Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Switch RPC analyzers to use IntrusivePtr

Browse source
This commit is contained in:
Jon Siwek 2020-05-18 23:17:30 -07:00
parent cda4738407
commit d7ca63c1be
8 changed files with 172 additions and 217 deletions
Download patch file Download diff file Expand all files Collapse all files

42
src/analyzer/protocol/rpc/MOUNT.cc
View file

@ -22,7 +22,7 @@ bool MOUNT_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n)
uint32_t proc = c->Proc();
// The call arguments, depends on the call type obviously ...
Val *callarg = nullptr;
IntrusivePtr<RecordVal> callarg;
switch ( proc ) {
case BifEnum::MOUNT3::PROC_NULL:
@ -41,7 +41,6 @@ bool MOUNT_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n)
break;
default:
callarg = nullptr;
if ( proc < BifEnum::MOUNT3::PROC_END_OF_PROCS )
{
// We know the procedure but haven't implemented it.
@ -58,19 +57,10 @@ bool MOUNT_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n)
}
if ( ! buf )
{
// There was a parse error while trying to extract the call
// arguments. However, we don't know where exactly it
// happened and whether Vals where already allocated (e.g., a
// RecordVal was allocated but we failed to fill it). So we
// Unref() the call arguments, and we are fine.
Unref(callarg);
callarg = nullptr;
// There was a parse error while trying to extract the call arguments.
return false;
}
c->AddVal(callarg); // It's save to AddVal(0).
c->AddVal(callarg);
return true;
}
@ -114,7 +104,7 @@ bool MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_statu
break;
case BifEnum::MOUNT3::PROC_MNT:
reply = {AdoptRef{}, mount3_mnt_reply(buf, n, mount_status)};
reply = mount3_mnt_reply(buf, n, mount_status);
event = mount_proc_mnt;
break;
@ -159,13 +149,13 @@ bool MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_statu
// optional and all are set to 0 ...
if ( event )
{
Val *request = c->TakeRequestVal();
auto request = c->TakeRequestVal();
auto vl = event_common_vl(c, rpc_status, mount_status,
start_time, last_time, reply_len, (bool)request + (bool)reply);
if ( request )
vl.emplace_back(AdoptRef{}, request);
vl.emplace_back(std::move(request));
if ( reply )
vl.emplace_back(reply);
@ -213,14 +203,14 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
return vl;
}
EnumVal* MOUNT_Interp::mount3_auth_flavor(const u_char*& buf, int& n)
IntrusivePtr<EnumVal> MOUNT_Interp::mount3_auth_flavor(const u_char*& buf, int& n)
{
BifEnum::MOUNT3::auth_flavor_t t = (BifEnum::MOUNT3::auth_flavor_t)extract_XDR_uint32(buf, n);
auto rval = zeek::BifType::Enum::MOUNT3::auth_flavor_t->GetVal(t);
return rval.release();
return rval;
}
StringVal* MOUNT_Interp::mount3_fh(const u_char*& buf, int& n)
IntrusivePtr<StringVal> MOUNT_Interp::mount3_fh(const u_char*& buf, int& n)
{
int fh_n;
const u_char* fh = extract_XDR_opaque(buf, n, fh_n, 64);
@ -228,10 +218,10 @@ StringVal* MOUNT_Interp::mount3_fh(const u_char*& buf, int& n)
if ( ! fh )
return nullptr;
return new StringVal(new BroString(fh, fh_n, false));
return make_intrusive<StringVal>(new BroString(fh, fh_n, false));
}
StringVal* MOUNT_Interp::mount3_filename(const u_char*& buf, int& n)
IntrusivePtr<StringVal> MOUNT_Interp::mount3_filename(const u_char*& buf, int& n)
{
int name_len;
const u_char* name = extract_XDR_opaque(buf, n, name_len);
@ -239,20 +229,20 @@ StringVal* MOUNT_Interp::mount3_filename(const u_char*& buf, int& n)
if ( ! name )
return nullptr;
return new StringVal(new BroString(name, name_len, false));
return make_intrusive<StringVal>(new BroString(name, name_len, false));
}
RecordVal* MOUNT_Interp::mount3_dirmntargs(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> MOUNT_Interp::mount3_dirmntargs(const u_char*& buf, int& n)
{
RecordVal* dirmntargs = new RecordVal(zeek::BifType::Record::MOUNT3::dirmntargs_t);
auto dirmntargs = make_intrusive<RecordVal>(zeek::BifType::Record::MOUNT3::dirmntargs_t);
dirmntargs->Assign(0, mount3_filename(buf, n));
return dirmntargs;
}
RecordVal* MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n,
IntrusivePtr<RecordVal> MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n,
BifEnum::MOUNT3::status_t status)
{
RecordVal* rep = new RecordVal(zeek::BifType::Record::MOUNT3::mnt_reply_t);
auto rep = make_intrusive<RecordVal>(zeek::BifType::Record::MOUNT3::mnt_reply_t);
if ( status == BifEnum::MOUNT3::MNT3_OK )
{

