stream}, TYPE_BOOL)); - r->Assign(14, new Val(${val.no_scrub_data}, TYPE_BOOL)); + r->Assign(0, val_mgr->GetBool(${val.read_only})); + r->Assign(1, val_mgr->GetBool(${val.hidden})); + r->Assign(2, val_mgr->GetBool(${val.system})); + r->Assign(3, val_mgr->GetBool(${val.directory})); + r->Assign(4, val_mgr->GetBool(${val.archive})); + r->Assign(5, val_mgr->GetBool(${val.normal})); + r->Assign(6, val_mgr->GetBool(${val.temporary})); + r->Assign(7, val_mgr->GetBool(${val.sparse_file})); + r->Assign(8, val_mgr->GetBool(${val.reparse_point})); + r->Assign(9, val_mgr->GetBool(${val.compressed})); + r->Assign(10, val_mgr->GetBool(${val.offline})); + r->Assign(11, val_mgr->GetBool(${val.not_content_indexed})); + r->Assign(12, val_mgr->GetBool(${val.encrypted})); + r->Assign(13, val_mgr->GetBool(${val.integrity_stream})); + r->Assign(14, val_mgr->GetBool(${val.no_scrub_data})); return r; %} diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index b514b1f481..6b92484431 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -222,7 +222,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig)); vl->append(new StringVal(data_len, line)); ConnectionEvent(smtp_data, vl); } @@ -352,11 +352,11 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig, TYPE_BOOL)); - vl->append(new Val(reply_code, TYPE_COUNT)); + vl->append(val_mgr->GetBool(orig)); + vl->append(val_mgr->GetCount(reply_code)); vl->append(new StringVal(cmd)); vl->append(new StringVal(end_of_line - line, line)); - vl->append(new Val((pending_reply > 0), TYPE_BOOL)); + vl->append(val_mgr->GetBool((pending_reply > 0))); ConnectionEvent(smtp_reply, vl); } @@ -859,7 +859,7 @@ void SMTP_Analyzer::RequestEvent(int cmd_len, const char* cmd, val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(orig_is_sender, TYPE_BOOL)); + vl->append(val_mgr->GetBool(orig_is_sender)); vl->append((new StringVal(cmd_len, cmd))->ToUpper()); vl->append(new StringVal(arg_len, arg)); @@ -880,7 +880,7 @@ void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, is_orig = ! is_orig; vl->append(BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); vl->append(new StringVal(msg)); vl->append(new StringVal(detail_len, detail)); diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac index 0394dbda61..da48d6cf78 100644 --- a/src/analyzer/protocol/snmp/snmp-analyzer.pac +++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac @@ -47,7 +47,7 @@ Val* asn1_obj_to_val(const ASN1Encoding* obj) RecordVal* rval = new RecordVal(BifType::Record::SNMP::ObjectValue); uint8 tag = obj->meta()->tag(); - rval->Assign(0, new Val(tag, TYPE_COUNT)); + rval->Assign(0, val_mgr->GetCount(tag)); switch ( tag ) { case VARBIND_UNSPECIFIED_TAG: @@ -93,7 +93,7 @@ Val* time_ticks_to_val(const TimeTicks* tt) RecordVal* build_hdr(const Header* header) { RecordVal* rv = new RecordVal(BifType::Record::SNMP::Header); - rv->Assign(0, new Val(header->version(), TYPE_COUNT)); + rv->Assign(0, val_mgr->GetCount(header->version())); switch ( header->version() ) { case SNMPV1_TAG: @@ -133,10 +133,10 @@ RecordVal* build_hdrV3(const Header* header) v3->Assign(0, asn1_integer_to_val(global_data->id(), TYPE_COUNT)); v3->Assign(1, asn1_integer_to_val(global_data->max_size(), TYPE_COUNT)); - v3->Assign(2, new Val(flags_byte, TYPE_COUNT)); - v3->Assign(3, new Val(flags_byte & 0x01, TYPE_BOOL)); - v3->Assign(4, new Val(flags_byte & 0x02, TYPE_BOOL)); - v3->Assign(5, new Val(flags_byte & 0x04, TYPE_BOOL)); + v3->Assign(2, val_mgr->GetCount(flags_byte)); + v3->Assign(3, val_mgr->GetBool(flags_byte & 0x01)); + v3->Assign(4, val_mgr->GetBool(flags_byte & 0x02)); + v3->Assign(5, val_mgr->GetBool(flags_byte & 0x04)); v3->Assign(6, asn1_integer_to_val(global_data->security_model(), TYPE_COUNT)); v3->Assign(7, asn1_octet_string_to_val(v3hdr->security_parameters())); diff --git a/src/analyzer/protocol/socks/socks-analyzer.pac b/src/analyzer/protocol/socks/socks-analyzer.pac index 0f13335785..206b632fe0 100644 --- a/src/analyzer/protocol/socks/socks-analyzer.pac +++ b/src/analyzer/protocol/socks/socks-analyzer.pac @@ -32,7 +32,7 @@ refine connection SOCKS_Conn += { 4, ${request.command}, sa, - port_mgr->Get(${request.port} | TCP_PORT_MASK), + val_mgr->GetPort(${request.port}, TRANSPORT_TCP), array_to_string(${request.user})); static_cast(bro_analyzer())->EndpointDone(true); @@ -50,7 +50,7 @@ refine connection SOCKS_Conn += { 4, ${reply.status}, sa, - port_mgr->Get(${reply.port} | TCP_PORT_MASK)); + val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); bro_analyzer()->ProtocolConfirmation(); static_cast(bro_analyzer())->EndpointDone(false); @@ -102,8 +102,8 @@ refine connection SOCKS_Conn += { 5, ${request.command}, sa, - port_mgr->Get(${request.port} | TCP_PORT_MASK), - new StringVal("")); + val_mgr->GetPort(${request.port}, TRANSPORT_TCP), + val_mgr->GetEmptyString()); static_cast(bro_analyzer())->EndpointDone(true); @@ -141,7 +141,7 @@ refine connection SOCKS_Conn += { 5, ${reply.reply}, sa, - port_mgr->Get(${reply.port} | TCP_PORT_MASK)); + val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); bro_analyzer()->ProtocolConfirmation(); static_cast(bro_analyzer())->EndpointDone(false); diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index ff53f10f09..80bc472db6 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -101,7 +101,7 @@ refine flow SSH_Flow += { } - result->Assign(6, new Val(!${msg.is_orig}, TYPE_BOOL)); + result->Assign(6, val_mgr->GetBool(!${msg.is_orig})); BifEvent::generate_ssh_capabilities(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.cookie}), diff --git a/src/analyzer/protocol/ssl/proc-client-hello.pac b/src/analyzer/protocol/ssl/proc-client-hello.pac index f28042b263..fe481a7288 100644 --- a/src/analyzer/protocol/ssl/proc-client-hello.pac +++ b/src/analyzer/protocol/ssl/proc-client-hello.pac @@ -25,7 +25,7 @@ VectorVal* cipher_vec = new VectorVal(internal_type("index_vec")->AsVectorType()); for ( unsigned int i = 0; i < cipher_suites->size(); ++i ) { - Val* ciph = new Val((*cipher_suites)[i], TYPE_COUNT); + Val* ciph = val_mgr->GetCount((*cipher_suites)[i]); cipher_vec->Assign(i, ciph); } @@ -34,7 +34,7 @@ { for ( unsigned int i = 0; i < compression_methods->size(); ++i ) { - Val* comp = new Val((*compression_methods)[i], TYPE_COUNT); + Val* comp = val_mgr->GetCount((*compression_methods)[i]); comp_vec->Assign(i, comp); } } diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index 982a8791ce..7d2986efe3 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -77,7 +77,7 @@ refine connection Handshake_Conn += { if ( point_format_list ) { for ( unsigned int i = 0; i < point_format_list->size(); ++i ) - points->Assign(i, new Val((*point_format_list)[i], TYPE_COUNT)); + points->Assign(i, val_mgr->GetCount((*point_format_list)[i])); } BifEvent::generate_ssl_extension_ec_point_formats(bro_analyzer(), bro_analyzer()->Conn(), @@ -93,7 +93,7 @@ refine connection Handshake_Conn += { if ( list ) { for ( unsigned int i = 0; i < list->size(); ++i ) - curves->Assign(i, new Val((*list)[i], TYPE_COUNT)); + curves->Assign(i, val_mgr->GetCount((*list)[i])); } BifEvent::generate_ssl_extension_elliptic_curves(bro_analyzer(), bro_analyzer()->Conn(), @@ -109,7 +109,7 @@ refine connection Handshake_Conn += { if ( keyshare ) { for ( unsigned int i = 0; i < keyshare->size(); ++i ) - nglist->Assign(i, new Val((*keyshare)[i]->namedgroup(), TYPE_COUNT)); + nglist->Assign(i, val_mgr->GetCount((*keyshare)[i]->namedgroup())); } BifEvent::generate_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, nglist); @@ -120,7 +120,7 @@ refine connection Handshake_Conn += { %{ VectorVal* nglist = new VectorVal(internal_type("index_vec")->AsVectorType()); - nglist->Assign(0u, new Val(keyshare->namedgroup(), TYPE_COUNT)); + nglist->Assign(0u, val_mgr->GetCount(keyshare->namedgroup())); BifEvent::generate_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, nglist); return true; %} @@ -134,8 +134,8 @@ refine connection Handshake_Conn += { for ( unsigned int i = 0; i < supported_signature_algorithms->size(); ++i ) { RecordVal* el = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); - el->Assign(0, new Val((*supported_signature_algorithms)[i]->HashAlgorithm(), TYPE_COUNT)); - el->Assign(1, new Val((*supported_signature_algorithms)[i]->SignatureAlgorithm(), TYPE_COUNT)); + el->Assign(0, val_mgr->GetCount((*supported_signature_algorithms)[i]->HashAlgorithm())); + el->Assign(1, val_mgr->GetCount((*supported_signature_algorithms)[i]->SignatureAlgorithm())); slist->Assign(i, el); } } @@ -196,7 +196,7 @@ refine connection Handshake_Conn += { if ( versions_list ) { for ( unsigned int i = 0; i < versions_list->size(); ++i ) - versions->Assign(i, new Val((*versions_list)[i], TYPE_COUNT)); + versions->Assign(i, val_mgr->GetCount((*versions_list)[i])); } BifEvent::generate_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(), @@ -208,7 +208,7 @@ refine connection Handshake_Conn += { function proc_one_supported_version(rec: HandshakeRecord, version: uint16) : bool %{ VectorVal* versions = new VectorVal(internal_type("index_vec")->AsVectorType()); - versions->Assign(0u, new Val(version, TYPE_COUNT)); + versions->Assign(0u, val_mgr->GetCount(version)); BifEvent::generate_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, versions); @@ -223,7 +223,7 @@ refine connection Handshake_Conn += { if ( mode_list ) { for ( unsigned int i = 0; i < mode_list->size(); ++i ) - modes->Assign(i, new Val((*mode_list)[i], TYPE_COUNT)); + modes->Assign(i, val_mgr->GetCount((*mode_list)[i])); } BifEvent::generate_ssl_extension_psk_key_exchange_modes(bro_analyzer(), bro_analyzer()->Conn(), @@ -296,14 +296,14 @@ refine connection Handshake_Conn += { RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); if ( ${kex.signed_params.uses_signature_and_hashalgorithm} ) { - ha->Assign(0, new Val(${kex.signed_params.algorithm.HashAlgorithm}, TYPE_COUNT)); - ha->Assign(1, new Val(${kex.signed_params.algorithm.SignatureAlgorithm}, TYPE_COUNT)); + ha->Assign(0, val_mgr->GetCount(${kex.signed_params.algorithm.HashAlgorithm})); + ha->Assign(1, val_mgr->GetCount(${kex.signed_params.algorithm.SignatureAlgorithm})); } else { // set to impossible value - ha->Assign(0, new Val(256, TYPE_COUNT)); - ha->Assign(1, new Val(256, TYPE_COUNT)); + ha->Assign(0, val_mgr->GetCount(256)); + ha->Assign(1, val_mgr->GetCount(256)); } BifEvent::generate_ssl_server_signature(bro_analyzer(), @@ -346,8 +346,8 @@ refine connection Handshake_Conn += { function proc_signedcertificatetimestamp(rec: HandshakeRecord, version: uint8, logid: const_bytestring, timestamp: uint64, digitally_signed_algorithms: SignatureAndHashAlgorithm, digitally_signed_signature: const_bytestring) : bool %{ RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); - ha->Assign(0, new Val(digitally_signed_algorithms->HashAlgorithm(), TYPE_COUNT)); - ha->Assign(1, new Val(digitally_signed_algorithms->SignatureAlgorithm(), TYPE_COUNT)); + ha->Assign(0, val_mgr->GetCount(digitally_signed_algorithms->HashAlgorithm())); + ha->Assign(1, val_mgr->GetCount(digitally_signed_algorithms->SignatureAlgorithm())); BifEvent::generate_ssl_extension_signed_certificate_timestamp(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, @@ -373,14 +373,14 @@ refine connection Handshake_Conn += { RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); if ( ${signed_params.uses_signature_and_hashalgorithm} ) { - ha->Assign(0, new Val(${signed_params.algorithm.HashAlgorithm}, TYPE_COUNT)); - ha->Assign(1, new Val(${signed_params.algorithm.SignatureAlgorithm}, TYPE_COUNT)); + ha->Assign(0, val_mgr->GetCount(${signed_params.algorithm.HashAlgorithm})); + ha->Assign(1, val_mgr->GetCount(${signed_params.algorithm.SignatureAlgorithm})); } else { // set to impossible value - ha->Assign(0, new Val(256, TYPE_COUNT)); - ha->Assign(1, new Val(256, TYPE_COUNT)); + ha->Assign(0, val_mgr->GetCount(256)); + ha->Assign(1, val_mgr->GetCount(256)); } BifEvent::generate_ssl_server_signature(bro_analyzer(), diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index c85b34172f..3035a0b1a5 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -141,10 +141,10 @@ void SteppingStoneEndpoint::Event(EventHandlerPtr f, int id1, int id2) val_list* vl = new val_list; - vl->append(new Val(id1, TYPE_INT)); + vl->append(val_mgr->GetInt(id1)); if ( id2 >= 0 ) - vl->append(new Val(id2, TYPE_INT)); + vl->append(val_mgr->GetInt(id2)); endp->TCP()->ConnectionEvent(f, vl); } @@ -154,8 +154,8 @@ void SteppingStoneEndpoint::CreateEndpEvent(int is_orig) val_list* vl = new val_list; vl->append(endp->TCP()->BuildConnVal()); - vl->append(new Val(stp_id, TYPE_INT)); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetInt(stp_id)); + vl->append(val_mgr->GetBool(is_orig)); endp->TCP()->ConnectionEvent(stp_create_endp, vl); } diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 08dd56190c..9329b103ed 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -103,14 +103,14 @@ static RecordVal* build_syn_packet_val(int is_orig, const IP_Hdr* ip, RecordVal* v = new RecordVal(SYN_packet); - v->Assign(0, new Val(is_orig, TYPE_BOOL)); - v->Assign(1, new Val(int(ip->DF()), TYPE_BOOL)); - v->Assign(2, new Val((ip->TTL()), TYPE_COUNT)); - v->Assign(3, new Val((ip->TotalLen()), TYPE_COUNT)); - v->Assign(4, new Val(ntohs(tcp->th_win), TYPE_COUNT)); - v->Assign(5, new Val(winscale, TYPE_INT)); - v->Assign(6, new Val(MSS, TYPE_COUNT)); - v->Assign(7, new Val(SACK, TYPE_BOOL)); + v->Assign(0, val_mgr->GetBool(is_orig)); + v->Assign(1, val_mgr->GetBool(int(ip->DF()))); + v->Assign(2, val_mgr->GetCount((ip->TTL()))); + v->Assign(3, val_mgr->GetCount((ip->TotalLen()))); + v->Assign(4, val_mgr->GetCount(ntohs(tcp->th_win))); + v->Assign(5, val_mgr->GetInt(winscale)); + v->Assign(6, val_mgr->GetCount(MSS)); + v->Assign(7, val_mgr->GetBool(SACK)); return v; } @@ -270,10 +270,10 @@ static RecordVal* build_os_val(int is_orig, const IP_Hdr* ip, if ( os_from_print.desc ) os->Assign(1, new StringVal(os_from_print.desc)); else - os->Assign(1, new StringVal("")); + os->Assign(1, val_mgr->GetEmptyString()); - os->Assign(2, new Val(os_from_print.dist, TYPE_COUNT)); - os->Assign(3, new EnumVal(os_from_print.match, OS_version_inference)); + os->Assign(2, val_mgr->GetCount(os_from_print.dist)); + os->Assign(3, OS_version_inference->GetVal(os_from_print.match)); return os; } @@ -968,11 +968,11 @@ void TCP_Analyzer::GeneratePacketEvent( val_list* vl = new val_list(); vl->append(BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); vl->append(new StringVal(flags.AsString())); - vl->append(new Val(rel_seq, TYPE_COUNT)); - vl->append(new Val(flags.ACK() ? rel_ack : 0, TYPE_COUNT)); - vl->append(new Val(len, TYPE_COUNT)); + vl->append(val_mgr->GetCount(rel_seq)); + vl->append(val_mgr->GetCount(flags.ACK() ? rel_ack : 0)); + vl->append(val_mgr->GetCount(len)); // We need the min() here because Ethernet padding can lead to // caplen > len. @@ -1437,10 +1437,10 @@ void TCP_Analyzer::UpdateConnVal(RecordVal *conn_val) RecordVal *orig_endp_val = conn_val->Lookup("orig")->AsRecordVal(); RecordVal *resp_endp_val = conn_val->Lookup("resp")->AsRecordVal(); - orig_endp_val->Assign(0, new Val(orig->Size(), TYPE_COUNT)); - orig_endp_val->Assign(1, new Val(int(orig->state), TYPE_COUNT)); - resp_endp_val->Assign(0, new Val(resp->Size(), TYPE_COUNT)); - resp_endp_val->Assign(1, new Val(int(resp->state), TYPE_COUNT)); + orig_endp_val->Assign(0, val_mgr->GetCount(orig->Size())); + orig_endp_val->Assign(1, val_mgr->GetCount(int(orig->state))); + resp_endp_val->Assign(0, val_mgr->GetCount(resp->Size())); + resp_endp_val->Assign(1, val_mgr->GetCount(int(resp->state))); // Call children's UpdateConnVal Analyzer::UpdateConnVal(conn_val); @@ -1506,9 +1506,9 @@ int TCP_Analyzer::TCPOptionEvent(unsigned int opt, val_list* vl = new val_list(); vl->append(analyzer->BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); - vl->append(new Val(opt, TYPE_COUNT)); - vl->append(new Val(optlen, TYPE_COUNT)); + vl->append(val_mgr->GetBool(is_orig)); + vl->append(val_mgr->GetCount(opt)); + vl->append(val_mgr->GetCount(optlen)); analyzer->ConnectionEvent(tcp_option, vl); } @@ -1828,7 +1828,7 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp) { val_list* vl = new val_list(); vl->append(BuildConnVal()); - vl->append(new Val(endp->IsOrig(), TYPE_BOOL)); + vl->append(val_mgr->GetBool(endp->IsOrig())); ConnectionEvent(connection_EOF, vl); } @@ -2110,11 +2110,11 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen, { val_list* vl = new val_list(); vl->append(endp->TCP()->BuildConnVal()); - vl->append(new Val(endp->IsOrig(), TYPE_BOOL)); - vl->append(new Val(seq, TYPE_COUNT)); - vl->append(new Val(len, TYPE_COUNT)); - vl->append(new Val(data_in_flight, TYPE_COUNT)); - vl->append(new Val(endp->peer->window, TYPE_COUNT)); + vl->append(val_mgr->GetBool(endp->IsOrig())); + vl->append(val_mgr->GetCount(seq)); + vl->append(val_mgr->GetCount(len)); + vl->append(val_mgr->GetCount(data_in_flight)); + vl->append(val_mgr->GetCount(endp->peer->window)); endp->TCP()->ConnectionEvent(tcp_rexmit, vl); } @@ -2129,13 +2129,13 @@ RecordVal* TCPStats_Endpoint::BuildStats() { RecordVal* stats = new RecordVal(endpoint_stats); - stats->Assign(0, new Val(num_pkts,TYPE_COUNT)); - stats->Assign(1, new Val(num_rxmit,TYPE_COUNT)); - stats->Assign(2, new Val(num_rxmit_bytes,TYPE_COUNT)); - stats->Assign(3, new Val(num_in_order,TYPE_COUNT)); - stats->Assign(4, new Val(num_OO,TYPE_COUNT)); - stats->Assign(5, new Val(num_repl,TYPE_COUNT)); - stats->Assign(6, new Val(endian_type,TYPE_COUNT)); + stats->Assign(0, val_mgr->GetCount(num_pkts)); + stats->Assign(1, val_mgr->GetCount(num_rxmit)); + stats->Assign(2, val_mgr->GetCount(num_rxmit_bytes)); + stats->Assign(3, val_mgr->GetCount(num_in_order)); + stats->Assign(4, val_mgr->GetCount(num_OO)); + stats->Assign(5, val_mgr->GetCount(num_repl)); + stats->Assign(6, val_mgr->GetCount(endian_type)); return stats; } diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index fb736d80f1..7e7b316e10 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -239,7 +239,7 @@ int TCP_Endpoint::DataSent(double t, uint64 seq, int len, int caplen, { val_list* vl = new val_list(); vl->append(Conn()->BuildConnVal()); - vl->append(new Val(IsOrig(), TYPE_BOOL)); + vl->append(val_mgr->GetBool(IsOrig())); vl->append(new StringVal(buf)); tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); } diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 787ffc989c..ef68f621b5 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -38,7 +38,7 @@ TCP_Reassembler::TCP_Reassembler(analyzer::Analyzer* arg_dst_analyzer, if ( ::tcp_contents ) { - auto dst_port_val = port_mgr->Get(ntohs(tcp_analyzer->Conn()->RespPort()), + auto dst_port_val = val_mgr->GetPort(ntohs(tcp_analyzer->Conn()->RespPort()), TRANSPORT_TCP); TableVal* ports = IsOrig() ? tcp_content_delivery_ports_orig : @@ -138,9 +138,9 @@ void TCP_Reassembler::Gap(uint64 seq, uint64 len) { val_list* vl = new val_list; vl->append(dst_analyzer->BuildConnVal()); - vl->append(new Val(IsOrig(), TYPE_BOOL)); - vl->append(new Val(seq, TYPE_COUNT)); - vl->append(new Val(len, TYPE_COUNT)); + vl->append(val_mgr->GetBool(IsOrig())); + vl->append(val_mgr->GetCount(seq)); + vl->append(val_mgr->GetCount(len)); dst_analyzer->ConnectionEvent(content_gap, vl); } @@ -337,7 +337,7 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f) { val_list* vl = new val_list(); vl->append(Endpoint()->Conn()->BuildConnVal()); - vl->append(new Val(IsOrig(), TYPE_BOOL)); + vl->append(val_mgr->GetBool(IsOrig())); vl->append(new StringVal("TCP reassembler content write failure")); tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); } @@ -354,7 +354,7 @@ void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f) { val_list* vl = new val_list(); vl->append(Endpoint()->Conn()->BuildConnVal()); - vl->append(new Val(IsOrig(), TYPE_BOOL)); + vl->append(val_mgr->GetBool(IsOrig())); vl->append(new StringVal("TCP reassembler gap write failure")); tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); } @@ -598,8 +598,8 @@ void TCP_Reassembler::DeliverBlock(uint64 seq, int len, const u_char* data) { val_list* vl = new val_list(); vl->append(tcp_analyzer->BuildConnVal()); - vl->append(new Val(IsOrig(), TYPE_BOOL)); - vl->append(new Val(seq, TYPE_COUNT)); + vl->append(val_mgr->GetBool(IsOrig())); + vl->append(val_mgr->GetCount(seq)); vl->append(new StringVal(len, (const char*) data)); tcp_analyzer->ConnectionEvent(tcp_contents, vl); diff --git a/src/analyzer/protocol/tcp/functions.bif b/src/analyzer/protocol/tcp/functions.bif index 5ae5c5b86f..90c3e5ae2a 100644 --- a/src/analyzer/protocol/tcp/functions.bif +++ b/src/analyzer/protocol/tcp/functions.bif @@ -17,19 +17,18 @@ function get_orig_seq%(cid: conn_id%): count %{ Connection* c = sessions->FindConnection(cid); if ( ! c ) - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); if ( c->ConnTransport() != TRANSPORT_TCP ) - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); analyzer::Analyzer* tc = c->FindAnalyzer("TCP"); if ( tc ) - return new Val(static_cast(tc)->OrigSeq(), - TYPE_COUNT); + return val_mgr->GetCount(static_cast(tc)->OrigSeq()); else { reporter->Error("connection does not have TCP analyzer"); - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); } %} @@ -47,19 +46,18 @@ function get_resp_seq%(cid: conn_id%): count %{ Connection* c = sessions->FindConnection(cid); if ( ! c ) - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); if ( c->ConnTransport() != TRANSPORT_TCP ) - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); analyzer::Analyzer* tc = c->FindAnalyzer("TCP"); if ( tc ) - return new Val(static_cast(tc)->RespSeq(), - TYPE_COUNT); + return val_mgr->GetCount(static_cast(tc)->RespSeq()); else { reporter->Error("connection does not have TCP analyzer"); - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); } %} @@ -98,10 +96,10 @@ function set_contents_file%(cid: conn_id, direction: count, f: file%): bool %{ Connection* c = sessions->FindConnection(cid); if ( ! c ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); c->GetRootAnalyzer()->SetContentsFile(direction, f); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Returns the file handle of the contents file of a connection. diff --git a/src/analyzer/protocol/teredo/Teredo.cc b/src/analyzer/protocol/teredo/Teredo.cc index 3d7fb397fb..7e492093ca 100644 --- a/src/analyzer/protocol/teredo/Teredo.cc +++ b/src/analyzer/protocol/teredo/Teredo.cc @@ -120,8 +120,8 @@ RecordVal* TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const new BroString(auth + 4, id_len, 1))); teredo_auth->Assign(1, new StringVal( new BroString(auth + 4 + id_len, au_len, 1))); - teredo_auth->Assign(2, new Val(nonce, TYPE_COUNT)); - teredo_auth->Assign(3, new Val(conf, TYPE_COUNT)); + teredo_auth->Assign(2, val_mgr->GetCount(nonce)); + teredo_auth->Assign(3, val_mgr->GetCount(conf)); teredo_hdr->Assign(0, teredo_auth); } @@ -130,7 +130,7 @@ RecordVal* TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const RecordVal* teredo_origin = new RecordVal(teredo_origin_type); uint16 port = ntohs(*((uint16*)(origin_indication + 2))) ^ 0xFFFF; uint32 addr = ntohl(*((uint32*)(origin_indication + 4))) ^ 0xFFFFFFFF; - teredo_origin->Assign(0, port_mgr->Get(port, TRANSPORT_UDP)); + teredo_origin->Assign(0, val_mgr->GetPort(port, TRANSPORT_UDP)); teredo_origin->Assign(1, new AddrVal(htonl(addr))); teredo_hdr->Assign(1, teredo_origin); } diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index b3a334b76b..0da1a2bd65 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -110,7 +110,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( udp_contents ) { - auto port_val = port_mgr->Get(ntohs(up->uh_dport), TRANSPORT_UDP); + auto port_val = val_mgr->GetPort(ntohs(up->uh_dport), TRANSPORT_UDP); Val* result = 0; bool do_udp_contents = false; @@ -135,7 +135,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); vl->append(new StringVal(len, (const char*) data)); ConnectionEvent(udp_contents, vl); } @@ -200,14 +200,14 @@ void UDP_Analyzer::UpdateEndpointVal(RecordVal* endp, int is_orig) bro_int_t size = is_orig ? request_len : reply_len; if ( size < 0 ) { - endp->Assign(0, new Val(0, TYPE_COUNT)); - endp->Assign(1, new Val(int(UDP_INACTIVE), TYPE_COUNT)); + endp->Assign(0, val_mgr->GetCount(0)); + endp->Assign(1, val_mgr->GetCount(int(UDP_INACTIVE))); } else { - endp->Assign(0, new Val(size, TYPE_COUNT)); - endp->Assign(1, new Val(int(UDP_ACTIVE), TYPE_COUNT)); + endp->Assign(0, val_mgr->GetCount(size)); + endp->Assign(1, val_mgr->GetCount(int(UDP_ACTIVE))); } } diff --git a/src/bro.bif b/src/bro.bif index a550f0e36a..13b2b9aa2e 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -360,8 +360,8 @@ function setenv%(var: string, val: string%): bool val->AsString()->CheckString(), 1); if ( result < 0 ) - return new Val(0, TYPE_BOOL); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(0); + return val_mgr->GetBool(1); %} ## Shuts down the Bro process immediately. @@ -384,10 +384,10 @@ function exit%(code: int%): any function terminate%(%): bool %{ if ( terminating ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); terminate_processing(); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} %%{ @@ -457,7 +457,7 @@ static int do_system(const char* s) function system%(str: string%): int %{ int result = do_system(str->CheckString()); - return new Val(result, TYPE_INT); + return val_mgr->GetInt(result); %} ## Invokes a command via the ``system`` function of the OS with a prepared @@ -478,17 +478,17 @@ function system_env%(str: string, env: table_string_of_string%): int if ( env->Type()->Tag() != TYPE_TABLE ) { builtin_error("system_env() requires a table argument"); - return new Val(-1, TYPE_INT); + return val_mgr->GetInt(-1); } if ( ! prepare_environment(env->AsTableVal(), true) ) - return new Val(-1, TYPE_INT); + return val_mgr->GetInt(-1); int result = do_system(str->CheckString()); prepare_environment(env->AsTableVal(), false); - return new Val(result, TYPE_INT); + return val_mgr->GetInt(result); %} ## Opens a program with ``popen`` and writes a given string to the returned @@ -509,7 +509,7 @@ function piped_exec%(program: string, to_write: string%): bool if ( ! f ) { reporter->Error("Failed to popen %s", prog); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } const u_char* input_data = to_write->Bytes(); @@ -522,10 +522,10 @@ function piped_exec%(program: string, to_write: string%): bool if ( bytes_written != input_data_len ) { reporter->Error("Failed to write all given data to %s", prog); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} %%{ @@ -699,7 +699,7 @@ function sha256_hash_init%(%): opaque of sha256 function md5_hash_update%(handle: opaque of md5, data: string%): bool %{ bool rc = static_cast(handle)->Feed(data->Bytes(), data->Len()); - return new Val(rc, TYPE_BOOL); + return val_mgr->GetBool(rc); %} ## Updates the SHA1 value associated with a given index. It is required to @@ -718,7 +718,7 @@ function md5_hash_update%(handle: opaque of md5, data: string%): bool function sha1_hash_update%(handle: opaque of sha1, data: string%): bool %{ bool rc = static_cast(handle)->Feed(data->Bytes(), data->Len()); - return new Val(rc, TYPE_BOOL); + return val_mgr->GetBool(rc); %} ## Updates the SHA256 value associated with a given index. It is required to @@ -737,7 +737,7 @@ function sha1_hash_update%(handle: opaque of sha1, data: string%): bool function sha256_hash_update%(handle: opaque of sha256, data: string%): bool %{ bool rc = static_cast(handle)->Feed(data->Bytes(), data->Len()); - return new Val(rc, TYPE_BOOL); + return val_mgr->GetBool(rc); %} ## Returns the final MD5 digest of an incremental hash computation. @@ -806,7 +806,7 @@ function fnv1a32%(input: any%): count rval *= prime32; } - return new Val(rval, TYPE_COUNT); + return val_mgr->GetCount(rval); %} ## Calculates a weight value for use in a Rendezvous Hashing algorithm. @@ -836,7 +836,7 @@ function hrw_weight%(key_digest: count, site_id: count%): count if ( rval < 0 ) rval += m; // [0, 2**31 - 1] - return new Val((uint64) rval, TYPE_COUNT); + return val_mgr->GetCount((uint64) rval); %} ## Generates a random number. @@ -854,7 +854,7 @@ function hrw_weight%(key_digest: count, site_id: count%): count function rand%(max: count%): count %{ auto result = bro_uint_t(double(max) * double(bro_random()) / (RAND_MAX + 1.0)); - return new Val(result, TYPE_COUNT); + return val_mgr->GetCount(result); %} ## Sets the seed for subsequent :bro:id:`rand` calls. @@ -1006,7 +1006,7 @@ function entropy_test_add%(handle: opaque of entropy, data: string%): bool %{ bool status = static_cast(handle)->Feed(data->Bytes(), data->Len()); - return new Val(status, TYPE_BOOL); + return val_mgr->GetBool(status); %} ## Finishes an incremental entropy calculation. Before using this function, @@ -1148,7 +1148,7 @@ function check_subnet%(search: subnet, t: any%): bool void* res = pt->Lookup(search, true); - return new Val (res != nullptr, TYPE_BOOL); + return val_mgr->GetBool(res != nullptr); %} ## Checks whether two objects reference the same internal object. This function @@ -1162,7 +1162,7 @@ function check_subnet%(search: subnet, t: any%): bool ## Returns: True if *o1* and *o2* are equal. function same_object%(o1: any, o2: any%): bool %{ - return new Val(o1 == o2, TYPE_BOOL); + return val_mgr->GetBool(o1 == o2); %} ## Returns the number of bytes that a value occupies in memory. @@ -1172,7 +1172,7 @@ function same_object%(o1: any, o2: any%): bool ## Returns: The number of bytes that *v* occupies. function val_size%(v: any%): count %{ - return new Val(v->MemoryAllocation(), TYPE_COUNT); + return val_mgr->GetCount(v->MemoryAllocation()); %} ## Resizes a vector. @@ -1190,7 +1190,7 @@ function resize%(aggr: any, newsize: count%) : count return 0; } - return new Val(aggr->AsVectorVal()->Resize(newsize), TYPE_COUNT); + return val_mgr->GetCount(aggr->AsVectorVal()->Resize(newsize)); %} ## Tests whether a boolean vector (``vector of bool``) has *any* true @@ -1207,15 +1207,15 @@ function any_set%(v: any%) : bool v->Type()->YieldType()->Tag() != TYPE_BOOL ) { builtin_error("any_set() requires vector of bool"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } VectorVal* vv = v->AsVectorVal(); for ( unsigned int i = 0; i < vv->Size(); ++i ) if ( vv->Lookup(i) && vv->Lookup(i)->AsBool() ) - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); %} ## Tests whether *all* elements of a boolean vector (``vector of bool``) are @@ -1236,15 +1236,15 @@ function all_set%(v: any%) : bool v->Type()->YieldType()->Tag() != TYPE_BOOL ) { builtin_error("all_set() requires vector of bool"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } VectorVal* vv = v->AsVectorVal(); for ( unsigned int i = 0; i < vv->Size(); ++i ) if ( ! vv->Lookup(i) || ! vv->Lookup(i)->AsBool() ) - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} %%{ @@ -1469,7 +1469,7 @@ function order%(v: any, ...%) : index_vec for ( i = 0; i < n; ++i ) { int ind = ind_vv[i]; - result_v->Assign(i, new Val(ind, TYPE_COUNT)); + result_v->Assign(i, val_mgr->GetCount(ind)); } return result_v; @@ -1583,7 +1583,7 @@ function cat_sep%(sep: string, def: string, ...%): string function fmt%(...%): string %{ if ( @ARGC@ == 0 ) - return new StringVal(""); + return val_mgr->GetEmptyString(); Val* fmt_v = @ARG@[0]; @@ -1602,13 +1602,13 @@ function fmt%(...%): string if ( n < @ARGC@ - 1 ) { builtin_error("too many arguments for format", fmt_v); - return new StringVal(""); + return val_mgr->GetEmptyString(); } else if ( n >= @ARGC@ ) { builtin_error("too few arguments for format", fmt_v); - return new StringVal(""); + return val_mgr->GetEmptyString(); } BroString* s = new BroString(1, d.TakeBytes(), d.Len()); @@ -1707,7 +1707,7 @@ function log10%(d: double%): double ## Returns: True if *c* has been received externally. function is_external_connection%(c: connection%) : bool %{ - return new Val(c && c->IsExternal(), TYPE_BOOL); + return val_mgr->GetBool(c && c->IsExternal()); %} ## Returns the ID of the analyzer which raised the current event. @@ -1716,7 +1716,7 @@ function is_external_connection%(c: connection%) : bool ## none. function current_analyzer%(%) : count %{ - return new Val(mgr.CurrentAnalyzer(), TYPE_COUNT); + return val_mgr->GetCount(mgr.CurrentAnalyzer()); %} ## Returns Bro's process ID. @@ -1724,7 +1724,7 @@ function current_analyzer%(%) : count ## Returns: Bro's process ID. function getpid%(%) : count %{ - return new Val(getpid(), TYPE_COUNT); + return val_mgr->GetCount(getpid()); %} %%{ @@ -1790,7 +1790,7 @@ function type_name%(t: any%): string ## .. bro:see:: reading_traces function reading_live_traffic%(%): bool %{ - return new Val(reading_live, TYPE_BOOL); + return val_mgr->GetBool(reading_live); %} ## Checks whether Bro reads traffic from a trace file (as opposed to from a @@ -1801,7 +1801,7 @@ function reading_live_traffic%(%): bool ## .. bro:see:: reading_live_traffic function reading_traces%(%): bool %{ - return new Val(reading_traces, TYPE_BOOL); + return val_mgr->GetBool(reading_traces); %} @@ -1822,8 +1822,7 @@ function global_sizes%(%): var_sizes if ( id->HasVal() && ! id->IsInternalGlobal() ) { Val* id_name = new StringVal(id->Name()); - Val* id_size = new Val(id->ID_Val()->MemoryAllocation(), - TYPE_COUNT); + Val* id_size = val_mgr->GetCount(id->ID_Val()->MemoryAllocation()); sizes->Assign(id_name, id_size); Unref(id_name); } @@ -1853,11 +1852,11 @@ function global_ids%(%): id_table RecordVal* rec = new RecordVal(script_id); rec->Assign(0, new StringVal(type_name(id->Type()->Tag()))); - rec->Assign(1, new Val(id->IsExport(), TYPE_BOOL)); - rec->Assign(2, new Val(id->IsConst(), TYPE_BOOL)); - rec->Assign(3, new Val(id->IsEnumConst(), TYPE_BOOL)); - rec->Assign(4, new Val(id->IsOption(), TYPE_BOOL)); - rec->Assign(5, new Val(id->IsRedefinable(), TYPE_BOOL)); + rec->Assign(1, val_mgr->GetBool(id->IsExport())); + rec->Assign(2, val_mgr->GetBool(id->IsConst())); + rec->Assign(3, val_mgr->GetBool(id->IsEnumConst())); + rec->Assign(4, val_mgr->GetBool(id->IsOption())); + rec->Assign(5, val_mgr->GetBool(id->IsRedefinable())); if ( id->HasVal() ) { @@ -1953,7 +1952,7 @@ function record_fields%(rec: any%): record_field_table else nr->Assign(0, new StringVal(type_name(ft->Tag()))); - nr->Assign(1, new Val(logged, TYPE_BOOL)); + nr->Assign(1, val_mgr->GetBool(logged)); nr->Assign(2, fv); nr->Assign(3, rt->FieldDefault(i)); @@ -1997,7 +1996,7 @@ function do_profiling%(%) : any function is_local_interface%(ip: addr%) : bool %{ if ( ip->AsAddr().IsLoopback() ) - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); list addrs; @@ -2029,10 +2028,10 @@ function is_local_interface%(ip: addr%) : bool for ( it = addrs.begin(); it != addrs.end(); ++it ) { if ( *it == ip->AsAddr() ) - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); } - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); %} ## Write rule matcher statistics (DFA states, transitions, memory usage, cache @@ -2048,7 +2047,7 @@ function dump_rule_stats%(f: file%): bool if ( rule_matcher ) rule_matcher->DumpStats(f); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Checks if Bro is terminating. @@ -2058,7 +2057,7 @@ function dump_rule_stats%(f: file%): bool ## .. bro:see:: terminate function bro_is_terminating%(%): bool %{ - return new Val(terminating, TYPE_BOOL); + return val_mgr->GetBool(terminating); %} ## Returns the hostname of the machine Bro runs on. @@ -2082,9 +2081,9 @@ function gethostname%(%) : string function is_v4_addr%(a: addr%): bool %{ if ( a->AsAddr().GetFamily() == IPv4 ) - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); else - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); %} ## Returns whether an address is IPv6 or not. @@ -2095,9 +2094,9 @@ function is_v4_addr%(a: addr%): bool function is_v6_addr%(a: addr%): bool %{ if ( a->AsAddr().GetFamily() == IPv6 ) - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); else - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); %} ## Returns whether a subnet specification is IPv4 or not. @@ -2108,9 +2107,9 @@ function is_v6_addr%(a: addr%): bool function is_v4_subnet%(s: subnet%): bool %{ if ( s->AsSubNet().Prefix().GetFamily() == IPv4 ) - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); else - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); %} ## Returns whether a subnet specification is IPv6 or not. @@ -2121,9 +2120,9 @@ function is_v4_subnet%(s: subnet%): bool function is_v6_subnet%(s: subnet%): bool %{ if ( s->AsSubNet().Prefix().GetFamily() == IPv6 ) - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); else - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); %} @@ -2178,7 +2177,7 @@ function addr_to_counts%(a: addr%): index_vec int len = a->AsAddr().GetBytes(&bytes); for ( int i = 0; i < len; ++i ) - rval->Assign(i, new Val(ntohl(bytes[i]), TYPE_COUNT)); + rval->Assign(i, val_mgr->GetCount(ntohl(bytes[i]))); return rval; %} @@ -2223,10 +2222,10 @@ function enum_to_int%(e: any%): int if ( e->Type()->Tag() != TYPE_ENUM ) { builtin_error("enum_to_int() requires enum value"); - return new Val(-1, TYPE_INT); + return val_mgr->GetInt(-1); } - return new Val(e->AsEnum(), TYPE_INT); + return val_mgr->GetInt(e->AsEnum()); %} ## Converts a :bro:type:`string` to an :bro:type:`int`. @@ -2250,7 +2249,7 @@ function to_int%(str: string%): int builtin_error("bad conversion to integer", @ARG@[0]); #endif - return new Val(i, TYPE_INT); + return val_mgr->GetInt(i); %} @@ -2266,7 +2265,7 @@ function int_to_count%(n: int%): count builtin_error("bad conversion to count", @ARG@[0]); n = 0; } - return new Val(n, TYPE_COUNT); + return val_mgr->GetCount(n); %} ## Converts a :bro:type:`double` to a :bro:type:`count`. @@ -2281,7 +2280,7 @@ function double_to_count%(d: double%): count if ( d < 0.0 ) builtin_error("bad conversion to count", @ARG@[0]); - return new Val(bro_uint_t(rint(d)), TYPE_COUNT); + return val_mgr->GetCount(bro_uint_t(rint(d))); %} ## Converts a :bro:type:`string` to a :bro:type:`count`. @@ -2305,7 +2304,7 @@ function to_count%(str: string%): count u = 0; } - return new Val(u, TYPE_COUNT); + return val_mgr->GetCount(u); %} ## Converts an :bro:type:`interval` to a :bro:type:`double`. @@ -2365,7 +2364,7 @@ function double_to_interval%(d: double%): interval ## .. bro:see:: count_to_port function port_to_count%(p: port%): count %{ - return new Val(p->Port(), TYPE_COUNT); + return val_mgr->GetCount(p->Port()); %} ## Converts a :bro:type:`count` and ``transport_proto`` to a :bro:type:`port`. @@ -2379,7 +2378,7 @@ function port_to_count%(p: port%): count ## .. bro:see:: port_to_count function count_to_port%(num: count, proto: transport_proto%): port %{ - return port_mgr->Get(num, (TransportProto)proto->AsEnum()); + return val_mgr->GetPort(num, (TransportProto)proto->AsEnum()); %} ## Converts a :bro:type:`string` to an :bro:type:`addr`. @@ -2451,7 +2450,7 @@ function subnet_to_addr%(sn: subnet%): addr ## .. bro:see:: to_subnet function subnet_width%(sn: subnet%): count %{ - return new Val(sn->Width(), TYPE_COUNT); + return val_mgr->GetCount(sn->Width()); %} ## Converts a :bro:type:`string` to a :bro:type:`double`. @@ -2539,16 +2538,16 @@ function to_port%(s: string%): port { ++slash; if ( streq(slash, "tcp") ) - return port_mgr->Get(port, TRANSPORT_TCP); + return val_mgr->GetPort(port, TRANSPORT_TCP); else if ( streq(slash, "udp") ) - return port_mgr->Get(port, TRANSPORT_UDP); + return val_mgr->GetPort(port, TRANSPORT_UDP); else if ( streq(slash, "icmp") ) - return port_mgr->Get(port, TRANSPORT_ICMP); + return val_mgr->GetPort(port, TRANSPORT_ICMP); } } builtin_error("wrong port format, must be /[0-9]{1,5}\\/(tcp|udp|icmp)/"); - return port_mgr->Get(port, TRANSPORT_UNKNOWN); + return val_mgr->GetPort(port, TRANSPORT_UNKNOWN); %} ## Converts a string of bytes (in network byte order) to a :bro:type:`double`. @@ -2595,7 +2594,7 @@ function bytestring_to_count%(s: string, is_le: bool &default=F%): count { uint8 value = 0; memcpy(&value, p, sizeof(uint8)); - return new Val(value, TYPE_COUNT); + return val_mgr->GetCount(value); } case sizeof(uint16): @@ -2615,7 +2614,7 @@ function bytestring_to_count%(s: string, is_le: bool &default=F%): count else memcpy(&value, p, sizeof(uint16)); - return new Val(value, TYPE_COUNT); + return val_mgr->GetCount(value); } case sizeof(uint32): @@ -2635,7 +2634,7 @@ function bytestring_to_count%(s: string, is_le: bool &default=F%): count else memcpy(&value, p, sizeof(uint32)); - return new Val(value, TYPE_COUNT); + return val_mgr->GetCount(value); } case sizeof(uint64): @@ -2655,12 +2654,12 @@ function bytestring_to_count%(s: string, is_le: bool &default=F%): count else memcpy(&value, p, sizeof(uint64)); - return new Val(value, TYPE_COUNT); + return val_mgr->GetCount(value); } } builtin_error("unsupported byte length for bytestring_to_count"); - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); %} ## Converts a reverse pointer name to an address. For example, @@ -2778,7 +2777,7 @@ function hexstr_to_bytestring%(hexstr: string%): string if ( len % 2 != 0 ) { reporter->Error("Hex string '%s' has invalid length (not divisible by 2)", hexstr->CheckString()); - return new StringVal(""); + return val_mgr->GetEmptyString(); } const char* bytes = hexstr->AsString()->CheckString(); @@ -2793,13 +2792,13 @@ function hexstr_to_bytestring%(hexstr: string%): string if ( res == EOF ) { reporter->Error("Hex string %s contains invalid input: %s", hexstr->CheckString(), strerror(errno)); - return new StringVal(""); + return val_mgr->GetEmptyString(); } else if ( res != 1 ) { reporter->Error("Could not read hex element from input %s", hexstr->CheckString()); - return new StringVal(""); + return val_mgr->GetEmptyString(); } } @@ -2825,7 +2824,7 @@ function encode_base64%(s: string, a: string &default=""%): string else { reporter->Error("Broker query has an invalid data store"); - return new StringVal(""); + return val_mgr->GetEmptyString(); } %} @@ -2848,7 +2847,7 @@ function encode_base64_custom%(s: string, a: string%): string &deprecated else { reporter->Error("error in encoding string %s", s->CheckString()); - return new StringVal(""); + return val_mgr->GetEmptyString(); } %} @@ -2870,7 +2869,7 @@ function decode_base64%(s: string, a: string &default=""%): string else { reporter->Error("error in decoding string %s", s->CheckString()); - return new StringVal(""); + return val_mgr->GetEmptyString(); } %} @@ -2894,7 +2893,7 @@ function decode_base64_conn%(cid: conn_id, s: string, a: string &default=""%): s if ( ! conn ) { builtin_error("connection ID not a known connection", cid); - return new StringVal(""); + return val_mgr->GetEmptyString(); } BroString* t = decode_base64(s->AsString(), a->AsString(), conn); @@ -2903,7 +2902,7 @@ function decode_base64_conn%(cid: conn_id, s: string, a: string &default=""%): s else { reporter->Error("error in decoding string %s", s->CheckString()); - return new StringVal(""); + return val_mgr->GetEmptyString(); } %} @@ -2925,7 +2924,7 @@ function decode_base64_custom%(s: string, a: string%): string &deprecated else { reporter->Error("error in decoding string %s", s->CheckString()); - return new StringVal(""); + return