mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Small tweaks to recent commits.
This commit is contained in:
Robin Sommer
parent
11c437faa3
commit
d97297b6ce
3 changed files with 23 additions and 12 deletions
|
|
@ -107,10 +107,10 @@ macro(BIF_TARGET bifInput)
|
||||||
add_custom_command(OUTPUT ${bifOutputs}
|
add_custom_command(OUTPUT ${bifOutputs}
|
||||||
COMMAND bifcl
|
COMMAND bifcl
|
||||||
ARGS ${CMAKE_CURRENT_SOURCE_DIR}/${bifInput} || (rm -f ${bifOutputs} && exit 1)
|
ARGS ${CMAKE_CURRENT_SOURCE_DIR}/${bifInput} || (rm -f ${bifOutputs} && exit 1)
|
||||||
# in order be able to run bro from the build directory,
|
# In order be able to run bro from the build directory,
|
||||||
# the generated bro script needs to be inside a
|
# the generated bro script needs to be inside a
|
||||||
# a directory tree named the same way it will be
|
# a directory tree named the same way it will be
|
||||||
# referenced from an @load
|
# referenced from an @load.
|
||||||
COMMAND "${CMAKE_COMMAND}"
|
COMMAND "${CMAKE_COMMAND}"
|
||||||
ARGS -E copy ${bifInput}.bro base/${bifInput}.bro
|
ARGS -E copy ${bifInput}.bro base/${bifInput}.bro
|
||||||
COMMAND "${CMAKE_COMMAND}"
|
COMMAND "${CMAKE_COMMAND}"
|
||||||
|
|
|
||||||
|
|
@ -37,16 +37,17 @@ void SSL_Analyzer_binpac::DeliverStream(int len, const u_char* data, bool orig)
|
||||||
|
|
||||||
if ( TCP()->IsPartial() )
|
if ( TCP()->IsPartial() )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if ( had_gap )
|
if ( had_gap )
|
||||||
// XXX: If only one side had a content gap, we could still try to
|
// XXX: If only one side had a content gap, we could still try to
|
||||||
// deliver data to the other side if the script layer can handle this.
|
// deliver data to the other side if the script layer can handle this.
|
||||||
return;
|
return;
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
interp->NewData(orig, data, data + len);
|
interp->NewData(orig, data, data + len);
|
||||||
}
|
}
|
||||||
catch ( binpac::Exception const &e )
|
catch ( const binpac::Exception& e )
|
||||||
{
|
{
|
||||||
ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
|
ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
26
src/bro.bif
26
src/bro.bif
|
|
@ -3023,8 +3023,10 @@ extern "C" {
|
||||||
static GeoIP* open_geoip_db(GeoIPDBTypes type)
|
static GeoIP* open_geoip_db(GeoIPDBTypes type)
|
||||||
{
|
{
|
||||||
GeoIP* geoip = 0;
|
GeoIP* geoip = 0;
|
||||||
|
|
||||||
if ( GeoIP_db_avail(type) )
|
if ( GeoIP_db_avail(type) )
|
||||||
geoip = GeoIP_open_type(type, GEOIP_MEMORY_CACHE);
|
geoip = GeoIP_open_type(type, GEOIP_MEMORY_CACHE);
|
||||||
|
|
||||||
if ( ! geoip )
|
if ( ! geoip )
|
||||||
reporter->Warning("Failed to open GeoIP database: %s",
|
reporter->Warning("Failed to open GeoIP database: %s",
|
||||||
GeoIPDBFileName[type]);
|
GeoIPDBFileName[type]);
|
||||||
|
|
@ -3040,9 +3042,9 @@ function lookup_location%(a: addr%) : geo_location
|
||||||
RecordVal* location = new RecordVal(geo_location);
|
RecordVal* location = new RecordVal(geo_location);
|
||||||
|
|
||||||
#ifdef USE_GEOIP
|
#ifdef USE_GEOIP
|
||||||
|
static bool geoip_initialized = false;
|
||||||
static GeoIP* geoip = 0;
|
static GeoIP* geoip = 0;
|
||||||
static GeoIP* geoip_v6 = 0;
|
static GeoIP* geoip_v6 = 0;
|
||||||
static bool geoip_initialized = false;
|
|
||||||
static bool have_city_db = false;
|
static bool have_city_db = false;
|
||||||
static bool have_cityv6_db = false;
|
static bool have_cityv6_db = false;
|
||||||
GeoIPRecord* gir = 0;
|
GeoIPRecord* gir = 0;
|
||||||
|
|
@ -3051,7 +3053,6 @@ function lookup_location%(a: addr%) : geo_location
|
||||||
if ( ! geoip_initialized )
|
if ( ! geoip_initialized )
|
||||||
{
|
{
|
||||||
geoip_initialized = true;
|
geoip_initialized = true;
