Merge remote-tracking branch 'origin/topic/timw/windows-follow-ups'

* origin/topic/timw/windows-follow-ups:
  Re-enable strcasestr on Windows, fix linking error
  Minor renaming changes to event handler stats bif, plus a test
  Remove unneeded forward-declaration of select()
  Rework setting adding ports to map slightly

CHANGES

@@ -1,3 +1,13 @@
+5.2.0-dev.313 | 2022-11-14 09:41:06 -0700
+
+  * Re-enable strcasestr on Windows, fix linking error (Tim Wojtulewicz)
+
+  * Minor renaming changes to event handler stats bif, plus a test (Tim Wojtulewicz, Corelight)
+
+  * Remove unneeded forward-declaration of select() (Tim Wojtulewicz, Corelight)
+
+  * Rework setting adding ports to map slightly (Tim Wojtulewicz, Corelight)
+
 5.2.0-dev.307 | 2022-11-11 15:13:47 -0700
 
   * Merged support for Microsoft Windows (Tomer Lev, Elad Solomon, Microsoft)

VERSION

@@ -1 +1 @@
-5.2.0-dev.307
+5.2.0-dev.313

scripts/base/init-bare.zeek

@@ -797,9 +797,9 @@ type ReporterStats: record {
 ## .. zeek:see:: get_event_handler_call_counts
 type EventNameCounter: record {
 	## Name of the zeek event.
-	name: 			string 	&log;
-	## Times it was queued, as captured by event hook.
-	times_queued: 	count 	&log;
+	name: string &log;
+	## Times it was called, as counted by the event handlers.
+	times_called: count &log;
 } &log;
 type EventNameStats: vector of EventNameCounter;
 

src/RunState.cc

@@ -40,13 +40,6 @@ extern "C"
 #include "zeek/plugin/Manager.h"
 #include "zeek/session/Manager.h"
 
-#ifndef _MSC_VER
-extern "C"
-	{
-	extern int select(int, fd_set*, fd_set*, fd_set*, struct timeval*);
-	}
-#endif
-
 static double last_watchdog_proc_time = 0.0; // value of above during last watchdog
 extern int signal_val;
 

src/Val.cc

@@ -3972,10 +3972,9 @@ const PortValPtr& ValManager::Port(uint32_t port_num, TransportProto port_type)
 		port_num = 0;
 		}
 
-	uint32_t port_masked = PortVal::Mask(port_num, port_type);
-	if ( ports.find(port_masked) == ports.end() )
-		ports[port_masked] = IntrusivePtr{AdoptRef{},
-		                                  new PortVal(PortVal::Mask(port_num, port_type))};
+	auto port_masked = PortVal::Mask(port_num, port_type);
+	if ( ports.count(port_masked) == 0 )
+		ports.insert({port_masked, make_intrusive<PortVal>(port_masked)});
 
 	return ports[port_masked];
 	}

src/stats.bif

@@ -485,17 +485,15 @@ function get_reporter_stats%(%): ReporterStats
 	return r;
 	%}
 
-## Returns a list of event handlers that were called and the number of times
-## each was called.
+## Returns statistics about calls to event handlers.
 ##
 ## Returns: A record with event call statistics.
 ##
-function get_event_handler_call_counts%(%): EventNameStats
+function get_event_handler_stats%(%): EventNameStats
   %{
 	auto rval = zeek::make_intrusive<zeek::VectorVal>(zeek::id::find_type<VectorType>("EventNameStats"));
 	const auto& recordType = zeek::id::find_type<RecordType>("EventNameCounter");
 
-	int i = 0;
 	const auto& events = event_registry->UsedHandlers();
 	for ( const auto& name : events )
 		{
@@ -507,8 +505,7 @@ function get_event_handler_call_counts%(%): EventNameStats
 			auto eventStatRecord = zeek::make_intrusive<zeek::RecordVal>(recordType);
 			eventStatRecord->Assign(0, zeek::make_intrusive<zeek::StringVal>(name));
 			eventStatRecord->Assign(1, zeek::val_mgr->Count(handler->CallCount()));
-			rval->Assign(i, std::move(eventStatRecord));
-			i++;
+			rval->Append(std::move(eventStatRecord));
 			}
 		}
 

src/util.cc

@@ -1343,20 +1343,7 @@ const char* strpbrk_n(size_t len, const char* s, const char* charset)
 	return nullptr;
 	}
 
-#if ! defined(HAVE_STRCASESTR) && ! defined(_MSC_VER)
-
-TEST_CASE("util strcasestr")
-	{
-	const char* s = "this is a string";
-	const char* out = strcasestr(s, "is");
-	CHECK(strcmp(out, "is a string") == 0);
-
-	const char* out2 = strcasestr(s, "IS");
-	CHECK(strcmp(out2, "is a string") == 0);
-
-	const char* out3 = strcasestr(s, "not there");
-	CHECK(strcmp(out2, s) == 0);
-	}
+#if ! defined(HAVE_STRCASESTR)
 
 // This code is derived from software contributed to BSD by Chris Torek.
 char* strcasestr(const char* s, const char* find)
@@ -1384,6 +1371,20 @@ char* strcasestr(const char* s, const char* find)
 
 	return (char*)s;
 	}
+
+TEST_CASE("util strcasestr")
+	{
+	const char* s = "this is a string";
+	const char* out = strcasestr(s, "is");
+	CHECK(strcmp(out, "is a string") == 0);
+
+	const char* out2 = strcasestr(s, "IS");
+	CHECK(strcmp(out2, "is a string") == 0);
+
+	const char* out3 = strcasestr(s, "not there");
+	CHECK(strcmp(out2, s) == 0);
+	}
+
 #endif
 
 TEST_CASE("util atoi_n")

testing/btest/Baseline/bifs.event-handler-stats/out

@@ -0,0 +1 @@
+[[name=Broker::log_flush, times_called=2], [name=ChecksumOffloading::check, times_called=2], [name=NetControl::init, times_called=1], [name=analyzer_confirmation_info, times_called=1], [name=connection_established, times_called=1], [name=connection_state_remove, times_called=1], [name=file_new, times_called=1], [name=file_over_new_connection, times_called=1], [name=file_sniff, times_called=1], [name=file_state_remove, times_called=1], [name=filter_change_tracking, times_called=3], [name=get_file_handle, times_called=4], [name=http_begin_entity, times_called=2], [name=http_end_entity, times_called=2], [name=http_header, times_called=13], [name=http_message_done, times_called=2], [name=http_reply, times_called=1], [name=http_request, times_called=1], [name=net_done, times_called=1], [name=new_connection, times_called=1], [name=run_sync_hook, times_called=2], [name=zeek_done, times_called=1], [name=zeek_init, times_called=1]]

testing/btest/bifs/event-handler-stats.zeek

@@ -0,0 +1,7 @@
+# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+event zeek_done()
+{
+	print(get_event_handler_stats());
+}