val_mgr->GetEmptyString(); } %} @@ -3178,7 +3177,7 @@ function remask_addr%(a1: addr, a2: addr, top_bits_from_a1: count%): addr ## .. bro:see:: is_udp_port is_icmp_port function is_tcp_port%(p: port%): bool %{ - return new Val(p->IsTCP(), TYPE_BOOL); + return val_mgr->GetBool(p->IsTCP()); %} ## Checks whether a given :bro:type:`port` has UDP as transport protocol. @@ -3190,7 +3189,7 @@ function is_tcp_port%(p: port%): bool ## .. bro:see:: is_icmp_port is_tcp_port function is_udp_port%(p: port%): bool %{ - return new Val(p->IsUDP(), TYPE_BOOL); + return val_mgr->GetBool(p->IsUDP()); %} ## Checks whether a given :bro:type:`port` has ICMP as transport protocol. @@ -3202,7 +3201,7 @@ function is_udp_port%(p: port%): bool ## .. bro:see:: is_tcp_port is_udp_port function is_icmp_port%(p: port%): bool %{ - return new Val(p->IsICMP(), TYPE_BOOL); + return val_mgr->GetBool(p->IsICMP()); %} %%{ @@ -3210,19 +3209,19 @@ EnumVal* map_conn_type(TransportProto tp) { switch ( tp ) { case TRANSPORT_UNKNOWN: - return new EnumVal(0, transport_proto); + return transport_proto->GetVal(0); break; case TRANSPORT_TCP: - return new EnumVal(1, transport_proto); + return transport_proto->GetVal(1); break; case TRANSPORT_UDP: - return new EnumVal(2, transport_proto); + return transport_proto->GetVal(2); break; case TRANSPORT_ICMP: - return new EnumVal(3, transport_proto); + return transport_proto->GetVal(3); break; default: @@ -3249,7 +3248,7 @@ function get_conn_transport_proto%(cid: conn_id%): transport_proto if ( ! c ) { builtin_error("unknown connection id in get_conn_transport_proto()", cid); - return new EnumVal(0, transport_proto); + return transport_proto->GetVal(0); } return map_conn_type(c->ConnTransport()); @@ -3278,9 +3277,9 @@ function get_port_transport_proto%(p: port%): transport_proto function connection_exists%(c: conn_id%): bool %{ if ( sessions->FindConnection(c) ) - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); else - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); %} ## Returns the :bro:type:`connection` record for a given connection identifier. @@ -3305,18 +3304,18 @@ function lookup_connection%(cid: conn_id%): connection RecordVal* id_val = new RecordVal(conn_id); id_val->Assign(0, new AddrVal((unsigned int) 0)); - id_val->Assign(1, port_mgr->Get(ntohs(0), TRANSPORT_UDP)); + id_val->Assign(1, val_mgr->GetPort(ntohs(0), TRANSPORT_UDP)); id_val->Assign(2, new AddrVal((unsigned int) 0)); - id_val->Assign(3, port_mgr->Get(ntohs(0), TRANSPORT_UDP)); + id_val->Assign(3, val_mgr->GetPort(ntohs(0), TRANSPORT_UDP)); c->Assign(0, id_val); RecordVal* orig_endp = new RecordVal(endpoint); - orig_endp->Assign(0, new Val(0, TYPE_COUNT)); - orig_endp->Assign(1, new Val(int(0), TYPE_COUNT)); + orig_endp->Assign(0, val_mgr->GetCount(0)); + orig_endp->Assign(1, val_mgr->GetCount(int(0))); RecordVal* resp_endp = new RecordVal(endpoint); - resp_endp->Assign(0, new Val(0, TYPE_COUNT)); - resp_endp->Assign(1, new Val(int(0), TYPE_COUNT)); + resp_endp->Assign(0, val_mgr->GetCount(0)); + resp_endp->Assign(1, val_mgr->GetCount(int(0))); c->Assign(1, orig_endp); c->Assign(2, resp_endp); @@ -3324,7 +3323,7 @@ function lookup_connection%(cid: conn_id%): connection c->Assign(3, new Val(network_time, TYPE_TIME)); c->Assign(4, new Val(0.0, TYPE_INTERVAL)); c->Assign(5, new TableVal(string_set)); // service - c->Assign(6, new StringVal("")); // history + c->Assign(6, val_mgr->GetEmptyString()); // history return c; %} @@ -3358,7 +3357,7 @@ function dump_current_packet%(file_name: string%) : bool if ( ! current_pktsrc || ! current_pktsrc->GetCurrentPacket(&pkt) ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); if ( addl_pkt_dumper && addl_pkt_dumper->Path() != file_name->CheckString()) { @@ -3374,7 +3373,7 @@ function dump_current_packet%(file_name: string%) : bool addl_pkt_dumper->Dump(pkt); } - return new Val( addl_pkt_dumper && ! addl_pkt_dumper->IsError(), TYPE_BOOL); + return val_mgr->GetBool( addl_pkt_dumper && ! addl_pkt_dumper->IsError()); %} ## Returns the currently processed PCAP packet. @@ -3391,21 +3390,21 @@ function get_current_packet%(%) : pcap_packet if ( ! current_pktsrc || ! current_pktsrc->GetCurrentPacket(&p) ) { - pkt->Assign(0, new Val(0, TYPE_COUNT)); - pkt->Assign(1, new Val(0, TYPE_COUNT)); - pkt->Assign(2, new Val(0, TYPE_COUNT)); - pkt->Assign(3, new Val(0, TYPE_COUNT)); - pkt->Assign(4, new StringVal("")); - pkt->Assign(5, new EnumVal(BifEnum::LINK_UNKNOWN, BifType::Enum::link_encap)); + pkt->Assign(0, val_mgr->GetCount(0)); + pkt->Assign(1, val_mgr->GetCount(0)); + pkt->Assign(2, val_mgr->GetCount(0)); + pkt->Assign(3, val_mgr->GetCount(0)); + pkt->Assign(4, val_mgr->GetEmptyString()); + pkt->Assign(5, BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN)); return pkt; } - pkt->Assign(0, new Val(uint32(p->ts.tv_sec), TYPE_COUNT)); - pkt->Assign(1, new Val(uint32(p->ts.tv_usec), TYPE_COUNT)); - pkt->Assign(2, new Val(p->cap_len, TYPE_COUNT)); - pkt->Assign(3, new Val(p->len, TYPE_COUNT)); + pkt->Assign(0, val_mgr->GetCount(uint32(p->ts.tv_sec))); + pkt->Assign(1, val_mgr->GetCount(uint32(p->ts.tv_usec))); + pkt->Assign(2, val_mgr->GetCount(p->cap_len)); + pkt->Assign(3, val_mgr->GetCount(p->len)); pkt->Assign(4, new StringVal(p->cap_len, (const char*)p->data)); - pkt->Assign(5, new EnumVal(p->link_type, BifType::Enum::link_encap)); + pkt->Assign(5, BifType::Enum::link_encap->GetVal(p->link_type)); return pkt; %} @@ -3469,7 +3468,7 @@ function dump_packet%(pkt: pcap_packet, file_name: string%) : bool addl_pkt_dumper->Dump(&p); } - return new Val(addl_pkt_dumper && ! addl_pkt_dumper->IsError(), TYPE_BOOL); + return val_mgr->GetBool(addl_pkt_dumper && ! addl_pkt_dumper->IsError()); %} %%{ @@ -3857,7 +3856,7 @@ static Val* mmdb_getvalue(MMDB_entry_data_s* entry_data, int status, break; case MMDB_DATA_TYPE_UINT32: - return new Val(entry_data->uint32, TYPE_COUNT); + return val_mgr->GetCount(entry_data->uint32); default: break; @@ -3939,9 +3938,9 @@ static bool mmdb_try_open_asn () function mmdb_open_location_db%(f: string%) : bool %{ #ifdef USE_GEOIP - return new Val(mmdb_open_loc(f->CheckString()), TYPE_BOOL); + return val_mgr->GetBool(mmdb_open_loc(f->CheckString())); #else - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); #endif %} @@ -3956,9 +3955,9 @@ function mmdb_open_location_db%(f: string%) : bool function mmdb_open_asn_db%(f: string%) : bool %{ #ifdef USE_GEOIP - return new Val(mmdb_open_asn(f->CheckString()), TYPE_BOOL); + return val_mgr->GetBool(mmdb_open_asn(f->CheckString())); #else - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); #endif %} @@ -4069,7 +4068,7 @@ function lookup_asn%(a: addr%) : count builtin_error("Failed to open GeoIP ASN database"); } - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); } } @@ -4084,7 +4083,7 @@ function lookup_asn%(a: addr%) : count status = MMDB_get_value(&result.entry, &entry_data, "autonomous_system_number", nullptr); Val* asn = mmdb_getvalue(&entry_data, status, MMDB_DATA_TYPE_UINT32); - return asn == nullptr ? new Val(0, TYPE_COUNT) : asn; + return asn == nullptr ? val_mgr->GetCount(0) : asn; } #else // not USE_GEOIP @@ -4100,7 +4099,7 @@ function lookup_asn%(a: addr%) : count // We can get here even if we have GeoIP support, if we weren't // able to initialize it or it didn't return any information for // the address. - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); %} ## Calculates distance between two geographic locations using the haversine @@ -4251,7 +4250,7 @@ function disable_analyzer%(cid: conn_id, aid: count, err_if_no_conn: bool &defau if ( ! c ) { reporter->Error("cannot find connection"); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } analyzer::Analyzer* a = c->FindAnalyzer(aid); @@ -4259,11 +4258,11 @@ function disable_analyzer%(cid: conn_id, aid: count, err_if_no_conn: bool &defau { if ( err_if_no_conn ) reporter->Error("connection does not have analyzer specified to disable"); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } a->Remove(); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Informs Bro that it should skip any further processing of the contents of @@ -4284,10 +4283,10 @@ function skip_further_processing%(cid: conn_id%): bool %{ Connection* c = sessions->FindConnection(cid); if ( ! c ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); c->SetSkip(1); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Controls whether packet contents belonging to a connection should be @@ -4314,10 +4313,10 @@ function set_record_packets%(cid: conn_id, do_record: bool%): bool %{ Connection* c = sessions->FindConnection(cid); if ( ! c ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); c->SetRecordPackets(do_record); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Sets an individual inactivity timeout for a connection and thus @@ -4332,7 +4331,7 @@ function set_inactivity_timeout%(cid: conn_id, t: interval%): interval %{ Connection* c = sessions->FindConnection(cid); if ( ! c ) - return new Val(0, TYPE_INTERVAL); + return new Val(0.0, TYPE_INTERVAL); double old_timeout = c->InactivityTimeout(); c->SetInactivityTimeout(t); @@ -4392,7 +4391,7 @@ function open_for_append%(f: string%): file ## rmdir unlink rename function close%(f: file%): bool %{ - return new Val(f->Close(), TYPE_BOOL); + return val_mgr->GetBool(f->Close()); %} ## Writes data to an open file. @@ -4409,10 +4408,9 @@ function close%(f: file%): bool function write_file%(f: file, data: string%): bool %{ if ( ! f ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); - return new Val(f->Write((const char*) data->Bytes(), data->Len()), - TYPE_BOOL); + return val_mgr->GetBool(f->Write((const char*) data->Bytes(), data->Len())); %} ## Alters the buffering behavior of a file. @@ -4430,7 +4428,7 @@ function write_file%(f: file, data: string%): bool function set_buf%(f: file, buffered: bool%): any %{ f->SetBuf(buffered); - return new Val(0, TYPE_VOID); + return val_mgr->GetTrue(); %} ## Flushes all open files to disk. @@ -4442,7 +4440,7 @@ function set_buf%(f: file, buffered: bool%): any ## rmdir unlink rename function flush_all%(%): bool %{ - return new Val(fflush(0) == 0, TYPE_BOOL); + return val_mgr->GetBool(fflush(0) == 0); %} ## Creates a new directory. @@ -4466,14 +4464,14 @@ function mkdir%(f: string%): bool // check if already exists and is directory. if ( errno == EEXIST && stat(filename, &filestat) == 0 && S_ISDIR(filestat.st_mode) ) - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); builtin_error(fmt("cannot create directory '%s': %s", filename, strerror(error))); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } else - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} @@ -4495,10 +4493,10 @@ function rmdir%(d: string%): bool { builtin_error(fmt("cannot remove directory '%s': %s", dirname, strerror(errno))); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } else - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Removes a file from a directory. @@ -4519,10 +4517,10 @@ function unlink%(f: string%): bool { builtin_error(fmt("cannot unlink file '%s': %s", filename, strerror(errno))); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } else - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Renames a file from src_f to dst_f. @@ -4545,10 +4543,10 @@ function rename%(src_f: string, dst_f: string%): bool { builtin_error(fmt("cannot rename file '%s' to '%s': %s", src_filename, dst_filename, strerror(errno))); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } else - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Checks whether a given file is open. @@ -4560,7 +4558,7 @@ function rename%(src_f: string, dst_f: string%): bool ## .. todo:: Rename to ``is_open``. function active_file%(f: file%): bool %{ - return new Val(f->IsOpen(), TYPE_BOOL); + return val_mgr->GetBool(f->IsOpen()); %} ## Gets the filename associated with a file handle. @@ -4573,7 +4571,7 @@ function active_file%(f: file%): bool function get_file_name%(f: file%): string %{ if ( ! f ) - return new StringVal(""); + return val_mgr->GetEmptyString(); return new StringVal(f->Name()); %} @@ -4594,10 +4592,10 @@ function rotate_file%(f: file%): rotate_info // Record indicating error. info = new RecordVal(rotate_info); - info->Assign(0, new StringVal("")); - info->Assign(1, new StringVal("")); - info->Assign(2, new Val(0, TYPE_TIME)); - info->Assign(3, new Val(0, TYPE_TIME)); + info->Assign(0, val_mgr->GetEmptyString()); + info->Assign(1, val_mgr->GetEmptyString()); + info->Assign(2, new Val(0.0, TYPE_TIME)); + info->Assign(3, new Val(0.0, TYPE_TIME)); return info; %} @@ -4635,10 +4633,10 @@ function rotate_file_by_name%(f: string%): rotate_info if ( ! file ) { // Record indicating error. - info->Assign(0, new StringVal("")); - info->Assign(1, new StringVal("")); - info->Assign(2, new Val(0, TYPE_TIME)); - info->Assign(3, new Val(0, TYPE_TIME)); + info->Assign(0, val_mgr->GetEmptyString()); + info->Assign(1, val_mgr->GetEmptyString()); + info->Assign(2, new Val(0.0, TYPE_TIME)); + info->Assign(3, new Val(0.0, TYPE_TIME)); return info; } @@ -4751,7 +4749,7 @@ function enable_raw_output%(f: file%): any function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool %{ sessions->GetPacketFilter()->AddSrc(ip->AsAddr(), tcp_flags, prob); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Installs a filter to drop packets originating from a given subnet with @@ -4781,7 +4779,7 @@ function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) : bool %{ sessions->GetPacketFilter()->AddSrc(snet, tcp_flags, prob); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Removes a source address filter. @@ -4802,7 +4800,7 @@ function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## Pcap::error function uninstall_src_addr_filter%(ip: addr%) : bool %{ - return new Val(sessions->GetPacketFilter()->RemoveSrc(ip->AsAddr()), TYPE_BOOL); + return val_mgr->GetBool(sessions->GetPacketFilter()->RemoveSrc(ip->AsAddr())); %} ## Removes a source subnet filter. @@ -4823,7 +4821,7 @@ function uninstall_src_addr_filter%(ip: addr%) : bool ## Pcap::error function uninstall_src_net_filter%(snet: subnet%) : bool %{ - return new Val(sessions->GetPacketFilter()->RemoveSrc(snet), TYPE_BOOL); + return val_mgr->GetBool(sessions->GetPacketFilter()->RemoveSrc(snet)); %} ## Installs a filter to drop packets destined to a given IP address with @@ -4856,7 +4854,7 @@ function uninstall_src_net_filter%(snet: subnet%) : bool function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool %{ sessions->GetPacketFilter()->AddDst(ip->AsAddr(), tcp_flags, prob); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Installs a filter to drop packets destined to a given subnet with @@ -4886,7 +4884,7 @@ function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) : bool %{ sessions->GetPacketFilter()->AddDst(snet, tcp_flags, prob); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Removes a destination address filter. @@ -4907,7 +4905,7 @@ function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## Pcap::error function uninstall_dst_addr_filter%(ip: addr%) : bool %{ - return new Val(sessions->GetPacketFilter()->RemoveDst(ip->AsAddr()), TYPE_BOOL); + return val_mgr->GetBool(sessions->GetPacketFilter()->RemoveDst(ip->AsAddr())); %} ## Removes a destination subnet filter. @@ -4928,7 +4926,7 @@ function uninstall_dst_addr_filter%(ip: addr%) : bool ## Pcap::error function uninstall_dst_net_filter%(snet: subnet%) : bool %{ - return new Val(sessions->GetPacketFilter()->RemoveDst(snet), TYPE_BOOL); + return val_mgr->GetBool(sessions->GetPacketFilter()->RemoveDst(snet)); %} # =========================================================================== @@ -4966,7 +4964,7 @@ function enable_communication%(%): any &deprecated ## .. bro:see:: rescan_state function checkpoint_state%(%) : bool %{ - return new Val(persistence_serializer->WriteState(true), TYPE_BOOL); + return val_mgr->GetBool(persistence_serializer->WriteState(true)); %} ## Reads persistent state and populates the in-memory data structures @@ -4978,7 +4976,7 @@ function checkpoint_state%(%) : bool ## .. bro:see:: checkpoint_state function rescan_state%(%) : bool %{ - return new Val(persistence_serializer->ReadAll(false, true), TYPE_BOOL); + return val_mgr->GetBool(persistence_serializer->ReadAll(false, true)); %} ## Writes the binary event stream generated by the core to a given file. @@ -4996,8 +4994,8 @@ function capture_events%(filename: string%) : bool else event_serializer->Close(); - return new Val(event_serializer->Open( - (const char*) filename->CheckString()), TYPE_BOOL); + return val_mgr->GetBool(event_serializer->Open( + (const char*) filename->CheckString())); %} ## Writes state updates generated by :bro:attr:`&synchronized` variables to a @@ -5015,8 +5013,8 @@ function capture_state_updates%(filename: string%) : bool else state_serializer->Close(); - return new Val(state_serializer->Open( - (const char*) filename->CheckString()), TYPE_BOOL); + return val_mgr->GetBool(state_serializer->Open( + (const char*) filename->CheckString())); %} ## Establishes a connection to a remote Bro or Broccoli instance. @@ -5052,10 +5050,9 @@ function capture_state_updates%(filename: string%) : bool ## send_id function connect%(ip: addr, zone_id: string, p: port, our_class: string, retry: interval, ssl: bool%) : count &deprecated %{ - return new Val(uint32(remote_serializer->Connect(ip->AsAddr(), + return val_mgr->GetCount(uint32(remote_serializer->Connect(ip->AsAddr(), zone_id->CheckString(), p->Port(), our_class->CheckString(), - retry, ssl)), - TYPE_COUNT); + retry, ssl))); %} ## Terminate the connection with a peer. @@ -5068,7 +5065,7 @@ function connect%(ip: addr, zone_id: string, p: port, our_class: string, retry: function disconnect%(p: event_peer%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return new Val(remote_serializer->CloseConnection(id), TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->CloseConnection(id)); %} ## Subscribes to all events from a remote peer whose names match a given @@ -5086,8 +5083,7 @@ function disconnect%(p: event_peer%) : bool &deprecated function request_remote_events%(p: event_peer, handlers: pattern%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return new Val(remote_serializer->RequestEvents(id, handlers), - TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->RequestEvents(id, handlers)); %} ## Requests synchronization of IDs with a remote peer. @@ -5105,7 +5101,7 @@ function request_remote_events%(p: event_peer, handlers: pattern%) : bool &depre function request_remote_sync%(p: event_peer, auth: bool%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return new Val(remote_serializer->RequestSync(id, auth), TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->RequestSync(id, auth)); %} ## Requests logs from a remote peer. @@ -5119,7 +5115,7 @@ function request_remote_sync%(p: event_peer, auth: bool%) : bool &deprecated function request_remote_logs%(p: event_peer%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return new Val(remote_serializer->RequestLogs(id), TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->RequestLogs(id)); %} ## Sets a boolean flag indicating whether Bro accepts state from a remote peer. @@ -5136,8 +5132,7 @@ function request_remote_logs%(p: event_peer%) : bool &deprecated function set_accept_state%(p: event_peer, accept: bool%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return new Val(remote_serializer->SetAcceptState(id, accept), - TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->SetAcceptState(id, accept)); %} ## Sets the compression level of the session with a remote peer. @@ -5153,8 +5148,7 @@ function set_accept_state%(p: event_peer, accept: bool%) : bool &deprecated function set_compression_level%(p: event_peer, level: count%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return new Val(remote_serializer->SetCompressionLevel(id, level), - TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->SetCompressionLevel(id, level)); %} ## Listens on a given IP address and port for remote connections. @@ -5179,7 +5173,7 @@ function set_compression_level%(p: event_peer, level: count%) : bool &deprecated ## .. bro:see:: connect disconnect function listen%(ip: addr, p: port, ssl: bool, ipv6: bool, zone_id: string, retry_interval: interval%) : bool &deprecated %{ - return new Val(remote_serializer->Listen(ip->AsAddr(), p->Port(), ssl, ipv6, zone_id->CheckString(), retry_interval), TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->Listen(ip->AsAddr(), p->Port(), ssl, ipv6, zone_id->CheckString(), retry_interval)); %} ## Checks whether the last raised event came from a remote peer. @@ -5187,7 +5181,7 @@ function listen%(ip: addr, p: port, ssl: bool, ipv6: bool, zone_id: string, retr ## Returns: True if the last raised event came from a remote peer. function is_remote_event%(%) : bool %{ - return new Val(mgr.CurrentSource() != SOURCE_LOCAL, TYPE_BOOL); + return val_mgr->GetBool(mgr.CurrentSource() != SOURCE_LOCAL); %} ## Sends all persistent state to a remote peer. @@ -5200,7 +5194,7 @@ function is_remote_event%(%) : bool function send_state%(p: event_peer%) : bool %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return new Val(persistence_serializer->SendState(id, true), TYPE_BOOL); + return val_mgr->GetBool(persistence_serializer->SendState(id, true)); %} ## Sends a global identifier to a remote peer, which then might install it @@ -5221,11 +5215,11 @@ function send_id%(p: event_peer, id: string%) : bool &deprecated if ( ! i ) { reporter->Error("send_id: no global