mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Prefer explicit construction to coercion in record initialization
While we support initializing records via coercion from an expression
list, e.g.,
local x: X = [$x1=1, $x2=2];
this can sometimes obscure the code to readers, e.g., when assigning to
value declared and typed elsewhere. The language runtime has a similar
overhead since instead of just constructing a known type it needs to
check at runtime that the coercion from the expression list is valid;
this can be slower than just writing the readible code in the first
place, see #4559.
With this patch we use explicit construction, e.g.,
local x = X($x1=1, $x2=2);
This commit is contained in:
Benjamin Bannier
Christian Kreibich
parent
54f9e45597
commit
d5fd29edcd
139 changed files with 786 additions and 788 deletions
|
|
@ -178,7 +178,7 @@ redef record connection += {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Conn::LOG, [$columns=Info, $ev=log_conn, $path="conn", $policy=log_policy]);
|
||||
Log::create_stream(Conn::LOG, Log::Stream($columns=Info, $ev=log_conn, $path="conn", $policy=log_policy));
|
||||
}
|
||||
|
||||
function conn_state(c: connection, trans: transport_proto): string
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(DCE_RPC::LOG, [$columns=Info, $path="dce_rpc", $policy=log_policy]);
|
||||
Log::create_stream(DCE_RPC::LOG, Log::Stream($columns=Info, $path="dce_rpc", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_DCE_RPC, ports);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -130,7 +130,7 @@ redef likely_server_ports += { 67/udp };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(DHCP::LOG, [$columns=Info, $ev=log_dhcp, $path="dhcp", $policy=log_policy]);
|
||||
Log::create_stream(DHCP::LOG, Log::Stream($columns=Info, $ev=log_dhcp, $path="dhcp", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, ports);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(DNP3::LOG, [$columns=Info, $ev=log_dnp3, $path="dnp3", $policy=log_policy]);
|
||||
Log::create_stream(DNP3::LOG, Log::Stream($columns=Info, $ev=log_dnp3, $path="dnp3", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, ports);
|
||||
}
|
||||
|
||||
|
|
@ -50,7 +50,7 @@ event dnp3_application_request_header(c: connection, is_orig: bool, application_
|
|||
{
|
||||
if ( ! c?$dnp3 )
|
||||
{
|
||||
c$dnp3 = [$ts=network_time(), $uid=c$uid, $id=c$id];
|
||||
c$dnp3 = Info($ts=network_time(), $uid=c$uid, $id=c$id);
|
||||
Conn::register_removal_hook(c, finalize_dnp3);
|
||||
}
|
||||
|
||||
|
|
@ -62,7 +62,7 @@ event dnp3_application_response_header(c: connection, is_orig: bool, application
|
|||
{
|
||||
if ( ! c?$dnp3 )
|
||||
{
|
||||
c$dnp3 = [$ts=network_time(), $uid=c$uid, $id=c$id];
|
||||
c$dnp3 = Info($ts=network_time(), $uid=c$uid, $id=c$id);
|
||||
Conn::register_removal_hook(c, finalize_dnp3);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -164,7 +164,7 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(DNS::LOG, [$columns=Info, $ev=log_dns, $path="dns", $policy=log_policy]);
|
||||
Log::create_stream(DNS::LOG, Log::Stream($columns=Info, $ev=log_dns, $path="dns", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, ports);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -43,8 +43,8 @@ function describe_file(f: fa_file): string
|
|||
event zeek_init() &priority=5
|
||||
{
|
||||
Files::register_protocol(Analyzer::ANALYZER_FTP_DATA,
|
||||
[$get_file_handle = FTP::get_file_handle,
|
||||
$describe = FTP::describe_file]);
|
||||
Files::ProtoRegistration($get_file_handle = FTP::get_file_handle,
|
||||
$describe = FTP::describe_file));
|
||||
}
|
||||
|
||||