10
src/analyzer/protocol/rpc/MOUNT.h
View file

@ -29,12 +29,12 @@ protected:
// to 0. However, the methods might still return an allocated Val * !
// So, you might want to Unref() the Val if buf is 0. Method names
// are based on the type names of RFC 1813.
EnumVal* mount3_auth_flavor(const u_char*& buf, int& n);
StringVal* mount3_fh(const u_char*& buf, int& n);
RecordVal* mount3_dirmntargs(const u_char*&buf, int &n);
StringVal* mount3_filename(const u_char*& buf, int& n);
IntrusivePtr<EnumVal> mount3_auth_flavor(const u_char*& buf, int& n);
IntrusivePtr<StringVal> mount3_fh(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> mount3_dirmntargs(const u_char*&buf, int &n);
IntrusivePtr<StringVal> mount3_filename(const u_char*& buf, int& n);
RecordVal* mount3_mnt_reply(const u_char*& buf, int& n, BifEnum::MOUNT3::status_t status);
IntrusivePtr<RecordVal> mount3_mnt_reply(const u_char*& buf, int& n, BifEnum::MOUNT3::status_t status);
};
class MOUNT_Analyzer : public RPC_Analyzer {

173
src/analyzer/protocol/rpc/NFS.cc
View file

@ -22,7 +22,7 @@ bool NFS_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n)
uint32_t proc = c->Proc();
// The call arguments, depends on the call type obviously ...
Val *callarg = nullptr;
IntrusivePtr<Val> callarg;
switch ( proc ) {
case BifEnum::NFS3::PROC_NULL:
@ -95,7 +95,6 @@ bool NFS_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n)
break;
default:
callarg = nullptr;
if ( proc < BifEnum::NFS3::PROC_END_OF_PROCS )
{
// We know the procedure but haven't implemented it.
@ -112,18 +111,10 @@ bool NFS_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n)
}
if ( ! buf )
{
// There was a parse error while trying to extract the call
// arguments. However, we don't know where exactly it
// happened and whether Vals where already allocated (e.g., a
// RecordVal was allocated but we failed to fill it). So we
// Unref() the call arguments, and we are fine.
Unref(callarg);
callarg = nullptr;
// There was a parse error while trying to extract the call arguments.
return false;
}
c->AddVal(callarg); // It's save to AddVal(0).
c->AddVal(std::move(callarg));
return true;
}
@ -133,7 +124,7 @@ bool NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status,
double last_time, int reply_len)
{
EventHandlerPtr event = nullptr;
Val *reply = nullptr;
IntrusivePtr<Val> reply;
BifEnum::NFS3::status_t nfs_status = BifEnum::NFS3::NFS3ERR_OK;
bool rpc_success = ( rpc_status == BifEnum::RPC_SUCCESS );
@ -251,8 +242,7 @@ bool NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status,
// Otherwise DeliverRPC would complain about
// excess_RPC.
n = 0;
auto ev = zeek::BifType::Enum::NFS3::proc_t->GetVal(c->Proc());
reply = ev.release();
reply = zeek::BifType::Enum::NFS3::proc_t->GetVal(c->Proc());
event = nfs_proc_not_implemented;
}
else
@ -260,13 +250,8 @@ bool NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status,
}
if ( rpc_success && ! buf )
{
// There was a parse error. We have to unref the reply. (see
// also comments in RPC_BuildCall.
Unref(reply);
reply = nullptr;
// There was a parse error.
return false;
}
// Note: if reply == 0, it won't be added to the val_list for the
// event. While we can check for that on the policy layer it's kinda
@ -276,26 +261,24 @@ bool NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status,
// optional and all are set to 0 ...
if ( event )
{
Val *request = c->TakeRequestVal();
auto request = c->TakeRequestVal();
auto vl = event_common_vl(c, rpc_status, nfs_status,
start_time, last_time, reply_len, (bool)request + (bool)reply);
if ( request )
vl.emplace_back(AdoptRef{}, request);
vl.emplace_back(std::move(request));
if ( reply )
vl.emplace_back(AdoptRef{}, reply);
vl.emplace_back(std::move(reply));
analyzer->EnqueueConnEvent(event, std::move(vl));
}
else
Unref(reply);
return true;
}
StringVal* NFS_Interp::nfs3_file_data(const u_char*& buf, int& n, uint64_t offset, int size)
IntrusivePtr<StringVal> NFS_Interp::nfs3_file_data(const u_char*& buf, int& n, uint64_t offset, int size)
{
int data_n;
@ -314,7 +297,7 @@ StringVal* NFS_Interp::nfs3_file_data(const u_char*& buf, int& n, uint64_t offse
data_n = std::min(data_n, int(zeek::BifConst::NFS3::return_data_max));
if ( data && data_n > 0 )
return new StringVal(new BroString(data, data_n, false));
return make_intrusive<StringVal>(new BroString(data, data_n, false));
return nullptr;
}
@ -353,7 +336,7 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_
return vl;
}
StringVal* NFS_Interp::nfs3_fh(const u_char*& buf, int& n)
IntrusivePtr<StringVal> NFS_Interp::nfs3_fh(const u_char*& buf, int& n)
{
int fh_n;
