From c24f3391a3bec2cb0df6b8dd0015353ea205f92c Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Tue, 10 May 2011 12:31:53 -0700 Subject: [PATCH 1/4] Fix compiler warning with gcc-4.4.4 --- src/Type.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Type.cc b/src/Type.cc index 458a672d41..3ac5671619 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1157,6 +1157,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const for ( int i = 0; i < num_fields; ++i ) { if ( i > 0 ) + { if ( func_args ) d->Add(", "); else @@ -1164,6 +1165,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const d->NL(); d->NL(); } + } FieldDecl(i)->DescribeReST(d); } From 70e14cb7d5bbaaade7ceaf5ec5ad4c0d8b44dc25 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 12 May 2011 19:55:26 -0500 Subject: [PATCH 2/4] Fix CommentedTypeDecl to track whether it's in a record like TypeDecl does. --- src/Type.cc | 4 ++-- src/Type.h | 2 +- src/parse.y | 3 ++- testing/btest/doc/record-attr-check.bro | 9 +++++++++ 4 files changed, 14 insertions(+), 4 deletions(-) create mode 100644 testing/btest/doc/record-attr-check.bro diff --git a/src/Type.cc b/src/Type.cc index 458a672d41..c770091ad6 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -848,8 +848,8 @@ void TypeDecl::DescribeReST(ODesc* d) const } CommentedTypeDecl::CommentedTypeDecl(BroType* t, const char* i, - attr_list* attrs, std::list* cmnt_list) - : TypeDecl(t, i, attrs) + attr_list* attrs, bool in_record, std::list* cmnt_list) + : TypeDecl(t, i, attrs, in_record) { comments = cmnt_list; } diff --git a/src/Type.h b/src/Type.h index 082e950921..b8cb7e2aa5 100644 --- a/src/Type.h +++ b/src/Type.h @@ -420,7 +420,7 @@ public: class CommentedTypeDecl : public TypeDecl { public: CommentedTypeDecl(BroType* t, const char* i, attr_list* attrs = 0, - std::list* cmnt_list = 0); + bool in_record = false, std::list* cmnt_list = 0); virtual ~CommentedTypeDecl(); void DescribeReST(ODesc* d) const; diff --git a/src/parse.y b/src/parse.y index 288b6c4cfe..a31b47b0bd 100644 --- a/src/parse.y +++ b/src/parse.y @@ -936,6 +936,7 @@ type_decl: if ( generate_documentation ) { + // TypeDecl ctor deletes the attr list, so make a copy attr_list* a = $5; attr_list* a_copy = 0; @@ -947,7 +948,7 @@ type_decl: } last_fake_type_decl = new CommentedTypeDecl( - $4, $2, a_copy, concat_opt_docs($1, $7)); + $4, $2, a_copy, (in_record > 0), concat_opt_docs($1, $7)); } $$ = new TypeDecl($4, $2, $5, (in_record > 0)); diff --git a/testing/btest/doc/record-attr-check.bro b/testing/btest/doc/record-attr-check.bro new file mode 100644 index 0000000000..33ada44bfd --- /dev/null +++ b/testing/btest/doc/record-attr-check.bro @@ -0,0 +1,9 @@ +# @TEST-EXEC: bro --doc-scripts %INPUT + +type Tag: enum { + SOMETHING +}; + +type R: record { + field1: set[Tag] &default=set(); +}; From 437ac29ca94145c0c1e8f13bbb1acf3fe2418b18 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 13 May 2011 17:40:12 -0700 Subject: [PATCH 3/4] Updating submodule(s). --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index c4eaf7c747..d9bfa3e7c2 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit c4eaf7c7471ab04ae8af0f2913cb8350d9ae0b3a +Subproject commit d9bfa3e7c25aa0fdc27a1f8520f2bb474ecd44af From 1199085b27edf2885cf4fd775392936fb621d517 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 13 May 2011 18:47:50 -0700 Subject: [PATCH 4/4] An extension to the ICMP analyzer to handle redirects. The analyzer now raises icmp_redirect() events that come with the redirection address. By Julien Sentier. --- src/Analyzer.cc | 3 +++ src/AnalyzerTags.h | 4 +++- src/DPM.cc | 8 ++++++++ src/ICMP.cc | 18 ++++++++++++++++++ src/ICMP.h | 16 ++++++++++++++++ src/event.bif | 1 + 6 files changed, 49 insertions(+), 1 deletion(-) diff --git a/src/Analyzer.cc b/src/Analyzer.cc index ff159f5b11..81f3b6575c 100644 --- a/src/Analyzer.cc +++ b/src/Analyzer.cc @@ -58,6 +58,9 @@ const Analyzer::Config Analyzer::analyzer_configs[] = { { AnalyzerTag::ICMP_Echo, "ICMP_ECHO", ICMP_Echo_Analyzer::InstantiateAnalyzer, ICMP_Echo_Analyzer::Available, 0, false }, + { AnalyzerTag::ICMP_Redir, "ICMP_REDIR", + ICMP_Redir_Analyzer::InstantiateAnalyzer, + ICMP_Redir_Analyzer::Available, 0, false }, { AnalyzerTag::TCP, "TCP", TCP_Analyzer::InstantiateAnalyzer, TCP_Analyzer::Available, 0, false }, diff --git a/src/AnalyzerTags.h b/src/AnalyzerTags.h index e5760c41f8..00ff481413 100644 --- a/src/AnalyzerTags.h +++ b/src/AnalyzerTags.h @@ -22,7 +22,9 @@ namespace AnalyzerTag { PIA_TCP, PIA_UDP, // Transport-layer analyzers. - ICMP, ICMP_TimeExceeded, ICMP_Unreachable, ICMP_Echo, TCP, UDP, + ICMP, + ICMP_TimeExceeded, ICMP_Unreachable, ICMP_Echo, ICMP_Redir, + TCP, UDP, // Application-layer analyzers (hand-written). BitTorrent, BitTorrentTracker, diff --git a/src/DPM.cc b/src/DPM.cc index 3e27a0501d..95c219182e 100644 --- a/src/DPM.cc +++ b/src/DPM.cc @@ -229,6 +229,14 @@ bool DPM::BuildInitialAnalyzerTree(TransportProto proto, Connection* conn, } break; + case ICMP_REDIRECT: + if ( ICMP_Redir_Analyzer::Available() ) + { + root = new ICMP_Redir_Analyzer(conn); + DBG_DPD(conn, "activated ICMP Redir analyzer"); + } + break; + case ICMP_UNREACH: if ( ICMP_Unreachable_Analyzer::Available() ) { diff --git a/src/ICMP.cc b/src/ICMP.cc index a72e249d81..95169cd518 100644 --- a/src/ICMP.cc +++ b/src/ICMP.cc @@ -321,6 +321,24 @@ void ICMP_Echo_Analyzer::NextICMP(double t, const struct icmp* icmpp, int len, ConnectionEvent(f, vl); } +ICMP_Redir_Analyzer::ICMP_Redir_Analyzer(Connection* c) +: ICMP_Analyzer(AnalyzerTag::ICMP_Redir, c) + { + } + +void ICMP_Redir_Analyzer::NextICMP(double t, const struct icmp* icmpp, int len, + int caplen, const u_char*& data) + { + uint32 addr = ntohl(icmpp->icmp_hun.ih_void); + + val_list* vl = new val_list; + vl->append(BuildConnVal()); + vl->append(BuildICMPVal()); + vl->append(new AddrVal(htonl(addr))); + + ConnectionEvent(icmp_redirect, vl); + } + void ICMP_Context_Analyzer::NextICMP(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data) diff --git a/src/ICMP.h b/src/ICMP.h index db1984e860..62b859beba 100644 --- a/src/ICMP.h +++ b/src/ICMP.h @@ -74,6 +74,22 @@ protected: int len, int caplen, const u_char*& data); }; +class ICMP_Redir_Analyzer : public ICMP_Analyzer { +public: + ICMP_Redir_Analyzer(Connection* conn); + + static Analyzer* InstantiateAnalyzer(Connection* conn) + { return new ICMP_Redir_Analyzer(conn); } + + static bool Available() { return icmp_redirect; } + +protected: + ICMP_Redir_Analyzer() { } + + virtual void NextICMP(double t, const struct icmp* icmpp, + int len, int caplen, const u_char*& data); +}; + class ICMP_Context_Analyzer : public ICMP_Analyzer { public: ICMP_Context_Analyzer(AnalyzerTag::Tag tag, Connection* conn) diff --git a/src/event.bif b/src/event.bif index 270f1b0d0b..74bfaa3e03 100644 --- a/src/event.bif +++ b/src/event.bif @@ -52,6 +52,7 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_redirect%(c: connection, icmp: icmp_conn, a: addr%); event net_stats_update%(t: time, ns: net_stats%); event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%); event conn_weird%(name: string, c: connection%);