event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(FTP::LOG, [$columns=Info, $ev=log_ftp, $path="ftp", $policy=log_policy]);
|
||||
Log::create_stream(FTP::LOG, Log::Stream($columns=Info, $ev=log_ftp, $path="ftp", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, ports);
|
||||
}
|
||||
|
||||
|
|
@ -307,8 +307,8 @@ event ftp_request(c: connection, command: string, arg: string) &priority=5
|
|||
|
||||
if ( data$valid )
|
||||
{
|
||||
add_expected_data_channel(c$ftp, [$passive=F, $orig_h=id$resp_h,
|
||||
$resp_h=data$h, $resp_p=data$p]);
|
||||
add_expected_data_channel(c$ftp, ExpectedDataChannel($passive=F, $orig_h=id$resp_h,
|
||||
$resp_h=data$h, $resp_p=data$p));
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -403,8 +403,8 @@ event ftp_reply(c: connection, code: count, msg: string, cont_resp: bool) &prior
|
|||
if ( code == 229 && data$h == [::] )
|
||||
data$h = c$id$resp_h;
|
||||
|
||||
add_expected_data_channel(c$ftp, [$passive=T, $orig_h=c$id$orig_h,
|
||||
$resp_h=data$h, $resp_p=data$p]);
|
||||
add_expected_data_channel(c$ftp, ExpectedDataChannel($passive=T, $orig_h=c$id$orig_h,
|
||||
$resp_h=data$h, $resp_p=data$p));
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ export {
|
|||
|
||||
function add_pending_cmd(pc: PendingCmds, seq: count, cmd: string, arg: string): CmdArg
|
||||
{
|
||||
local ca = [$cmd = cmd, $arg = arg, $seq=seq, $ts=network_time()];
|
||||
local ca = CmdArg($cmd = cmd, $arg = arg, $seq=seq, $ts=network_time());
|
||||
pc[ca$seq] = ca;
|
||||
|
||||
return ca;
|
||||
|
|
|
|||
|
|
@ -51,6 +51,6 @@ function describe_file(f: fa_file): string
|
|||
event zeek_init() &priority=5
|
||||
{
|
||||
Files::register_protocol(Analyzer::ANALYZER_HTTP,
|
||||
[$get_file_handle = HTTP::get_file_handle,
|
||||
$describe = HTTP::describe_file]);
|
||||
Files::ProtoRegistration($get_file_handle = HTTP::get_file_handle,
|
||||
$describe = HTTP::describe_file));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -156,7 +156,7 @@ redef likely_server_ports += { ports };
|
|||
# Initialize the HTTP logging stream and ports.
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(HTTP::LOG, [$columns=Info, $ev=log_http, $path="http", $policy=log_policy]);
|
||||
Log::create_stream(HTTP::LOG, Log::Stream($columns=Info, $ev=log_http, $path="http", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, ports);
|
||||
}
|
||||
|
||||
|
|
@ -299,7 +299,7 @@ event http_reply(c: connection, version: string, code: count, reason: string) &p
|
|||
# "tunnel".
|
||||
local tid = copy(c$id);
|
||||
tid$orig_p = 0/tcp;
|
||||
Tunnel::register([$cid=tid, $tunnel_type=Tunnel::HTTP]);
|
||||
Tunnel::register(Tunnel::EncapsulatingConn($cid=tid, $tunnel_type=Tunnel::HTTP));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ function get_file_handle(c: connection, is_orig: bool): string
|
|||
event zeek_init() &priority=5
|
||||
{
|
||||
Files::register_protocol(Analyzer::ANALYZER_IRC_DATA,
|
||||
[$get_file_handle = IRC::get_file_handle]);
|
||||
Files::ProtoRegistration($get_file_handle = IRC::get_file_handle));
|
||||
}
|
||||
|
||||
event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(IRC::LOG, [$columns=Info, $ev=irc_log, $path="irc", $policy=log_policy]);
|
||||
Log::create_stream(IRC::LOG, Log::Stream($columns=Info, $ev=irc_log, $path="irc", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, ports);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -64,12 +64,12 @@ function describe_file(f: fa_file): string
|
|||
event zeek_init() &priority=5
|
||||
{
|
||||
Files::register_protocol(Analyzer::ANALYZER_KRB_TCP,
|
||||
[$get_file_handle = KRB::get_file_handle,
|
||||
$describe = KRB::describe_file]);
|
||||