const u_char* fh = extract_XDR_opaque(buf, n, fh_n, 64);
@ -361,13 +344,13 @@ StringVal* NFS_Interp::nfs3_fh(const u_char*& buf, int& n)
if ( ! fh )
return nullptr;
return new StringVal(new BroString(fh, fh_n, false));
return make_intrusive<StringVal>(new BroString(fh, fh_n, false));
}
RecordVal* NFS_Interp::nfs3_sattr(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_sattr(const u_char*& buf, int& n)
{
RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::sattr_t);
auto attrs = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::sattr_t);
attrs->Assign(0, nullptr); // mode
int mode_set_it = extract_XDR_uint32(buf, n);
@ -396,9 +379,9 @@ RecordVal* NFS_Interp::nfs3_sattr(const u_char*& buf, int& n)
return attrs;
}
RecordVal* NFS_Interp::nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
{
RecordVal* rep = new RecordVal(zeek::BifType::Record::NFS3::sattr_reply_t);
auto rep = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::sattr_reply_t);
if ( status == BifEnum::NFS3::NFS3ERR_OK )
{
@ -414,9 +397,9 @@ RecordVal* NFS_Interp::nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::NFS
return rep;
}
RecordVal* NFS_Interp::nfs3_fattr(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_fattr(const u_char*& buf, int& n)
{
RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::fattr_t);
auto attrs = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::fattr_t);
attrs->Assign(0, nfs3_ftype(buf, n)); // file type
attrs->Assign(1, ExtractUint32(buf, n)); // mode
@ -436,23 +419,23 @@ RecordVal* NFS_Interp::nfs3_fattr(const u_char*& buf, int& n)
return attrs;
}
EnumVal* NFS_Interp::nfs3_time_how(const u_char*& buf, int& n)
IntrusivePtr<EnumVal> NFS_Interp::nfs3_time_how(const u_char*& buf, int& n)
{
BifEnum::NFS3::time_how_t t = (BifEnum::NFS3::time_how_t)extract_XDR_uint32(buf, n);
auto rval = zeek::BifType::Enum::NFS3::time_how_t->GetVal(t);
return rval.release();
return rval;
}
EnumVal* NFS_Interp::nfs3_ftype(const u_char*& buf, int& n)
IntrusivePtr<EnumVal> NFS_Interp::nfs3_ftype(const u_char*& buf, int& n)
{
BifEnum::NFS3::file_type_t t = (BifEnum::NFS3::file_type_t)extract_XDR_uint32(buf, n);
auto rval = zeek::BifType::Enum::NFS3::file_type_t->GetVal(t);
return rval.release();
return rval;
}
RecordVal* NFS_Interp::nfs3_wcc_attr(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_wcc_attr(const u_char*& buf, int& n)
{
RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::wcc_attr_t);
auto attrs = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::wcc_attr_t);
attrs->Assign(0, ExtractUint64(buf, n)); // size
attrs->Assign(1, ExtractTime(buf, n)); // mtime
@ -461,7 +444,7 @@ RecordVal* NFS_Interp::nfs3_wcc_attr(const u_char*& buf, int& n)
return attrs;
}
StringVal *NFS_Interp::nfs3_filename(const u_char*& buf, int& n)
IntrusivePtr<StringVal> NFS_Interp::nfs3_filename(const u_char*& buf, int& n)
{
int name_len;
const u_char* name = extract_XDR_opaque(buf, n, name_len);
@ -469,12 +452,12 @@ StringVal *NFS_Interp::nfs3_filename(const u_char*& buf, int& n)
if ( ! name )
return nullptr;
return new StringVal(new BroString(name, name_len, false));
return make_intrusive<StringVal>(new BroString(name, name_len, false));
}
RecordVal *NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n)
{
RecordVal *diropargs = new RecordVal(zeek::BifType::Record::NFS3::diropargs_t);
auto diropargs = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::diropargs_t);
diropargs->Assign(0, nfs3_fh(buf, n));
diropargs->Assign(1, nfs3_filename(buf, n));
@ -482,9 +465,9 @@ RecordVal *NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n)
return diropargs;
}
RecordVal* NFS_Interp::nfs3_symlinkdata(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_symlinkdata(const u_char*& buf, int& n)
{
RecordVal* symlinkdata = new RecordVal(zeek::BifType::Record::NFS3::symlinkdata_t);
auto symlinkdata = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::symlinkdata_t);
symlinkdata->Assign(0, nfs3_sattr(buf, n));
symlinkdata->Assign(1, nfs3_nfspath(buf, n));
@ -492,9 +475,9 @@ RecordVal* NFS_Interp::nfs3_symlinkdata(const u_char*& buf, int& n)
return symlinkdata;
}
RecordVal *NFS_Interp::nfs3_renameopargs(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_renameopargs(const u_char*& buf, int& n)
{
RecordVal *renameopargs = new RecordVal(zeek::BifType::Record::NFS3::renameopargs_t);
auto renameopargs = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::renameopargs_t);
renameopargs->Assign(0, nfs3_fh(buf, n));
renameopargs->Assign(1, nfs3_filename(buf, n));
@ -504,7 +487,7 @@ RecordVal *NFS_Interp::nfs3_renameopargs(const u_char*& buf, int& n)