id %s", id->CheckString()); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } SerialInfo info(remote_serializer); - return new Val(remote_serializer->SendID(&info, pid, *i), TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->SendID(&info, pid, *i)); %} ## Gracefully finishes communication by first making sure that all remaining @@ -5234,7 +5228,7 @@ function send_id%(p: event_peer, id: string%) : bool &deprecated ## Returns: True if the termination process has been started successfully. function terminate_communication%(%) : bool &deprecated %{ - return new Val(remote_serializer->Terminate(), TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->Terminate()); %} ## Signals a remote peer that the local Bro instance finished the initial @@ -5246,7 +5240,7 @@ function terminate_communication%(%) : bool &deprecated function complete_handshake%(p: event_peer%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return new Val(remote_serializer->CompleteHandshake(id), TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->CompleteHandshake(id)); %} ## Sends a ping event to a remote peer. In combination with an event handler @@ -5263,7 +5257,7 @@ function complete_handshake%(p: event_peer%) : bool &deprecated function send_ping%(p: event_peer, seq: count%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return new Val(remote_serializer->SendPing(id, seq), TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->SendPing(id, seq)); %} ## Sends the currently processed packet to a remote peer. @@ -5280,12 +5274,12 @@ function send_current_packet%(p: event_peer%) : bool &deprecated if ( ! current_pktsrc || ! current_pktsrc->GetCurrentPacket(&pkt) ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); SerialInfo info(remote_serializer); - return new Val(remote_serializer->SendPacket(&info, id, *pkt), TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->SendPacket(&info, id, *pkt)); %} ## Returns the peer who generated the last event. @@ -5355,7 +5349,7 @@ function get_local_event_peer%(%) : event_peer &deprecated function send_capture_filter%(p: event_peer, s: string%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return new Val(remote_serializer->SendCaptureFilter(id, s->CheckString()), TYPE_BOOL); + return val_mgr->GetBool(remote_serializer->SendCaptureFilter(id, s->CheckString())); %} ## Stops Bro's packet processing. This function is used to synchronize @@ -5411,12 +5405,12 @@ function match_signatures%(c: connection, pattern_type: int, s: string, from_orig: bool, clear: bool%) : bool %{ if ( ! rule_matcher ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); c->Match((Rule::PatternType) pattern_type, s->Bytes(), s->Len(), from_orig, bol, eol, clear); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} # =========================================================================== diff --git a/src/broker/Data.cc b/src/broker/Data.cc index b27a33d5ef..754a51390b 100644 --- a/src/broker/Data.cc +++ b/src/broker/Data.cc @@ -59,23 +59,23 @@ struct val_converter { result_type operator()(bool a) { if ( type->Tag() == TYPE_BOOL ) - return new Val(a, TYPE_BOOL); + return val_mgr->GetBool(a); return nullptr; } result_type operator()(uint64_t a) { if ( type->Tag() == TYPE_COUNT ) - return new Val(a, TYPE_COUNT); + return val_mgr->GetCount(a); if ( type->Tag() == TYPE_COUNTER ) - return new Val(a, TYPE_COUNTER); + return val_mgr->GetCount(a); return nullptr; } result_type operator()(int64_t a) { if ( type->Tag() == TYPE_INT ) - return new Val(a, TYPE_INT); + return val_mgr->GetInt(a); return nullptr; } @@ -164,7 +164,7 @@ struct val_converter { result_type operator()(broker::port& a) { if ( type->Tag() == TYPE_PORT ) - return port_mgr->Get(a.number(), bro_broker::to_bro_port_proto(a.type())); + return val_mgr->GetPort(a.number(), bro_broker::to_bro_port_proto(a.type())); return nullptr; } @@ -199,7 +199,7 @@ struct val_converter { if ( i == -1 ) return nullptr; - return new EnumVal(i, etype); + return etype->GetVal(i); } return nullptr; @@ -1027,86 +1027,72 @@ struct data_type_getter { result_type operator()(broker::none) { - return new EnumVal(BifEnum::Broker::NONE, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::NONE); } result_type operator()(bool) { - return new EnumVal(BifEnum::Broker::BOOL, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::BOOL); } result_type operator()(uint64_t) { - return new EnumVal(BifEnum::Broker::COUNT, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::COUNT); } result_type operator()(int64_t) { - return new EnumVal(BifEnum::Broker::INT, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INT); } result_type operator()(double) { - return new EnumVal(BifEnum::Broker::DOUBLE, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::DOUBLE); } result_type operator()(const std::string&) { - return new EnumVal(BifEnum::Broker::STRING, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::STRING); } result_type operator()(const broker::address&) { - return new EnumVal(BifEnum::Broker::ADDR, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ADDR); } result_type operator()(const broker::subnet&) { - return new EnumVal(BifEnum::Broker::SUBNET, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SUBNET); } result_type operator()(const broker::port&) { - return new EnumVal(BifEnum::Broker::PORT, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::PORT); } result_type operator()(const broker::timestamp&) { - return new EnumVal(BifEnum::Broker::TIME, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TIME); } result_type operator()(const broker::timespan&) { - return new EnumVal(BifEnum::Broker::INTERVAL, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INTERVAL); } result_type operator()(const broker::enum_value&) { - return new EnumVal(BifEnum::Broker::ENUM, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ENUM); } result_type operator()(const broker::set&) { - return new EnumVal(BifEnum::Broker::SET, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SET); } result_type operator()(const broker::table&) { - return new EnumVal(BifEnum::Broker::TABLE, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TABLE); } result_type operator()(const broker::vector&) @@ -1114,8 +1100,7 @@ struct data_type_getter { // Note that Broker uses vectors to store record data, so there's // no actual way to tell if this data was originally associated // with a Bro record. - return new EnumVal(BifEnum::Broker::VECTOR, - BifType::Enum::Broker::DataType); + return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::VECTOR); } }; diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 39abeb126f..ccbe25de95 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -1212,14 +1212,14 @@ void Manager::ProcessStatus(broker::status stat) if ( ctx->network ) { network_info->Assign(0, new StringVal(ctx->network->address.data())); - network_info->Assign(1, port_mgr->Get(ctx->network->port, TRANSPORT_TCP)); + network_info->Assign(1, val_mgr->GetPort(ctx->network->port, TRANSPORT_TCP)); } else { // TODO: are there any status messages where the ctx->network // is not set and actually could be? network_info->Assign(0, new StringVal("")); - network_info->Assign(1, port_mgr->Get(0, TRANSPORT_TCP)); + network_info->Assign(1, val_mgr->GetPort(0, TRANSPORT_TCP)); } endpoint_info->Assign(1, network_info); @@ -1310,7 +1310,7 @@ void Manager::ProcessError(broker::error err) } auto vl = new val_list; - vl->append(new EnumVal(ec, BifType::Enum::Broker::ErrorCode)); + vl->append(BifType::Enum::Broker::ErrorCode->GetVal(ec)); vl->append(new StringVal(msg)); mgr.QueueEvent(Broker::error, vl); } diff --git a/src/broker/Store.h b/src/broker/Store.h index 628a678f45..1df60584fd 100644 --- a/src/broker/Store.h +++ b/src/broker/Store.h @@ -32,7 +32,7 @@ inline EnumVal* query_status(bool success) failure_val = store_query_status->Lookup("Broker", "FAILURE"); } - return new EnumVal(success ? success_val : failure_val, store_query_status); + return store_query_status->GetVal(success ? success_val : failure_val); } /** diff --git a/src/broker/comm.bif b/src/broker/comm.bif index ce9862c141..19be90befc 100644 --- a/src/broker/comm.bif +++ b/src/broker/comm.bif @@ -56,11 +56,11 @@ function Broker::__listen%(a: string, p: port%): port if ( ! p->IsTCP() ) { builtin_error("listen port must use tcp"); - return port_mgr->Get(0, TRANSPORT_UNKNOWN); + return val_mgr->GetPort(0, TRANSPORT_UNKNOWN); } auto rval = broker_mgr->Listen(a->Len() ? a->CheckString() : "", p->Port()); - return port_mgr->Get(rval, TRANSPORT_TCP); + return val_mgr->GetPort(rval, TRANSPORT_TCP); %} function Broker::__peer%(a: string, p: port, retry: interval%): bool @@ -70,11 +70,11 @@ function Broker::__peer%(a: string, p: port, retry: interval%): bool if ( ! p->IsTCP() ) { builtin_error("remote connection port must use tcp"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } broker_mgr->Peer(a->CheckString(), p->Port(), retry); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__unpeer%(a: string, p: port%): bool @@ -84,11 +84,11 @@ function Broker::__unpeer%(a: string, p: port%): bool if ( ! p->IsTCP() ) { builtin_error("remote connection port must use tcp"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } broker_mgr->Unpeer(a->CheckString(), p->Port()); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__peers%(%): PeerInfos @@ -110,12 +110,12 @@ function Broker::__peers%(%): PeerInfos if ( n ) { network_info->Assign(0, new AddrVal(IPAddr(n->address))); - network_info->Assign(1, port_mgr->Get(n->port, TRANSPORT_TCP)); + network_info->Assign(1, val_mgr->GetPort(n->port, TRANSPORT_TCP)); } else { network_info->Assign(0, new AddrVal("0.0.0.0")); - network_info->Assign(1, port_mgr->Get(0, TRANSPORT_TCP)); + network_info->Assign(1, val_mgr->GetPort(0, TRANSPORT_TCP)); } endpoint_info->Assign(0, new StringVal(to_string(p.peer.node))); @@ -123,7 +123,7 @@ function Broker::__peers%(%): PeerInfos auto ps = (BifEnum::Broker::PeerStatus)p.status; peer_info->Assign(0, endpoint_info); - peer_info->Assign(1, new EnumVal(ps, BifType::Enum::Broker::PeerStatus)); + peer_info->Assign(1, BifType::Enum::Broker::PeerStatus->GetVal(ps)); rval->Assign(i, peer_info); ++i; diff --git a/src/broker/data.bif b/src/broker/data.bif index e874076434..2f6dc2cd77 100644 --- a/src/broker/data.bif +++ b/src/broker/data.bif @@ -51,14 +51,14 @@ function Broker::__set_clear%(s: Broker::Data%): bool auto& v = bro_broker::require_data_type(s->AsRecordVal(), TYPE_TABLE, frame); v.clear(); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__set_size%(s: Broker::Data%): count %{ auto& v = bro_broker::require_data_type(s->AsRecordVal(), TYPE_TABLE, frame); - return new Val(static_cast(v.size()), TYPE_COUNT); + return val_mgr->GetCount(static_cast(v.size())); %} function Broker::__set_contains%(s: Broker::Data, key: any%): bool @@ -70,10 +70,10 @@ function Broker::__set_contains%(s: Broker::Data, key: any%): bool if ( ! k ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } - return new Val(v.find(*k) != v.end(), TYPE_BOOL); + return val_mgr->GetBool(v.find(*k) != v.end()); %} function Broker::__set_insert%(s: Broker::Data, key: any%): bool @@ -86,10 +86,10 @@ function Broker::__set_insert%(s: Broker::Data, key: any%): bool if ( ! k ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } - return new Val(v.insert(std::move(*k)).second, TYPE_BOOL); + return val_mgr->GetBool(v.insert(std::move(*k)).second); %} function Broker::__set_remove%(s: Broker::Data, key: any%): bool @@ -101,10 +101,10 @@ function Broker::__set_remove%(s: Broker::Data, key: any%): bool if ( ! k ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } - return new Val(v.erase(*k) > 0, TYPE_BOOL); + return val_mgr->GetBool(v.erase(*k) > 0); %} function Broker::__set_iterator%(s: Broker::Data%): opaque of Broker::SetIterator @@ -115,7 +115,7 @@ function Broker::__set_iterator%(s: Broker::Data%): opaque of Broker::SetIterato function Broker::__set_iterator_last%(it: opaque of Broker::SetIterator%): bool %{ auto set_it = static_cast(it); - return new Val(set_it->it == set_it->dat.end(), TYPE_BOOL); + return val_mgr->GetBool(set_it->it == set_it->dat.end()); %} function Broker::__set_iterator_next%(it: opaque of Broker::SetIterator%): bool @@ -123,10 +123,10 @@ function Broker::__set_iterator_next%(it: opaque of Broker::SetIterator%): bool auto set_it = static_cast(it); if ( set_it->it == set_it->dat.end() ) - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); ++set_it->it; - return new Val(set_it->it != set_it->dat.end(), TYPE_BOOL); + return val_mgr->GetBool(set_it->it != set_it->dat.end()); %} function Broker::__set_iterator_value%(it: opaque of Broker::SetIterator%): Broker::Data @@ -154,14 +154,14 @@ function Broker::__table_clear%(t: Broker::Data%): bool auto& v = bro_broker::require_data_type(t->AsRecordVal(), TYPE_TABLE, frame); v.clear(); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__table_size%(t: Broker::Data%): count %{ auto& v = bro_broker::require_data_type(t->AsRecordVal(), TYPE_TABLE, frame); - return new Val(static_cast(v.size()), TYPE_COUNT); + return val_mgr->GetCount(static_cast(v.size())); %} function Broker::__table_contains%(t: Broker::Data, key: any%): bool @@ -174,10 +174,10 @@ function Broker::__table_contains%(t: Broker::Data, key: any%): bool if ( ! k ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } - return new Val(v.find(*k) != v.end(), TYPE_BOOL); + return val_mgr->GetBool(v.find(*k) != v.end()); %} function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker::Data @@ -269,7 +269,7 @@ function Broker::__table_iterator%(t: Broker::Data%): opaque of Broker::TableIte function Broker::__table_iterator_last%(it: opaque of Broker::TableIterator%): bool %{ auto ti = static_cast(it); - return new Val(ti->it == ti->dat.end(), TYPE_BOOL); + return val_mgr->GetBool(ti->it == ti->dat.end()); %} function Broker::__table_iterator_next%(it: opaque of Broker::TableIterator%): bool @@ -277,10 +277,10 @@ function Broker::__table_iterator_next%(it: opaque of Broker::TableIterator%): b auto ti = static_cast(it); if ( ti->it == ti->dat.end() ) - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); ++ti->it; - return new Val(ti->it != ti->dat.end(), TYPE_BOOL); + return val_mgr->GetBool(ti->it != ti->dat.end()); %} function Broker::__table_iterator_value%(it: opaque of Broker::TableIterator%): Broker::TableItem @@ -313,14 +313,14 @@ function Broker::__vector_clear%(v: Broker::Data%): bool auto& vec = bro_broker::require_data_type(v->AsRecordVal(), TYPE_VECTOR, frame); vec.clear(); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__vector_size%(v: Broker::Data%): count %{ auto& vec = bro_broker::require_data_type(v->AsRecordVal(), TYPE_VECTOR, frame); - return new Val(static_cast(vec.size()), TYPE_COUNT); + return val_mgr->GetCount(static_cast(vec.size())); %} function Broker::__vector_insert%(v: Broker::Data, idx:count, d: any%): bool @@ -332,12 +332,12 @@ function Broker::__vector_insert%(v: Broker::Data, idx:count, d: any%): bool if ( ! item ) { builtin_error("invalid Broker data conversion for item argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } idx = min(idx, static_cast(vec.size())); vec.insert(vec.begin() + idx, std::move(*item)); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__vector_replace%(v: Broker::Data, idx: count, d: any%): Broker::Data @@ -349,7 +349,7 @@ function Broker::__vector_replace%(v: Broker::Data, idx: count, d: any%): Broker if ( ! item ) { builtin_error("invalid Broker data conversion for item argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } if ( idx >= vec.size() ) @@ -392,7 +392,7 @@ function Broker::__vector_iterator%(v: Broker::Data%): opaque of Broker::VectorI function Broker::__vector_iterator_last%(it: opaque of Broker::VectorIterator%): bool %{ auto vi = static_cast(it); - return new Val(vi->it == vi->dat.end(), TYPE_BOOL); + return val_mgr->GetBool(vi->it == vi->dat.end()); %} function Broker::__vector_iterator_next%(it: opaque of Broker::VectorIterator%): bool @@ -400,10 +400,10 @@ function Broker::__vector_iterator_next%(it: opaque of Broker::VectorIterator%): auto vi = static_cast(it); if ( vi->it == vi->dat.end() ) - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); ++vi->it; - return new Val(vi->it != vi->dat.end(), TYPE_BOOL); + return val_mgr->GetBool(vi->it != vi->dat.end()); %} function Broker::__vector_iterator_value%(it: opaque of Broker::VectorIterator%): Broker::Data @@ -430,7 +430,7 @@ function Broker::__record_size%(r: Broker::Data%): count %{ auto& v = bro_broker::require_data_type(r->AsRecordVal(), TYPE_RECORD, frame); - return new Val(static_cast(v.size()), TYPE_COUNT); + return val_mgr->GetCount(static_cast(v.size())); %} function Broker::__record_assign%(r: Broker::Data, idx: count, d: any%): bool @@ -438,18 +438,18 @@ function Broker::__record_assign%(r: Broker::Data, idx: count, d: any%): bool auto& v = bro_broker::require_data_type(r->AsRecordVal(), TYPE_RECORD, frame); if ( idx >= v.size() ) - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); auto item = bro_broker::val_to_data(d); if ( ! item ) { builtin_error("invalid Broker data conversion for item argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } v[idx] = std::move(*item); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__record_lookup%(r: Broker::Data, idx: count%): Broker::Data @@ -471,7 +471,7 @@ function Broker::__record_iterator%(r: Broker::Data%): opaque of Broker::RecordI function Broker::__record_iterator_last%(it: opaque of Broker::RecordIterator%): bool %{ auto ri = static_cast(it); - return new Val(ri->it == ri->dat.end(), TYPE_BOOL); + return val_mgr->GetBool(ri->it == ri->dat.end()); %} function Broker::__record_iterator_next%(it: opaque of Broker::RecordIterator%): bool @@ -479,10 +479,10 @@ function Broker::__record_iterator_next%(it: opaque of Broker::RecordIterator%): auto ri = static_cast(it); if ( ri->it == ri->dat.end() ) - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); ++ri->it; - return new Val(ri->it != ri->dat.end(), TYPE_BOOL); + return val_mgr->GetBool(ri->it != ri->dat.end()); %} function Broker::__record_iterator_value%(it: opaque of Broker::RecordIterator%): Broker::Data diff --git a/src/broker/messaging.bif b/src/broker/messaging.bif index 50966fa342..ec7696c752 100644 --- a/src/broker/messaging.bif +++ b/src/broker/messaging.bif @@ -106,13 +106,13 @@ function Broker::publish%(topic: string, ...%): bool args.append((*bif_args)[i]); auto rval = publish_event_args(args, topic->AsString(), frame); - return new Val(rval, TYPE_BOOL); + return val_mgr->GetBool(rval); %} function Broker::__flush_logs%(%): count %{ auto rval = broker_mgr->FlushLogBuffers(); - return new Val(static_cast(rval), TYPE_COUNT); + return val_mgr->GetCount(static_cast(rval)); %} function Broker::__publish_id%(topic: string, id: string%): bool @@ -120,42 +120,42 @@ function Broker::__publish_id%(topic: string, id: string%): bool bro_broker::Manager::ScriptScopeGuard ssg; auto rval = broker_mgr->PublishIdentifier(topic->CheckString(), id->CheckString()); - return new Val(rval, TYPE_BOOL); + return val_mgr->GetBool(rval); %} function Broker::__auto_publish%(topic: string, ev: any%): bool %{ bro_broker::Manager::ScriptScopeGuard ssg; auto rval = broker_mgr->AutoPublishEvent(topic->CheckString(), ev); - return new Val(rval, TYPE_BOOL); + return val_mgr->GetBool(rval); %} function Broker::__auto_unpublish%(topic: string, ev: any%): bool %{ bro_broker::Manager::ScriptScopeGuard ssg; auto rval = broker_mgr->AutoUnpublishEvent(topic->CheckString(), ev); - return new Val(rval, TYPE_BOOL); + return val_mgr->GetBool(rval); %} function Broker::__subscribe%(topic_prefix: string%): bool %{ bro_broker::Manager::ScriptScopeGuard ssg; auto rval = broker_mgr->Subscribe(topic_prefix->CheckString()); - return new Val(rval, TYPE_BOOL); + return val_mgr->GetBool(rval); %} function Broker::__forward%(topic_prefix: string%): bool %{ bro_broker::Manager::ScriptScopeGuard ssg; auto rval = broker_mgr->Forward(topic_prefix->CheckString()); - return new Val(rval, TYPE_BOOL); + return val_mgr->GetBool(rval); %} function Broker::__unsubscribe%(topic_prefix: string%): bool %{ bro_broker::Manager::ScriptScopeGuard ssg; auto rval = broker_mgr->Unsubscribe(topic_prefix->CheckString()); - return new Val(rval, TYPE_BOOL); + return val_mgr->GetBool(rval); %} module Cluster; @@ -191,7 +191,7 @@ function Cluster::publish_rr%(pool: Pool, key: string, ...%): bool if ( ! topic->AsString()->Len() ) { Unref(topic); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } val_list* bif_args = @ARGS@; @@ -202,7 +202,7 @@ function Cluster::publish_rr%(pool: Pool, key: string, ...%): bool auto rval = publish_event_args(args, topic->AsString(), frame); Unref(topic); - return new Val(rval, TYPE_BOOL); + return val_mgr->GetBool(rval); %} @@ -234,7 +234,7 @@ function Cluster::publish_hrw%(pool: Pool, key: any, ...%): bool if ( ! topic->AsString()->Len() ) { Unref(topic); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } val_list* bif_args = @ARGS@; @@ -245,5 +245,5 @@ function Cluster::publish_hrw%(pool: Pool, key: any, ...