Files::ProtoRegistration($get_file_handle = KRB::get_file_handle,
|
||||
$describe = KRB::describe_file));
|
||||
|
||||
Files::register_protocol(Analyzer::ANALYZER_KRB,
|
||||
[$get_file_handle = KRB::get_file_handle,
|
||||
$describe = KRB::describe_file]);
|
||||
Files::ProtoRegistration($get_file_handle = KRB::get_file_handle,
|
||||
$describe = KRB::describe_file));
|
||||
}
|
||||
|
||||
event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ event zeek_init() &priority=5
|
|||
{
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, udp_ports);
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, tcp_ports);
|
||||
Log::create_stream(KRB::LOG, [$columns=Info, $ev=log_krb, $path="kerberos", $policy=log_policy]);
|
||||
Log::create_stream(KRB::LOG, Log::Stream($columns=Info, $ev=log_krb, $path="kerberos", $policy=log_policy));
|
||||
}
|
||||
|
||||
function set_session(c: connection): bool
|
||||
|
|
|
|||
|
|
@ -144,8 +144,8 @@ event zeek_init() &priority=5 {
|
|||
Analyzer::register_for_ports(Analyzer::ANALYZER_LDAP_TCP, LDAP::ports_tcp);
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_LDAP_UDP, LDAP::ports_udp);
|
||||
|
||||
Log::create_stream(LDAP::LDAP_LOG, [$columns=MessageInfo, $ev=log_ldap, $path="ldap", $policy=log_policy]);
|
||||
Log::create_stream(LDAP::LDAP_SEARCH_LOG, [$columns=SearchInfo, $ev=log_ldap_search, $path="ldap_search", $policy=log_policy_search]);
|
||||
Log::create_stream(LDAP::LDAP_LOG, Log::Stream($columns=MessageInfo, $ev=log_ldap, $path="ldap", $policy=log_policy));
|
||||
Log::create_stream(LDAP::LDAP_SEARCH_LOG, Log::Stream($columns=SearchInfo, $ev=log_ldap_search, $path="ldap_search", $policy=log_policy_search));
|
||||
}
|
||||
|
||||
#############################################################################
|
||||
|
|
@ -163,17 +163,17 @@ function set_session(c: connection, message_id: int, opcode: LDAP::ProtocolOpcod
|
|||
c$ldap$searches = table();
|
||||
|
||||
if ((opcode in OPCODES_SEARCH) && (message_id !in c$ldap$searches)) {
|
||||
c$ldap$searches[message_id] = [$ts=network_time(),
|
||||
$uid=c$uid,
|
||||
$id=c$id,
|
||||
$message_id=message_id,
|
||||
$result_count=0];
|
||||
c$ldap$searches[message_id] = SearchInfo($ts=network_time(),
|
||||
$uid=c$uid,
|
||||
$id=c$id,
|
||||
$message_id=message_id,
|
||||
$result_count=0);
|
||||
|
||||
} else if ((opcode !in OPCODES_SEARCH) && (message_id !in c$ldap$messages)) {
|
||||
c$ldap$messages[message_id] = [$ts=network_time(),
|
||||
$uid=c$uid,
|
||||
$id=c$id,
|
||||
$message_id=message_id];
|
||||
c$ldap$messages[message_id] = MessageInfo($ts=network_time(),
|
||||
$uid=c$uid,
|
||||
$id=c$id,
|
||||
$message_id=message_id);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Modbus::LOG, [$columns=Info, $ev=log_modbus, $path="modbus", $policy=log_policy]);
|
||||
Log::create_stream(Modbus::LOG, Log::Stream($columns=Info, $ev=log_modbus, $path="modbus", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, ports);
|
||||
}
|
||||
|
||||
|
|
@ -69,7 +69,7 @@ event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool) &prio
|
|||
{
|
||||
if ( ! c?$modbus )
|
||||
{
|
||||
c$modbus = [$ts=network_time(), $uid=c$uid, $id=c$id];
|
||||
c$modbus = Info($ts=network_time(), $uid=c$uid, $id=c$id);
|
||||
}
|
||||
|
||||
c$modbus$ts = network_time();
|
||||
|
|
|
|||
|
|
@ -150,9 +150,9 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(MQTT::CONNECT_LOG, [$columns=ConnectInfo, $ev=log_mqtt, $path="mqtt_connect", $policy=log_policy_connect]);
|
||||
Log::create_stream(MQTT::SUBSCRIBE_LOG, [$columns=SubscribeInfo, $path="mqtt_subscribe", $policy=log_policy_subscribe]);
|
||||
Log::create_stream(MQTT::PUBLISH_LOG, [$columns=PublishInfo, $path="mqtt_publish", $policy=log_policy_publish]);