return renameopargs;
}
RecordVal* NFS_Interp::nfs3_post_op_attr(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_post_op_attr(const u_char*& buf, int& n)
{
int have_attrs = extract_XDR_uint32(buf, n);
@ -514,7 +497,7 @@ RecordVal* NFS_Interp::nfs3_post_op_attr(const u_char*& buf, int& n)
return nullptr;
}
StringVal* NFS_Interp::nfs3_post_op_fh(const u_char*& buf, int& n)
IntrusivePtr<StringVal> NFS_Interp::nfs3_post_op_fh(const u_char*& buf, int& n)
{
int have_fh = extract_XDR_uint32(buf, n);
@ -524,7 +507,7 @@ StringVal* NFS_Interp::nfs3_post_op_fh(const u_char*& buf, int& n)
return nullptr;
}
RecordVal* NFS_Interp::nfs3_pre_op_attr(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_pre_op_attr(const u_char*& buf, int& n)
{
int have_attrs = extract_XDR_uint32(buf, n);
@ -533,16 +516,16 @@ RecordVal* NFS_Interp::nfs3_pre_op_attr(const u_char*& buf, int& n)
return nullptr;
}
EnumVal *NFS_Interp::nfs3_stable_how(const u_char*& buf, int& n)
IntrusivePtr<EnumVal> NFS_Interp::nfs3_stable_how(const u_char*& buf, int& n)
{
BifEnum::NFS3::stable_how_t stable = (BifEnum::NFS3::stable_how_t)extract_XDR_uint32(buf, n);
auto rval = zeek::BifType::Enum::NFS3::stable_how_t->GetVal(stable);
return rval.release();
return rval;
}
RecordVal* NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
{
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::lookup_reply_t);
auto rep = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::lookup_reply_t);
if ( status == BifEnum::NFS3::NFS3ERR_OK )
{
@ -559,9 +542,9 @@ RecordVal* NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NF
return rep;
}
RecordVal *NFS_Interp::nfs3_readargs(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_readargs(const u_char*& buf, int& n)
{
RecordVal *readargs = new RecordVal(zeek::BifType::Record::NFS3::readargs_t);
auto readargs = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::readargs_t);
readargs->Assign(0, nfs3_fh(buf, n));
readargs->Assign(1, ExtractUint64(buf, n)); // offset
@ -570,10 +553,10 @@ RecordVal *NFS_Interp::nfs3_readargs(const u_char*& buf, int& n)
return readargs;
}
RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status,
IntrusivePtr<RecordVal> NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status,
bro_uint_t offset)
{
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::read_reply_t);
auto rep = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::read_reply_t);
if (status == BifEnum::NFS3::NFS3ERR_OK)
{
@ -593,9 +576,9 @@ RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3
return rep;
}
RecordVal* NFS_Interp::nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
{
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::readlink_reply_t);
auto rep = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::readlink_reply_t);
if (status == BifEnum::NFS3::NFS3ERR_OK)
{
@ -610,9 +593,9 @@ RecordVal* NFS_Interp::nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum::
return rep;
}
RecordVal* NFS_Interp::nfs3_link_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_link_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
{
RecordVal* rep = new RecordVal(zeek::BifType::Record::NFS3::link_reply_t);
auto rep = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::link_reply_t);
if ( status == BifEnum::NFS3::NFS3ERR_OK )
{
@ -626,9 +609,9 @@ RecordVal* NFS_Interp::nfs3_link_reply(const u_char*& buf, int& n, BifEnum::NFS3
return rep;
}
RecordVal* NFS_Interp::nfs3_symlinkargs(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_symlinkargs(const u_char*& buf, int& n)
{
RecordVal* symlinkargs = new RecordVal(zeek::BifType::Record::NFS3::symlinkargs_t);
auto symlinkargs = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::symlinkargs_t);
symlinkargs->Assign(0, nfs3_diropargs(buf, n));
symlinkargs->Assign(1, nfs3_symlinkdata(buf, n));
@ -636,9 +619,9 @@ RecordVal* NFS_Interp::nfs3_symlinkargs(const u_char*& buf, int& n)
return symlinkargs;
}
RecordVal* NFS_Interp::nfs3_sattrargs(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_sattrargs(const u_char*& buf, int& n)
{
RecordVal* sattrargs = new RecordVal(zeek::BifType::Record::NFS3::sattrargs_t);
auto sattrargs = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::sattrargs_t);
sattrargs->Assign(0, nfs3_fh(buf, n));
sattrargs->Assign(1, nfs3_sattr(buf, n));
@ -646,9 +629,9 @@ RecordVal* NFS_Interp::nfs3_sattrargs(const u_char*& buf, int& n)
return sattrargs;
}
RecordVal* NFS_Interp::nfs3_linkargs(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_linkargs(const u_char*& buf, int& n)
{
RecordVal* linkargs = new RecordVal(zeek::BifType::Record::NFS3::linkargs_t);
auto linkargs = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::linkargs_t);
linkargs->Assign(0, nfs3_fh(buf, n));
linkargs->Assign(1, nfs3_diropargs(buf, n));
@ -656,11 +639,11 @@ RecordVal* NFS_Interp::nfs3_linkargs(const u_char*& buf, int& n)
return linkargs;
}
RecordVal *NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n)
{
uint32_t bytes;
uint64_t offset;
RecordVal *writeargs = new RecordVal(zeek::BifType::Record::NFS3::writeargs_t);
auto writeargs = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::writeargs_t);
writeargs->Assign(0, nfs3_fh(buf, n));
offset = extract_XDR_uint64(buf, n);
@ -674,9 +657,9 @@ RecordVal *NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n)
return writeargs;
}
RecordVal *NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
{
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::write_reply_t);
auto rep = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::write_reply_t);
if ( status == BifEnum::NFS3::NFS3ERR_OK )
{
@ -699,9 +682,9 @@ RecordVal *NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS
return rep;
}
RecordVal* NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
{
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::newobj_reply_t);
auto rep = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::newobj_reply_t);
if (status == BifEnum::NFS3::NFS3ERR_OK)
{
@ -723,9 +706,9 @@ RecordVal* NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::NF
return rep;
}
RecordVal* NFS_Interp::nfs3_delobj_reply(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_delobj_reply(const u_char*& buf, int& n)
{
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::delobj_reply_t);
auto rep = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::delobj_reply_t);
// wcc_data
rep->Assign(0, nfs3_pre_op_attr(buf, n));
@ -734,9 +717,9 @@ RecordVal* NFS_Interp::nfs3_delobj_reply(const u_char*& buf, int& n)
return rep;
}
RecordVal* NFS_Interp::nfs3_renameobj_reply(const u_char*& buf, int& n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_renameobj_reply(const u_char*& buf, int& n)
{
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::renameobj_reply_t);
auto rep = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::renameobj_reply_t);
// wcc_data
rep->Assign(0, nfs3_pre_op_attr(buf, n));
@ -747,9 +730,9 @@ RecordVal* NFS_Interp::nfs3_renameobj_reply(const u_char*& buf, int& n)
return rep;
}
RecordVal* NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n)
IntrusivePtr<RecordVal> NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n)
{
RecordVal *args = new RecordVal(zeek::BifType::Record::NFS3::readdirargs_t);
auto args = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::readdirargs_t);
args->Assign(0, val_mgr->Bool(isplus));
args->Assign(1, nfs3_fh(buf, n));
@ -763,10 +746,10 @@ RecordVal* NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n)
return args;
}
RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf,
IntrusivePtr<RecordVal> NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf,
int&n, BifEnum::NFS3::status_t status)
{
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::readdir_reply_t);
auto rep = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::readdir_reply_t);
rep->Assign(0, val_mgr->Bool(isplus));
@ -808,29 +791,29 @@ RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf,
return rep;
}
Val* NFS_Interp::ExtractUint32(const u_char*& buf, int& n)
IntrusivePtr<Val> NFS_Interp::ExtractUint32(const u_char*& buf, int& n)
{
return val_mgr->Count(extract_XDR_uint32(buf, n)).release();
return val_mgr->Count(extract_XDR_uint32(buf, n));
}
Val* NFS_Interp::ExtractUint64(const u_char*& buf, int& n)
IntrusivePtr<Val> NFS_Interp::ExtractUint64(const u_char*& buf, int& n)
{
return val_mgr->Count(extract_XDR_uint64(buf, n)).release();
return val_mgr->Count(extract_XDR_uint64(buf, n));
}
Val* NFS_Interp::ExtractTime(const u_char*& buf, int& n)
IntrusivePtr<Val> NFS_Interp::ExtractTime(const u_char*& buf, int& n)
{
return new Val(extract_XDR_time(buf, n), TYPE_TIME);
return make_intrusive<Val>(extract_XDR_time(buf, n), TYPE_TIME);
}
Val* NFS_Interp::ExtractInterval(const u_char*& buf, int& n)
IntrusivePtr<Val> NFS_Interp::ExtractInterval(const u_char*& buf, int& n)
{
return new IntervalVal(double(extract_XDR_uint32(buf, n)), 1.0);
return make_intrusive<IntervalVal>(double(extract_XDR_uint32(buf, n)), 1.0);
}
Val* NFS_Interp::ExtractBool(const u_char*& buf, int& n)
IntrusivePtr<Val> NFS_Interp::ExtractBool(const u_char*& buf, int& n)
{
return val_mgr->Bool(extract_XDR_uint32(buf, n))->Ref();
return val_mgr->Bool(extract_XDR_uint32(buf, n));
}

74
src/analyzer/protocol/rpc/NFS.h
View file

@ -30,53 +30,53 @@ protected:
// to 0. However, the methods might still return an allocated Val * !
// So, you might want to Unref() the Val if buf is 0. Method names
// are based on the type names of RFC 1813.
StringVal* nfs3_fh(const u_char*& buf, int& n);
RecordVal* nfs3_fattr(const u_char*& buf, int& n);
RecordVal* nfs3_sattr(const u_char*& buf, int& n);
EnumVal* nfs3_ftype(const u_char*& buf, int& n);
EnumVal* nfs3_time_how(const u_char*& buf, int& n);
RecordVal* nfs3_wcc_attr(const u_char*& buf, int& n);
RecordVal* nfs3_diropargs(const u_char*&buf, int &n);
RecordVal* nfs3_symlinkdata(const u_char*& buf, int& n);
RecordVal* nfs3_renameopargs(const u_char*&buf, int &n);
StringVal* nfs3_filename(const u_char*& buf, int& n);
RecordVal* nfs3_linkargs(const u_char*& buf, int& n);
RecordVal* nfs3_symlinkargs(const u_char*& buf, int& n);
RecordVal* nfs3_sattrargs(const u_char*& buf, int& n);
StringVal* nfs3_nfspath(const u_char*& buf, int& n)
IntrusivePtr<StringVal> nfs3_fh(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_fattr(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_sattr(const u_char*& buf, int& n);
IntrusivePtr<EnumVal> nfs3_ftype(const u_char*& buf, int& n);
IntrusivePtr<EnumVal> nfs3_time_how(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_wcc_attr(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_diropargs(const u_char*&buf, int &n);
IntrusivePtr<RecordVal> nfs3_symlinkdata(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_renameopargs(const u_char*&buf, int &n);
IntrusivePtr<StringVal> nfs3_filename(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_linkargs(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_symlinkargs(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_sattrargs(const u_char*& buf, int& n);
IntrusivePtr<StringVal> nfs3_nfspath(const u_char*& buf, int& n)
{
return nfs3_filename(buf,n);
}
RecordVal* nfs3_post_op_attr(const u_char*&buf, int &n); // Return 0 or an fattr
RecordVal* nfs3_pre_op_attr(const u_char*&buf, int &n); // Return 0 or an wcc_attr
RecordVal* nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status);
RecordVal* nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status);
RecordVal* nfs3_readargs(const u_char*& buf, int& n);
RecordVal* nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status, bro_uint_t offset);
RecordVal* nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status);
RecordVal* nfs3_link_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status);
RecordVal* nfs3_writeargs(const u_char*& buf, int& n);
EnumVal* nfs3_stable_how(const u_char*& buf, int& n);
RecordVal* nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status);
RecordVal* nfs3_newobj_reply(const u_char*& buf, int&n, BifEnum::NFS3::status_t status);
RecordVal* nfs3_delobj_reply(const u_char*& buf, int& n);
RecordVal* nfs3_renameobj_reply(const u_char*& buf, int& n);
StringVal* nfs3_post_op_fh(const u_char*& buf, int& n);
RecordVal* nfs3_readdirargs(bool isplus, const u_char*& buf, int&n);
RecordVal* nfs3_readdir_reply(bool isplus, const u_char*& buf, int&n, BifEnum::NFS3::status_t status);
IntrusivePtr<RecordVal> nfs3_post_op_attr(const u_char*&buf, int &n); // Return 0 or an fattr
IntrusivePtr<RecordVal> nfs3_pre_op_attr(const u_char*&buf, int &n); // Return 0 or an wcc_attr
IntrusivePtr<RecordVal> nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status);
IntrusivePtr<RecordVal> nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status);
IntrusivePtr<RecordVal> nfs3_readargs(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status, bro_uint_t offset);
IntrusivePtr<RecordVal> nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status);
IntrusivePtr<RecordVal> nfs3_link_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status);
IntrusivePtr<RecordVal> nfs3_writeargs(const u_char*& buf, int& n);
IntrusivePtr<EnumVal> nfs3_stable_how(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status);
IntrusivePtr<RecordVal> nfs3_newobj_reply(const u_char*& buf, int&n, BifEnum::NFS3::status_t status);
IntrusivePtr<RecordVal> nfs3_delobj_reply(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_renameobj_reply(const u_char*& buf, int& n);
IntrusivePtr<StringVal> nfs3_post_op_fh(const u_char*& buf, int& n);
IntrusivePtr<RecordVal> nfs3_readdirargs(bool isplus, const u_char*& buf, int&n);
IntrusivePtr<RecordVal> nfs3_readdir_reply(bool isplus, const u_char*& buf, int&n, BifEnum::NFS3::status_t status);
// Consumes the file data in the RPC message. Depending on NFS::return_data* consts
// in bro.init returns NULL or the data as string val:
// * offset is the offset of the read/write call
// * size is the amount of bytes read (or requested to be written),
StringVal* nfs3_file_data(const u_char*& buf, int& n, uint64_t offset, int size);
IntrusivePtr<StringVal> nfs3_file_data(const u_char*& buf, int& n, uint64_t offset, int size);
Val* ExtractUint32(const u_char*& buf, int& n);
Val* ExtractUint64(const u_char*& buf, int& n);
Val* ExtractTime(const u_char*& buf, int& n);
Val* ExtractInterval(const u_char*& buf, int& n);
Val* ExtractBool(const u_char*& buf, int& n);
IntrusivePtr<Val> ExtractUint32(const u_char*& buf, int& n);
IntrusivePtr<Val> ExtractUint64(const u_char*& buf, int& n);
IntrusivePtr<Val> ExtractTime(const u_char*& buf, int& n);
IntrusivePtr<Val> ExtractInterval(const u_char*& buf, int& n);
IntrusivePtr<Val> ExtractBool(const u_char*& buf, int& n);
};
class NFS_Analyzer : public RPC_Analyzer {