|
||||||
|
|
||||||
geoip = open_geoip_db(GEOIP_CITY_EDITION_REV0);
|
geoip = open_geoip_db(GEOIP_CITY_EDITION_REV0);
|
||||||
|
|
||||||
if ( ! geoip )
|
if ( ! geoip )
|
||||||
|
|
@ -3066,10 +3067,13 @@ function lookup_location%(a: addr%) : geo_location
|
||||||
have_city_db = true;
|
have_city_db = true;
|
||||||
|
|
||||||
#ifdef BROv6
|
#ifdef BROv6
|
||||||
|
|
||||||
#ifdef HAVE_GEOIP_CITY_EDITION_REV0_V6
|
#ifdef HAVE_GEOIP_CITY_EDITION_REV0_V6
|
||||||
geoip_v6 = open_geoip_db(GEOIP_CITY_EDITION_REV0_V6);
|
geoip_v6 = open_geoip_db(GEOIP_CITY_EDITION_REV0_V6);
|
||||||
if ( geoip_v6 ) have_cityv6_db = true;
|
if ( geoip_v6 )
|
||||||
|
have_cityv6_db = true;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
|
#ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
|
||||||
if ( ! geoip_v6 )
|
if ( ! geoip_v6 )
|
||||||
geoip_v6 = open_geoip_db(GEOIP_COUNTRY_EDITION_V6);
|
geoip_v6 = open_geoip_db(GEOIP_COUNTRY_EDITION_V6);
|
||||||
|
|
@ -3080,6 +3084,7 @@ function lookup_location%(a: addr%) : geo_location
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef BROv6
|
#ifdef BROv6
|
||||||
|
|
||||||
#ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
|
#ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
|
||||||
if ( geoip_v6 && ! is_v4_addr(a) )
|
if ( geoip_v6 && ! is_v4_addr(a) )
|
||||||
{
|
{
|
||||||
|
|
@ -3092,6 +3097,7 @@ function lookup_location%(a: addr%) : geo_location
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ( geoip && is_v4_addr(a) )
|
if ( geoip && is_v4_addr(a) )
|
||||||
{
|
{
|
||||||
uint32 addr = to_v4_addr(a);
|
uint32 addr = to_v4_addr(a);
|
||||||
|
|
@ -3100,7 +3106,8 @@ function lookup_location%(a: addr%) : geo_location
|
||||||
else
|
else
|
||||||
cc = GeoIP_country_code_by_ipnum(geoip, ntohl(addr));
|
cc = GeoIP_country_code_by_ipnum(geoip, ntohl(addr));
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
|
#else // not BROv6
|
||||||
if ( geoip )
|
if ( geoip )
|
||||||
{
|
{
|
||||||
if ( have_city_db )
|
if ( have_city_db )
|
||||||
|
|
@ -3134,13 +3141,13 @@ function lookup_location%(a: addr%) : geo_location
|
||||||
return location;
|
return location;
|
||||||
}
|
}
|
||||||
|
|
||||||
else if (cc)
|
else if ( cc )
|
||||||
{
|
{
|
||||||
location->Assign(0, new StringVal(cc));
|
location->Assign(0, new StringVal(cc));
|
||||||
return location;
|
return location;
|
||||||
}
|
}
|
||||||
|
|
||||||
#else
|
#else // not USE_GEOIP
|
||||||
static int missing_geoip_reported = 0;
|
static int missing_geoip_reported = 0;
|
||||||
|
|
||||||
if ( ! missing_geoip_reported )
|
if ( ! missing_geoip_reported )
|
||||||
|
|
@ -3186,12 +3193,14 @@ function lookup_asn%(a: addr%) : count
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ( is_v4_addr(a) )
|
if ( is_v4_addr(a) )
|
||||||
{
|
{
|
||||||
uint32 addr = to_v4_addr(a);
|
uint32 addr = to_v4_addr(a);
|
||||||
gir = GeoIP_name_by_ipnum(geoip_asn, ntohl(addr));
|
gir = GeoIP_name_by_ipnum(geoip_asn, ntohl(addr));
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
|
#else // not BROv6
|
||||||
gir = GeoIP_name_by_ipnum(geoip_asn, ntohl(a));
|
gir = GeoIP_name_by_ipnum(geoip_asn, ntohl(a));
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
@ -3202,7 +3211,8 @@ function lookup_asn%(a: addr%) : count
|
||||||
// the first two characters: "AS".
|
// the first two characters: "AS".
|
||||||
return new Val(atoi(gir+2), TYPE_COUNT);
|
return new Val(atoi(gir+2), TYPE_COUNT);
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
|
#else // not USE_GEOIP
|
||||||
static int missing_geoip_reported = 0;
|
static int missing_geoip_reported = 0;
|
||||||
|
|
||||||
if ( ! missing_geoip_reported )
|
if ( ! missing_geoip_reported )
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue