Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/master' into topic/policy-scripts-new

Browse source
This commit is contained in:
Jon Siwek 2011-05-16 13:59:02 -05:00
commit e608aae0ba
11 changed files with 66 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
aux/broctl

@ -1 +1 @@
Subproject commit c4eaf7c7471ab04ae8af0f2913cb8350d9ae0b3a Subproject commit d9bfa3e7c25aa0fdc27a1f8520f2bb474ecd44af

3
src/Analyzer.cc
View file

@ -58,6 +58,9 @@ const Analyzer::Config Analyzer::analyzer_configs[] = {
{ AnalyzerTag::ICMP_Echo, "ICMP_ECHO", { AnalyzerTag::ICMP_Echo, "ICMP_ECHO",
ICMP_Echo_Analyzer::InstantiateAnalyzer, ICMP_Echo_Analyzer::InstantiateAnalyzer,
ICMP_Echo_Analyzer::Available, 0, false }, ICMP_Echo_Analyzer::Available, 0, false },
{ AnalyzerTag::ICMP_Redir, "ICMP_REDIR",
ICMP_Redir_Analyzer::InstantiateAnalyzer,
ICMP_Redir_Analyzer::Available, 0, false },
{ AnalyzerTag::TCP, "TCP", TCP_Analyzer::InstantiateAnalyzer, { AnalyzerTag::TCP, "TCP", TCP_Analyzer::InstantiateAnalyzer,
TCP_Analyzer::Available, 0, false }, TCP_Analyzer::Available, 0, false },

4
src/AnalyzerTags.h
View file

@ -22,7 +22,9 @@ namespace AnalyzerTag {
PIA_TCP, PIA_UDP, PIA_TCP, PIA_UDP,
// Transport-layer analyzers. // Transport-layer analyzers.
ICMP, ICMP_TimeExceeded, ICMP_Unreachable, ICMP_Echo, TCP, UDP, ICMP,
ICMP_TimeExceeded, ICMP_Unreachable, ICMP_Echo, ICMP_Redir,
TCP, UDP,
// Application-layer analyzers (hand-written). // Application-layer analyzers (hand-written).
BitTorrent, BitTorrentTracker, BitTorrent, BitTorrentTracker,

8
src/DPM.cc
View file

@ -229,6 +229,14 @@ bool DPM::BuildInitialAnalyzerTree(TransportProto proto, Connection* conn,
} }
break; break;
case ICMP_REDIRECT:
if ( ICMP_Redir_Analyzer::Available() )
{
root = new ICMP_Redir_Analyzer(conn);
DBG_DPD(conn, "activated ICMP Redir analyzer");
}
break;
case ICMP_UNREACH: case ICMP_UNREACH:
if ( ICMP_Unreachable_Analyzer::Available() ) if ( ICMP_Unreachable_Analyzer::Available() )
{ {

18
src/ICMP.cc
View file

@ -321,6 +321,24 @@ void ICMP_Echo_Analyzer::NextICMP(double t, const struct icmp* icmpp, int len,
ConnectionEvent(f, vl); ConnectionEvent(f, vl);
} }
ICMP_Redir_Analyzer::ICMP_Redir_Analyzer(Connection* c)
: ICMP_Analyzer(AnalyzerTag::ICMP_Redir, c)
{
}
void ICMP_Redir_Analyzer::NextICMP(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data)
{
uint32 addr = ntohl(icmpp->icmp_hun.ih_void);
val_list* vl = new val_list;
vl->append(BuildConnVal());
vl->append(BuildICMPVal());
vl->append(new AddrVal(htonl(addr)));
ConnectionEvent(icmp_redirect, vl);
}
void ICMP_Context_Analyzer::NextICMP(double t, const struct icmp* icmpp, void ICMP_Context_Analyzer::NextICMP(double t, const struct icmp* icmpp,
int len, int caplen, const u_char*& data) int len, int caplen, const u_char*& data)