72
src/analyzer/protocol/rpc/Portmap.cc
View file

@ -29,28 +29,28 @@ bool PortmapperInterp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n
case PMAPPROC_SET:
{
Val* m = ExtractMapping(buf, n);
auto m = ExtractMapping(buf, n);
if ( ! m )
return false;
c->AddVal(m);
c->AddVal(std::move(m));
}
break;
case PMAPPROC_UNSET:
{
Val* m = ExtractMapping(buf, n);
auto m = ExtractMapping(buf, n);
if ( ! m )
return false;
c->AddVal(m);
c->AddVal(std::move(m));
}
break;
case PMAPPROC_GETPORT:
{
Val* pr = ExtractPortRequest(buf, n);
auto pr = ExtractPortRequest(buf, n);
if ( ! pr )
return false;
c->AddVal(pr);
c->AddVal(std::move(pr));
}
break;
@ -59,10 +59,10 @@ bool PortmapperInterp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n
case PMAPPROC_CALLIT:
{
Val* call_it = ExtractCallItRequest(buf, n);
auto call_it = ExtractCallItRequest(buf, n);
if ( ! call_it )
return false;
c->AddVal(call_it);
c->AddVal(std::move(call_it));
}
break;
@ -79,7 +79,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
int reply_len)
{
EventHandlerPtr event;
Val *reply = nullptr;
IntrusivePtr<Val> reply;
int success = (status == BifEnum::RPC_SUCCESS);
switch ( c->Proc() ) {
@ -94,7 +94,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
if ( ! buf )
return false;
reply = val_mgr->Bool(status)->Ref();
reply = val_mgr->Bool(status);
event = pm_request_set;
}
else
@ -109,7 +109,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
if ( ! buf )
return false;
reply = val_mgr->Bool(status)->Ref();
reply = val_mgr->Bool(status);
event = pm_request_unset;
}
else
@ -127,7 +127,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
RecordVal* rv = c->RequestVal()->AsRecordVal();
Val* is_tcp = rv->Lookup(2);
reply = val_mgr->Port(CheckPort(port), is_tcp->IsOne() ?
TRANSPORT_TCP : TRANSPORT_UDP)->Ref();
TRANSPORT_TCP : TRANSPORT_UDP);
event = pm_request_getport;
}
else
@ -139,28 +139,25 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
if ( success )
{
static auto pm_mappings = zeek::id::find_type<TableType>("pm_mappings");
TableVal* mappings = new TableVal(pm_mappings);
auto mappings = make_intrusive<TableVal>(pm_mappings);
uint32_t nmap = 0;
// Each call in the loop test pulls the next "opted"
// element to see if there are more mappings.
while ( extract_XDR_uint32(buf, n) && buf )
{
Val* m = ExtractMapping(buf, n);
auto m = ExtractMapping(buf, n);
if ( ! m )
break;
auto index = val_mgr->Count(++nmap);
mappings->Assign(index.get(), m);
mappings->Assign(index.get(), std::move(m));
}
if ( ! buf )
{
Unref(mappings);
return false;
}
reply = mappings;
reply = std::move(mappings);
event = pm_request_dump;
}
else
@ -177,7 +174,7 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
if ( ! opaque_reply )
return false;
reply = val_mgr->Port(CheckPort(port), TRANSPORT_UDP)->Ref();
reply = val_mgr->Port(CheckPort(port), TRANSPORT_UDP);
event = pm_request_callit;
}
else
@ -188,14 +185,14 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
return false;
}
Event(event, c->TakeRequestVal(), status, reply);
Event(event, c->TakeRequestVal(), status, std::move(reply));
return true;
}
Val* PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
IntrusivePtr<Val> PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
{
static auto pm_mapping = zeek::id::find_type<RecordType>("pm_mapping");
RecordVal* mapping = new RecordVal(pm_mapping);
auto mapping = make_intrusive<RecordVal>(pm_mapping);
mapping->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
mapping->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
@ -205,18 +202,15 @@ Val* PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
mapping->Assign(2, val_mgr->Port(CheckPort(port), is_tcp ? TRANSPORT_TCP : TRANSPORT_UDP));
if ( ! buf )
{
Unref(mapping);
return nullptr;
}
return mapping;
}
Val* PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
IntrusivePtr<Val> PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
{
static auto pm_port_request = zeek::id::find_type<RecordType>("pm_port_request");
RecordVal* pr = new RecordVal(pm_port_request);
auto pr = make_intrusive<RecordVal>(pm_port_request);
pr->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
pr->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
@ -226,18 +220,15 @@ Val* PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
(void) extract_XDR_uint32(buf, len); // consume the bogus port
if ( ! buf )
{
Unref(pr);
return nullptr;
}
return pr;
}
Val* PortmapperInterp::ExtractCallItRequest(const u_char*& buf, int& len)
IntrusivePtr<Val> PortmapperInterp::ExtractCallItRequest(const u_char*& buf, int& len)
{
static auto pm_callit_request = zeek::id::find_type<RecordType>("pm_callit_request");
RecordVal* c = new RecordVal(pm_callit_request);
auto c = make_intrusive<RecordVal>(pm_callit_request);
c->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
c->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
@ -248,10 +239,7 @@ Val* PortmapperInterp::ExtractCallItRequest(const u_char*& buf, int& len)
c->Assign(3, val_mgr->Count(arg_n));
if ( ! buf )
{
Unref(c);
return nullptr;
}
return c;
}
@ -274,14 +262,10 @@ uint32_t PortmapperInterp::CheckPort(uint32_t port)
return port;
}
void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_status status, Val* reply)
void PortmapperInterp::Event(EventHandlerPtr f, IntrusivePtr<Val> request, BifEnum::rpc_status status, IntrusivePtr<Val> reply)
{
if ( ! f )
{
Unref(request);
Unref(reply);
return;
}
zeek::Args vl;
@ -290,16 +274,16 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu
if ( status == BifEnum::RPC_SUCCESS )
{
if ( request )
vl.emplace_back(AdoptRef{}, request);
vl.emplace_back(std::move(request));
if ( reply )
vl.emplace_back(AdoptRef{}, reply);
vl.emplace_back(std::move(reply));
}
else
{
vl.emplace_back(zeek::BifType::Enum::rpc_status->GetVal(status));
if ( request )
vl.emplace_back(AdoptRef{}, request);
vl.emplace_back(std::move(request));
}
analyzer->EnqueueConnEvent(f, std::move(vl));