%): bool auto rval = publish_event_args(args, topic->AsString(), frame); Unref(topic); - return new Val(rval, TYPE_BOOL); + return val_mgr->GetBool(rval); %} diff --git a/src/broker/store.bif b/src/broker/store.bif index 228e70aac0..9458a74345 100644 --- a/src/broker/store.bif +++ b/src/broker/store.bif @@ -94,11 +94,11 @@ function Broker::__is_closed%(h: opaque of Broker::Store%): bool if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); - return new Val(broker_mgr->LookupStore(handle->store.name()), TYPE_BOOL); + return val_mgr->GetBool(broker_mgr->LookupStore(handle->store.name())); %} function Broker::__close%(h: opaque of Broker::Store%): bool @@ -108,11 +108,11 @@ function Broker::__close%(h: opaque of Broker::Store%): bool if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); - return new Val(broker_mgr->CloseStore(handle->store.name()), TYPE_BOOL); + return val_mgr->GetBool(broker_mgr->CloseStore(handle->store.name())); %} function Broker::__store_name%(h: opaque of Broker::Store%): string @@ -120,7 +120,7 @@ function Broker::__store_name%(h: opaque of Broker::Store%): string if ( ! h ) { builtin_error("invalid Broker store handle"); - return new StringVal(""); + return val_mgr->GetEmptyString(); } auto handle = static_cast(h); @@ -133,7 +133,7 @@ function Broker::__exists%(h: opaque of Broker::Store, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -178,7 +178,7 @@ function Broker::__get%(h: opaque of Broker::Store, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -223,7 +223,7 @@ function Broker::__put_unique%(h: opaque of Broker::Store, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -277,7 +277,7 @@ function Broker::__get_index_from_value%(h: opaque of Broker::Store, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -330,7 +330,7 @@ function Broker::__keys%(h: opaque of Broker::Store%): Broker::QueryResult if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -368,7 +368,7 @@ function Broker::__put%(h: opaque of Broker::Store, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -378,17 +378,17 @@ function Broker::__put%(h: opaque of Broker::Store, if ( ! key ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } if ( ! val ) { builtin_error("invalid Broker data conversion for value argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } handle->store.put(std::move(*key), std::move(*val), prepare_expiry(e)); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool @@ -396,7 +396,7 @@ function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -405,11 +405,11 @@ function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool if ( ! key ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } handle->store.erase(std::move(*key)); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any, @@ -418,7 +418,7 @@ function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -428,18 +428,18 @@ function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any, if ( ! key ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } if ( ! amount ) { builtin_error("invalid Broker data conversion for amount argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } handle->store.increment(std::move(*key), std::move(*amount), prepare_expiry(e)); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any, @@ -448,7 +448,7 @@ function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -458,17 +458,17 @@ function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any, if ( ! key ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } if ( ! amount ) { builtin_error("invalid Broker data conversion for amount argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } handle->store.decrement(std::move(*key), std::move(*amount), prepare_expiry(e)); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__append%(h: opaque of Broker::Store, k: any, s: any, @@ -477,7 +477,7 @@ function Broker::__append%(h: opaque of Broker::Store, k: any, s: any, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -487,17 +487,17 @@ function Broker::__append%(h: opaque of Broker::Store, k: any, s: any, if ( ! key ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } if ( ! str ) { builtin_error("invalid Broker data conversion for str argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } handle->store.append(std::move(*key), std::move(*str), prepare_expiry(e)); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any, @@ -506,7 +506,7 @@ function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -516,18 +516,18 @@ function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any, if ( ! key ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } if ( ! idx ) { builtin_error("invalid Broker data conversion for index argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } handle->store.insert_into(std::move(*key), std::move(*idx), prepare_expiry(e)); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any, @@ -536,7 +536,7 @@ function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -547,24 +547,24 @@ function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any, if ( ! key ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } if ( ! idx ) { builtin_error("invalid Broker data conversion for index argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } if ( ! val ) { builtin_error("invalid Broker data conversion for value argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } handle->store.insert_into(std::move(*key), std::move(*idx), std::move(*val), prepare_expiry(e)); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any, @@ -573,7 +573,7 @@ function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -583,18 +583,18 @@ function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any, if ( ! key ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } if ( ! idx ) { builtin_error("invalid Broker data conversion for index argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } handle->store.remove_from(std::move(*key), std::move(*idx), prepare_expiry(e)); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__push%(h: opaque of Broker::Store, k: any, v: any, @@ -603,7 +603,7 @@ function Broker::__push%(h: opaque of Broker::Store, k: any, v: any, if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -613,17 +613,17 @@ function Broker::__push%(h: opaque of Broker::Store, k: any, v: any, if ( ! key ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } if ( ! val ) { builtin_error("invalid Broker data conversion for value argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } handle->store.push(std::move(*key), std::move(*val), prepare_expiry(e)); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool @@ -631,7 +631,7 @@ function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); @@ -640,11 +640,11 @@ function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool if ( ! key ) { builtin_error("invalid Broker data conversion for key argument"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } handle->store.pop(std::move(*key), prepare_expiry(e)); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} function Broker::__clear%(h: opaque of Broker::Store%): bool @@ -652,11 +652,11 @@ function Broker::__clear%(h: opaque of Broker::Store%): bool if ( ! h ) { builtin_error("invalid Broker store handle"); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } auto handle = static_cast(h); handle->store.clear(); - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); %} diff --git a/src/broxygen/broxygen.bif b/src/broxygen/broxygen.bif index a089a9b31f..d1b3028edc 100644 --- a/src/broxygen/broxygen.bif +++ b/src/broxygen/broxygen.bif @@ -25,7 +25,7 @@ function get_identifier_comments%(name: string%): string IdentifierInfo* d = broxygen_mgr->GetIdentifierInfo(name->CheckString()); if ( ! d ) - return new StringVal(""); + return val_mgr->GetEmptyString(); return comments_to_val(d->GetComments()); %} @@ -45,7 +45,7 @@ function get_script_comments%(name: string%): string ScriptInfo* d = broxygen_mgr->GetScriptInfo(name->CheckString()); if ( ! d ) - return new StringVal(""); + return val_mgr->GetEmptyString(); return comments_to_val(d->GetComments()); %} @@ -63,7 +63,7 @@ function get_package_readme%(name: string%): string PackageInfo* d = broxygen_mgr->GetPackageInfo(name->CheckString()); if ( ! d ) - return new StringVal(""); + return val_mgr->GetEmptyString(); return comments_to_val(d->GetReadme()); %} @@ -83,14 +83,14 @@ function get_record_field_comments%(name: string%): string size_t i = accessor.find('$'); if ( i > accessor.size() - 2 ) - return new StringVal(""); + return val_mgr->GetEmptyString(); string id = accessor.substr(0, i); IdentifierInfo* d = broxygen_mgr->GetIdentifierInfo(id); if ( ! d ) - return new StringVal(""); + return val_mgr->GetEmptyString(); string field = accessor.substr(i + 1); return comments_to_val(d->GetFieldComments(field)); diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 711186335e..92c4356bda 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -34,9 +34,9 @@ static RecordVal* get_conn_id_val(const Connection* conn) { RecordVal* v = new RecordVal(conn_id); v->Assign(0, new AddrVal(conn->OrigAddr())); - v->Assign(1, port_mgr->Get(ntohs(conn->OrigPort()), conn->ConnTransport())); + v->Assign(1, val_mgr->GetPort(ntohs(conn->OrigPort()), conn->ConnTransport())); v->Assign(2, new AddrVal(conn->RespAddr())); - v->Assign(3, port_mgr->Get(ntohs(conn->RespPort()), conn->ConnTransport())); + v->Assign(3, val_mgr->GetPort(ntohs(conn->RespPort()), conn->ConnTransport())); return v; } @@ -97,7 +97,7 @@ File::File(const string& file_id, const string& source_name, Connection* conn, if ( conn ) { - val->Assign(is_orig_idx, new Val(is_orig, TYPE_BOOL)); + val->Assign(is_orig_idx, val_mgr->GetBool(is_orig)); UpdateConnectionFields(conn, is_orig); } @@ -157,7 +157,7 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig) val_list* vl = new val_list(); vl->append(val->Ref()); vl->append(conn->BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); FileEvent(file_over_new_connection, vl); } } @@ -230,13 +230,13 @@ bool File::SetExtractionLimit(RecordVal* args, uint64 bytes) void File::IncrementByteCount(uint64 size, int field_idx) { uint64 old = LookupFieldDefaultCount(field_idx); - val->Assign(field_idx, new Val(old + size, TYPE_COUNT)); + val->Assign(field_idx, val_mgr->GetCount(old + size)); } void File::SetTotalBytes(uint64 size) { DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Total bytes %" PRIu64, id.c_str(), size); - val->Assign(total_bytes_idx, new Val(size, TYPE_COUNT)); + val->Assign(total_bytes_idx, val_mgr->GetCount(size)); } bool File::IsComplete() const @@ -308,7 +308,7 @@ bool File::SetMime(const string& mime_type) RecordVal* meta = new RecordVal(fa_metadata_type); vl->append(meta); meta->Assign(meta_mime_type_idx, new StringVal(mime_type)); - meta->Assign(meta_inferred_idx, new Val(0, TYPE_BOOL)); + meta->Assign(meta_inferred_idx, val_mgr->GetBool(0)); FileEvent(file_sniff, vl); return true; } @@ -465,8 +465,8 @@ void File::DeliverChunk(const u_char* data, uint64 len, uint64 offset) { val_list* vl = new val_list(); vl->append(val->Ref()); - vl->append(new Val(current_offset, TYPE_COUNT)); - vl->append(new Val(gap_bytes, TYPE_COUNT)); + vl->append(val_mgr->GetCount(current_offset)); + vl->append(val_mgr->GetCount(gap_bytes)); FileEvent(file_reassembly_overflow, vl); } } @@ -610,8 +610,8 @@ void File::Gap(uint64 offset, uint64 len) { val_list* vl = new val_list(); vl->append(val->Ref()); - vl->append(new Val(offset, TYPE_COUNT)); - vl->append(new Val(len, TYPE_COUNT)); + vl->append(val_mgr->GetCount(offset)); + vl->append(val_mgr->GetCount(len)); FileEvent(file_gap, vl); } diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index b095315de8..d61525e300 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -445,7 +445,7 @@ string Manager::GetFileID(analyzer::Tag tag, Connection* c, bool is_orig) val_list* vl = new val_list(); vl->append(tagval); vl->append(c->BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); + vl->append(val_mgr->GetBool(is_orig)); mgr.QueueEvent(get_file_handle, vl); mgr.Drain(); // need file handle immediately so we don't have to buffer data @@ -457,7 +457,7 @@ bool Manager::IsDisabled(analyzer::Tag tag) if ( ! disabled ) disabled = internal_const_val("Files::disable")->AsTableVal(); - Val* index = new Val(bool(tag), TYPE_COUNT); + Val* index = val_mgr->GetCount(bool(tag)); Val* yield = disabled->Lookup(index); Unref(index); @@ -536,7 +536,7 @@ VectorVal* file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m) for ( set::const_iterator it2 = it->second.begin(); it2 != it->second.end(); ++it2 ) { - element->Assign(0, new Val(it->first, TYPE_INT)); + element->Assign(0, val_mgr->GetInt(it->first)); element->Assign(1, new StringVal(*it2)); } diff --git a/src/file_analysis/analyzer/data_event/DataEvent.cc b/src/file_analysis/analyzer/data_event/DataEvent.cc index a9ffa26bf2..15462e8e92 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.cc +++ b/src/file_analysis/analyzer/data_event/DataEvent.cc @@ -44,7 +44,7 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset) val_list* args = new val_list; args->append(GetFile()->GetVal()->Ref()); args->append(new StringVal(new BroString(data, len, 0))); - args->append(new Val(offset, TYPE_COUNT)); + args->append(val_mgr->GetCount(offset)); mgr.QueueEvent(chunk_event, args); diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index f936a5156b..dc05fba367 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -93,8 +93,8 @@ bool Extract::DeliverStream(const u_char* data, uint64 len) val_list* vl = new val_list(); vl->append(f->GetVal()->Ref()); vl->append(Args()->Ref()); - vl->append(new Val(limit, TYPE_COUNT)); - vl->append(new Val(len, TYPE_COUNT)); + vl->append(val_mgr->GetCount(limit)); + vl->append(val_mgr->GetCount(len)); f->FileEvent(file_extraction_limit, vl); // Limit may have been modified by a BIF, re-check it. diff --git a/src/file_analysis/analyzer/extract/functions.bif b/src/file_analysis/analyzer/extract/functions.bif index 15370402e3..18e9dde171 100644 --- a/src/file_analysis/analyzer/extract/functions.bif +++ b/src/file_analysis/analyzer/extract/functions.bif @@ -13,7 +13,7 @@ function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool RecordVal* rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs); bool result = file_mgr->SetExtractionLimit(file_id->CheckString(), rv, n); Unref(rv); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} module GLOBAL; diff --git a/src/file_analysis/analyzer/pe/pe-analyzer.pac b/src/file_analysis/analyzer/pe/pe-analyzer.pac index 5454704f94..b23e3c535d 100644 --- a/src/file_analysis/analyzer/pe/pe-analyzer.pac +++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac @@ -13,7 +13,7 @@ VectorVal* process_rvas(const RVAS* rva_table) { VectorVal* rvas = new VectorVal(internal_type("index_vec")->AsVectorType()); for ( uint16 i=0; i < rva_table->rvas()->size(); ++i ) - rvas->Assign(i, new Val((*rva_table->rvas())[i]->size(), TYPE_COUNT)); + rvas->Assign(i, val_mgr->GetCount((*rva_table->rvas())[i]->size())); return rvas; } @@ -30,7 +30,7 @@ refine flow File += { { if ( ((c >> i) & 0x1) == 1 ) { - Val *ch = new Val((1<GetCount((1<Assign(ch, 0); Unref(ch); } @@ -44,22 +44,22 @@ refine flow File += { { RecordVal* dh = new RecordVal(BifType::Record::PE::DOSHeader); dh->Assign(0, new StringVal(${h.signature}.length(), (const char*) ${h.signature}.data())); - dh->Assign(1, new Val(${h.UsedBytesInTheLastPage}, TYPE_COUNT)); - dh->Assign(2, new Val(${h.FileSizeInPages}, TYPE_COUNT)); - dh->Assign(3, new Val(${h.NumberOfRelocationItems}, TYPE_COUNT)); - dh->Assign(4, new Val(${h.HeaderSizeInParagraphs}, TYPE_COUNT)); - dh->Assign(5, new Val(${h.MinimumExtraParagraphs}, TYPE_COUNT)); - dh->Assign(6, new Val(${h.MaximumExtraParagraphs}, TYPE_COUNT)); - dh->Assign(7, new Val(${h.InitialRelativeSS}, TYPE_COUNT)); - dh->Assign(8, new Val(${h.InitialSP}, TYPE_COUNT)); - dh->Assign(9, new Val(${h.Checksum}, TYPE_COUNT)); - dh->Assign(10, new Val(${h.InitialIP}, TYPE_COUNT)); - dh->Assign(11, new Val(${h.InitialRelativeCS}, TYPE_COUNT)); - dh->Assign(12, new Val(${h.AddressOfRelocationTable}, TYPE_COUNT)); - dh->Assign(13, new Val(${h.OverlayNumber}, TYPE_COUNT)); - dh->Assign(14, new Val(${h.OEMid}, TYPE_COUNT)); - dh->Assign(15, new Val(${h.OEMinfo}, TYPE_COUNT)); - dh->Assign(16, new Val(${h.AddressOfNewExeHeader}, TYPE_COUNT)); + dh->Assign(1, val_mgr->GetCount(${h.UsedBytesInTheLastPage})); + dh->Assign(2, val_mgr->GetCount(${h.FileSizeInPages})); + dh->Assign(3, val_mgr->GetCount(${h.NumberOfRelocationItems})); + dh->Assign(4, val_mgr->GetCount(${h.HeaderSizeInParagraphs})); + dh->Assign(5, val_mgr->GetCount(${h.MinimumExtraParagraphs})); + dh->Assign(6, val_mgr->GetCount(${h.MaximumExtraParagraphs})); + dh->Assign(7, val_mgr->GetCount(${h.InitialRelativeSS})); + dh->Assign(8, val_mgr->GetCount(${h.InitialSP})); + dh->Assign(9, val_mgr->GetCount(${h.Checksum})); + dh->Assign(10, val_mgr->GetCount(${h.InitialIP})); + dh->Assign(11, val_mgr->GetCount(${h.InitialRelativeCS})); + dh->Assign(12, val_mgr->GetCount(${h.AddressOfRelocationTable})); + dh->Assign(13, val_mgr->GetCount(${h.OverlayNumber})); + dh->Assign(14, val_mgr->GetCount(${h.OEMid})); + dh->Assign(15, val_mgr->GetCount(${h.OEMinfo})); + dh->Assign(16, val_mgr->GetCount(${h.AddressOfNewExeHeader})); BifEvent::generate_pe_dos_header((analyzer::Analyzer *) connection()->bro_analyzer(), connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), @@ -94,11 +94,11 @@ refine flow File += { if ( pe_file_header ) { RecordVal* fh = new RecordVal(BifType::Record::PE::FileHeader); - fh->Assign(0, new Val(${h.Machine}, TYPE_COUNT)); + fh->Assign(0, val_mgr->GetCount(${h.Machine})); fh->Assign(1, new Val(static_cast(${h.TimeDateStamp}), TYPE_TIME)); - fh->Assign(2, new Val(${h.PointerToSymbolTable}, TYPE_COUNT)); - fh->Assign(3, new Val(${h.NumberOfSymbols}, TYPE_COUNT)); - fh->Assign(4, new Val(${h.SizeOfOptionalHeader}, TYPE_COUNT)); + fh->Assign(2, val_mgr->GetCount(${h.PointerToSymbolTable})); + fh->Assign(3, val_mgr->GetCount(${h.NumberOfSymbols})); + fh->Assign(4, val_mgr->GetCount(${h.SizeOfOptionalHeader})); fh->Assign(5, characteristics_to_bro(${h.Characteristics}, 16)); BifEvent::generate_pe_file_header((analyzer::Analyzer *) connection()->bro_analyzer(), connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), @@ -122,31 +122,31 @@ refine flow File += { { RecordVal* oh = new RecordVal(BifType::Record::PE::OptionalHeader); - oh->Assign(0, new Val(${h.magic}, TYPE_COUNT)); - oh->Assign(1, new Val(${h.major_linker_version}, TYPE_COUNT)); - oh->Assign(2, new Val(${h.minor_linker_version}, TYPE_COUNT)); - oh->Assign(3, new Val(${h.size_of_code}, TYPE_COUNT)); - oh->Assign(4, new Val(${h.size_of_init_data}, TYPE_COUNT)); - oh->Assign(5, new Val(${h.size_of_uninit_data}, TYPE_COUNT)); - oh->Assign(6, new Val(${h.addr_of_entry_point}, TYPE_COUNT)); - oh->Assign(7, new Val(${h.base_of_code}, TYPE_COUNT)); + oh->Assign(0, val_mgr->GetCount(${h.magic})); + oh->Assign(1, val_mgr->GetCount(${h.major_linker_version})); + oh->Assign(2, val_mgr->GetCount(${h.minor_linker_version})); + oh->Assign(3, val_mgr->GetCount(${h.size_of_code})); + oh->Assign(4, val_mgr->GetCount(${h.size_of_init_data})); + oh->Assign(5, val_mgr->GetCount(${h.size_of_uninit_data})); + oh->Assign(6, val_mgr->GetCount(${h.addr_of_entry_point})); + oh->Assign(7, val_mgr->GetCount(${h.base_of_code})); if ( ${h.pe_format} != PE32_PLUS ) - oh->Assign(8, new Val(${h.base_of_data}, TYPE_COUNT)); + oh->Assign(8, val_mgr->GetCount(${h.base_of_data})); - oh->Assign(9, new Val(${h.image_base}, TYPE_COUNT)); - oh->Assign(10, new Val(${h.section_alignment}, TYPE_COUNT)); - oh->Assign(11, new Val(${h.file_alignment}, TYPE_COUNT)); - oh->Assign(12, new Val(${h.os_version_major}, TYPE_COUNT)); - oh->Assign(13, new Val(${h.os_version_minor}, TYPE_COUNT)); - oh->Assign(14, new Val(${h.major_image_version}, TYPE_COUNT)); - oh->Assign(15, new Val(${h.minor_image_version}, TYPE_COUNT)); - oh->Assign(16, new Val(${h.minor_subsys_version}, TYPE_COUNT)); - oh->Assign(17, new Val(${h.minor_subsys_version}, TYPE_COUNT)); - oh->Assign(18, new Val(${h.size_of_image}, TYPE_COUNT)); - oh->Assign(19, new Val(${h.size_of_headers}, TYPE_COUNT)); - oh->Assign(20, new Val(${h.checksum}, TYPE_COUNT)); - oh->Assign(21, new Val(${h.subsystem}, TYPE_COUNT)); + oh->Assign(9, val_mgr->GetCount(${h.image_base})); + oh->Assign(10, val_mgr->GetCount(${h.section_alignment})); + oh->Assign(11, val_mgr->GetCount(${h.file_alignment})); + oh->Assign(12, val_mgr->GetCount(${h.os_version_major})); + oh->Assign(13, val_mgr->GetCount(${h.os_version_minor})); + oh->Assign(14, val_mgr->GetCount(${h.major_image_version})); + oh->Assign(15, val_mgr->GetCount(${h.minor_image_version})); + oh->Assign(16, val_mgr->GetCount(${h.minor_subsys_version})); + oh->Assign(17, val_mgr->GetCount(${h.minor_subsys_version})); + oh->Assign(18, val_mgr->GetCount(${h.size_of_image})); + oh->Assign(19, val_mgr->GetCount(${h.size_of_headers})); + oh->Assign(20, val_mgr->GetCount(${h.checksum})); + oh->Assign(21, val_mgr->GetCount(${h.subsystem})); oh->Assign(22, characteristics_to_bro(${h.dll_characteristics}, 16)); oh->Assign(23, process_rvas(${h.rvas})); @@ -173,14 +173,14 @@ refine flow File += { name_len = first_null - ${h.name}.data(); section_header->Assign(0, new StringVal(name_len, (const char*) ${h.name}.data())); - section_header->Assign(1, new Val(${h.virtual_size}, TYPE_COUNT)); - section_header->Assign(2, new Val(${h.virtual_addr}, TYPE_COUNT)); - section_header->Assign(3, new Val(${h.size_of_raw_data}, TYPE_COUNT)); - section_header->Assign(4, new Val(${h.ptr_to_raw_data}, TYPE_COUNT)); - section_header->Assign(5, new Val(${h.non_used_ptr_to_relocs}, TYPE_COUNT)); - section_header->Assign(6, new Val(${h.non_used_ptr_to_line_nums}, TYPE_COUNT)); - section_header->Assign(7, new Val(${h.non_used_num_of_relocs}, TYPE_COUNT)); - section_header->Assign(8, new