|
||||
Log::create_stream(MQTT::CONNECT_LOG, Log::Stream($columns=ConnectInfo, $ev=log_mqtt, $path="mqtt_connect", $policy=log_policy_connect));
|
||||
Log::create_stream(MQTT::SUBSCRIBE_LOG, Log::Stream($columns=SubscribeInfo, $path="mqtt_subscribe", $policy=log_policy_subscribe));
|
||||
Log::create_stream(MQTT::PUBLISH_LOG, Log::Stream($columns=PublishInfo, $path="mqtt_publish", $policy=log_policy_publish));
|
||||
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_MQTT, ports);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ const ports = { 1434/tcp, 3306/tcp };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(mysql::LOG, [$columns=Info, $ev=log_mysql, $path="mysql", $policy=log_policy]);
|
||||
Log::create_stream(mysql::LOG, Log::Stream($columns=Info, $ev=log_mysql, $path="mysql", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, ports);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ redef record connection += {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(NTLM::LOG, [$columns=Info, $path="ntlm", $policy=log_policy]);
|
||||
Log::create_stream(NTLM::LOG, Log::Stream($columns=Info, $path="ntlm", $policy=log_policy));
|
||||
}
|
||||
|
||||
function set_session(c: connection)
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ redef likely_server_ports += { ports };
|
|||
event zeek_init() &priority=5
|
||||
{
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_NTP, ports);
|
||||
Log::create_stream(NTP::LOG, [$columns = Info, $ev = log_ntp, $path="ntp", $policy=log_policy]);
|
||||
Log::create_stream(NTP::LOG, Log::Stream($columns = Info, $ev = log_ntp, $path="ntp", $policy=log_policy));
|
||||
}
|
||||
|
||||
event ntp_message(c: connection, is_orig: bool, msg: NTP::Message) &priority=5
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ redef likely_server_ports += { ports };
|
|||
event zeek_init() {
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_POSTGRESQL, ports);
|
||||
|
||||
Log::create_stream(PostgreSQL::LOG, [$columns=Info, $ev=log_postgresql, $path="postgresql"]);
|
||||
Log::create_stream(PostgreSQL::LOG, Log::Stream($columns=Info, $ev=log_postgresql, $path="postgresql"));
|
||||
}
|
||||
|
||||
hook set_session(c: connection) {
|
||||
|
|
|
|||
|
|
@ -236,6 +236,6 @@ hook finalize_quic(c: connection)
|
|||
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(LOG, [$columns=Info, $ev=log_quic, $path="quic", $policy=log_policy]);
|
||||
Log::create_stream(LOG, Log::Stream($columns=Info, $ev=log_quic, $path="quic", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_QUIC, quic_ports);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(RADIUS::LOG, [$columns=Info, $ev=log_radius, $path="radius", $policy=log_policy]);
|
||||
Log::create_stream(RADIUS::LOG, Log::Stream($columns=Info, $ev=log_radius, $path="radius", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_RADIUS, ports);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ redef likely_server_ports += { rdp_ports, rdpeudp_ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(RDP::LOG, [$columns=RDP::Info, $ev=log_rdp, $path="rdp", $policy=log_policy]);
|
||||
Log::create_stream(RDP::LOG, Log::Stream($columns=RDP::Info, $ev=log_rdp, $path="rdp", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, rdp_ports);
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_RDPEUDP, rdpeudp_ports);
|
||||
}
|
||||
|
|
@ -155,7 +155,7 @@ function set_session(c: connection)
|
|||
{
|
||||
if ( ! c?$rdp )
|
||||
{
|
||||
c$rdp = [$ts=network_time(),$id=c$id,$uid=c$uid];
|
||||
c$rdp = Info($ts=network_time(),$id=c$id,$uid=c$uid);
|
||||
Conn::register_removal_hook(c, finalize_rdp);