8
src/analyzer/protocol/rpc/Portmap.h
View file

@ -17,11 +17,11 @@ protected:
double last_time, int reply_len) override;
uint32_t CheckPort(uint32_t port);
void Event(EventHandlerPtr f, Val* request, BifEnum::rpc_status status, Val* reply);
void Event(EventHandlerPtr f, IntrusivePtr<Val> request, BifEnum::rpc_status status, IntrusivePtr<Val> reply);
Val* ExtractMapping(const u_char*& buf, int& len);
Val* ExtractPortRequest(const u_char*& buf, int& len);
Val* ExtractCallItRequest(const u_char*& buf, int& len);
IntrusivePtr<Val> ExtractMapping(const u_char*& buf, int& len);
IntrusivePtr<Val> ExtractPortRequest(const u_char*& buf, int& len);
IntrusivePtr<Val> ExtractCallItRequest(const u_char*& buf, int& len);
};
class Portmapper_Analyzer : public RPC_Analyzer {

2
src/analyzer/protocol/rpc/RPC.cc
View file

@ -28,7 +28,6 @@ namespace { // local namespace
RPC_CallInfo::RPC_CallInfo(uint32_t arg_xid, const u_char*& buf, int& n, double arg_start_time, double arg_last_time, int arg_rpc_len)
{
v = nullptr;
xid = arg_xid;
stamp = 0;
uid = 0;
@ -98,7 +97,6 @@ RPC_CallInfo::RPC_CallInfo(uint32_t arg_xid, const u_char*& buf, int& n, double
RPC_CallInfo::~RPC_CallInfo()
{
delete [] call_buf;
Unref(v);
}
bool RPC_CallInfo::CompareRexmit(const u_char* buf, int n) const

8
src/analyzer/protocol/rpc/RPC.h
View file

@ -52,9 +52,9 @@ public:
double last_time, int rpc_len);
~RPC_CallInfo();
void AddVal(Val* arg_v) { Unref(v); v = arg_v; }
Val* RequestVal() const { return v; }
Val* TakeRequestVal() { Val* rv = v; v = nullptr; return rv; }
void AddVal(IntrusivePtr<Val> arg_v) { v = std::move(arg_v); }
const IntrusivePtr<Val>& RequestVal() const { return v; }
IntrusivePtr<Val> TakeRequestVal() { auto rv = std::move(v); return rv; }
bool CompareRexmit(const u_char* buf, int n) const;
@ -95,7 +95,7 @@ protected:
int header_len; // size of data before the arguments
bool valid_call; // whether call was well-formed
Val* v; // single (perhaps compound) value corresponding to call
IntrusivePtr<Val> v; // single (perhaps compound) value corresponding to call
};
class RPC_Interpreter {