16
src/ICMP.h
View file

@ -74,6 +74,22 @@ protected:
int len, int caplen, const u_char*& data); int len, int caplen, const u_char*& data);
}; };
class ICMP_Redir_Analyzer : public ICMP_Analyzer {
public:
ICMP_Redir_Analyzer(Connection* conn);
static Analyzer* InstantiateAnalyzer(Connection* conn)
{ return new ICMP_Redir_Analyzer(conn); }
static bool Available() { return icmp_redirect; }
protected:
ICMP_Redir_Analyzer() { }
virtual void NextICMP(double t, const struct icmp* icmpp,
int len, int caplen, const u_char*& data);
};
class ICMP_Context_Analyzer : public ICMP_Analyzer { class ICMP_Context_Analyzer : public ICMP_Analyzer {
public: public:
ICMP_Context_Analyzer(AnalyzerTag::Tag tag, Connection* conn) ICMP_Context_Analyzer(AnalyzerTag::Tag tag, Connection* conn)

6
src/Type.cc
View file

@ -848,8 +848,8 @@ void TypeDecl::DescribeReST(ODesc* d) const
} }
CommentedTypeDecl::CommentedTypeDecl(BroType* t, const char* i, CommentedTypeDecl::CommentedTypeDecl(BroType* t, const char* i,
attr_list* attrs, std::list<std::string>* cmnt_list) attr_list* attrs, bool in_record, std::list<std::string>* cmnt_list)
: TypeDecl(t, i, attrs) : TypeDecl(t, i, attrs, in_record)
{ {
comments = cmnt_list; comments = cmnt_list;
} }
@ -1157,6 +1157,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const
for ( int i = 0; i < num_fields; ++i ) for ( int i = 0; i < num_fields; ++i )
{ {
if ( i > 0 ) if ( i > 0 )
{
if ( func_args ) if ( func_args )
d->Add(", "); d->Add(", ");
else else
@ -1164,6 +1165,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const
d->NL(); d->NL();
d->NL(); d->NL();
} }
}
FieldDecl(i)->DescribeReST(d); FieldDecl(i)->DescribeReST(d);
} }

2
src/Type.h
View file

@ -420,7 +420,7 @@ public:
class CommentedTypeDecl : public TypeDecl { class CommentedTypeDecl : public TypeDecl {
public: public:
CommentedTypeDecl(BroType* t, const char* i, attr_list* attrs = 0, CommentedTypeDecl(BroType* t, const char* i, attr_list* attrs = 0,
std::list<std::string>* cmnt_list = 0); bool in_record = false, std::list<std::string>* cmnt_list = 0);
virtual ~CommentedTypeDecl(); virtual ~CommentedTypeDecl();
void DescribeReST(ODesc* d) const; void DescribeReST(ODesc* d) const;

1
src/event.bif
View file

@ -49,6 +49,7 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count,
event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%);
event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);
event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);
event icmp_redirect%(c: connection, icmp: icmp_conn, a: addr%);
event net_stats_update%(t: time, ns: net_stats%); event net_stats_update%(t: time, ns: net_stats%);
event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%); event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%);
event conn_weird%(name: string, c: connection%); event conn_weird%(name: string, c: connection%);

3
src/parse.y
View file

@ -936,6 +936,7 @@ type_decl:
if ( generate_documentation ) if ( generate_documentation )
{ {
// TypeDecl ctor deletes the attr list, so make a copy
attr_list* a = $5; attr_list* a = $5;
attr_list* a_copy = 0; attr_list* a_copy = 0;
@ -947,7 +948,7 @@ type_decl:
} }
last_fake_type_decl = new CommentedTypeDecl( last_fake_type_decl = new CommentedTypeDecl(
$4, $2, a_copy, concat_opt_docs($1, $7)); $4, $2, a_copy, (in_record > 0), concat_opt_docs($1, $7));
} }
$$ = new TypeDecl($4, $2, $5, (in_record > 0)); $$ = new TypeDecl($4, $2, $5, (in_record > 0));

9
testing/btest/doc/record-attr-check.bro Normal file
View file

@ -0,0 +1,9 @@
# @TEST-EXEC: bro --doc-scripts %INPUT
type Tag: enum {
SOMETHING
};
type R: record {
field1: set[Tag] &default=set();
};