Val(${h.non_used_num_of_line_nums}, TYPE_COUNT)); + section_header->Assign(1, val_mgr->GetCount(${h.virtual_size})); + section_header->Assign(2, val_mgr->GetCount(${h.virtual_addr})); + section_header->Assign(3, val_mgr->GetCount(${h.size_of_raw_data})); + section_header->Assign(4, val_mgr->GetCount(${h.ptr_to_raw_data})); + section_header->Assign(5, val_mgr->GetCount(${h.non_used_ptr_to_relocs})); + section_header->Assign(6, val_mgr->GetCount(${h.non_used_ptr_to_line_nums})); + section_header->Assign(7, val_mgr->GetCount(${h.non_used_num_of_relocs})); + section_header->Assign(8, val_mgr->GetCount(${h.non_used_num_of_line_nums})); section_header->Assign(9, characteristics_to_bro(${h.characteristics}, 32)); BifEvent::generate_pe_section_header((analyzer::Analyzer *) connection()->bro_analyzer(), diff --git a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac index bedf54be5b..00229184a2 100644 --- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac +++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac @@ -54,7 +54,7 @@ refine flow Flow += { case 17: proto = TRANSPORT_UDP; break; } - return port_mgr->Get(n, proto); + return val_mgr->GetPort(n, proto); %} #function proc_record(rec: Record) : bool @@ -67,19 +67,19 @@ refine flow Flow += { if ( ::unified2_event ) { RecordVal* ids_event = new RecordVal(BifType::Record::Unified2::IDSEvent); - ids_event->Assign(0, new Val(${ev.sensor_id}, TYPE_COUNT)); - ids_event->Assign(1, new Val(${ev.event_id}, TYPE_COUNT)); + ids_event->Assign(0, val_mgr->GetCount(${ev.sensor_id})); + ids_event->Assign(1, val_mgr->GetCount(${ev.event_id})); ids_event->Assign(2, new Val(ts_to_double(${ev.ts}), TYPE_TIME)); - ids_event->Assign(3, new Val(${ev.signature_id}, TYPE_COUNT)); - ids_event->Assign(4, new Val(${ev.generator_id}, TYPE_COUNT)); - ids_event->Assign(5, new Val(${ev.signature_revision}, TYPE_COUNT)); - ids_event->Assign(6, new Val(${ev.classification_id}, TYPE_COUNT)); - ids_event->Assign(7, new Val(${ev.priority_id}, TYPE_COUNT)); + ids_event->Assign(3, val_mgr->GetCount(${ev.signature_id})); + ids_event->Assign(4, val_mgr->GetCount(${ev.generator_id})); + ids_event->Assign(5, val_mgr->GetCount(${ev.signature_revision})); + ids_event->Assign(6, val_mgr->GetCount(${ev.classification_id})); + ids_event->Assign(7, val_mgr->GetCount(${ev.priority_id})); ids_event->Assign(8, unified2_addr_to_bro_addr(${ev.src_ip})); ids_event->Assign(9, unified2_addr_to_bro_addr(${ev.dst_ip})); ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol})); ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol})); - ids_event->Assign(17, new Val(${ev.packet_action}, TYPE_COUNT)); + ids_event->Assign(17, val_mgr->GetCount(${ev.packet_action})); val_list* vl = new val_list(); vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); @@ -94,23 +94,23 @@ refine flow Flow += { if ( ::unified2_event ) { RecordVal* ids_event = new RecordVal(BifType::Record::Unified2::IDSEvent); - ids_event->Assign(0, new Val(${ev.sensor_id}, TYPE_COUNT)); - ids_event->Assign(1, new Val(${ev.event_id}, TYPE_COUNT)); + ids_event->Assign(0, val_mgr->GetCount(${ev.sensor_id})); + ids_event->Assign(1, val_mgr->GetCount(${ev.event_id})); ids_event->Assign(2, new Val(ts_to_double(${ev.ts}), TYPE_TIME)); - ids_event->Assign(3, new Val(${ev.signature_id}, TYPE_COUNT)); - ids_event->Assign(4, new Val(${ev.generator_id}, TYPE_COUNT)); - ids_event->Assign(5, new Val(${ev.signature_revision}, TYPE_COUNT)); - ids_event->Assign(6, new Val(${ev.classification_id}, TYPE_COUNT)); - ids_event->Assign(7, new Val(${ev.priority_id}, TYPE_COUNT)); + ids_event->Assign(3, val_mgr->GetCount(${ev.signature_id})); + ids_event->Assign(4, val_mgr->GetCount(${ev.generator_id})); + ids_event->Assign(5, val_mgr->GetCount(${ev.signature_revision})); + ids_event->Assign(6, val_mgr->GetCount(${ev.classification_id})); + ids_event->Assign(7, val_mgr->GetCount(${ev.priority_id})); ids_event->Assign(8, unified2_addr_to_bro_addr(${ev.src_ip})); ids_event->Assign(9, unified2_addr_to_bro_addr(${ev.dst_ip})); ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol})); ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol})); - ids_event->Assign(12, new Val(${ev.impact_flag}, TYPE_COUNT)); - ids_event->Assign(13, new Val(${ev.impact}, TYPE_COUNT)); - ids_event->Assign(14, new Val(${ev.blocked}, TYPE_COUNT)); - ids_event->Assign(15, new Val(${ev.mpls_label}, TYPE_COUNT)); - ids_event->Assign(16, new Val(${ev.vlan_id}, TYPE_COUNT)); + ids_event->Assign(12, val_mgr->GetCount(${ev.impact_flag})); + ids_event->Assign(13, val_mgr->GetCount(${ev.impact})); + ids_event->Assign(14, val_mgr->GetCount(${ev.blocked})); + ids_event->Assign(15, val_mgr->GetCount(${ev.mpls_label})); + ids_event->Assign(16, val_mgr->GetCount(${ev.vlan_id})); val_list* vl = new val_list(); vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); @@ -126,11 +126,11 @@ refine flow Flow += { if ( ::unified2_packet ) { RecordVal* packet = new RecordVal(BifType::Record::Unified2::Packet); - packet->Assign(0, new Val(${pkt.sensor_id}, TYPE_COUNT)); - packet->Assign(1, new Val(${pkt.event_id}, TYPE_COUNT)); - packet->Assign(2, new Val(${pkt.event_second}, TYPE_COUNT)); + packet->Assign(0, val_mgr->GetCount(${pkt.sensor_id})); + packet->Assign(1, val_mgr->GetCount(${pkt.event_id})); + packet->Assign(2, val_mgr->GetCount(${pkt.event_second})); packet->Assign(3, new Val(ts_to_double(${pkt.packet_ts}), TYPE_TIME)); - packet->Assign(4, new Val(${pkt.link_type}, TYPE_COUNT)); + packet->Assign(4, val_mgr->GetCount(${pkt.link_type})); packet->Assign(5, bytestring_to_val(${pkt.packet_data})); val_list* vl = new val_list(); diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index 537d194906..b5ec4f30c6 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -89,10 +89,10 @@ bool ocsp_add_cert_id(const OCSP_CERTID* cert_id, val_list* vl, BIO* bio) if ( ! res ) { reporter->Weird("OpenSSL failed to get OCSP_CERTID info"); - vl->append(new StringVal("")); - vl->append(new StringVal("")); - vl->append(new StringVal("")); - vl->append(new StringVal("")); + vl->append(val_mgr->GetEmptyString()); + vl->append(val_mgr->GetEmptyString()); + vl->append(val_mgr->GetEmptyString()); + vl->append(val_mgr->GetEmptyString()); return false; } @@ -208,7 +208,7 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp, der_basic_resp_len = i2d_OCSP_BASICRESP(basic_resp, &der_basic_resp_dat); if ( der_basic_resp_len <= 0 ) - return new StringVal(""); + return val_mgr->GetEmptyString(); const unsigned char* const_der_basic_resp_dat = der_basic_resp_dat; @@ -218,14 +218,14 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp, if ( ! bseq ) { OPENSSL_free(der_basic_resp_dat); - return new StringVal(""); + return val_mgr->GetEmptyString(); } if ( sk_ASN1_TYPE_num(bseq) < 3 ) { sk_ASN1_TYPE_free(bseq); OPENSSL_free(der_basic_resp_dat); - return new StringVal(""); + return val_mgr->GetEmptyString(); } auto constexpr sig_alg_idx = 1u; @@ -235,7 +235,7 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp, { sk_ASN1_TYPE_free(bseq); OPENSSL_free(der_basic_resp_dat); - return new StringVal(""); + return val_mgr->GetEmptyString(); } auto aseq_str = aseq_type->value.asn1_string; @@ -248,7 +248,7 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp, { sk_ASN1_TYPE_free(bseq); OPENSSL_free(der_basic_resp_dat); - return new StringVal(""); + return val_mgr->GetEmptyString(); } if ( sk_ASN1_TYPE_num(aseq) < 1 ) @@ -256,7 +256,7 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp, sk_ASN1_TYPE_free(aseq); sk_ASN1_TYPE_free(bseq); OPENSSL_free(der_basic_resp_dat); - return new StringVal(""); + return val_mgr->GetEmptyString(); } auto constexpr alg_obj_idx = 0u; @@ -267,7 +267,7 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp, sk_ASN1_TYPE_free(aseq); sk_ASN1_TYPE_free(bseq); OPENSSL_free(der_basic_resp_dat); - return new StringVal(""); + return val_mgr->GetEmptyString(); } auto alg_obj = alg_obj_type->value.object; @@ -290,7 +290,7 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp) der_basic_resp_len = i2d_OCSP_BASICRESP(basic_resp, &der_basic_resp_dat); if ( der_basic_resp_len <= 0 ) - return new Val(-1, TYPE_COUNT); + return val_mgr->GetCount(-1); const unsigned char* const_der_basic_resp_dat = der_basic_resp_dat; @@ -300,14 +300,14 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp) if ( ! bseq ) { OPENSSL_free(der_basic_resp_dat); - return new Val(-1, TYPE_COUNT); + return val_mgr->GetCount(-1); } if ( sk_ASN1_TYPE_num(bseq) < 3 ) { sk_ASN1_TYPE_free(bseq); OPENSSL_free(der_basic_resp_dat); - return new Val(-1, TYPE_COUNT); + return val_mgr->GetCount(-1); } auto constexpr resp_data_idx = 0u; @@ -317,7 +317,7 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp) { sk_ASN1_TYPE_free(bseq); OPENSSL_free(der_basic_resp_dat); - return new Val(-1, TYPE_COUNT); + return val_mgr->GetCount(-1); } auto dseq_str = dseq_type->value.asn1_string; @@ -330,7 +330,7 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp) { sk_ASN1_TYPE_free(bseq); OPENSSL_free(der_basic_resp_dat); - return new StringVal(""); + return val_mgr->GetEmptyString(); } if ( sk_ASN1_TYPE_num(dseq) < 1 ) @@ -338,7 +338,7 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp) sk_ASN1_TYPE_free(dseq); sk_ASN1_TYPE_free(bseq); OPENSSL_free(der_basic_resp_dat); - return new StringVal(""); + return val_mgr->GetEmptyString(); } /*- ResponseData ::= SEQUENCE { @@ -358,14 +358,14 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp) sk_ASN1_TYPE_free(bseq); OPENSSL_free(der_basic_resp_dat); // Not present, use default value. - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); } uint64_t asn1_int = ASN1_INTEGER_get(version_type->value.integer); sk_ASN1_TYPE_free(dseq); sk_ASN1_TYPE_free(bseq); OPENSSL_free(der_basic_resp_dat); - return new Val(asn1_int, TYPE_COUNT); + return val_mgr->GetCount(asn1_int); } static uint64 parse_request_version(OCSP_REQUEST* req) @@ -431,7 +431,7 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req, const char* fid) // TODO: try to parse out general name ? #endif - vl->append(new Val(version, TYPE_COUNT)); + vl->append(val_mgr->GetCount(version)); BIO *bio = BIO_new(BIO_s_mem()); @@ -507,7 +507,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid) vl->append(status_val); #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - vl->append(new Val((uint64)ASN1_INTEGER_get(resp_data->version), TYPE_COUNT)); + vl->append(val_mgr->GetCount((uint64)ASN1_INTEGER_get(resp_data->version))); #else vl->append(parse_basic_resp_data_version(basic_resp)); #endif @@ -522,7 +522,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid) else { reporter->Weird("OpenSSL failed to get OCSP responder id"); - vl->append(new StringVal("")); + vl->append(val_mgr->GetEmptyString()); } // producedAt @@ -591,19 +591,19 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid) } else { - rvl->append(new Val(0, TYPE_TIME)); + rvl->append(new Val(0.0, TYPE_TIME)); rvl->append(new StringVal(0, "")); } if ( this_update ) rvl->append(new Val(GetTimeFromAsn1(this_update, fid, reporter), TYPE_TIME)); else - rvl->append(new Val(0, TYPE_TIME)); + rvl->append(new Val(0.0, TYPE_TIME)); if ( next_update ) rvl->append(new Val(GetTimeFromAsn1(next_update, fid, reporter), TYPE_TIME)); else - rvl->append(new Val(0, TYPE_TIME)); + rvl->append(new Val(0.0, TYPE_TIME)); mgr.QueueEvent(ocsp_response_certificate, rvl); diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index 600b3adb52..e34bf58d82 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -96,7 +96,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, const char* RecordVal* pX509Cert = new RecordVal(BifType::Record::X509::Certificate); BIO *bio = BIO_new(BIO_s_mem()); - pX509Cert->Assign(0, new Val((uint64) X509_get_version(ssl_cert) + 1, TYPE_COUNT)); + pX509Cert->Assign(0, val_mgr->GetCount((uint64) X509_get_version(ssl_cert) + 1)); i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert)); int len = BIO_read(bio, buf, sizeof(buf)); pX509Cert->Assign(1, new StringVal(len, buf)); @@ -204,7 +204,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, const char* unsigned int length = KeyLength(pkey); if ( length > 0 ) - pX509Cert->Assign(10, new Val(length, TYPE_COUNT)); + pX509Cert->Assign(10, val_mgr->GetCount(length)); EVP_PKEY_free(pkey); } @@ -222,10 +222,10 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) if ( constr ) { RecordVal* pBasicConstraint = new RecordVal(BifType::Record::X509::BasicConstraints); - pBasicConstraint->Assign(0, new Val(constr->ca ? 1 : 0, TYPE_BOOL)); + pBasicConstraint->Assign(0, val_mgr->GetBool(constr->ca ? 1 : 0)); if ( constr->pathlen ) - pBasicConstraint->Assign(1, new Val((int32_t) ASN1_INTEGER_get(constr->pathlen), TYPE_COUNT)); + pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen))); val_list* vl = new val_list(); vl->append(GetFile()->GetVal()->Ref()); @@ -365,7 +365,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) if ( ips != 0 ) sanExt->Assign(3, ips); - sanExt->Assign(4, new Val(otherfields, TYPE_BOOL)); + sanExt->Assign(4, val_mgr->GetBool(otherfields)); val_list* vl = new val_list(); vl->append(GetFile()->GetVal()->Ref()); diff --git a/src/file_analysis/analyzer/x509/X509Common.cc b/src/file_analysis/analyzer/x509/X509Common.cc index 38102ed97e..d59a383b78 100644 --- a/src/file_analysis/analyzer/x509/X509Common.cc +++ b/src/file_analysis/analyzer/x509/X509Common.cc @@ -261,7 +261,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, EventHandlerP pX509Ext->Assign(1, new StringVal(short_name)); pX509Ext->Assign(2, new StringVal(oid)); - pX509Ext->Assign(3, new Val(critical, TYPE_BOOL)); + pX509Ext->Assign(3, val_mgr->GetBool(critical)); pX509Ext->Assign(4, ext_val); // send off generic extension event @@ -274,7 +274,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, EventHandlerP vl->append(GetFile()->GetVal()->Ref()); vl->append(pX509Ext); if ( h == ocsp_extension ) - vl->append(new Val(global ? 1 : 0, TYPE_BOOL)); + vl->append(val_mgr->GetBool(global ? 1 : 0)); mgr.QueueEvent(h, vl); @@ -300,7 +300,7 @@ StringVal* file_analysis::X509Common::GetExtensionFromBIO(BIO* bio) if ( length == 0 ) { BIO_free_all(bio); - return new StringVal(""); + return val_mgr->GetEmptyString(); } char* buffer = (char*) malloc(length); diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif index ec87a495b3..e4e263fd35 100644 --- a/src/file_analysis/analyzer/x509/functions.bif +++ b/src/file_analysis/analyzer/x509/functions.bif @@ -32,7 +32,7 @@ RecordVal* x509_result_record(uint64_t num, const char* reason, Val* chainVector { RecordVal* rrecord = new RecordVal(BifType::Record::X509::Result); - rrecord->Assign(0, new Val(num, TYPE_INT)); + rrecord->Assign(0, val_mgr->GetInt(num)); rrecord->Assign(1, new StringVal(reason)); if ( chainVector ) rrecord->Assign(2, chainVector); @@ -231,7 +231,7 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F StringVal* ext_val = file_analysis::X509::GetExtensionFromBIO(bio); if ( ! ext_val ) - ext_val = new StringVal(""); + ext_val = val_mgr->GetEmptyString(); return ext_val; %} @@ -662,7 +662,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa if ( precert && issuer_key_hash->Len() != 32) { reporter->Error("Invalid issuer_key_hash length"); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } std::string data; @@ -686,7 +686,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa if ( pos < 0 ) { reporter->Error("NID_ct_precert_scts not found"); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } #else int num_ext = X509_get_ext_count(x); @@ -781,7 +781,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa EVP_MD_CTX_destroy(mdctx); EVP_PKEY_free(key); - return new Val(success, TYPE_BOOL); + return val_mgr->GetBool(success); sct_verify_err: if (mdctx) @@ -790,7 +790,7 @@ sct_verify_err: EVP_PKEY_free(key); reporter->Error("%s", errstr.c_str()); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); %} diff --git a/src/file_analysis/file_analysis.bif b/src/file_analysis/file_analysis.bif index d2c6c43394..81435bc3b5 100644 --- a/src/file_analysis/file_analysis.bif +++ b/src/file_analysis/file_analysis.bif @@ -12,28 +12,28 @@ type AnalyzerArgs: record; function Files::__set_timeout_interval%(file_id: string, t: interval%): bool %{ bool result = file_mgr->SetTimeoutInterval(file_id->CheckString(), t); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} ## :bro:see:`Files::enable_reassembly`. function Files::__enable_reassembly%(file_id: string%): bool %{ bool result = file_mgr->EnableReassembly(file_id->CheckString()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} ## :bro:see:`Files::disable_reassembly`. function Files::__disable_reassembly%(file_id: string%): bool %{ bool result = file_mgr->DisableReassembly(file_id->CheckString()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} ## :bro:see:`Files::set_reassembly_buffer_size`. function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool %{ bool result = file_mgr->SetReassemblyBuffer(file_id->CheckString(), max); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} ## :bro:see:`Files::add_analyzer`. @@ -44,7 +44,7 @@ function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): b bool result = file_mgr->AddAnalyzer(file_id->CheckString(), file_mgr->GetComponentTag(tag), rv); Unref(rv); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} ## :bro:see:`Files::remove_analyzer`. @@ -55,14 +55,14 @@ function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%) bool result = file_mgr->RemoveAnalyzer(file_id->CheckString(), file_mgr->GetComponentTag(tag) , rv); Unref(rv); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} ## :bro:see:`Files::stop`. function Files::__stop%(file_id: string%): bool %{ bool result = file_mgr->IgnoreFile(file_id->CheckString()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} ## :bro:see:`Files::analyzer_name`. @@ -75,9 +75,9 @@ function Files::__analyzer_name%(tag: Files::Tag%) : string function Files::__file_exists%(fuid: string%): bool %{ if ( file_mgr->LookupFile(fuid->CheckString()) != nullptr ) - return new Val(true, TYPE_BOOL); + return val_mgr->GetTrue(); else - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); %} ## :bro:see:`Files::lookup_file`. diff --git a/src/input/Manager.cc b/src/input/Manager.cc index 4cc084285d..aaf84a99b2 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -1083,7 +1083,7 @@ void Manager::SendEntry(ReaderFrontend* reader, Value* *vals) else if ( i->stream_type == EVENT_STREAM ) { - EnumVal *type = new EnumVal(BifEnum::Input::EVENT_NEW, BifType::Enum::Input::Event); + EnumVal *type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW); readFields = SendEventStreamEvent(i, type, vals); } @@ -1189,9 +1189,9 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) if ( ! pred_convert_error ) { if ( updated ) - ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, BifType::Enum::Input::Event); + ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED); else - ev = new EnumVal(BifEnum::Input::EVENT_NEW, BifType::Enum::Input::Event); + ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW); bool result; if ( stream->num_val_fields > 0 ) // we have values @@ -1292,13 +1292,13 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) else if ( updated ) { // in case of update send back the old value. assert ( stream->num_val_fields > 0 ); - ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, BifType::Enum::Input::Event); + ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED); assert ( oldval != 0 ); SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx, oldval); } else { - ev = new EnumVal(BifEnum::Input::EVENT_NEW, BifType::Enum::Input::Event); + ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW); if ( stream->num_val_fields == 0 ) { Ref(stream->description); @@ -1363,7 +1363,7 @@ void Manager::EndCurrentSend(ReaderFrontend* reader) assert(val != 0); predidx = ListValToRecordVal(idx, stream->itype, &startpos); Unref(idx); - ev = new EnumVal(BifEnum::Input::EVENT_REMOVED, BifType::Enum::Input::Event); + ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED); } if ( stream->pred ) @@ -1472,7 +1472,7 @@ void Manager::Put(ReaderFrontend* reader, Value* *vals) else if ( i->stream_type == EVENT_STREAM ) { - EnumVal *type = new EnumVal(BifEnum::Input::EVENT_NEW, BifType::Enum::Input::Event); + EnumVal *type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW); readFields = SendEventStreamEvent(i, type, vals); } @@ -1610,11 +1610,9 @@ int Manager::PutTable(Stream* i, const Value* const *vals) else { if ( updated ) - ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, - BifType::Enum::Input::Event); + ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED); else - ev = new EnumVal(BifEnum::Input::EVENT_NEW, - BifType::Enum::Input::Event); + ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW); bool result; if ( stream->num_val_fields > 0 ) // we have values @@ -1654,16 +1652,14 @@ int Manager::PutTable(Stream* i, const Value* const *vals) { // in case of update send back the old value. assert ( stream->num_val_fields > 0 ); - ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, - BifType::Enum::Input::Event); + ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED); assert ( oldval != 0 ); SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx, oldval); } else { - ev = new EnumVal(BifEnum::Input::EVENT_NEW, - BifType::Enum::Input::Event); + ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW); if ( stream->num_val_fields == 0 ) SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx); @@ -1749,7 +1745,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals) else { Ref(val); - EnumVal *ev = new EnumVal(BifEnum::Input::EVENT_REMOVED, BifType::Enum::Input::Event); + EnumVal *ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED); streamresult = CallPred(stream->pred, 3, ev, predidx, val); @@ -1769,7 +1765,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals) Ref(idxval); assert(val != 0); Ref(val); - EnumVal *ev = new EnumVal(BifEnum::Input::EVENT_REMOVED, BifType::Enum::Input::Event); + EnumVal *ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED); SendEvent(stream->event, 4, stream->description->Ref(), ev, idxval, val); } } @@ -1789,7 +1785,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals) else if ( i->stream_type == EVENT_STREAM ) { - EnumVal *type = new EnumVal(BifEnum::Input::EVENT_REMOVED, BifType::Enum::Input::Event); + EnumVal *type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED); readVals = SendEventStreamEvent(i, type, vals); success = true; } @@ -2276,13 +2272,14 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ switch ( val->type ) { case TYPE_BOOL: + return val_mgr->GetBool(val->val.int_val); + case TYPE_INT: - return new Val(val->val.int_val, val->type); - break; + return val_mgr->GetInt(val->val.int_val); case TYPE_COUNT: case TYPE_COUNTER: - return new Val(val->val.uint_val, val->type); + return val_mgr->GetCount(val->val.int_val); case TYPE_DOUBLE: case TYPE_TIME: @@ -2296,7 +2293,7 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ } case TYPE_PORT: - return port_mgr->Get(val->val.port_val.port, val->val.port_val.proto); + return val_mgr->GetPort(val->val.port_val.port, val->val.port_val.proto); case TYPE_ADDR: { @@ -2396,7 +2393,7 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ return nullptr; } - return new EnumVal(index, request_type->Ref()->AsEnumType()); + return request_type->Ref()->AsEnumType()->GetVal(index); } default: @@ -2417,13 +2414,14 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, bool& have_error) co switch ( val->type ) { case TYPE_BOOL: + return val_mgr->GetBool(val->val.int_val); + case TYPE_INT: - return new Val(val->val.int_val, val->type); - break; + return val_mgr->GetInt(val->val.int_val); case TYPE_COUNT: case TYPE_COUNTER: - return new Val(val->val.uint_val, val->type); + return val_mgr->GetCount(val->val.int_val); case TYPE_DOUBLE: case TYPE_TIME: @@ -2437,7 +2435,7 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, bool& have_error) co } case TYPE_PORT: - return port_mgr->Get(val->val.port_val.port, val->val.port_val.proto); + return val_mgr->GetPort(val->val.port_val.port, val->val.port_val.proto); case TYPE_ADDR: { @@ -2565,7 +2563,7 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, bool& have_error) co return nullptr; } - return new EnumVal(intval, t); + return t->GetVal(intval); } default: @@ -2697,15 +2695,15 @@ void Manager::ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, co switch (et) { case ErrorType::INFO: - ev = new EnumVal(BifEnum::Reporter::INFO, BifType::Enum::Reporter::Level); + ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::INFO); break; case ErrorType::WARNING: - ev = new EnumVal(BifEnum::Reporter::WARNING, BifType::Enum::Reporter::Level); + ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::WARNING); break; case ErrorType::ERROR: - ev = new EnumVal(BifEnum::Reporter::ERROR, BifType::Enum::Reporter::Level); + ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::ERROR); break; default: diff --git a/src/input/input.bif b/src/input/input.bif index b28ccc00d8..a143799a52 100644 --- a/src/input/input.bif +++ b/src/input/input.bif @@ -19,31 +19,31 @@ type AnalysisDescription: record; function Input::__create_table_stream%(description: Input::TableDescription%) : bool %{ bool res = input_mgr->CreateTableStream(description->AsRecordVal()); - return new Val(res, TYPE_BOOL); + return val_mgr->GetBool(res); %} function Input::__create_event_stream%(description: Input::EventDescription%) : bool %{ bool res = input_mgr->CreateEventStream(description->AsRecordVal()); - return new Val(res, TYPE_BOOL); + return val_mgr->GetBool(res); %} function Input::__create_analysis_stream%(description: Input::AnalysisDescription%) : bool %{ bool res = input_mgr->CreateAnalysisStream(description->AsRecordVal()); - return new Val(res, TYPE_BOOL); + return val_mgr->GetBool(res); %} function Input::__remove_stream%(id: string%) : bool %{ bool res = input_mgr->RemoveStream(id->AsString()->CheckString()); - return new Val(res, TYPE_BOOL); + return val_mgr->GetBool(res); %} function Input::__force_update%(id: string%) : bool %{ bool res = input_mgr->ForceUpdate(id->AsString()->CheckString()); - return new Val(res, TYPE_BOOL); + return val_mgr->GetBool(res); %} # Options for the input framework diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index a5c2622ecf..5b858e828e 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -526,29 +526,29 @@ RecordVal* Packet::BuildPktHdrVal() const { // Ethernet header layout is: // dst[6bytes] src[6bytes] ethertype[2bytes]... - l2_hdr->Assign(0, new EnumVal(BifEnum::LINK_ETHERNET, BifType::Enum::link_encap)); + l2_hdr->Assign(0, BifType::Enum::link_encap->GetVal(BifEnum::LINK_ETHERNET)); l2_hdr->Assign(3, FmtEUI48(data + 6)); // src l2_hdr->Assign(4, FmtEUI48(data)); // dst if ( vlan ) - l2_hdr->Assign(5, new Val(vlan, TYPE_COUNT)); + l2_hdr->Assign(5, val_mgr->GetCount(vlan)); if ( inner_vlan ) - l2_hdr->Assign(6, new Val(inner_vlan, TYPE_COUNT)); + l2_hdr->Assign(6, val_mgr->GetCount(inner_vlan)); - l2_hdr->Assign(7, new Val(eth_type, TYPE_COUNT)); + l2_hdr->Assign(7, val_mgr->GetCount(eth_type)); if ( eth_type == ETHERTYPE_ARP || eth_type == ETHERTYPE_REVARP ) // We also identify ARP for L3 over ethernet l3 = BifEnum::L3_ARP; } else - l2_hdr->Assign(0, new EnumVal(BifEnum::LINK_UNKNOWN, BifType::Enum::link_encap)); + l2_hdr->Assign(0, BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN)); - l2_hdr->Assign(1, new Val(len, TYPE_COUNT)); - l2_hdr->Assign(2, new Val(cap_len, TYPE_COUNT)); + l2_hdr->Assign(1, val_mgr->GetCount(len)); + l2_hdr->Assign(2, val_mgr->GetCount(cap_len)); - l2_hdr->Assign(8, new EnumVal(l3, BifType::Enum::layer3_proto)); + l2_hdr->Assign(8, BifType::Enum::layer3_proto->GetVal(l3)); pkt_hdr->Assign(0, l2_hdr); diff --git a/src/iosource/pcap/pcap.bif b/src/iosource/pcap/pcap.bif index b502342d3c..1e7ca8a844 100644 --- a/src/iosource/pcap/pcap.bif +++ b/src/iosource/pcap/pcap.bif @@ -30,7 +30,7 @@ function precompile_pcap_filter%(id: PcapFilterID, s: string%): bool // lookups and limit the ID space so that that doesn't grow too // large. builtin_error(fmt("PCAP filter ids must remain below 100 (is %" PRId64 ")", id->AsInt())); - return new Val(false, TYPE_BOOL); + return val_mgr->GetFalse(); } bool success = true; @@ -47,7 +47,7 @@ function precompile_pcap_filter%(id: PcapFilterID, s: string%): bool success = false; } - return new Val(success, TYPE_BOOL); + return val_mgr->GetBool(success); %} ## Installs a PCAP filter that has been precompiled with @@ -83,7 +83,7 @@ function Pcap::install_pcap_filter%(id: PcapFilterID%): bool success = false; } - return new Val(success, TYPE_BOOL); + return val_mgr->GetBool(success); %} ## Returns a string representation of the last PCAP error. diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 83fe474690..f1b459811f 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -280,7 +280,7 @@ bool Manager::CreateStream(EnumVal* id, RecordVal* sval) if ( ! same_type((*args)[0], columns) ) { reporter->Error("stream event's argument type does not match column record type"); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } } @@ -757,7 +757,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) if ( filter->path_val ) path_arg = filter->path_val->Ref(); else - path_arg = new StringVal(""); + path_arg = val_mgr->GetEmptyString(); vl.append(path_arg); @@ -1309,6 +1309,8 @@ bool Manager::WriteFromRemote(EnumVal* id, EnumVal* writer, string path, int num void Manager::SendAllWritersTo(RemoteSerializer::PeerID peer) { + auto et = internal_type("Log::Writer")->AsEnumType(); + for ( vector::iterator s = streams.begin(); s != streams.end(); ++s ) { Stream* stream = (*s); @@ -1320,19 +1322,21 @@ void Manager::SendAllWritersTo(RemoteSerializer::PeerID peer) i != stream->writers.end(); i++ ) { WriterFrontend* writer = i->second->writer; - - EnumVal writer_val(i->first.first, internal_type("Log::Writer")->AsEnumType()); + auto writer_val = et->GetVal(i->first.first); remote_serializer->SendLogCreateWriter(peer, (*s)->id, - &writer_val, + writer_val, *i->second->info, writer->NumFields(), writer->Fields()); + Unref(writer_val); } } } void Manager::SendAllWritersTo(const broker::endpoint_info& ei) { + auto et = internal_type("Log::Writer")->AsEnumType(); + for ( vector::iterator s = streams.begin(); s != streams.end(); ++s ) { Stream* stream = (*s); @@ -1340,18 +1344,19 @@ void Manager::SendAllWritersTo(const broker::endpoint_info& ei) if ( ! (stream && stream->enable_remote) ) continue; + for ( Stream::WriterMap::iterator i = stream->writers.begin(); i != stream->writers.end(); i++ ) { WriterFrontend* writer = i->second->writer; - - EnumVal writer_val(i->first.first, internal_type("Log::Writer")->AsEnumType()); + auto writer_val = et->GetVal(i->first.first); broker_mgr->PublishLogCreate((*s)->id, - &writer_val, + writer_val, *i->second->info, writer->NumFields(), writer->Fields(), ei); + Unref(writer_val); } } } @@ -1575,7 +1580,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con info->Assign(2, new StringVal(winfo->writer->Info().path)); info->Assign(3, new Val(open, TYPE_TIME)); info->Assign(4, new Val(close, TYPE_TIME)); - info->Assign(5, new Val(terminating, TYPE_BOOL)); + info->Assign(5, val_mgr->GetBool(terminating)); Func* func = winfo->postprocessor; if ( ! func ) diff --git a/src/logging/logging.bif b/src/logging/logging.bif index 87323ef789..b960bc7471 100644 --- a/src/logging/logging.bif +++ b/src/logging/logging.bif @@ -13,53 +13,53 @@ type RotationInfo: record; function Log::__create_stream%(id: Log::ID, stream: Log::Stream%) : bool %{ bool result = log_mgr->CreateStream(id->AsEnumVal(), stream->AsRecordVal()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} function Log::__remove_stream%(id: Log::ID%) : bool %{ bool result = log_mgr->RemoveStream(id->AsEnumVal()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} function Log::__enable_stream%(id: Log::ID%) : bool %{ bool result = log_mgr->EnableStream(id->AsEnumVal()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} function Log::__disable_stream%(id: Log::ID%) : bool %{ bool result = log_mgr->DisableStream(id->AsEnumVal()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} function Log::__add_filter%(id: Log::ID, filter: Log::Filter%) : bool %{ bool result = log_mgr->AddFilter(id->AsEnumVal(), filter->AsRecordVal()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} function Log::__remove_filter%(id: Log::ID, name: string%) : bool %{ bool result = log_mgr->RemoveFilter(id->AsEnumVal(), name); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} function Log::__write%(id: Log::ID, columns: any%) : bool %{ bool result = log_mgr->Write(id->AsEnumVal(), columns->AsRecordVal()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} function Log::__set_buf%(id: Log::ID, buffered: bool%): bool %{ bool result = log_mgr->SetBuf(id->AsEnumVal(), buffered); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} function Log::__flush%(id: Log::ID%): bool %{ bool result = log_mgr->Flush(id->AsEnumVal()); - return new Val(result, TYPE_BOOL); + return val_mgr->GetBool(result); %} diff --git a/src/main.cc b/src/main.cc index 7b6db4528f..6c714d806f 100644 --- a/src/main.cc +++ b/src/main.cc @@ -83,6 +83,7 @@ int perftools_profile = 0; DNS_Mgr* dns_mgr; TimerMgr* timer_mgr; +ValManager* val_mgr = 0; PortManager* port_mgr = 0; logging::Manager* log_mgr = 0; threading::Manager* thread_mgr = 0; @@ -382,6 +383,7 @@ void terminate_bro() delete log_mgr; delete reporter; delete plugin_mgr; + delete val_mgr; delete port_mgr; reporter = 0; @@ -391,7 +393,6 @@ void termination_signal() { set_processing_status("TERMINATING", "termination_signal"); - Val sval(signal_val, TYPE_COUNT); reporter->Info("received termination signal"); net_get_final_stats(); done_with_network(); @@ -774,6 +775,7 @@ int main(int argc, char** argv) bro_start_time = current_time(true); + val_mgr = new ValManager(); port_mgr = new PortManager(); reporter = new Reporter(); thread_mgr = new threading::Manager(); @@ -1174,7 +1176,7 @@ int main(int argc, char** argv) val_list* vl = new val_list; vl->append(new StringVal(i->name.c_str())); - vl->append(new Val(i->include_level, TYPE_COUNT)); + vl->append(val_mgr->GetCount(i->include_level)); mgr.QueueEvent(bro_script_loaded, vl); } diff --git a/src/option.bif b/src/option.bif index 6a0ba777ee..2156808763 100644 --- a/src/option.bif +++ b/src/option.bif @@ -60,20 +60,20 @@ function Option::set%(ID: string, val: any, location: string &default=""%): bool if ( ! i ) { builtin_error(fmt("Could not find ID named '%s'", ID->CheckString())); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } if ( ! i->HasVal() ) { // should be impossible because initialization is enforced builtin_error(fmt("ID '%s' has no value", ID->CheckString())); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } if ( ! i->IsOption() ) { builtin_error(fmt("ID '%s' is not an option", ID->CheckString())); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } if ( same_type(val->Type(), bro_broker::DataVal::ScriptDataType()) ) @@ -85,23 +85,23 @@ function Option::set%(ID: string, val: any, location: string &default=""%): bool { builtin_error(fmt("Incompatible type for set of ID '%s': got broker data '%s', need '%s'", ID->CheckString(), dv->data.get_type_name(), type_name(i->Type()->Tag()))); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } auto rval = call_option_handlers_and_set_value(ID, i, val_from_data, location); Unref(val_from_data); - return new Val(rval, TYPE_BOOL); + return val_mgr->GetBool(rval); } if ( ! same_type(i->Type(), val->Type()) ) { builtin_error(fmt("Incompatible type for set of ID '%s': got '%s', need '%s'", ID->CheckString(), type_name(val->Type()->Tag()), type_name(i->Type()->Tag()))); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } auto rval = call_option_handlers_and_set_value(ID, i, val, location); - return new Val(rval, TYPE_BOOL); + return val_mgr->GetBool(rval); %} ## Set a change handler for an option. The change handler will be @@ -134,26 +134,26 @@ function Option::set_change_handler%(ID: string, on_change: any, priority: int & if ( ! i ) { builtin_error(fmt("Could not find ID named '%s'", ID->CheckString())); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } if ( ! i->IsOption() ) { builtin_error(fmt("ID '%s' is not an option", ID->CheckString())); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } if ( on_change->Type()->Tag() != TYPE_FUNC ) { builtin_error(fmt("Option::on_change needs function argument; got '%s' for ID '%s'", type_name(on_change->Type()->Tag()), ID->CheckString())); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } if ( on_change->Type()->AsFuncType()->Flavor() != FUNC_FLAVOR_FUNCTION ) { builtin_error("Option::on_change needs function argument; not hook or event"); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } const type_list* args = on_change->Type()->AsFuncType()->ArgTypes()->Types(); @@ -161,37 +161,37 @@ function Option::set_change_handler%(ID: string, on_change: any, priority: int & { builtin_error(fmt("Wrong number of arguments for passed function in Option::on_change for ID '%s'; expected 2 or 3, got %d", ID->CheckString(), args->length())); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } if ( (*args)[0]->Tag() != TYPE_STRING ) { builtin_error(fmt("First argument of passed function has to be string in Option::on_change for ID '%s'; got '%s'", ID->CheckString(), type_name((*args)[0]->Tag()))); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } if ( ! same_type((*args)[1], i->Type()) ) { builtin_error(fmt("Second argument of passed function has to be %s in Option::on_change for ID '%s'; got '%s'", type_name(i->Type()->Tag()), ID->CheckString(), type_name((*args)[1]->Tag()))); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } if ( args->length() == 3 && (*args)[2]->Tag() != TYPE_STRING ) { builtin_error(fmt("Third argument of passed function has to be string in Option::on_change for ID '%s'; got '%s'", ID->CheckString(), type_name((*args)[2]->Tag()))); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } if ( ! same_type(on_change->Type()->AsFuncType()->YieldType(), i->Type()) ) { builtin_error(fmt("Passed function needs to return type '%s' for ID '%s'; got '%s'", type_name(i->Type()->Tag()), ID->CheckString(), type_name(on_change->Type()->AsFuncType()->YieldType()->Tag()))); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } i->AddOptionHandler(on_change->Ref()->AsFunc(), -priority); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} diff --git a/src/parse.y b/src/parse.y index b5809a91d0..c74035a3b9 100644 --- a/src/parse.y +++ b/src/parse.y @@ -469,7 +469,7 @@ expr: | TOK_LOCAL local_id '=' expr { set_location(@2, @4); - $$ = add_and_assign_local($2, $4, new Val(1, TYPE_BOOL)); + $$ = add_and_assign_local($2, $4, val_mgr->GetBool(1)); } | expr '[' expr_list ']' @@ -481,7 +481,7 @@ expr: | expr '[' opt_expr ':' opt_expr ']' { set_location(@1, @6); - Expr* low = $3 ? $3 : new ConstExpr(new Val(0, TYPE_COUNT)); + Expr* low = $3 ? $3 : new ConstExpr(val_mgr->GetCount(0)); Expr* high = $5 ? $5 : new SizeExpr($1); ListExpr* le = new ListExpr(low); le->Append(high); @@ -695,7 +695,7 @@ expr: id->Name()); if ( intval < 0 ) reporter->InternalError("enum value not found for %s", id->Name()); - $$ = new ConstExpr(new EnumVal(intval, t)); + $$ = new ConstExpr(t->GetVal(intval)); } else $$ = new NameExpr(id); diff --git a/src/probabilistic/bloom-filter.bif b/src/probabilistic/bloom-filter.bif index 9af2ae0d33..468a6eeae2 100644 --- a/src/probabilistic/bloom-filter.bif +++ b/src/probabilistic/bloom-filter.bif @@ -180,9 +180,9 @@ function bloomfilter_lookup%(bf: opaque of bloomfilter, x: any%): count reporter->Error("incompatible Bloom filter types"); else - return new Val(static_cast(bfv->Count(x)), TYPE_COUNT); + return val_mgr->GetCount(static_cast(bfv->Count(x))); - return new Val(0, TYPE_COUNT); + return val_mgr->GetCount(0); %} ## Removes all elements from a Bloom filter. This function resets all bits in diff --git a/src/probabilistic/cardinality-counter.bif b/src/probabilistic/cardinality-counter.bif index aea9f296f5..4ba528bd3c 100644 --- a/src/probabilistic/cardinality-counter.bif +++ b/src/probabilistic/cardinality-counter.bif @@ -44,17 +44,17 @@ function hll_cardinality_add%(handle: opaque of cardinality, elem: any%): bool if ( ! cv->Type() && ! cv->Typify(elem->Type()) ) { reporter->Error("failed to set HLL type"); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } else if ( ! same_type(cv->Type(), elem->Type()) ) { reporter->Error("incompatible HLL data type"); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } cv->Add(elem); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Merges a HLL cardinality counter into another. @@ -81,7 +81,7 @@ function hll_cardinality_merge_into%(handle1: opaque of cardinality, handle2: op ! same_type(v1->Type(), v2->Type()) ) { reporter->Error("incompatible HLL types"); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } CardinalityCounter* h1 = v1->Get(); @@ -91,10 +91,10 @@ function hll_cardinality_merge_into%(handle1: opaque of cardinality, handle2: op if ( ! res ) { reporter->Error("Carinality counters with different parameters cannot be merged"); - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); } - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Estimate the current cardinality of an HLL cardinality counter. diff --git a/src/probabilistic/top-k.bif b/src/probabilistic/top-k.bif index 8f7b071a4c..8d2a8c0fd8 100644 --- a/src/probabilistic/top-k.bif +++ b/src/probabilistic/top-k.bif @@ -74,7 +74,7 @@ function topk_count%(handle: opaque of topk, value: any%): count %{ assert(handle); probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle; - return new Val(h->GetCount(value), TYPE_COUNT); + return val_mgr->GetCount(h->GetCount(value)); %} ## Get the maximal overestimation for count. @@ -94,7 +94,7 @@ function topk_epsilon%(handle: opaque of topk, value: any%): count %{ assert(handle); probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle; - return new Val(h->GetEpsilon(value), TYPE_COUNT); + return val_mgr->GetCount(h->GetEpsilon(value)); %} ## Get the number of elements this data structure is supposed to track (given @@ -113,7 +113,7 @@ function topk_size%(handle: opaque of topk%): count %{ assert(handle); probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle; - return new Val(h->GetSize(), TYPE_COUNT); + return val_mgr->GetCount(h->GetSize()); %} ## Get the sum of all counts of all elements in the data structure. @@ -133,7 +133,7 @@ function topk_sum%(handle: opaque of topk%): count %{ assert(handle); probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle; - return new Val(h->GetSum(), TYPE_COUNT); + return val_mgr->GetCount(h->GetSum()); %} ## Merge the second top-k data structure into the first. diff --git a/src/reporter.bif b/src/reporter.bif index d5f8e5e023..4a58e2728b 100644 --- a/src/reporter.bif +++ b/src/reporter.bif @@ -25,7 +25,7 @@ function Reporter::info%(msg: string%): bool reporter->PushLocation(frame->GetCall()->GetLocationInfo()); reporter->Info("%s", msg->CheckString()); reporter->PopLocation(); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Generates a message that warns of a potential problem. @@ -40,7 +40,7 @@ function Reporter::warning%(msg: string%): bool reporter->PushLocation(frame->GetCall()->GetLocationInfo()); reporter->Warning("%s", msg->CheckString()); reporter->PopLocation(); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Generates a non-fatal error indicative of a definite problem that should @@ -56,7 +56,7 @@ function Reporter::error%(msg: string%): bool reporter->PushLocation(frame->GetCall()->GetLocationInfo()); reporter->Error("%s", msg->CheckString()); reporter->PopLocation(); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Generates a fatal error on stderr and terminates program execution. @@ -69,7 +69,7 @@ function Reporter::fatal%(msg: string%): bool reporter->PushLocation(frame->GetCall()->GetLocationInfo()); reporter->FatalError("%s", msg->CheckString()); reporter->PopLocation(); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Generates a fatal error on stderr and terminates program execution @@ -83,7 +83,7 @@ function Reporter::fatal_error_with_core%(msg: string%): bool reporter->PushLocation(frame->GetCall()->GetLocationInfo()); reporter->FatalErrorWithCore("%s", msg->CheckString()); reporter->PopLocation(); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Generates a "net" weird. @@ -94,7 +94,7 @@ function Reporter::fatal_error_with_core%(msg: string%): bool function Reporter::net_weird%(name: string%): bool %{ reporter->Weird(name->CheckString()); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Generates a "flow" weird. @@ -109,7 +109,7 @@ function Reporter::net_weird%(name: string%): bool function Reporter::flow_weird%(name: string, orig: addr, resp: addr%): bool %{ reporter->Weird(orig->AsAddr(), resp->AsAddr(), name->CheckString()); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Generates a "conn" weird. @@ -124,7 +124,7 @@ function Reporter::flow_weird%(name: string, orig: addr, resp: addr%): bool function Reporter::conn_weird%(name: string, c: connection, addl: string &default=""%): bool %{ reporter->Weird(c, name->CheckString(), addl->CheckString()); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Gets the weird sampling whitelist @@ -164,7 +164,7 @@ function Reporter::set_weird_sampling_whitelist%(weird_sampling_whitelist: strin delete k; } reporter->SetWeirdSamplingWhitelist(whitelist_set); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Gets the current weird sampling threshold @@ -172,7 +172,7 @@ function Reporter::set_weird_sampling_whitelist%(weird_sampling_whitelist: strin ## Returns: current weird sampling threshold. function Reporter::get_weird_sampling_threshold%(%) : count %{ - return new Val(reporter->GetWeirdSamplingThreshold(), TYPE_COUNT); + return val_mgr->GetCount(reporter->GetWeirdSamplingThreshold()); %} ## Sets the current weird sampling threshold @@ -183,7 +183,7 @@ function Reporter::get_weird_sampling_threshold%(%) : count function Reporter::set_weird_sampling_threshold%(weird_sampling_threshold: count%) : bool %{ reporter->SetWeirdSamplingThreshold(weird_sampling_threshold); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} @@ -192,7 +192,7 @@ function Reporter::set_weird_sampling_threshold%(weird_sampling_threshold: count ## Returns: weird sampling rate. function Reporter::get_weird_sampling_rate%(%) : count %{ - return new Val(reporter->GetWeirdSamplingRate(), TYPE_COUNT); + return val_mgr->GetCount(reporter->GetWeirdSamplingRate()); %} ## Sets the weird sampling rate. @@ -203,7 +203,7 @@ function Reporter::get_weird_sampling_rate%(%) : count function Reporter::set_weird_sampling_rate%(weird_sampling_rate: count%) : bool %{ reporter->SetWeirdSamplingRate(weird_sampling_rate); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Gets the current weird sampling duration. @@ -223,5 +223,5 @@ function Reporter::get_weird_sampling_duration%(%) : interval function Reporter::set_weird_sampling_duration%(weird_sampling_duration: interval%) : bool %{ reporter->SetWeirdSamplingDuration(weird_sampling_duration); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} diff --git a/src/scan.l b/src/scan.l index 9e0e5f75fc..763ee2d86d 100644 --- a/src/scan.l +++ b/src/scan.l @@ -470,8 +470,8 @@ when return TOK_WHEN; [^@\n]+ /* eat */ . /* eat */ -T RET_CONST(new Val(true, TYPE_BOOL)) -F RET_CONST(new Val(false, TYPE_BOOL)) +T RET_CONST(val_mgr->GetTrue()) +F RET_CONST(val_mgr->GetFalse()) {ID} { yylval.str = copy_string(yytext); @@ -480,8 +480,7 @@ F RET_CONST(new Val(false, TYPE_BOOL)) } {D} { - RET_CONST(new Val(static_cast(strtoull(yytext, (char**) NULL, 10)), - TYPE_COUNT)) + RET_CONST(val_mgr->GetCount(static_cast(strtoull(yytext, (char**) NULL, 10)))) } {FLOAT} RET_CONST(new Val(atof(yytext), TYPE_DOUBLE)) @@ -492,7 +491,7 @@ F RET_CONST(new Val(false, TYPE_BOOL)) reporter->Error("bad port number - %s", yytext); p = 0; } - RET_CONST(port_mgr->Get(p, TRANSPORT_TCP)) + RET_CONST(val_mgr->GetPort(p, TRANSPORT_TCP)) } {D}"/udp" { uint32 p = atoi(yytext); @@ -501,7 +500,7 @@ F RET_CONST(new Val(false, TYPE_BOOL)) reporter->Error("bad port number - %s", yytext); p = 0; } - RET_CONST(port_mgr->Get(p, TRANSPORT_UDP)) + RET_CONST(val_mgr->GetPort(p, TRANSPORT_UDP)) } {D}"/icmp" { uint32 p = atoi(yytext); @@ -510,7 +509,7 @@ F RET_CONST(new Val(false, TYPE_BOOL)) reporter->Error("bad port number - %s", yytext); p = 0; } - RET_CONST(port_mgr->Get(p, TRANSPORT_ICMP)) + RET_CONST(val_mgr->GetPort(p, TRANSPORT_ICMP)) } {D}"/unknown" { uint32 p = atoi(yytext); @@ -519,7 +518,7 @@ F RET_CONST(new Val(false, TYPE_BOOL)) reporter->Error("bad port number - %s", yytext); p = 0; } - RET_CONST(port_mgr->Get(p, TRANSPORT_UNKNOWN)) + RET_CONST(val_mgr->GetPort(p, TRANSPORT_UNKNOWN)) } {FLOAT}{OWS}day(s?) RET_CONST(new IntervalVal(atof(yytext),Days)) @@ -529,7 +528,7 @@ F RET_CONST(new Val(false, TYPE_BOOL)) {FLOAT}{OWS}msec(s?) RET_CONST(new IntervalVal(atof(yytext),Milliseconds)) {FLOAT}{OWS}usec(s?) RET_CONST(new IntervalVal(atof(yytext),Microseconds)) -"0x"{HEX}+ RET_CONST(new Val(static_cast(strtoull(yytext, 0, 16)), TYPE_COUNT)) +"0x"{HEX}+ RET_CONST(val_mgr->GetCount(static_cast(strtoull(yytext, 0, 16)))) {H}("."{H})+ RET_CONST(dns_mgr->LookupHost(yytext)) diff --git a/src/stats.bif b/src/stats.bif index e3ce6f0245..bb4d92586f 100644 --- a/src/stats.bif +++ b/src/stats.bif @@ -62,10 +62,10 @@ function get_net_stats%(%): NetStats RecordVal* r = new RecordVal(NetStats); int n = 0; - r->Assign(n++, new Val(recv, TYPE_COUNT)); - r->Assign(n++, new Val(drop, TYPE_COUNT)); - r->Assign(n++, new Val(link, TYPE_COUNT)); - r->Assign(n++, new Val(bytes_recv, TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(recv)); + r->Assign(n++, val_mgr->GetCount(drop)); + r->Assign(n++, val_mgr->GetCount(link)); + r->Assign(n++, val_mgr->GetCount(bytes_recv)); return r; %} @@ -91,17 +91,17 @@ function get_conn_stats%(%): ConnStats RecordVal* r = new RecordVal(ConnStats); int n = 0; - r->Assign(n++, new Val(Connection::TotalConnections(), TYPE_COUNT)); - r->Assign(n++, new Val(Connection::CurrentConnections(), TYPE_COUNT)); - r->Assign(n++, new Val(Connection::CurrentExternalConnections(), TYPE_COUNT)); - r->Assign(n++, new Val(sessions->CurrentConnections(), TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(Connection::TotalConnections())); + r->Assign(n++, val_mgr->GetCount(Connection::CurrentConnections())); + r->Assign(n++, val_mgr->GetCount(Connection::CurrentExternalConnections())); + r->Assign(n++, val_mgr->GetCount(sessions->CurrentConnections())); SessionStats s; if ( sessions ) sessions->GetStats(s); #define ADD_STAT(x) \ - r->Assign(n++, new Val(unsigned(sessions ? x : 0), TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(unsigned(sessions ? x : 0))); ADD_STAT(s.num_packets); ADD_STAT(s.num_fragments); @@ -116,7 +116,7 @@ function get_conn_stats%(%): ConnStats ADD_STAT(s.max_ICMP_conns); ADD_STAT(s.cumulative_ICMP_conns); - r->Assign(n++, new Val(killed_by_inactivity, TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(killed_by_inactivity)); return r; %} @@ -153,9 +153,9 @@ function get_proc_stats%(%): ProcStats double(ru.ru_stime.tv_sec) + double(ru.ru_stime.tv_usec) / 1e6; #ifdef DEBUG - r->Assign(n++, new Val(1, TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(1)); #else - r->Assign(n++, new Val(0, TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(0)); #endif r->Assign(n++, new Val(bro_start_time, TYPE_TIME)); @@ -166,14 +166,14 @@ function get_proc_stats%(%): ProcStats uint64 total_mem; get_memory_usage(&total_mem, NULL); - r->Assign(n++, new Val(unsigned(total_mem), TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(unsigned(total_mem))); - r->Assign(n++, new Val(unsigned(ru.ru_minflt), TYPE_COUNT)); - r->Assign(n++, new Val(unsigned(ru.ru_majflt), TYPE_COUNT)); - r->Assign(n++, new Val(unsigned(ru.ru_nswap), TYPE_COUNT)); - r->Assign(n++, new Val(unsigned(ru.ru_inblock), TYPE_COUNT)); - r->Assign(n++, new Val(unsigned(ru.ru_oublock), TYPE_COUNT)); - r->Assign(n++, new Val(unsigned(ru.ru_nivcsw), TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_minflt))); + r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_majflt))); + r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_nswap))); + r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_inblock))); + r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_oublock))); + r->Assign(n++, val_mgr->GetCount(unsigned(ru.ru_nivcsw))); return r; %} @@ -199,8 +199,8 @@ function get_event_stats%(%): EventStats RecordVal* r = new RecordVal(EventStats); int n = 0; - r->Assign(n++, new Val(num_events_queued, TYPE_COUNT)); - r->Assign(n++, new Val(num_events_dispatched, TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(num_events_queued)); + r->Assign(n++, val_mgr->GetCount(num_events_dispatched)); return r; %} @@ -226,10 +226,10 @@ function get_reassembler_stats%(%): ReassemblerStats RecordVal* r = new RecordVal(ReassemblerStats); int n = 0; - r->Assign(n++, new Val(Reassembler::MemoryAllocation(REASSEM_FILE), TYPE_COUNT)); - r->Assign(n++, new Val(Reassembler::MemoryAllocation(REASSEM_FRAG), TYPE_COUNT)); - r->Assign(n++, new Val(Reassembler::MemoryAllocation(REASSEM_TCP), TYPE_COUNT)); - r->Assign(n++, new Val(Reassembler::MemoryAllocation(REASSEM_UNKNOWN), TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(Reassembler::MemoryAllocation(REASSEM_FILE))); + r->Assign(n++, val_mgr->GetCount(Reassembler::MemoryAllocation(REASSEM_FRAG))); + r->Assign(n++, val_mgr->GetCount(Reassembler::MemoryAllocation(REASSEM_TCP))); + r->Assign(n++, val_mgr->GetCount(Reassembler::MemoryAllocation(REASSEM_UNKNOWN))); return r; %} @@ -258,12 +258,12 @@ function get_dns_stats%(%): DNSStats DNS_Mgr::Stats dstats; dns_mgr->GetStats(&dstats); - r->Assign(n++, new Val(unsigned(dstats.requests), TYPE_COUNT)); - r->Assign(n++, new Val(unsigned(dstats.successful), TYPE_COUNT)); - r->Assign(n++, new Val(unsigned(dstats.failed), TYPE_COUNT)); - r->Assign(n++, new Val(unsigned(dstats.pending), TYPE_COUNT)); - r->Assign(n++, new Val(unsigned(dstats.cached_hosts), TYPE_COUNT)); - r->Assign(n++, new Val(unsigned(dstats.cached_addresses), TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(unsigned(dstats.requests))); + r->Assign(n++, val_mgr->GetCount(unsigned(dstats.successful))); + r->Assign(n++, val_mgr->GetCount(unsigned(dstats.failed))); + r->Assign(n++, val_mgr->GetCount(unsigned(dstats.pending))); + r->Assign(n++, val_mgr->GetCount(unsigned(dstats.cached_hosts))); + r->Assign(n++, val_mgr->GetCount(unsigned(dstats.cached_addresses))); return r; %} @@ -289,9 +289,9 @@ function get_timer_stats%(%): TimerStats RecordVal* r = new RecordVal(TimerStats); int n = 0; - r->Assign(n++, new Val(unsigned(timer_mgr->Size()), TYPE_COUNT)); - r->Assign(n++, new Val(unsigned(timer_mgr->PeakSize()), TYPE_COUNT)); - r->Assign(n++, new Val(timer_mgr->CumulativeNum(), TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(unsigned(timer_mgr->Size()))); + r->Assign(n++, val_mgr->GetCount(unsigned(timer_mgr->PeakSize()))); + r->Assign(n++, val_mgr->GetCount(timer_mgr->CumulativeNum())); return r; %} @@ -317,9 +317,9 @@ function get_file_analysis_stats%(%): FileAnalysisStats RecordVal* r = new RecordVal(FileAnalysisStats); int n = 0; - r->Assign(n++, new Val(file_mgr->CurrentFiles(), TYPE_COUNT)); - r->Assign(n++, new Val(file_mgr->MaxFiles(), TYPE_COUNT)); - r->Assign(n++, new Val(file_mgr->CumulativeFiles(), TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(file_mgr->CurrentFiles())); + r->Assign(n++, val_mgr->GetCount(file_mgr->MaxFiles())); + r->Assign(n++, val_mgr->GetCount(file_mgr->CumulativeFiles())); return r; %} @@ -345,7 +345,7 @@ function get_thread_stats%(%): ThreadStats RecordVal* r = new RecordVal(ThreadStats); int n = 0; - r->Assign(n++, new Val(thread_mgr->NumThreads(), TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(thread_mgr->NumThreads())); return r; %} @@ -371,10 +371,10 @@ function get_gap_stats%(%): GapStats RecordVal* r = new RecordVal(GapStats); int n = 0; - r->Assign(n++, new Val(tot_ack_events, TYPE_COUNT)); - r->Assign(n++, new Val(tot_ack_bytes, TYPE_COUNT)); - r->Assign(n++, new Val(tot_gap_events, TYPE_COUNT)); - r->Assign(n++, new Val(tot_gap_bytes, TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(tot_ack_events)); + r->Assign(n++, val_mgr->GetCount(tot_ack_bytes)); + r->Assign(n++, val_mgr->GetCount(tot_gap_events)); + r->Assign(n++, val_mgr->GetCount(tot_gap_bytes)); return r; %} @@ -408,13 +408,13 @@ function get_matcher_stats%(%): MatcherStats if ( rule_matcher ) rule_matcher->GetStats(&s); - r->Assign(n++, new Val(s.matchers, TYPE_COUNT)); - r->Assign(n++, new Val(s.nfa_states, TYPE_COUNT)); - r->Assign(n++, new Val(s.dfa_states, TYPE_COUNT)); - r->Assign(n++, new Val(s.computed, TYPE_COUNT)); - r->Assign(n++, new Val(s.mem, TYPE_COUNT)); - r->Assign(n++, new Val(s.hits, TYPE_COUNT)); - r->Assign(n++, new Val(s.misses, TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(s.matchers)); + r->Assign(n++, val_mgr->GetCount(s.nfa_states)); + r->Assign(n++, val_mgr->GetCount(s.dfa_states)); + r->Assign(n++, val_mgr->GetCount(s.computed)); + r->Assign(n++, val_mgr->GetCount(s.mem)); + r->Assign(n++, val_mgr->GetCount(s.hits)); + r->Assign(n++, val_mgr->GetCount(s.misses)); return r; %} @@ -442,15 +442,15 @@ function get_broker_stats%(%): BrokerStats int n = 0; auto cs = broker_mgr->GetStatistics(); - r->Assign(n++, new Val(static_cast(cs.num_peers), TYPE_COUNT)); - r->Assign(n++, new Val(static_cast(cs.num_stores), TYPE_COUNT)); - r->Assign(n++, new Val(static_cast(cs.num_pending_queries), TYPE_COUNT)); - r->Assign(n++, new Val(static_cast(cs.num_events_incoming), TYPE_COUNT)); - r->Assign(n++, new Val(static_cast(cs.num_events_outgoing), TYPE_COUNT)); - r->Assign(n++, new Val(static_cast(cs.num_logs_incoming), TYPE_COUNT)); - r->Assign(n++, new Val(static_cast(cs.num_logs_outgoing), TYPE_COUNT)); - r->Assign(n++, new Val(static_cast(cs.num_ids_incoming), TYPE_COUNT)); - r->Assign(n++, new Val(static_cast(cs.num_ids_outgoing), TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(static_cast(cs.num_peers))); + r->Assign(n++, val_mgr->GetCount(static_cast(cs.num_stores))); + r->Assign(n++, val_mgr->GetCount(static_cast(cs.num_pending_queries))); + r->Assign(n++, val_mgr->GetCount(static_cast(cs.num_events_incoming))); + r->Assign(n++, val_mgr->GetCount(static_cast(cs.num_events_outgoing))); + r->Assign(n++, val_mgr->GetCount(static_cast(cs.num_logs_incoming))); + r->Assign(n++, val_mgr->GetCount(static_cast(cs.num_logs_outgoing))); + r->Assign(n++, val_mgr->GetCount(static_cast(cs.num_ids_incoming))); + r->Assign(n++, val_mgr->GetCount(static_cast(cs.num_ids_outgoing))); return r; %} @@ -481,11 +481,11 @@ function get_reporter_stats%(%): ReporterStats for ( auto& kv : reporter->GetWeirdsByType() ) { Val* weird = new StringVal(kv.first); - weirds_by_type->Assign(weird, new Val(kv.second, TYPE_COUNT)); + weirds_by_type->Assign(weird, val_mgr->GetCount(kv.second)); Unref(weird); } - r->Assign(n++, new Val(reporter->GetWeirdCount(), TYPE_COUNT)); + r->Assign(n++, val_mgr->GetCount(reporter->GetWeirdCount())); r->Assign(n++, weirds_by_type); return r; diff --git a/src/strings.bif b/src/strings.bif index 5a1ee5161d..847bb60a40 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -25,10 +25,10 @@ function levenshtein_distance%(s1: string, s2: string%): count unsigned int m = s2->Len(); if ( ! n ) - return new Val(m, TYPE_COUNT); + return val_mgr->GetCount(m); if ( ! m ) - return new Val(n, TYPE_COUNT); + return val_mgr->GetCount(n); vector > d(n + 1, vector(m + 1)); @@ -47,7 +47,7 @@ function levenshtein_distance%(s1: string, s2: string%): count d[i-1][j-1] + (s1->Bytes()[i-1] == s2->Bytes()[j-1] ? 0 : 1)); } - return new Val(d[n][m], TYPE_COUNT); + return val_mgr->GetCount(d[n][m]); %} ## Concatenates all arguments into a single string. The function takes a @@ -85,7 +85,7 @@ int string_array_to_vs(TableVal* tbl, int start, int end, vs.clear(); for ( int i = start; i <= end; ++i ) { - Val* ind = new Val(i, TYPE_COUNT); + Val* ind = val_mgr->GetCount(i); Val* v = tbl->Lookup(ind); if ( ! v ) return 0; @@ -95,7 +95,7 @@ int string_array_to_vs(TableVal* tbl, int start, int end, DEBUG_MSG("string_array[%d] = \"%s\"\n", i, str); delete [] str; #endif - delete ind; + Unref(ind); } return 1; } @@ -105,7 +105,7 @@ int vs_to_string_array(vector& vs, TableVal* tbl, { for ( int i = start, j = 0; i <= end; ++i, ++j ) { - Val* ind = new Val(i, TYPE_COUNT); + Val* ind = val_mgr->GetCount(i); tbl->Assign(ind, new StringVal(vs[j]->Len(), (const char *)vs[j]->Bytes())); Unref(ind); @@ -176,7 +176,7 @@ function join_string_array%(sep: string, a: string_array%): string &deprecated for ( int i = 1; i <= n; ++i ) { - Val* ind = new Val(i, TYPE_COUNT); + Val* ind = val_mgr->GetCount(i); Val* v = tbl->Lookup(ind); if ( ! v ) return 0; @@ -432,7 +432,7 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, int incl_sep, int max_num_sep) n=0; } - Val* ind = new Val(++num, TYPE_COUNT); + Val* ind = val_mgr->GetCount(++num); a->Assign(ind, new StringVal(offset, (const char*) s)); Unref(ind); @@ -442,7 +442,7 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, int incl_sep, int max_num_sep) if ( incl_sep ) { // including the part that matches the pattern - ind = new Val(++num, TYPE_COUNT); + ind = val_mgr->GetCount(++num); a->Assign(ind, new StringVal(end_of_match, (const char*) s+offset)); Unref(ind); } @@ -763,7 +763,7 @@ function gsub%(str: string, re: pattern, repl: string%): string ## *s1* is greater than, equal to, or less than *s2*. function strcmp%(s1: string, s2: string%): int %{ - return new Val(Bstr_cmp(s1->AsString(), s2->AsString()), TYPE_INT); + return val_mgr->GetInt(Bstr_cmp(s1->AsString(), s2->AsString())); %} ## Locates the first occurrence of one string in another. @@ -778,9 +778,8 @@ function strcmp%(s1: string, s2: string%): int ## .. bro:see:: find_all find_last function strstr%(big: string, little: string%): count %{ - return new Val( - 1 + big->AsString()->FindSubstring(little->AsString()), - TYPE_COUNT); + return val_mgr->GetCount( + 1 + big->AsString()->FindSubstring(little->AsString())); %} ## Substitutes each (non-overlapping) appearance of a string in another. @@ -947,9 +946,9 @@ function is_ascii%(str: string%): bool for ( int i = 0; i < n; ++i ) if ( s[i] > 127 ) - return new Val(0, TYPE_BOOL); + return val_mgr->GetBool(0); - return new Val(1, TYPE_BOOL); + return val_mgr->GetBool(1); %} ## Replaces non-printable characters in a string with escaped sequences. The @@ -1196,7 +1195,7 @@ function find_last%(str: string, re: pattern%) : string return new StringVal(n, (const char*) t); } - return new StringVal(""); + return val_mgr->GetEmptyString(); %} ## Returns a hex dump for given input data. The hex dump renders 16 bytes per @@ -1241,13 +1240,13 @@ function hexdump%(data_str: string%) : string unsigned data_size = data_str->Len(); if ( ! data ) - return new StringVal(""); + return val_mgr->GetEmptyString(); int num_lines = (data_size / 16) + 1; int len = num_lines * HEX_LINE_WIDTH; u_char* hex_data = new u_char[len + 1]; if ( ! hex_data ) - return new StringVal(""); + return val_mgr->GetEmptyString(); memset(hex_data, ' ', len); diff --git a/testing/btest/Baseline/language.set-type-checking/out b/testing/btest/Baseline/language.set-type-checking/out index 707363e9c8..0387146723 100644 --- a/testing/btest/Baseline/language.set-type-checking/out +++ b/testing/btest/Baseline/language.set-type-checking/out @@ -7,7 +7,7 @@ error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-che error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 16: arithmetic mixed with non-arithmetic (port and 2) error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 16 and port: type mismatch (2 and port) error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 16: inconsistent type in set constructor (set(2)) -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 20: arithmetic mixed with non-arithmetic (port and 3) +error in port: arithmetic mixed with non-arithmetic (port and 3) error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 20: initialization type mismatch in set (set(3) and 3) error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 25: arithmetic mixed with non-arithmetic (port and 1000) error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 25 and port: type mismatch (1000 and port)