|
||||
# The RDP session is scheduled to be logged from
|
||||
# the time it is first initiated.
|
||||
|
|
|
|||
|
|
@ -96,8 +96,8 @@ redef likely_server_ports += {ports};
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Redis::LOG, [$columns=Info, $path="redis",
|
||||
$policy=log_policy]);
|
||||
Log::create_stream(Redis::LOG, Log::Stream($columns=Info, $path="redis",
|
||||
$policy=log_policy));
|
||||
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_REDIS, ports);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ redef record connection += {
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(RFB::LOG, [$columns=Info, $ev=log_rfb, $path="rfb", $policy=log_policy]);
|
||||
Log::create_stream(RFB::LOG, Log::Stream($columns=Info, $ev=log_rfb, $path="rfb", $policy=log_policy));
|
||||
}
|
||||
|
||||
function write_log(c:connection)
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(SIP::LOG, [$columns=Info, $ev=log_sip, $path="sip", $policy=log_policy]);
|
||||
Log::create_stream(SIP::LOG, Log::Stream($columns=Info, $ev=log_sip, $path="sip", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, ports);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -129,4 +129,4 @@ redef SMB::statuses += {
|
|||
[0x0bc00001] = [$id="printmonitorinuse", $desc="The specified print monitor is currently in use."],
|
||||
[0x0bc10001] = [$id="printerhasjobsqueued", $desc="The requested operation is not allowed when there are jobs queued to the printer."],
|
||||
[0xffff0002] = [$id="nosupport", $desc="Function not supported."],
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ export {
|
|||
};
|
||||
|
||||
const statuses: table[count] of StatusCode = {
|
||||
[0x00000000] = [$id="SUCCESS", $desc="The operation completed successfully."],
|
||||
} &redef &default=function(i: count):StatusCode { local unknown=fmt("unknown-%d", i); return [$id=unknown, $desc=unknown]; };
|
||||
[0x00000000] = StatusCode($id="SUCCESS", $desc="The operation completed successfully."),
|
||||
} &redef &default=function(i: count):StatusCode { local unknown=fmt("unknown-%d", i); return StatusCode($id=unknown, $desc=unknown); };
|
||||
|
||||
## Heuristic detection of named pipes when the pipe
|
||||
## mapping isn't seen. This variable is defined in
|
||||
|
|
|
|||
|
|
@ -50,8 +50,8 @@ function describe_file(f: fa_file): string
|
|||
event zeek_init() &priority=5
|
||||
{
|
||||
Files::register_protocol(Analyzer::ANALYZER_SMB,
|
||||
[$get_file_handle = SMB::get_file_handle,
|
||||
$describe = SMB::describe_file]);
|
||||
Files::ProtoRegistration($get_file_handle = SMB::get_file_handle,
|
||||
$describe = SMB::describe_file ));
|
||||
}
|
||||
|
||||
event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5
|
||||
|
|
|
|||
|
|
@ -186,8 +186,8 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(SMB::FILES_LOG, [$columns=SMB::FileInfo, $path="smb_files", $policy=log_policy_files]);
|
||||
Log::create_stream(SMB::MAPPING_LOG, [$columns=SMB::TreeInfo, $path="smb_mapping", $policy=log_policy_mapping]);
|
||||
Log::create_stream(SMB::FILES_LOG, Log::Stream($columns=SMB::FileInfo, $path="smb_files", $policy=log_policy_files));
|
||||
Log::create_stream(SMB::MAPPING_LOG, Log::Stream($columns=SMB::TreeInfo, $path="smb_mapping", $policy=log_policy_mapping));
|
||||
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, ports);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -41,8 +41,8 @@ function describe_file(f: fa_file): string
|
|||
event zeek_init() &priority=5
|
||||
{
|
||||
Files::register_protocol(Analyzer::ANALYZER_SMTP,
|
||||
[$get_file_handle = SMTP::get_file_handle,
|
||||
$describe = SMTP::describe_file]);
|
||||
Files::ProtoRegistration($get_file_handle = SMTP::get_file_handle,
|
||||
$describe = SMTP::describe_file));
|
||||
}
|
||||
|
||||
event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(SMTP::LOG, [$columns=SMTP::Info, $ev=log_smtp, $path="smtp", $policy=log_policy]);
|
||||
Log::create_stream(SMTP::LOG, Log::Stream($columns=SMTP::Info, $ev=log_smtp, $path="smtp", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, ports);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ redef likely_server_ports += { ports };
|
|||
event zeek_init() &priority=5
|
||||
{
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, ports);
|
||||
Log::create_stream(SNMP::LOG, [$columns=SNMP::Info, $ev=log_snmp, $path="snmp", $policy=log_policy]);
|
||||
Log::create_stream(SNMP::LOG, Log::Stream($columns=SNMP::Info, $ev=log_snmp, $path="snmp", $policy=log_policy));
|
||||
}
|
||||
|
||||
function init_state(c: connection, h: SNMP::Header): Info
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(SOCKS::LOG, [$columns=Info, $ev=log_socks, $path="socks", $policy=log_policy]);
|
||||
Log::create_stream(SOCKS::LOG, Log::Stream($columns=Info, $ev=log_socks, $path="socks", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, ports);
|
||||
}
|
||||
|
||||
|
|
@ -67,7 +67,7 @@ function set_session(c: connection, version: count)
|
|||
{
|
||||
if ( ! c?$socks )
|
||||
{
|
||||
c$socks = [$ts=network_time(), $id=c$id, $uid=c$uid, $version=version];
|
||||
c$socks = Info($ts=network_time(), $id=c$id, $uid=c$uid, $version=version);
|
||||
Conn::register_removal_hook(c, finalize_socks);
|
||||
}
|
||||
}
|
||||
|
|
@ -85,7 +85,7 @@ event socks_request(c: connection, version: count, request_type: count,
|
|||
# proxied connection. We treat this as a singular "tunnel".
|
||||
local cid = copy(c$id);
|
||||
cid$orig_p = 0/tcp;
|
||||
Tunnel::register([$cid=cid, $tunnel_type=Tunnel::SOCKS]);
|
||||
Tunnel::register(Tunnel::EncapsulatingConn($cid=cid, $tunnel_type=Tunnel::SOCKS));
|
||||
}
|
||||
|
||||
event socks_reply(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port) &priority=5
|
||||
|
|
|
|||
|
|
@ -139,7 +139,7 @@ redef likely_server_ports += { ports };
|
|||
event zeek_init() &priority=5
|
||||
{
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, ports);
|
||||
Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh, $path="ssh", $policy=log_policy]);
|
||||
Log::create_stream(SSH::LOG, Log::Stream($columns=Info, $ev=log_ssh, $path="ssh", $policy=log_policy));
|
||||
}
|
||||
|
||||
function set_session(c: connection)
|
||||
|
|
|
|||
|
|
@ -97,13 +97,12 @@ function describe_file(f: fa_file): string
|
|||
event zeek_init() &priority=5
|
||||
{
|
||||
Files::register_protocol(Analyzer::ANALYZER_SSL,
|
||||
[$get_file_handle = SSL::get_file_handle,
|
||||
$describe = SSL::describe_file]);
|
||||
Files::ProtoRegistration($get_file_handle = SSL::get_file_handle,
|
||||
$describe = SSL::describe_file));
|
||||
|
||||
Files::register_protocol(Analyzer::ANALYZER_DTLS,
|
||||
[$get_file_handle = SSL::get_file_handle,
|
||||
$describe = SSL::describe_file]);
|
||||
|
||||
Files::ProtoRegistration($get_file_handle = SSL::get_file_handle,
|
||||
$describe = SSL::describe_file));
|
||||
|
||||
local ssl_filter = Log::get_filter(SSL::LOG, "default");
|
||||
if ( ssl_filter$name != "<not found>" )
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ redef likely_server_ports += { ssl_ports, dtls_ports };
|
|||
# Priority needs to be higher than priority of zeek_init in ssl/files.zeek
|
||||
event zeek_init() &priority=6
|
||||
{
|
||||
Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl, $path="ssl", $policy=log_policy]);
|
||||
Log::create_stream(SSL::LOG, Log::Stream($columns=Info, $ev=log_ssl, $path="ssl", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ssl_ports);
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, dtls_ports);
|
||||
}
|
||||
|
|
@ -205,7 +205,7 @@ function set_session(c: connection)
|
|||
{
|
||||
if ( ! c?$ssl )
|
||||
{
|
||||
c$ssl = [$ts=network_time(), $uid=c$uid, $id=c$id];
|
||||
c$ssl = Info($ts=network_time(), $uid=c$uid, $id=c$id);
|
||||
Conn::register_removal_hook(c, finalize_ssl);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ redef likely_server_ports += { ports };
|
|||
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Syslog::LOG, [$columns=Info, $path="syslog", $policy=log_policy]);
|
||||
Log::create_stream(Syslog::LOG, Log::Stream($columns=Info, $path="syslog", $policy=log_policy));
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, ports);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -228,5 +228,5 @@ event websocket_established(c: connection, aid: count) &priority=-5
|
|||
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(LOG, [$columns=Info, $ev=log_websocket, $path="websocket", $policy=log_policy]);
|
||||
Log::create_stream(LOG, Log::Stream($columns=Info, $ev=log_websocket, $path="websocket", $policy=log_policy));
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue