From e7c6d51ae79e7ea33672e4f600a9c5c8bc5535f3 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Wed, 5 Aug 2020 11:37:20 -0700 Subject: [PATCH] Move the functions and variables in Net.h to the zeek::net namespace. This includes moving network_time out of util.h. --- src/Conn.cc | 14 +- src/DNS_Mgr.cc | 4 +- src/Debug.cc | 2 +- src/DebugLogger.cc | 4 +- src/Event.cc | 4 +- src/Expr.cc | 4 +- src/File.cc | 2 +- src/Frag.cc | 4 +- src/Net.cc | 83 +++++++---- src/Net.h | 132 ++++++++++++------ src/Reporter.cc | 14 +- src/RuleMatcher.cc | 16 +-- src/Sessions.cc | 24 ++-- src/Stats.cc | 58 ++++---- src/Stmt.cc | 4 +- src/Stmt.h | 4 +- src/Timer.cc | 9 +- src/Trigger.cc | 6 +- src/Val.cc | 18 +-- src/Val.h | 13 +- src/WeirdState.cc | 4 +- src/analyzer/Manager.cc | 10 +- src/analyzer/protocol/conn-size/ConnSize.cc | 2 +- src/analyzer/protocol/dns/DNS.cc | 4 +- src/analyzer/protocol/http/HTTP.cc | 32 ++--- src/analyzer/protocol/icmp/ICMP.cc | 9 +- src/analyzer/protocol/netbios/NetbiosSSN.cc | 6 +- src/analyzer/protocol/pia/PIA.cc | 8 +- src/analyzer/protocol/rpc/RPC.cc | 16 +-- .../protocol/stepping-stone/SteppingStone.cc | 14 +- src/analyzer/protocol/tcp/TCP.cc | 30 ++-- src/analyzer/protocol/tcp/TCP_Reassembler.cc | 10 +- src/analyzer/protocol/teredo/Teredo.cc | 2 +- src/analyzer/protocol/udp/UDP.cc | 4 +- src/analyzer/protocol/vxlan/VXLAN.cc | 6 +- src/binpac_bro-lib.pac | 2 +- src/broker/Manager.cc | 8 +- src/file_analysis/File.cc | 8 +- src/file_analysis/Manager.h | 2 +- src/iosource/Manager.cc | 6 +- src/iosource/PktSrc.cc | 24 ++-- src/iosource/pcap/Dumper.cc | 2 +- src/logging/Manager.cc | 32 ++--- src/logging/WriterFrontend.cc | 2 +- src/logging/writers/ascii/Ascii.cc | 2 +- src/main.cc | 4 +- src/scan.l | 28 ++-- src/stats.bif | 4 +- src/supervisor/Supervisor.cc | 4 +- src/threading/Manager.cc | 11 +- src/threading/MsgThread.cc | 7 +- src/util.cc | 29 ++-- src/util.h | 2 +- src/zeek-setup.cc | 40 +++--- src/zeek.bif | 42 +++--- 55 files changed, 461 insertions(+), 374 deletions(-) diff --git a/src/Conn.cc b/src/Conn.cc index 4f6e3880fc..5d1ff7ca77 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -194,8 +194,8 @@ void Connection::NextPacket(double t, bool is_orig, // arguments for reproducing packets const zeek::Packet *pkt) { - current_timestamp = t; - current_pkt = pkt; + zeek::net::current_timestamp = t; + zeek::net::current_pkt = pkt; if ( Skipping() ) return; @@ -218,13 +218,13 @@ void Connection::NextPacket(double t, bool is_orig, else last_time = t; - current_timestamp = 0; - current_pkt = nullptr; + zeek::net::current_timestamp = 0; + zeek::net::current_pkt = nullptr; } void Connection::SetLifetime(double lifetime) { - ADD_TIMER(&Connection::DeleteTimer, network_time + lifetime, 0, + ADD_TIMER(&Connection::DeleteTimer, zeek::net::network_time + lifetime, 0, zeek::detail::TIMER_CONN_DELETE); } @@ -329,7 +329,7 @@ void Connection::EnableStatusUpdateTimer() if ( connection_status_update && connection_status_update_interval ) { ADD_TIMER(&Connection::StatusUpdateTimer, - network_time + connection_status_update_interval, 0, + zeek::net::network_time + connection_status_update_interval, 0, zeek::detail::TIMER_CONN_STATUS_UPDATE); installed_status_timer = 1; } @@ -339,7 +339,7 @@ void Connection::StatusUpdateTimer(double t) { EnqueueEvent(connection_status_update, nullptr, ConnVal()); ADD_TIMER(&Connection::StatusUpdateTimer, - network_time + connection_status_update_interval, 0, + zeek::net::network_time + connection_status_update_interval, 0, zeek::detail::TIMER_CONN_STATUS_UPDATE); } diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 51a2fc448c..fdcce40d0b 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -1338,7 +1338,7 @@ double DNS_Mgr::GetNextTimeout() if ( asyncs_timeouts.empty() ) return -1; - return network_time + DNS_TIMEOUT; + return zeek::net::network_time + DNS_TIMEOUT; } void DNS_Mgr::Process() @@ -1350,7 +1350,7 @@ void DNS_Mgr::Process() { AsyncRequest* req = asyncs_timeouts.top(); - if ( req->time + DNS_TIMEOUT > current_time() && ! terminating ) + if ( req->time + DNS_TIMEOUT > current_time() && ! zeek::net::terminating ) break; if ( ! req->processed ) diff --git a/src/Debug.cc b/src/Debug.cc index c5385546e5..bd04044115 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -158,7 +158,7 @@ int TraceState::LogTrace(const char* fmt, ...) va_start(args, fmt); // Prefix includes timestamp and file/line info. - fprintf(trace_file, "%.6f ", network_time); + fprintf(trace_file, "%.6f ", zeek::net::network_time); const zeek::detail::Stmt* stmt; zeek::detail::Location loc; diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index 6fe0ccc0bb..d6a8f3fead 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -159,7 +159,7 @@ void DebugLogger::Log(DebugStream stream, const char* fmt, ...) return; fprintf(file, "%17.06f/%17.06f [%s] ", - network_time, current_time(true), g->prefix); + zeek::net::network_time, current_time(true), g->prefix); for ( int i = g->indent; i > 0; --i ) fputs(" ", file); @@ -182,7 +182,7 @@ void DebugLogger::Log(const zeek::plugin::Plugin& plugin, const char* fmt, ...) return; fprintf(file, "%17.06f/%17.06f [plugin %s] ", - network_time, current_time(true), plugin.Name().c_str()); + zeek::net::network_time, current_time(true), plugin.Name().c_str()); va_list ap; va_start(ap, fmt); diff --git a/src/Event.cc b/src/Event.cc index c5fba1304a..f7f33d7843 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -224,8 +224,8 @@ void EventMgr::Process() // reading live (which includes pseudo-realtime), advance the time // here to the current time since otherwise it won't move forward. zeek::iosource::PktSrc* pkt_src = zeek::iosource_mgr->GetPktSrc(); - if ( ! pkt_src || ! pkt_src->IsOpen() || reading_live ) - net_update_time(current_time()); + if ( ! pkt_src || ! pkt_src->IsOpen() || zeek::net::reading_live ) + zeek::net::detail::net_update_time(current_time()); queue_flare.Extinguish(); diff --git a/src/Expr.cc b/src/Expr.cc index 55b4b433f2..3ba0cd77b5 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -3861,7 +3861,7 @@ bool ScheduleExpr::IsPure() const ValPtr ScheduleExpr::Eval(Frame* f) const { - if ( terminating ) + if ( zeek::net::terminating ) return nullptr; auto when_val = when->Eval(f); @@ -3872,7 +3872,7 @@ ValPtr ScheduleExpr::Eval(Frame* f) const double dt = when_val->InternalDouble(); if ( when->GetType()->Tag() == zeek::TYPE_INTERVAL ) - dt += network_time; + dt += zeek::net::network_time; auto args = eval_list(f, event->Args()); diff --git a/src/File.cc b/src/File.cc index 03f01cca32..2243c30337 100644 --- a/src/File.cc +++ b/src/File.cc @@ -119,7 +119,7 @@ const char* File::Name() const bool File::Open(FILE* file, const char* mode) { static bool fds_maximized = false; - open_time = network_time ? network_time : current_time(); + open_time = zeek::net::network_time ? zeek::net::network_time : current_time(); if ( ! fds_maximized ) { diff --git a/src/Frag.cc b/src/Frag.cc index 61bde3e0a2..c89bcfd5ce 100644 --- a/src/Frag.cc +++ b/src/Frag.cc @@ -154,7 +154,7 @@ void FragReassembler::AddFragment(double t, const zeek::IP_Hdr* ip, const u_char pkt += hdr_len; len -= hdr_len; - NewBlock(network_time, offset, len, pkt); + NewBlock(zeek::net::network_time, offset, len, pkt); } void FragReassembler::Weird(const char* name) const @@ -278,7 +278,7 @@ void FragReassembler::BlockInserted(DataBlockMap::const_iterator /* it */) { zeek::reporter->InternalWarning("bad fragment reassembly"); DeleteTimer(); - Expire(network_time); + Expire(zeek::net::network_time); delete [] pkt_start; return; } diff --git a/src/Net.cc b/src/Net.cc index 6bd9a93ab5..249a56b042 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -42,29 +42,16 @@ extern "C" { extern int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); } +static double last_watchdog_proc_time = 0.0; // value of above during last watchdog +extern int signal_val; + +namespace zeek::net { +namespace detail { + zeek::iosource::PktDumper* pkt_dumper = nullptr; - -bool reading_live = false; -bool reading_traces = false; -bool have_pending_timers = false; -double pseudo_realtime = 0.0; -double network_time = 0.0; // time according to last packet timestamp - // (or current time) -double processing_start_time = 0.0; // time started working on current pkt -double bro_start_time = 0.0; // time Bro started. -double bro_start_network_time; // timestamp of first packet -double last_watchdog_proc_time = 0.0; // value of above during last watchdog -bool terminating = false; // whether we're done reading and finishing up -bool is_parsing = false; - -const zeek::Packet *current_pkt = nullptr; -int current_dispatched = 0; -double current_timestamp = 0.0; zeek::iosource::PktSrc* current_pktsrc = nullptr; zeek::iosource::IOSource* current_iosrc = nullptr; - -std::list files_scanned; -std::vector sig_files; +bool have_pending_timers = false; RETSIGTYPE watchdog(int /* signo */) { @@ -221,9 +208,9 @@ void expire_timers(zeek::iosource::PktSrc* src_ps) void net_packet_dispatch(double t, const zeek::Packet* pkt, zeek::iosource::PktSrc* src_ps) { - if ( ! bro_start_network_time ) + if ( ! zeek_start_network_time ) { - bro_start_network_time = t; + zeek_start_network_time = t; if ( network_time_init ) zeek::event_mgr.Enqueue(network_time_init, zeek::Args{}); @@ -330,9 +317,7 @@ void net_run() current_dispatched = 0; current_iosrc = nullptr; - extern int signal_val; - - if ( signal_val == SIGTERM || signal_val == SIGINT ) + if ( ::signal_val == SIGTERM || ::signal_val == SIGINT ) // We received a signal while processing the // current packet and its related events. // Should we put the signal handling into an IOSource? @@ -412,7 +397,27 @@ void net_delete() delete zeek::detail::ip_anonymizer[i]; } -int _processing_suspended = 0; +std::list files_scanned; +std::vector sig_files; + +} // namespace detail + +bool reading_live = false; +bool reading_traces = false; +double pseudo_realtime = 0.0; +double network_time = 0.0; // time according to last packet timestamp + // (or current time) +double processing_start_time = 0.0; // time started working on current pkt +double zeek_start_time = 0.0; // time Bro started. +double zeek_start_network_time; // timestamp of first packet +bool terminating = false; // whether we're done reading and finishing up +bool is_parsing = false; + +const zeek::Packet *current_pkt = nullptr; +int current_dispatched = 0; +double current_timestamp = 0.0; + +static int _processing_suspended = 0; void net_suspend_processing() { @@ -433,3 +438,29 @@ void net_continue_processing() --_processing_suspended; } + +bool net_is_processing_suspended() { return _processing_suspended; } + +} // namespace zeek::net + +// Remove all of these in v4.1. +zeek::iosource::PktSrc*& current_pktsrc = zeek::net::detail::current_pktsrc; +zeek::iosource::IOSource*& current_iosrc = zeek::net::detail::current_iosrc; +zeek::iosource::PktDumper*& pkt_dumper = zeek::net::detail::pkt_dumper; +bool& have_pending_timers = zeek::net::detail::have_pending_timers; + +bool& reading_live = zeek::net::reading_live; +bool& reading_traces = zeek::net::reading_traces; +double& pseudo_realtime = zeek::net::pseudo_realtime; +double& processing_start_time = zeek::net::processing_start_time; +double& bro_start_time = zeek::net::zeek_start_time; +double& bro_start_network_time = zeek::net::zeek_start_network_time; +bool& terminating = zeek::net::terminating; +bool& is_parsing = zeek::net::is_parsing; + +const zeek::Packet*& current_pkt = zeek::net::current_pkt; +int& current_dispatched = zeek::net::current_dispatched; +double& current_timestamp = zeek::net::current_timestamp; + +std::list& files_scanned = zeek::net::detail::files_scanned; +std::vector& sig_files = zeek::net::detail::sig_files; diff --git a/src/Net.h b/src/Net.h index 5fd9fa5563..aedc77ce92 100644 --- a/src/Net.h +++ b/src/Net.h @@ -16,6 +16,9 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(PktSrc, zeek, iosource); ZEEK_FORWARD_DECLARE_NAMESPACED(PktDumper, zeek, iosource); ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek); +namespace zeek::net { +namespace detail { + extern void net_init(const std::optional& interfaces, const std::optional& pcap_input_file, const std::optional& pcap_output_file, @@ -30,22 +33,9 @@ extern void net_packet_dispatch(double t, const zeek::Packet* pkt, extern void expire_timers(zeek::iosource::PktSrc* src_ps = nullptr); extern void zeek_terminate_loop(const char* reason); -// Functions to temporarily suspend processing of live input (network packets -// and remote events/state). Turning this is on is sure to lead to data loss! -extern void net_suspend_processing(); -extern void net_continue_processing(); - -extern int _processing_suspended; // don't access directly. -inline bool net_is_processing_suspended() - { return _processing_suspended > 0; } - -// Whether we're reading live traffic. -extern bool reading_live; - -// Same but for reading from traces instead. We have two separate -// variables because it's possible that neither is true, and we're -// instead just running timers (per the variable after this one). -extern bool reading_traces; +extern zeek::iosource::PktSrc* current_pktsrc; +extern zeek::iosource::IOSource* current_iosrc; +extern zeek::iosource::PktDumper* pkt_dumper; // where to save packets // True if we have timers scheduled for the future on which we need // to wait. "Need to wait" here means that we're running live (though @@ -54,35 +44,6 @@ extern bool reading_traces; // on future timers). extern bool have_pending_timers; -// If > 0, we are reading from traces but trying to mimic real-time behavior. -// (In this case, both reading_traces and reading_live are true.) The value -// is the speedup (1 = real-time, 0.5 = half real-time, etc.). -extern double pseudo_realtime; - -// When we started processing the current packet and corresponding event -// queue. -extern double processing_start_time; - -// When the Bro process was started. -extern double bro_start_time; - -// Time at which the Bro process was started with respect to network time, -// i.e. the timestamp of the first packet. -extern double bro_start_network_time; - -// True if we're a in the process of cleaning-up just before termination. -extern bool terminating; - -// True if Bro is currently parsing scripts. -extern bool is_parsing; - -extern const zeek::Packet* current_pkt; -extern int current_dispatched; -extern double current_timestamp; -extern zeek::iosource::PktSrc* current_pktsrc; -extern zeek::iosource::IOSource* current_iosrc; - -extern zeek::iosource::PktDumper* pkt_dumper; // where to save packets // Script file we have already scanned (or are in the process of scanning). // They are identified by normalized realpath. @@ -106,3 +67,84 @@ struct ScannedFile { extern std::list files_scanned; extern std::vector sig_files; + +} // namespace detail + +// Functions to temporarily suspend processing of live input (network packets +// and remote events/state). Turning this is on is sure to lead to data loss! +extern void net_suspend_processing(); +extern void net_continue_processing(); +bool net_is_processing_suspended(); + +// Whether we're reading live traffic. +extern bool reading_live; + +// Same but for reading from traces instead. We have two separate +// variables because it's possible that neither is true, and we're +// instead just running timers (per the variable after this one). +extern bool reading_traces; + +// If > 0, we are reading from traces but trying to mimic real-time behavior. +// (In this case, both reading_traces and reading_live are true.) The value +// is the speedup (1 = real-time, 0.5 = half real-time, etc.). +extern double pseudo_realtime; + +// When we started processing the current packet and corresponding event +// queue. +extern double processing_start_time; + +// When the Bro process was started. +extern double zeek_start_time; + +// Time at which the Bro process was started with respect to network time, +// i.e. the timestamp of the first packet. +extern double zeek_start_network_time; + +// Time according to last packet timestamp (or current time) +extern double network_time; + +// True if we're a in the process of cleaning-up just before termination. +extern bool terminating; + +// True if Bro is currently parsing scripts. +extern bool is_parsing; + +extern const zeek::Packet* current_pkt; +extern int current_dispatched; +extern double current_timestamp; + +} // namespace zeek::net + +constexpr auto net_init [[deprecated("Remove in v4.1. Use zeek::net::detail::net_init.")]] = zeek::net::detail::net_init; +constexpr auto net_run [[deprecated("Remove in v4.1. Use zeek::net::detail::net_run.")]] = zeek::net::detail::net_run; +constexpr auto net_get_final_stats [[deprecated("Remove in v4.1. Use zeek::net::detail::net_get_final_stats.")]] = zeek::net::detail::net_get_final_stats; +constexpr auto net_finish [[deprecated("Remove in v4.1. Use zeek::net::detail::net_finish.")]] = zeek::net::detail::net_finish; +constexpr auto net_delete [[deprecated("Remove in v4.1. Use zeek::net::detail::net_delete.")]] = zeek::net::detail::net_delete; +constexpr auto net_update_time [[deprecated("Remove in v4.1. Use zeek::net::detail::net_update_time.")]] = zeek::net::detail::net_update_time; +constexpr auto net_packet_dispatch [[deprecated("Remove in v4.1. Use zeek::net::detail::net_packet_dispatch.")]] = zeek::net::detail::net_packet_dispatch; +constexpr auto expire_timers [[deprecated("Remove in v4.1. Use zeek::net::detail::expire_timers.")]] = zeek::net::detail::expire_timers; +constexpr auto zeek_terminate_loop [[deprecated("Remove in v4.1. Use zeek::net::detail::zeek_terminate_loop.")]] = zeek::net::detail::zeek_terminate_loop; +extern zeek::iosource::PktSrc*& current_pktsrc [[deprecated("Remove in v4.1. Use zeek::net::detail::current_pktsrc.")]]; +extern zeek::iosource::IOSource*& current_iosrc [[deprecated("Remove in v4.1. Use zeek::net::detail::current_iosrc.")]]; +extern zeek::iosource::PktDumper*& pkt_dumper [[deprecated("Remove in v4.1. Use zeek::net::detail::pkt_dumper.")]]; +extern bool& have_pending_timers [[deprecated("Remove in v4.1. Use zeek::net::detail::have_pending_timers.")]]; + +constexpr auto net_suspend_processing [[deprecated("Remove in v4.1. Use zeek::net::net_suspend_processing.")]] = zeek::net::net_suspend_processing; +constexpr auto net_continue_processing [[deprecated("Remove in v4.1. Use zeek::net::net_continue_processing.")]] = zeek::net::net_continue_processing; +constexpr auto net_is_processing_suspended [[deprecated("Remove in v4.1. Use zeek::net::net_is_processing_suspended.")]] = zeek::net::net_is_processing_suspended; + +extern bool& reading_live [[deprecated("Remove in v4.1. Use zeek::net::reading_live.")]]; +extern bool& reading_traces [[deprecated("Remove in v4.1. Use zeek::net::reading_traces.")]]; +extern double& pseudo_realtime [[deprecated("Remove in v4.1. Use zeek::net::pseudo_realtime.")]]; +extern double& processing_start_time [[deprecated("Remove in v4.1. Use zeek::net::processing_start_time.")]]; +extern double& bro_start_time [[deprecated("Remove in v4.1. Use zeek::net::zeek_start_time.")]]; +extern double& bro_start_network_time [[deprecated("Remove in v4.1. Use zeek::net::zeek_start_network_time.")]]; +extern bool& terminating [[deprecated("Remove in v4.1. Use zeek::net::terminating.")]]; +extern bool& is_parsing [[deprecated("Remove in v4.1. Use zeek::net::is_parsing.")]]; +extern const zeek::Packet*& current_pkt [[deprecated("Remove in v4.1. Use zeek::net::current_pkt.")]]; +extern int& current_dispatched [[deprecated("Remove in v4.1. Use zeek::net::current_dispatched.")]]; +extern double& current_timestamp [[deprecated("Remove in v4.1. Use zeek::net::current_timestamp.")]]; + +using ScannedFile [[deprecated("Remove in v4.1. Use zeek::net::detail::ScannedFile.")]] = zeek::net::detail::ScannedFile; +extern std::list& files_scanned [[deprecated("Remove in v4.1. Use zeek::net::detail::files_scanned.")]]; +extern std::vector& sig_files [[deprecated("Remove in v4.1. Use zeek::net::detail::sig_files.")]]; diff --git a/src/Reporter.cc b/src/Reporter.cc index 7e2ce20c2b..cedafd59cd 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -226,7 +226,7 @@ void Reporter::InternalWarning(const char* fmt, ...) void Reporter::Syslog(const char* fmt, ...) { - if ( reading_traces ) + if ( zeek::net::reading_traces ) return; va_list ap; @@ -313,7 +313,7 @@ bool Reporter::PermitNetWeird(const char* name) ++count; if ( count == 1 ) - zeek::detail::timer_mgr->Add(new NetWeirdTimer(network_time, name, + zeek::detail::timer_mgr->Add(new NetWeirdTimer(zeek::net::network_time, name, weird_sampling_duration)); if ( count <= weird_sampling_threshold ) @@ -333,7 +333,7 @@ bool Reporter::PermitFlowWeird(const char* name, auto& map = flow_weird_state[endpoints]; if ( map.empty() ) - zeek::detail::timer_mgr->Add(new FlowWeirdTimer(network_time, endpoints, + zeek::detail::timer_mgr->Add(new FlowWeirdTimer(zeek::net::network_time, endpoints, weird_sampling_duration)); auto& count = map[name]; @@ -360,7 +360,7 @@ bool Reporter::PermitExpiredConnWeird(const char* name, const zeek::RecordVal& c auto& map = expired_conn_weird_state[conn_tuple]; if ( map.empty() ) - zeek::detail::timer_mgr->Add(new ConnTupleWeirdTimer(network_time, + zeek::detail::timer_mgr->Add(new ConnTupleWeirdTimer(zeek::net::network_time, std::move(conn_tuple), weird_sampling_duration)); @@ -562,7 +562,7 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, vl.reserve(vl_size); if ( time ) - vl.emplace_back(zeek::make_intrusive(network_time ? network_time : current_time())); + vl.emplace_back(zeek::make_intrusive(zeek::net::network_time ? zeek::net::network_time : current_time())); vl.emplace_back(zeek::make_intrusive(buffer)); @@ -594,10 +594,10 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, { std::string s = ""; - if ( bro_start_network_time != 0.0 ) + if ( zeek::net::zeek_start_network_time != 0.0 ) { char tmp[32]; - snprintf(tmp, 32, "%.6f", network_time); + snprintf(tmp, 32, "%.6f", zeek::net::network_time); s += std::string(tmp) + " "; } diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 65df3eede4..ea05cc8ed8 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -1235,11 +1235,11 @@ void RuleMatcher::DumpStats(zeek::File* f) GetStats(&stats); f->Write(fmt("%.6f computed dfa states = %d; classes = ??; " - "computed trans. = %d; matchers = %d; mem = %d\n", - network_time, stats.dfa_states, stats.computed, - stats.matchers, stats.mem)); - f->Write(fmt("%.6f DFA cache hits = %d; misses = %d\n", network_time, - stats.hits, stats.misses)); + "computed trans. = %d; matchers = %d; mem = %d\n", + zeek::net::network_time, stats.dfa_states, stats.computed, + stats.matchers, stats.mem)); + f->Write(fmt("%.6f DFA cache hits = %d; misses = %d\n", zeek::net::network_time, + stats.hits, stats.misses)); DumpStateStats(f, root); } @@ -1256,9 +1256,9 @@ void RuleMatcher::DumpStateStats(zeek::File* f, RuleHdrTest* hdr_test) RuleHdrTest::PatternSet* set = hdr_test->psets[i][j]; assert(set->re); - f->Write(fmt("%.6f %d DFA states in %s group %d from sigs ", network_time, - set->re->DFA()->NumStates(), - Rule::TypeToString((Rule::PatternType)i), j)); + f->Write(fmt("%.6f %d DFA states in %s group %d from sigs ", zeek::net::network_time, + set->re->DFA()->NumStates(), + Rule::TypeToString((Rule::PatternType)i), j)); for ( const auto& id : set->ids ) { diff --git a/src/Sessions.cc b/src/Sessions.cc index ef90e09094..85465423a4 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -632,11 +632,11 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP { EncapsulatingConn ec(ip_hdr->SrcAddr(), ip_hdr->DstAddr(), tunnel_type); - ip_tunnels[tunnel_idx] = TunnelActivity(ec, network_time); - zeek::detail::timer_mgr->Add(new detail::IPTunnelTimer(network_time, tunnel_idx)); + ip_tunnels[tunnel_idx] = TunnelActivity(ec, zeek::net::network_time); + zeek::detail::timer_mgr->Add(new detail::IPTunnelTimer(zeek::net::network_time, tunnel_idx)); } else - it->second.second = network_time; + it->second.second = zeek::net::network_time; if ( gre_version == 0 ) DoNextInnerPacket(t, pkt, caplen, len, data, gre_link_type, @@ -758,9 +758,9 @@ void NetSessions::DoNextInnerPacket(double t, const zeek::Packet* pkt, ts = pkt->ts; else { - ts.tv_sec = (time_t) network_time; + ts.tv_sec = (time_t) zeek::net::network_time; ts.tv_usec = (suseconds_t) - ((network_time - (double)ts.tv_sec) * 1000000); + ((zeek::net::network_time - (double)ts.tv_sec) * 1000000); } const u_char* data = nullptr; @@ -796,9 +796,9 @@ void NetSessions::DoNextInnerPacket(double t, const zeek::Packet* pkt, ts = pkt->ts; else { - ts.tv_sec = (time_t) network_time; + ts.tv_sec = (time_t) zeek::net::network_time; ts.tv_usec = (suseconds_t) - ((network_time - (double)ts.tv_sec) * 1000000); + ((zeek::net::network_time - (double)ts.tv_sec) * 1000000); } EncapsulationStack* outer = prev ? @@ -1310,7 +1310,7 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port, void NetSessions::DumpPacket(const zeek::Packet *pkt, int len) { - if ( ! pkt_dumper ) + if ( ! zeek::net::detail::pkt_dumper ) return; if ( len != 0 ) @@ -1321,7 +1321,7 @@ void NetSessions::DumpPacket(const zeek::Packet *pkt, int len) const_cast(pkt)->cap_len = len; } - pkt_dumper->Dump(pkt); + zeek::net::detail::pkt_dumper->Dump(pkt); } void NetSessions::Weird(const char* name, const zeek::Packet* pkt, @@ -1350,7 +1350,7 @@ unsigned int NetSessions::ConnectionMemoryUsage() { unsigned int mem = 0; - if ( terminating ) + if ( zeek::net::terminating ) // Connections have been flushed already. return 0; @@ -1370,7 +1370,7 @@ unsigned int NetSessions::ConnectionMemoryUsageConnVals() { unsigned int mem = 0; - if ( terminating ) + if ( zeek::net::terminating ) // Connections have been flushed already. return 0; @@ -1388,7 +1388,7 @@ unsigned int NetSessions::ConnectionMemoryUsageConnVals() unsigned int NetSessions::MemoryAllocation() { - if ( terminating ) + if ( zeek::net::terminating ) // Connections have been flushed already. return 0; diff --git a/src/Stats.cc b/src/Stats.cc index 42ee960dbd..1c26bc9b5e 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -51,7 +51,7 @@ void ProfileTimer::Dispatch(double t, bool is_expire) // Reinstall timer. if ( ! is_expire ) - zeek::detail::timer_mgr->Add(new ProfileTimer(network_time + interval, + zeek::detail::timer_mgr->Add(new ProfileTimer(zeek::net::network_time + interval, logger, interval)); } @@ -71,11 +71,11 @@ ProfileLogger::~ProfileLogger() void ProfileLogger::Log() { - if ( terminating ) + if ( zeek::net::terminating ) // Connections have been flushed already. return; - file->Write(fmt("%.06f ------------------------\n", network_time)); + file->Write(fmt("%.06f ------------------------\n", zeek::net::network_time)); // Do expensive profiling only occasionally. bool expensive = false; @@ -108,27 +108,27 @@ void ProfileLogger::Log() first_utime = utime; first_stime = stime; - file->Write(fmt("%.06f Command line: ", network_time )); + file->Write(fmt("%.06f Command line: ", zeek::net::network_time )); for ( int i = 0; i < bro_argc; i++ ) { file->Write(bro_argv[i]); file->Write(" "); } - file->Write(fmt("\n%.06f ------------------------\n", network_time)); + file->Write(fmt("\n%.06f ------------------------\n", zeek::net::network_time)); } file->Write(fmt("%.06f Memory: total=%" PRId64 "K total_adj=%" PRId64 "K malloced: %" PRId64 "K\n", - network_time, total / 1024, (total - first_total) / 1024, + zeek::net::network_time, total / 1024, (total - first_total) / 1024, malloced / 1024)); file->Write(fmt("%.06f Run-time: user+sys=%.1f user=%.1f sys=%.1f real=%.1f\n", - network_time, (utime + stime) - (first_utime + first_stime), + zeek::net::network_time, (utime + stime) - (first_utime + first_stime), utime - first_utime, stime - first_stime, rtime - first_rtime)); int conn_mem_use = expensive ? sessions->ConnectionMemoryUsage() : 0; file->Write(fmt("%.06f Conns: total=%" PRIu64 " current=%" PRIu64 "/%" PRIi32 " mem=%" PRIi32 "K avg=%.1f table=%" PRIu32 "K connvals=%" PRIu32 "K\n", - network_time, + zeek::net::network_time, Connection::TotalConnections(), Connection::CurrentConnections(), sessions->CurrentConnections(), @@ -142,19 +142,19 @@ void ProfileLogger::Log() sessions->GetStats(s); file->Write(fmt("%.06f Conns: tcp=%zu/%zu udp=%zu/%zu icmp=%zu/%zu\n", - network_time, + zeek::net::network_time, s.num_TCP_conns, s.max_TCP_conns, s.num_UDP_conns, s.max_UDP_conns, s.num_ICMP_conns, s.max_ICMP_conns )); sessions->tcp_stats.PrintStats(file, - fmt("%.06f TCP-States:", network_time)); + fmt("%.06f TCP-States:", zeek::net::network_time)); // Alternatively, if you prefer more compact output... /* file->Write(fmt("%.8f TCP-States: I=%d S=%d SA=%d SR=%d E=%d EF=%d ER=%d F=%d P=%d\n", - network_time, + zeek::net::network_time, sessions->tcp_stats.StateInactive(), sessions->tcp_stats.StateRequest(), sessions->tcp_stats.StateSuccRequest(), @@ -168,9 +168,9 @@ void ProfileLogger::Log() */ file->Write(fmt("%.06f Connections expired due to inactivity: %" PRIu64 "\n", - network_time, killed_by_inactivity)); + zeek::net::network_time, killed_by_inactivity)); - file->Write(fmt("%.06f Total reassembler data: %" PRIu64 "K\n", network_time, + file->Write(fmt("%.06f Total reassembler data: %" PRIu64 "K\n", zeek::net::network_time, Reassembler::TotalMemoryAllocation() / 1024)); // Signature engine. @@ -180,38 +180,38 @@ void ProfileLogger::Log() zeek::detail::rule_matcher->GetStats(&stats); file->Write(fmt("%06f RuleMatcher: matchers=%d nfa_states=%d dfa_states=%d " - "ncomputed=%d mem=%dK\n", network_time, stats.matchers, + "ncomputed=%d mem=%dK\n", zeek::net::network_time, stats.matchers, stats.nfa_states, stats.dfa_states, stats.computed, stats.mem / 1024)); } file->Write(fmt("%.06f Timers: current=%d max=%d lag=%.2fs\n", - network_time, + zeek::net::network_time, zeek::detail::timer_mgr->Size(), zeek::detail::timer_mgr->PeakSize(), - network_time - zeek::detail::timer_mgr->LastTimestamp())); + zeek::net::network_time - zeek::detail::timer_mgr->LastTimestamp())); zeek::detail::DNS_Mgr::Stats dstats; zeek::detail::dns_mgr->GetStats(&dstats); file->Write(fmt("%.06f DNS_Mgr: requests=%lu succesful=%lu failed=%lu pending=%lu cached_hosts=%lu cached_addrs=%lu\n", - network_time, + zeek::net::network_time, dstats.requests, dstats.successful, dstats.failed, dstats.pending, dstats.cached_hosts, dstats.cached_addresses)); zeek::detail::trigger::Manager::Stats tstats; zeek::detail::trigger_mgr->GetStats(&tstats); - file->Write(fmt("%.06f Triggers: total=%lu pending=%lu\n", network_time, tstats.total, tstats.pending)); + file->Write(fmt("%.06f Triggers: total=%lu pending=%lu\n", zeek::net::network_time, tstats.total, tstats.pending)); unsigned int* current_timers = zeek::detail::TimerMgr::CurrentTimers(); for ( int i = 0; i < zeek::detail::NUM_TIMER_TYPES; ++i ) { if ( current_timers[i] ) - file->Write(fmt("%.06f %s = %d\n", network_time, + file->Write(fmt("%.06f %s = %d\n", zeek::net::network_time, zeek::detail::timer_type_to_string(static_cast(i)), current_timers[i])); } - file->Write(fmt("%0.6f Threads: current=%d\n", network_time, zeek::thread_mgr->NumThreads())); + file->Write(fmt("%0.6f Threads: current=%d\n", zeek::net::network_time, zeek::thread_mgr->NumThreads())); const threading::Manager::msg_stats_list& thread_stats = zeek::thread_mgr->GetMsgThreadStats(); for ( threading::Manager::msg_stats_list::const_iterator i = thread_stats.begin(); @@ -221,7 +221,7 @@ void ProfileLogger::Log() file->Write(fmt("%0.6f %-25s in=%" PRIu64 " out=%" PRIu64 " pending=%" PRIu64 "/%" PRIu64 " (#queue r/w: in=%" PRIu64 "/%" PRIu64 " out=%" PRIu64 "/%" PRIu64 ")" "\n", - network_time, + zeek::net::network_time, i->first.c_str(), s.sent_in, s.sent_out, s.pending_in, s.pending_out, @@ -237,7 +237,7 @@ void ProfileLogger::Log() "events_in=%zu events_out=%zu " "logs_in=%zu logs_out=%zu " "ids_in=%zu ids_out=%zu ", - network_time, cs.num_peers, cs.num_stores, + zeek::net::network_time, cs.num_peers, cs.num_stores, cs.num_pending_queries, cs.num_events_incoming, cs.num_events_outgoing, cs.num_logs_incoming, cs.num_logs_outgoing, @@ -254,7 +254,7 @@ void ProfileLogger::Log() int total_table_rentries = 0; file->Write(fmt("%.06f Global_sizes > 100k: %dK\n", - network_time, mem / 1024)); + zeek::net::network_time, mem / 1024)); for ( const auto& global : globals ) { @@ -295,7 +295,7 @@ void ProfileLogger::Log() if ( print ) { file->Write(fmt("%.06f %s = %dK", - network_time, id->Name(), + zeek::net::network_time, id->Name(), size / 1024)); if ( entries >= 0 ) @@ -308,9 +308,9 @@ void ProfileLogger::Log() } file->Write(fmt("%.06f Global_sizes total: %dK\n", - network_time, mem / 1024)); + zeek::net::network_time, mem / 1024)); file->Write(fmt("%.06f Total number of table entries: %d/%d\n", - network_time, + zeek::net::network_time, total_table_entries, total_table_rentries)); } @@ -330,16 +330,16 @@ void ProfileLogger::SegmentProfile(const char* name, const zeek::detail::Locatio { if ( name ) file->Write(fmt("%.06f segment-%s dt=%.06f dmem=%d\n", - network_time, name, dtime, dmem)); + zeek::net::network_time, name, dtime, dmem)); else if ( loc ) file->Write(fmt("%.06f segment-%s:%d dt=%.06f dmem=%d\n", - network_time, + zeek::net::network_time, loc->filename ? loc->filename : "nofile", loc->first_line, dtime, dmem)); else file->Write(fmt("%.06f segment-XXX dt=%.06f dmem=%d\n", - network_time, dtime, dmem)); + zeek::net::network_time, dtime, dmem)); } diff --git a/src/Stmt.cc b/src/Stmt.cc index 77e0afed29..34e6cba8e2 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -169,7 +169,7 @@ ExprListStmt::~ExprListStmt() = default; ValPtr ExprListStmt::Exec(Frame* f, stmt_flow_type& flow) const { - last_access = network_time; + last_access = zeek::net::network_time; flow = FLOW_NEXT; auto vals = eval_list(f, l.get()); @@ -233,7 +233,7 @@ static void print_log(const std::vector& vals) vec->Assign(vec->Size(), zeek::make_intrusive(d.Description())); } - record->Assign(0, zeek::make_intrusive(network_time)); + record->Assign(0, zeek::make_intrusive(zeek::net::network_time)); record->Assign(1, std::move(vec)); zeek::log_mgr->Write(plval.get(), record.get()); } diff --git a/src/Stmt.h b/src/Stmt.h index b784b995e4..e34dcce21e 100644 --- a/src/Stmt.h +++ b/src/Stmt.h @@ -16,6 +16,8 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(CompositeHash, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Frame, zeek::detail); +namespace zeek::net { extern double network_time; } + namespace zeek::detail { class StmtList; @@ -51,7 +53,7 @@ public: ForStmt* AsForStmt(); - void RegisterAccess() const { last_access = network_time; access_count++; } + void RegisterAccess() const { last_access = zeek::net::network_time; access_count++; } void AccessStats(ODesc* d) const; uint32_t GetAccessCount() const { return access_count; } diff --git a/src/Timer.cc b/src/Timer.cc index 69b57fef66..ce502fe5e9 100644 --- a/src/Timer.cc +++ b/src/Timer.cc @@ -96,12 +96,13 @@ void TimerMgr::Process() // pseudo-realtime), advance the timer here to the current time since otherwise it won't // move forward and the timers won't fire correctly. iosource::PktSrc* pkt_src = zeek::iosource_mgr->GetPktSrc(); - if ( ! pkt_src || ! pkt_src->IsOpen() || reading_live || net_is_processing_suspended() ) - net_update_time(current_time()); + if ( ! pkt_src || ! pkt_src->IsOpen() || zeek::net::reading_live || zeek::net::net_is_processing_suspended() ) + zeek::net::detail::net_update_time(current_time()); // Just advance the timer manager based on the current network time. This won't actually // change the time, but will dispatch any timers that need dispatching. - current_dispatched += Advance(network_time, max_timer_expires - current_dispatched); + zeek::net::current_dispatched += Advance(zeek::net::network_time, + max_timer_expires - zeek::net::current_dispatched); } void TimerMgr::InitPostScript() @@ -185,7 +186,7 @@ double PQ_TimerMgr::GetNextTimeout() { Timer* top = Top(); if ( top ) - return std::max(0.0, top->Time() - ::network_time); + return std::max(0.0, top->Time() - zeek::net::network_time); return -1; } diff --git a/src/Trigger.cc b/src/Trigger.cc index c6ec3b0a27..891024522a 100644 --- a/src/Trigger.cc +++ b/src/Trigger.cc @@ -85,12 +85,12 @@ TraversalCode zeek::detail::trigger::TriggerTraversalCallback::PreExpr(const zee class TriggerTimer final : public Timer { public: TriggerTimer(double arg_timeout, Trigger* arg_trigger) - : Timer(network_time + arg_timeout, TIMER_TRIGGER) + : Timer(zeek::net::network_time + arg_timeout, TIMER_TRIGGER) { Ref(arg_trigger); trigger = arg_trigger; timeout = arg_timeout; - time = network_time; + time = zeek::net::network_time; } ~TriggerTimer() @@ -505,7 +505,7 @@ Manager::~Manager() double Manager::GetNextTimeout() { - return pending->empty() ? -1 : network_time + 0.100; + return pending->empty() ? -1 : zeek::net::network_time + 0.100; } void Manager::Process() diff --git a/src/Val.cc b/src/Val.cc index dd064639a1..4063b98552 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -1412,7 +1412,7 @@ TableVal::TableVal(TableTypePtr t, detail::AttributesPtr a) : Val(t) Init(std::move(t)); SetAttrs(std::move(a)); - if ( ! is_parsing ) + if ( ! zeek::net::is_parsing ) return; for ( const auto& t : table_type->GetIndexTypes() ) @@ -1946,7 +1946,7 @@ const ValPtr& TableVal::Find(const ValPtr& index) if ( v ) { if ( attrs && attrs->Find(detail::ATTR_EXPIRE_READ) ) - v->SetExpireAccess(network_time); + v->SetExpireAccess(net::network_time); if ( v->GetVal() ) return v->GetVal(); @@ -1970,7 +1970,7 @@ const ValPtr& TableVal::Find(const ValPtr& index) if ( v ) { if ( attrs && attrs->Find(detail::ATTR_EXPIRE_READ) ) - v->SetExpireAccess(network_time); + v->SetExpireAccess(net::network_time); if ( v->GetVal() ) return v->GetVal(); @@ -2042,7 +2042,7 @@ TableValPtr TableVal::LookupSubnetValues(const SubNetVal* search) if ( entry ) { if ( attrs && attrs->Find(detail::ATTR_EXPIRE_READ) ) - entry->SetExpireAccess(network_time); + entry->SetExpireAccess(net::network_time); } } @@ -2068,7 +2068,7 @@ bool TableVal::UpdateTimestamp(Val* index) if ( ! v ) return false; - v->SetExpireAccess(network_time); + v->SetExpireAccess(net::network_time); return true; } @@ -2204,7 +2204,7 @@ void TableVal::SendToStore(const Val* index, const TableEntryVal* new_entry_val, if ( attrs->Find(zeek::detail::ATTR_EXPIRE_CREATE) ) { // for create expiry, we have to substract the already elapsed time from the expiry. - auto e = expire_time - (network_time - new_entry_val->ExpireAccessTime()); + auto e = expire_time - (net::network_time - new_entry_val->ExpireAccessTime()); if ( e <= 0 ) // element already expired? Let's not insert it. break; @@ -2528,7 +2528,7 @@ void TableVal::InitDefaultFunc(zeek::detail::Frame* f) void TableVal::InitTimer(double delay) { - timer = new TableValTimer(this, network_time + delay); + timer = new TableValTimer(this, net::network_time + delay); zeek::detail::timer_mgr->Add(timer); } @@ -2595,7 +2595,7 @@ void TableVal::DoExpire(double t) { // User doesn't want us to expire // this now. - v->SetExpireAccess(network_time - timeout + secs); + v->SetExpireAccess(net::network_time - timeout + secs); delete k; continue; } @@ -2874,7 +2874,7 @@ RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t)) auto vl = val.record_val = new std::vector; vl->reserve(n); - if ( is_parsing ) + if ( zeek::net::is_parsing ) parse_time_records[rt].emplace_back(NewRef{}, this); if ( ! init_fields ) diff --git a/src/Val.h b/src/Val.h index 0cca42e399..65b898768c 100644 --- a/src/Val.h +++ b/src/Val.h @@ -48,15 +48,16 @@ namespace zeek::detail { class ScriptFunc; } using BroFunc [[deprecated("Remove in v4.1. Use zeek::detail::ScriptFunc instead.")]] = zeek::detail::ScriptFunc; ZEEK_FORWARD_DECLARE_NAMESPACED(PrefixTable, zeek::detail); -class StateAccess; ZEEK_FORWARD_DECLARE_NAMESPACED(RE_Matcher, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(CompositeHash, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(HashKey, zeek::detail); -extern double bro_start_network_time; - namespace zeek { +namespace net { + extern double network_time; + extern double zeek_start_network_time; +} using FuncPtr = zeek::IntrusivePtr; using FilePtr = zeek::IntrusivePtr; @@ -730,7 +731,7 @@ public: : val(std::move(v)) { expire_access_time = - int(network_time - bro_start_network_time); + int(net::network_time - net::zeek_start_network_time); } TableEntryVal* Clone(Val::CloneState* state); @@ -743,9 +744,9 @@ public: // Returns/sets time of last expiration relevant access to this value. double ExpireAccessTime() const - { return bro_start_network_time + expire_access_time; } + { return net::zeek_start_network_time + expire_access_time; } void SetExpireAccess(double time) - { expire_access_time = int(time - bro_start_network_time); } + { expire_access_time = int(time - net::zeek_start_network_time); } protected: friend class TableVal; diff --git a/src/WeirdState.cc b/src/WeirdState.cc index 8b2dc6c6e9..d9071fa744 100644 --- a/src/WeirdState.cc +++ b/src/WeirdState.cc @@ -14,10 +14,10 @@ bool PermitWeird(WeirdStateMap& wsm, const char* name, uint64_t threshold, return true; if ( state.count == threshold + 1) - state.sampling_start_time = network_time; + state.sampling_start_time = zeek::net::network_time; else { - if ( network_time > state.sampling_start_time + duration ) + if ( zeek::net::network_time > state.sampling_start_time + duration ) { state.sampling_start_time = 0; state.count = 1; diff --git a/src/analyzer/Manager.cc b/src/analyzer/Manager.cc index 66d73f2c57..4d58a1c9d8 100644 --- a/src/analyzer/Manager.cc +++ b/src/analyzer/Manager.cc @@ -499,14 +499,14 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn) void Manager::ExpireScheduledAnalyzers() { - if ( ! network_time ) + if ( ! zeek::net::network_time ) return; while ( conns_by_timeout.size() ) { ScheduledAnalyzer* a = conns_by_timeout.top(); - if ( a->timeout > network_time ) + if ( a->timeout > zeek::net::network_time ) return; conns_by_timeout.pop(); @@ -540,7 +540,7 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, TransportProto proto, const Tag& analyzer, double timeout) { - if ( ! network_time ) + if ( ! zeek::net::network_time ) { reporter->Warning("cannot schedule analyzers before processing begins; ignored"); return; @@ -554,7 +554,7 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, ScheduledAnalyzer* a = new ScheduledAnalyzer; a->conn = ConnIndex(orig, resp, resp_p, proto); a->analyzer = analyzer; - a->timeout = network_time + timeout; + a->timeout = zeek::net::network_time + timeout; conns.insert(std::make_pair(a->conn, a)); conns_by_timeout.push(a); @@ -597,7 +597,7 @@ Manager::tag_set Manager::GetScheduled(const Connection* conn) for ( conns_map::iterator i = all.first; i != all.second; i++ ) { - if ( i->second->timeout > network_time ) + if ( i->second->timeout > zeek::net::network_time ) result.insert(i->second->analyzer); } diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index 5c9d104123..9feee4ddde 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -90,7 +90,7 @@ void ConnSize_Analyzer::CheckThresholds(bool is_orig) if ( duration_thresh != 0 ) { - if ( ( network_time - start_time ) > duration_thresh && conn_duration_threshold_crossed ) + if ( ( zeek::net::network_time - start_time ) > duration_thresh && conn_duration_threshold_crossed ) { EnqueueConnEvent(conn_duration_threshold_crossed, ConnVal(), diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 8b132c80c1..be1ac96f91 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -1908,7 +1908,7 @@ DNS_Analyzer::DNS_Analyzer(zeek::Connection* conn) else { ADD_ANALYZER_TIMER(&DNS_Analyzer::ExpireTimer, - network_time + dns_session_timeout, true, + zeek::net::network_time + dns_session_timeout, true, zeek::detail::TIMER_DNS_EXPIRE); } } @@ -1956,7 +1956,7 @@ void DNS_Analyzer::ExpireTimer(double t) // The - 1.0 in the following is to allow 1 second for the // common case of a single request followed by a single reply, // so we don't needlessly set the timer twice in that case. - if ( t - Conn()->LastTime() >= dns_session_timeout - 1.0 || terminating ) + if ( t - Conn()->LastTime() >= dns_session_timeout - 1.0 || zeek::net::terminating ) { Event(connection_timeout); zeek::sessions->Remove(Conn()); diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 3ee5076c96..6fd3b7cff2 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -62,7 +62,7 @@ HTTP_Entity::HTTP_Entity(HTTP_Message* arg_message, zeek::analyzer::mime::MIME_E void HTTP_Entity::EndOfData() { if ( DEBUG_http ) - DEBUG_MSG("%.6f: end of data\n", network_time); + DEBUG_MSG("%.6f: end of data\n", zeek::net::network_time); if ( zip ) { @@ -84,7 +84,7 @@ void HTTP_Entity::Deliver(int len, const char* data, bool trailing_CRLF) if ( DEBUG_http ) { DEBUG_MSG("%.6f HTTP_Entity::Deliver len=%d, in_header=%d\n", - network_time, len, in_header); + zeek::net::network_time, len, in_header); } if ( end_of_data ) @@ -511,7 +511,7 @@ void HTTP_Entity::SubmitAllHeaders() ASSERT(! in_header); if ( DEBUG_http ) - DEBUG_MSG("%.6f end of headers\n", network_time); + DEBUG_MSG("%.6f end of headers\n", zeek::net::network_time); if ( Parent() && Parent()->MIMEContentType() == zeek::analyzer::mime::CONTENT_TYPE_MULTIPART ) @@ -609,7 +609,7 @@ HTTP_Message::HTTP_Message(HTTP_Analyzer* arg_analyzer, entity_data_buffer = nullptr; BeginEntity(top_level); - start_time = network_time; + start_time = zeek::net::network_time; body_length = 0; content_gap_length = 0; header_length = init_header_length; @@ -642,7 +642,7 @@ void HTTP_Message::Done(bool interrupted, const char* detail) zeek::analyzer::mime::MIME_Message::Done(); - // DEBUG_MSG("%.6f HTTP message done.\n", network_time); + // DEBUG_MSG("%.6f HTTP message done.\n", zeek::net::network_time); top_level->EndOfData(); if ( is_orig || MyHTTP_Analyzer()->HTTP_ReplyCode() != 206 ) @@ -684,7 +684,7 @@ bool HTTP_Message::Undelivered(int64_t len) void HTTP_Message::BeginEntity(zeek::analyzer::mime::MIME_Entity* entity) { if ( DEBUG_http ) - DEBUG_MSG("%.6f: begin entity (%d)\n", network_time, is_orig); + DEBUG_MSG("%.6f: begin entity (%d)\n", zeek::net::network_time, is_orig); current_entity = (HTTP_Entity*) entity; @@ -698,7 +698,7 @@ void HTTP_Message::BeginEntity(zeek::analyzer::mime::MIME_Entity* entity) void HTTP_Message::EndEntity(zeek::analyzer::mime::MIME_Entity* entity) { if ( DEBUG_http ) - DEBUG_MSG("%.6f: end entity (%d)\n", network_time, is_orig); + DEBUG_MSG("%.6f: end entity (%d)\n", zeek::net::network_time, is_orig); if ( entity == top_level ) { @@ -1126,7 +1126,7 @@ void HTTP_Analyzer::EndpointEOF(bool is_orig) { zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); - // DEBUG_MSG("%.6f eof\n", network_time); + // DEBUG_MSG("%.6f eof\n", zeek::net::network_time); if ( is_orig ) RequestMade(false, "message ends as connection contents are completely delivered"); @@ -1138,7 +1138,7 @@ void HTTP_Analyzer::ConnectionFinished(bool half_finished) { zeek::analyzer::tcp::TCP_ApplicationAnalyzer::ConnectionFinished(half_finished); - // DEBUG_MSG("%.6f connection finished\n", network_time); + // DEBUG_MSG("%.6f connection finished\n", zeek::net::network_time); RequestMade(true, "message ends as connection is finished"); ReplyMade(true, "message ends as connection is finished"); } @@ -1170,7 +1170,7 @@ void HTTP_Analyzer::GenStats() r->Assign(2, zeek::make_intrusive(request_version.ToDouble())); r->Assign(3, zeek::make_intrusive(reply_version.ToDouble())); - // DEBUG_MSG("%.6f http_stats\n", network_time); + // DEBUG_MSG("%.6f http_stats\n", zeek::net::network_time); EnqueueConnEvent(http_stats, ConnVal(), std::move(r)); } } @@ -1369,7 +1369,7 @@ void HTTP_Analyzer::HTTP_Event(const char* category, const char* detail) void HTTP_Analyzer::HTTP_Event(const char* category, zeek::StringValPtr detail) { if ( http_event ) - // DEBUG_MSG("%.6f http_event\n", network_time); + // DEBUG_MSG("%.6f http_event\n", zeek::net::network_time); EnqueueConnEvent(http_event, ConnVal(), zeek::make_intrusive(category), @@ -1403,7 +1403,7 @@ void HTTP_Analyzer::HTTP_Request() connect_request = true; if ( http_request ) - // DEBUG_MSG("%.6f http_request\n", network_time); + // DEBUG_MSG("%.6f http_request\n", zeek::net::network_time); EnqueueConnEvent(http_request, ConnVal(), request_method, @@ -1438,7 +1438,7 @@ void HTTP_Analyzer::RequestMade(bool interrupted, const char* msg) if ( request_message ) request_message->Done(interrupted, msg); - // DEBUG_MSG("%.6f request made\n", network_time); + // DEBUG_MSG("%.6f request made\n", zeek::net::network_time); request_method = nullptr; unescaped_URI = nullptr; @@ -1459,7 +1459,7 @@ void HTTP_Analyzer::ReplyMade(bool interrupted, const char* msg) reply_ongoing = 0; - // DEBUG_MSG("%.6f reply made\n", network_time); + // DEBUG_MSG("%.6f reply made\n", zeek::net::network_time); if ( reply_message ) reply_message->Done(interrupted, msg); @@ -1644,7 +1644,7 @@ void HTTP_Analyzer::HTTP_Header(bool is_orig, zeek::analyzer::mime::MIME_Header* is_orig, false, true, false); if ( DEBUG_http ) - DEBUG_MSG("%.6f http_header\n", network_time); + DEBUG_MSG("%.6f http_header\n", zeek::net::network_time); auto upper_hn = zeek::analyzer::mime::to_string_val(h->get_name()); upper_hn->ToUpper(); @@ -1692,7 +1692,7 @@ void HTTP_Analyzer::InitHTTPMessage(zeek::analyzer::tcp::ContentLine_Analyzer* c delete message; } - // DEBUG_MSG("%.6f init http message\n", network_time); + // DEBUG_MSG("%.6f init http message\n", zeek::net::network_time); message = new HTTP_Message(this, cl, is_orig, expect_body, init_header_length); } diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index bbce6be44d..a77b0e8052 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -76,7 +76,7 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data, } } - Conn()->SetLastTime(current_timestamp); + Conn()->SetLastTime(zeek::net::current_timestamp); if ( zeek::detail::rule_matcher ) { @@ -99,9 +99,9 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data, len_stat += len; if ( ip->NextProto() == IPPROTO_ICMP ) - NextICMP4(current_timestamp, icmpp, len, caplen, data, ip); + NextICMP4(zeek::net::current_timestamp, icmpp, len, caplen, data, ip); else if ( ip->NextProto() == IPPROTO_ICMPV6 ) - NextICMP6(current_timestamp, icmpp, len, caplen, data, ip); + NextICMP6(zeek::net::current_timestamp, icmpp, len, caplen, data, ip); else { zeek::reporter->AnalyzerError( @@ -345,7 +345,8 @@ zeek::RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& da { bad_hdr_len = 0; ip_len = ip_hdr->TotalLen(); - bad_checksum = ! current_pkt->l3_checksummed && (ones_complement_checksum((void*) ip_hdr->IP4_Hdr(), ip_hdr_len, 0) != 0xffff); + bad_checksum = ! zeek::net::current_pkt->l3_checksummed && + (ones_complement_checksum((void*) ip_hdr->IP4_Hdr(), ip_hdr_len, 0) != 0xffff); src_addr = ip_hdr->SrcAddr(); dst_addr = ip_hdr->DstAddr(); diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index fb3c20cfb3..362d2474b8 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -471,7 +471,7 @@ NetbiosSSN_Analyzer::NetbiosSSN_Analyzer(zeek::Connection* conn) else { ADD_ANALYZER_TIMER(&NetbiosSSN_Analyzer::ExpireTimer, - network_time + netbios_ssn_session_timeout, true, + zeek::net::network_time + netbios_ssn_session_timeout, true, zeek::detail::TIMER_NB_EXPIRE); } } @@ -526,8 +526,8 @@ void NetbiosSSN_Analyzer::ExpireTimer(double t) // The - 1.0 in the following is to allow 1 second for the // common case of a single request followed by a single reply, // so we don't needlessly set the timer twice in that case. - if ( terminating || - network_time - Conn()->LastTime() >= + if ( zeek::net::terminating || + zeek::net::network_time - Conn()->LastTime() >= netbios_ssn_session_timeout - 1.0 ) { Event(connection_timeout); diff --git a/src/analyzer/protocol/pia/PIA.cc b/src/analyzer/protocol/pia/PIA.cc index 8392997152..4f00437231 100644 --- a/src/analyzer/protocol/pia/PIA.cc +++ b/src/analyzer/protocol/pia/PIA.cc @@ -385,10 +385,10 @@ void PIA_TCP::ActivateAnalyzer(zeek::analyzer::Tag tag, const zeek::detail::Rule // worth the effort. if ( b->is_orig ) - reass_orig->DataSent(network_time, orig_seq = b->seq, + reass_orig->DataSent(zeek::net::network_time, orig_seq = b->seq, b->len, b->data, tcp::TCP_Flags(), true); else - reass_resp->DataSent(network_time, resp_seq = b->seq, + reass_resp->DataSent(zeek::net::network_time, resp_seq = b->seq, b->len, b->data, tcp::TCP_Flags(), true); } @@ -397,11 +397,11 @@ void PIA_TCP::ActivateAnalyzer(zeek::analyzer::Tag tag, const zeek::detail::Rule if ( current->data ) { if ( current->is_orig ) - reass_orig->DataSent(network_time, + reass_orig->DataSent(zeek::net::network_time, orig_seq = current->seq, current->len, current->data, analyzer::tcp::TCP_Flags(), true); else - reass_resp->DataSent(network_time, + reass_resp->DataSent(zeek::net::network_time, resp_seq = current->seq, current->len, current->data, analyzer::tcp::TCP_Flags(), true); } diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 4daf70b756..22c935d2b9 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -327,7 +327,7 @@ void RPC_Interpreter::Timeout() const u_char* buf = nullptr; int n = 0; - if ( ! RPC_BuildReply(c, BifEnum::RPC_TIMEOUT, buf, n, network_time, network_time, 0) ) + if ( ! RPC_BuildReply(c, BifEnum::RPC_TIMEOUT, buf, n, zeek::net::network_time, zeek::net::network_time, 0) ) Weird("bad_RPC"); } } @@ -534,7 +534,7 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) // TCP keep-alive retransmissions. DEBUG_MSG("%.6f RPC resync: " "discard small pieces: %d\n", - network_time, len); + zeek::net::network_time, len); Conn()->Weird("RPC_resync", fmt("discard %d bytes\n", len)); } @@ -634,7 +634,7 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) while (len > 0) { - last_time = network_time; + last_time = zeek::net::network_time; switch (state) { case WAIT_FOR_MESSAGE: @@ -649,7 +649,7 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) msg_buf.Init(MAX_RPC_LEN, 0); last_frag = false; state = WAIT_FOR_MARKER; - start_time = network_time; + start_time = zeek::net::network_time; // no break. fall through case WAIT_FOR_MARKER: @@ -675,7 +675,7 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) last_frag = (marker & 0x80000000) != 0; marker &= 0x7fffffff; //printf("%.6f %d marker= %u <> last_frag= %d <> expected=%llu <> processed= %llu <> len = %d\n", - // network_time, IsOrig(), marker, last_frag, msg_buf.GetExpected(), msg_buf.GetProcessed(), len); + // zeek::net::network_time, IsOrig(), marker, last_frag, msg_buf.GetExpected(), msg_buf.GetProcessed(), len); if ( ! msg_buf.AddToExpected(marker) ) Conn()->Weird("RPC_message_too_long", fmt("%" PRId64, msg_buf.GetExpected())); @@ -729,7 +729,7 @@ RPC_Analyzer::RPC_Analyzer(const char* name, zeek::Connection* conn, { if ( Conn()->ConnTransport() == TRANSPORT_UDP ) ADD_ANALYZER_TIMER(&RPC_Analyzer::ExpireTimer, - network_time + rpc_timeout, true, + zeek::net::network_time + rpc_timeout, true, zeek::detail::TIMER_RPC_EXPIRE); } @@ -746,12 +746,12 @@ void RPC_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, if ( orig ) { - if ( ! interp->DeliverRPC(data, len, len, true, network_time, network_time) ) + if ( ! interp->DeliverRPC(data, len, len, true, zeek::net::network_time, zeek::net::network_time) ) Weird("bad_RPC"); } else { - if ( ! interp->DeliverRPC(data, len, len, false, network_time, network_time) ) + if ( ! interp->DeliverRPC(data, len, len, false, zeek::net::network_time, zeek::net::network_time) ) Weird("bad_RPC"); } } diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index fd2c06c150..a0816ccc87 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -178,27 +178,27 @@ void SteppingStone_Analyzer::DeliverPacket(int len, const u_char* data, ip, caplen); if ( is_orig ) - orig_endp->DataSent(network_time, seq, len, caplen, data, nullptr, nullptr); + orig_endp->DataSent(zeek::net::network_time, seq, len, caplen, data, nullptr, nullptr); else - resp_endp->DataSent(network_time, seq, len, caplen, data, nullptr, nullptr); + resp_endp->DataSent(zeek::net::network_time, seq, len, caplen, data, nullptr, nullptr); } void SteppingStone_Analyzer::DeliverStream(int len, const u_char* data, - bool is_orig) + bool is_orig) { zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, is_orig); if ( is_orig ) { - orig_endp->DataSent(network_time, orig_stream_pos, len, len, - data, nullptr, nullptr); + orig_endp->DataSent(zeek::net::network_time, orig_stream_pos, len, len, + data, nullptr, nullptr); orig_stream_pos += len; } else { - resp_endp->DataSent(network_time, resp_stream_pos, len, len, - data, nullptr, nullptr); + resp_endp->DataSent(zeek::net::network_time, resp_stream_pos, len, len, + data, nullptr, nullptr); resp_stream_pos += len; } } diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 6d55d3454c..b680e805ff 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -127,7 +127,7 @@ TCP_Analyzer::TCP_Analyzer(zeek::Connection* conn) { // Set a timer to eventually time out this connection. ADD_ANALYZER_TIMER(&TCP_Analyzer::ExpireTimer, - network_time + tcp_SYN_timeout, false, + zeek::net::network_time + tcp_SYN_timeout, false, zeek::detail::TIMER_TCP_EXPIRE); deferred_gen_event = close_deferred = 0; @@ -166,7 +166,7 @@ void TCP_Analyzer::Done() { Analyzer::Done(); - if ( terminating && connection_pending && is_active && ! BothClosed() ) + if ( zeek::net::terminating && connection_pending && is_active && ! BothClosed() ) Event(connection_pending); LOOP_OVER_GIVEN_CHILDREN(i, packet_children) @@ -275,7 +275,7 @@ const struct tcphdr* TCP_Analyzer::ExtractTCP_Header(const u_char*& data, bool TCP_Analyzer::ValidateChecksum(const struct tcphdr* tp, TCP_Endpoint* endpoint, int len, int caplen) { - if ( ! current_pkt->l3_checksummed && ! ignore_checksums && caplen >= len && + if ( ! zeek::net::current_pkt->l3_checksummed && ! ignore_checksums && caplen >= len && ! endpoint->ValidChecksum(tp, len) ) { Weird("bad_TCP_checksum"); @@ -1074,7 +1074,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint32_t seq_one_past_segment = base_seq + seg_len; init_endpoint(endpoint, flags, base_seq, seq_one_past_segment, - current_timestamp); + zeek::net::current_timestamp); bool seq_underflow = false; uint64_t rel_seq = get_relative_seq(endpoint, base_seq, endpoint->LastSeq(), @@ -1091,7 +1091,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, update_window(endpoint, ntohs(tp->th_win), base_seq, ack_seq, flags); if ( ! orig->did_close || ! resp->did_close ) - Conn()->SetLastTime(current_timestamp); + Conn()->SetLastTime(zeek::net::current_timestamp); if ( flags.SYN() ) { @@ -1113,7 +1113,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, { ++endpoint->FIN_cnt; - if ( endpoint->FIN_cnt >= tcp_storm_thresh && current_timestamp < + if ( endpoint->FIN_cnt >= tcp_storm_thresh && zeek::net::current_timestamp < endpoint->last_time + tcp_storm_interarrival_thresh ) Weird("FIN_storm"); @@ -1124,7 +1124,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, { ++endpoint->RST_cnt; - if ( endpoint->RST_cnt >= tcp_storm_thresh && current_timestamp < + if ( endpoint->RST_cnt >= tcp_storm_thresh && zeek::net::current_timestamp < endpoint->last_time + tcp_storm_interarrival_thresh ) Weird("RST_storm"); @@ -1171,11 +1171,11 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, } int32_t delta_last = update_last_seq(endpoint, seq_one_past_segment, flags, len); - endpoint->last_time = current_timestamp; + endpoint->last_time = zeek::net::current_timestamp; bool do_close; bool gen_event; - UpdateStateMachine(current_timestamp, endpoint, peer, base_seq, ack_seq, + UpdateStateMachine(zeek::net::current_timestamp, endpoint, peer, base_seq, ack_seq, len, delta_last, is_orig, flags, do_close, gen_event); if ( flags.ACK() ) @@ -1210,7 +1210,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( DEBUG_tcp_data_sent ) { DEBUG_MSG("%.6f before DataSent: len=%d caplen=%d skip=%d\n", - network_time, len, caplen, Skipping()); + zeek::net::network_time, len, caplen, Skipping()); } uint64_t rel_data_seq = flags.SYN() ? rel_seq + 1 : rel_seq; @@ -1218,7 +1218,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, int need_contents = 0; if ( len > 0 && (caplen >= len || packet_children.size()) && ! flags.RST() && ! Skipping() && ! seq_underflow ) - need_contents = DeliverData(current_timestamp, data, len, caplen, ip, + need_contents = DeliverData(zeek::net::current_timestamp, data, len, caplen, ip, tp, endpoint, rel_data_seq, is_orig, flags); endpoint->CheckEOF(); @@ -1664,7 +1664,7 @@ void TCP_Analyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer, if ( DEBUG_tcp_connection_close ) { DEBUG_MSG("%.6f close_complete=%d tcp_close_delay=%f\n", - network_time, close_complete, tcp_close_delay); + zeek::net::network_time, close_complete, tcp_close_delay); } if ( close_complete ) @@ -2057,7 +2057,7 @@ bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int capl } DEBUG_MSG("%.6f rexmit %" PRIu64" + %d <= %" PRIu64" data_in_flight = %d\n", - network_time, seq, len, max_top_seq, data_in_flight); + zeek::net::network_time, seq, len, max_top_seq, data_in_flight); if ( tcp_rexmit ) endp->TCP()->EnqueueConnEvent(tcp_rexmit, @@ -2128,9 +2128,9 @@ void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, TCP_ApplicationAnalyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen); if ( is_orig ) - orig_stats->DataSent(network_time, seq, len, caplen, data, ip, nullptr); + orig_stats->DataSent(zeek::net::network_time, seq, len, caplen, data, ip, nullptr); else - resp_stats->DataSent(network_time, seq, len, caplen, data, ip, nullptr); + resp_stats->DataSent(zeek::net::network_time, seq, len, caplen, data, ip, nullptr); } } // namespace zeek::analyzer::tcp diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 440efb2ff6..754c87fe2b 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -195,7 +195,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq) DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%" PRIu64", last_reassm=%" PRIu64", " "endp: FIN_cnt=%d, RST_cnt=%d, " "peer: FIN_cnt=%d, RST_cnt=%d\n", - network_time, IsOrig(), up_to_seq, last_reassem_seq, + zeek::net::network_time, IsOrig(), up_to_seq, last_reassem_seq, endpoint->FIN_cnt, endpoint->RST_cnt, peer->FIN_cnt, peer->RST_cnt); } @@ -225,7 +225,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq) { DEBUG_MSG("%.6f Undelivered: IsOrig()=%d, seq=%" PRIu64", len=%" PRIu64", " "skip_deliveries=%d\n", - network_time, IsOrig(), last_reassem_seq, + zeek::net::network_time, IsOrig(), last_reassem_seq, up_to_seq - last_reassem_seq, skip_deliveries); } @@ -440,7 +440,7 @@ void TCP_Reassembler::BlockInserted(zeek::DataBlockMap::const_iterator it) void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64_t n) { if ( DEBUG_tcp_contents ) - DEBUG_MSG("%.6f TCP contents overlap: %" PRIu64" IsOrig()=%d\n", network_time, n, IsOrig()); + DEBUG_MSG("%.6f TCP contents overlap: %" PRIu64" IsOrig()=%d\n", zeek::net::network_time, n, IsOrig()); if ( rexmit_inconsistency && memcmp((const void*) b1, (const void*) b2, n) && @@ -477,7 +477,7 @@ bool TCP_Reassembler::DataSent(double t, uint64_t seq, int len, if ( DEBUG_tcp_contents ) { DEBUG_MSG("%.6f DataSent: IsOrig()=%d seq=%" PRIu64" upper=%" PRIu64" ack=%" PRIu64"\n", - network_time, IsOrig(), seq, upper_seq, ack); + zeek::net::network_time, IsOrig(), seq, upper_seq, ack); } if ( skip_deliveries ) @@ -581,7 +581,7 @@ void TCP_Reassembler::CheckEOF() if ( DEBUG_tcp_connection_close ) { DEBUG_MSG("%.6f EOF for %d\n", - network_time, endp->IsOrig()); + zeek::net::network_time, endp->IsOrig()); } did_EOF = true; diff --git a/src/analyzer/protocol/teredo/Teredo.cc b/src/analyzer/protocol/teredo/Teredo.cc index e7dc96b16a..649f31b5b0 100644 --- a/src/analyzer/protocol/teredo/Teredo.cc +++ b/src/analyzer/protocol/teredo/Teredo.cc @@ -232,7 +232,7 @@ void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, zeek::EncapsulatingConn ec(Conn(), BifEnum::Tunnel::TEREDO); - zeek::sessions->DoNextInnerPacket(network_time, nullptr, inner, e, ec); + zeek::sessions->DoNextInnerPacket(zeek::net::network_time, nullptr, inner, e, ec); } } // namespace zeek::analyzer::teredo diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 150bb49648..8f250deeb1 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -62,7 +62,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, int chksum = up->uh_sum; - auto validate_checksum = ! current_pkt->l3_checksummed && ! ignore_checksums && caplen >=len; + auto validate_checksum = ! zeek::net::current_pkt->l3_checksummed && ! ignore_checksums && caplen >=len; constexpr auto vxlan_len = 8; constexpr auto eth_len = 14; @@ -130,7 +130,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, ulen -= sizeof(struct udphdr); caplen -= sizeof(struct udphdr); - Conn()->SetLastTime(current_timestamp); + Conn()->SetLastTime(zeek::net::current_timestamp); if ( udp_contents ) { diff --git a/src/analyzer/protocol/vxlan/VXLAN.cc b/src/analyzer/protocol/vxlan/VXLAN.cc index 9e42ad1dc5..4315ed7a5d 100644 --- a/src/analyzer/protocol/vxlan/VXLAN.cc +++ b/src/analyzer/protocol/vxlan/VXLAN.cc @@ -61,8 +61,8 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, len -= vxlan_len; pkt_timeval ts; - ts.tv_sec = (time_t) current_timestamp; - ts.tv_usec = (suseconds_t) ((current_timestamp - (double)ts.tv_sec) * 1000000); + ts.tv_sec = (time_t) zeek::net::current_timestamp; + ts.tv_usec = (suseconds_t) ((zeek::net::current_timestamp - (double)ts.tv_sec) * 1000000); zeek::Packet pkt(DLT_EN10MB, &ts, caplen, len, data); if ( ! pkt.Layer2Valid() ) @@ -105,7 +105,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, inner->ToPktHdrVal(), zeek::val_mgr->Count(vni)); zeek::EncapsulatingConn ec(Conn(), BifEnum::Tunnel::VXLAN); - zeek::sessions->DoNextInnerPacket(network_time, &pkt, inner, estack, ec); + zeek::sessions->DoNextInnerPacket(zeek::net::network_time, &pkt, inner, estack, ec); } } // namespace zeek::analyzer::vxlan diff --git a/src/binpac_bro-lib.pac b/src/binpac_bro-lib.pac index 4b029813f1..6471ebf65e 100644 --- a/src/binpac_bro-lib.pac +++ b/src/binpac_bro-lib.pac @@ -63,5 +63,5 @@ zeek::StringVal* utf16_bytestring_to_utf8_val(zeek::Connection* conn, const byte function network_time(): double %{ - return ::network_time; + return zeek::net::network_time; %} diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 17930a9e4d..3f0fa3d12f 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -923,7 +923,7 @@ void Manager::Process() // Ensure that time gets update before processing broker messages, or events // based on them might get scheduled wrong. if ( use_real_time ) - net_update_time(current_time()); + zeek::net::detail::net_update_time(current_time()); bool had_input = false; @@ -995,11 +995,11 @@ void Manager::Process() if ( had_input ) { - if ( network_time == 0 ) + if ( zeek::net::network_time == 0 ) // If we're getting Broker messages, but still haven't initialized - // network_time, may as well do so now because otherwise the + // zeek::net::network_time, may as well do so now because otherwise the // broker/cluster logs will end up using timestamp 0. - net_update_time(current_time()); + zeek::net::detail::net_update_time(current_time()); } } diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index fc6f4b0758..6e96122e80 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -115,7 +115,7 @@ File::~File() void File::UpdateLastActivityTime() { - val->Assign(last_active_idx, zeek::make_intrusive(network_time)); + val->Assign(last_active_idx, zeek::make_intrusive(zeek::net::network_time)); } double File::GetLastActivityTime() const @@ -250,7 +250,7 @@ bool File::IsComplete() const void File::ScheduleInactivityTimer() const { - zeek::detail::timer_mgr->Add(new detail::FileTimer(network_time, id, GetTimeoutInterval())); + zeek::detail::timer_mgr->Add(new detail::FileTimer(zeek::net::network_time, id, GetTimeoutInterval())); } bool File::AddAnalyzer(file_analysis::Tag tag, zeek::RecordVal* args) @@ -469,7 +469,7 @@ void File::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset) } // Forward data to the reassembler. - file_reassembler->NewBlock(network_time, offset, len, data); + file_reassembler->NewBlock(zeek::net::network_time, offset, len, data); } else if ( stream_offset == offset ) { @@ -482,7 +482,7 @@ void File::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset) // This is data that doesn't match the offset and the reassembler // needs to be enabled. file_reassembler = new FileReassembler(this, stream_offset); - file_reassembler->NewBlock(network_time, offset, len, data); + file_reassembler->NewBlock(zeek::net::network_time, offset, len, data); } else { diff --git a/src/file_analysis/Manager.h b/src/file_analysis/Manager.h index 2f0aea579f..a151f17f55 100644 --- a/src/file_analysis/Manager.h +++ b/src/file_analysis/Manager.h @@ -381,7 +381,7 @@ protected: * @param is_termination whether the Manager (and probably Bro) is in a * terminating state. If true, then the timeout cannot be postponed. */ - void Timeout(const std::string& file_id, bool is_terminating = ::terminating); + void Timeout(const std::string& file_id, bool is_terminating = zeek::net::terminating); /** * Immediately remove file_analysis::File object associated with \a file_id. diff --git a/src/iosource/Manager.cc b/src/iosource/Manager.cc index 196146dcd1..5e4027c4c5 100644 --- a/src/iosource/Manager.cc +++ b/src/iosource/Manager.cc @@ -115,7 +115,7 @@ void Manager::FindReadySources(std::vector* ready) // If there aren't any sources and exit_only_after_terminate is false, just // return an empty set of sources. We want the main loop to end. - if ( Size() == 0 && ( ! zeek::BifConst::exit_only_after_terminate || terminating ) ) + if ( Size() == 0 && ( ! zeek::BifConst::exit_only_after_terminate || zeek::net::terminating ) ) return; double timeout = -1; @@ -166,7 +166,7 @@ void Manager::FindReadySources(std::vector* ready) } else { - if ( ! pseudo_realtime ) + if ( ! zeek::net::pseudo_realtime ) // A pcap file is always ready to process unless it's suspended ready->push_back(pkt_src); } @@ -315,7 +315,7 @@ void Manager::Register(PktSrc* src) // little bit for those sources. if ( src->IsLive() ) poll_interval = 10; - else if ( pseudo_realtime ) + else if ( zeek::net::pseudo_realtime ) poll_interval = 1; Register(src, false); diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc index 8e3c2dcace..ea8be1d2ee 100644 --- a/src/iosource/PktSrc.cc +++ b/src/iosource/PktSrc.cc @@ -82,7 +82,7 @@ double PktSrc::CurrentPacketTimestamp() double PktSrc::CurrentPacketWallClock() { // We stop time when we are suspended. - if ( net_is_processing_suspended() ) + if ( zeek::net::net_is_processing_suspended() ) current_wallclock = current_time(true); return current_wallclock; @@ -175,9 +175,9 @@ double PktSrc::CheckPseudoTime() return 0; double pseudo_time = current_packet.time - first_timestamp; - double ct = (current_time(true) - first_wallclock) * pseudo_realtime; + double ct = (current_time(true) - first_wallclock) * zeek::net::pseudo_realtime; - return pseudo_time <= ct ? bro_start_time + pseudo_time : 0; + return pseudo_time <= ct ? zeek::net::zeek_start_time + pseudo_time : 0; } void PktSrc::InitSource() @@ -201,16 +201,16 @@ void PktSrc::Process() if ( current_packet.Layer2Valid() ) { - if ( pseudo_realtime ) + if ( zeek::net::pseudo_realtime ) { current_pseudo = CheckPseudoTime(); - net_packet_dispatch(current_pseudo, ¤t_packet, this); + zeek::net::detail::net_packet_dispatch(current_pseudo, ¤t_packet, this); if ( ! first_wallclock ) first_wallclock = current_time(true); } else - net_packet_dispatch(current_packet.time, ¤t_packet, this); + zeek::net::detail::net_packet_dispatch(current_packet.time, ¤t_packet, this); } have_packet = false; @@ -231,10 +231,10 @@ bool PktSrc::ExtractNextPacketInternal() // Don't return any packets if processing is suspended (except for the // very first packet which we need to set up times). - if ( net_is_processing_suspended() && first_timestamp ) + if ( zeek::net::net_is_processing_suspended() && first_timestamp ) return false; - if ( pseudo_realtime ) + if ( zeek::net::pseudo_realtime ) current_wallclock = current_time(true); if ( ExtractNextPacket(¤t_packet) ) @@ -252,7 +252,7 @@ bool PktSrc::ExtractNextPacketInternal() return true; } - if ( pseudo_realtime && ! IsOpen() ) + if ( zeek::net::pseudo_realtime && ! IsOpen() ) { if ( broker_mgr->Active() ) iosource_mgr->Terminate(); @@ -344,16 +344,16 @@ double PktSrc::GetNextTimeout() // but we're not in pseudo-realtime mode, let the loop just spin as fast as it can. If we're // in pseudo-realtime mode, find the next time that a packet is ready and have poll block until // then. - if ( IsLive() || net_is_processing_suspended() ) + if ( IsLive() || zeek::net::net_is_processing_suspended() ) return -1; - else if ( ! pseudo_realtime ) + else if ( ! zeek::net::pseudo_realtime ) return 0; if ( ! have_packet ) ExtractNextPacketInternal(); double pseudo_time = current_packet.time - first_timestamp; - double ct = (current_time(true) - first_wallclock) * pseudo_realtime; + double ct = (current_time(true) - first_wallclock) * zeek::net::pseudo_realtime; return std::max(0.0, pseudo_time - ct); } diff --git a/src/iosource/pcap/Dumper.cc b/src/iosource/pcap/Dumper.cc index 6915c72b59..fe9a1ac3f0 100644 --- a/src/iosource/pcap/Dumper.cc +++ b/src/iosource/pcap/Dumper.cc @@ -81,7 +81,7 @@ void PcapDumper::Open() } } - props.open_time = network_time; + props.open_time = zeek::net::network_time; props.hdr_size = zeek::Packet::GetLinkHeaderSize(pcap_datalink(pd)); Opened(props); } diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 3257855bef..5971d1bcbf 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -863,7 +863,7 @@ bool Manager::Write(zeek::EnumVal* id, zeek::RecordVal* columns_arg) info = new WriterBackend::WriterInfo; info->path = copy_string(path.c_str()); - info->network_time = network_time; + info->network_time = zeek::net::network_time; zeek::detail::HashKey* k; zeek::IterCookie* c = filter->config->AsTable()->InitForIteration(); @@ -1151,7 +1151,7 @@ WriterFrontend* Manager::CreateWriter(zeek::EnumVal* id, zeek::EnumVal* writer, WriterInfo* winfo = new WriterInfo; winfo->type = writer->Ref()->AsEnumVal(); winfo->writer = nullptr; - winfo->open_time = network_time; + winfo->open_time = zeek::net::network_time; winfo->rotation_timer = nullptr; winfo->interval = 0; winfo->postprocessor = nullptr; @@ -1345,7 +1345,7 @@ bool Manager::Flush(zeek::EnumVal* id) for ( Stream::WriterMap::iterator i = stream->writers.begin(); i != stream->writers.end(); i++ ) - i->second->writer->Flush(network_time); + i->second->writer->Flush(zeek::net::network_time); RemoveDisabledWriters(stream); @@ -1441,14 +1441,14 @@ void RotationTimer::Dispatch(double t, bool is_expire) if ( ! is_expire ) { - winfo->open_time = network_time; + winfo->open_time = zeek::net::network_time; log_mgr->InstallRotationTimer(winfo); } } void Manager::InstallRotationTimer(WriterInfo* winfo) { - if ( terminating ) + if ( zeek::net::terminating ) return; if ( winfo->rotation_timer ) @@ -1461,25 +1461,25 @@ void Manager::InstallRotationTimer(WriterInfo* winfo) if ( rotation_interval ) { - // When this is called for the first time, network_time can still be + // When this is called for the first time, zeek::net::network_time can still be // zero. If so, we set a timer which fires immediately but doesn't // rotate when it expires. - if ( ! network_time ) + if ( ! zeek::net::network_time ) winfo->rotation_timer = new RotationTimer(1, winfo, false); else { if ( ! winfo->open_time ) - winfo->open_time = network_time; + winfo->open_time = zeek::net::network_time; static auto log_rotate_base_time = zeek::id::find_val("log_rotate_base_time"); static auto base_time = log_rotate_base_time->AsString()->CheckString(); double base = parse_rotate_base_time(base_time); double delta_t = - calc_next_rotate(network_time, rotation_interval, base); + calc_next_rotate(zeek::net::network_time, rotation_interval, base); winfo->rotation_timer = - new RotationTimer(network_time + delta_t, winfo, true); + new RotationTimer(zeek::net::network_time + delta_t, winfo, true); } zeek::detail::timer_mgr->Add(winfo->rotation_timer); @@ -1553,7 +1553,7 @@ std::string Manager::FormatRotationPath(zeek::EnumValPtr writer, void Manager::Rotate(WriterInfo* winfo) { DBG_LOG(zeek::DBG_LOGGING, "Rotating %s at %.6f", - winfo->writer->Name(), network_time); + winfo->writer->Name(), zeek::net::network_time); static auto default_ppf = zeek::id::find_func("Log::__default_rotation_postprocessor"); @@ -1566,11 +1566,11 @@ void Manager::Rotate(WriterInfo* winfo) auto rotation_path = FormatRotationPath({zeek::NewRef{}, winfo->type}, winfo->writer->Info().path, - winfo->open_time, network_time, - terminating, + winfo->open_time, zeek::net::network_time, + zeek::net::terminating, std::move(ppf)); - winfo->writer->Rotate(rotation_path.data(), winfo->open_time, network_time, terminating); + winfo->writer->Rotate(rotation_path.data(), winfo->open_time, zeek::net::network_time, zeek::net::terminating); ++rotations_pending; } @@ -1585,12 +1585,12 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con if ( ! success ) { DBG_LOG(zeek::DBG_LOGGING, "Non-successful rotating writer '%s', file '%s' at %.6f,", - writer->Name(), filename, network_time); + writer->Name(), filename, zeek::net::network_time); return true; } DBG_LOG(zeek::DBG_LOGGING, "Finished rotating %s at %.6f, new name %s", - writer->Name(), network_time, new_name); + writer->Name(), zeek::net::network_time, new_name); WriterInfo* winfo = FindWriter(writer); if ( ! winfo ) diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index c3de094b1f..c0127ff391 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -226,7 +226,7 @@ void WriterFrontend::Write(int arg_num_fields, Value** vals) write_buffer[write_buffer_pos++] = vals; - if ( write_buffer_pos >= WRITER_BUFFER_SIZE || ! buf || terminating ) + if ( write_buffer_pos >= WRITER_BUFFER_SIZE || ! buf || zeek::net::terminating ) // Buffer full (or no bufferin desired or termiating). FlushWriteBuffer(); diff --git a/src/logging/writers/ascii/Ascii.cc b/src/logging/writers/ascii/Ascii.cc index d92160a478..21b046d0cd 100644 --- a/src/logging/writers/ascii/Ascii.cc +++ b/src/logging/writers/ascii/Ascii.cc @@ -398,7 +398,7 @@ Ascii::~Ascii() if ( ! ascii_done ) // In case of errors aborting the logging altogether, // DoFinish() may not have been called. - CloseFile(network_time); + CloseFile(zeek::net::network_time); delete formatter; } diff --git a/src/main.cc b/src/main.cc index 56c5b5401f..620802c69d 100644 --- a/src/main.cc +++ b/src/main.cc @@ -17,7 +17,7 @@ int main(int argc, char** argv) auto& options = setup_result.options; auto do_net_run = zeek::iosource_mgr->Size() > 0 || - have_pending_timers || + zeek::net::detail::have_pending_timers || zeek::BifConst::exit_only_after_terminate; if ( do_net_run ) @@ -56,7 +56,7 @@ int main(int argc, char** argv) mem_net_start_malloced / 1024 / 1024); } - net_run(); + zeek::net::detail::net_run(); double time_net_done = current_time(true);; diff --git a/src/scan.l b/src/scan.l index 86024093e4..fc44d6baf3 100644 --- a/src/scan.l +++ b/src/scan.l @@ -347,7 +347,7 @@ when return TOK_WHEN; zeek::reporter->Error("failed to find file associated with @load-sigs %s", file); else - sig_files.push_back(copy_string(path.c_str())); + zeek::net::detail::sig_files.push_back(copy_string(path.c_str())); break; case 0: @@ -404,8 +404,8 @@ when return TOK_WHEN; else { // All we have to do is pretend we've already scanned it. - ScannedFile sf(file_stack.length(), std::move(path), true); - files_scanned.push_back(std::move(sf)); + zeek::net::detail::ScannedFile sf(file_stack.length(), std::move(path), true); + zeek::net::detail::files_scanned.push_back(std::move(sf)); } } @@ -594,7 +594,7 @@ static int load_files(const char* orig_file) assert(rc == -1); // No plugin in charge of this file. - FILE* f = 0; + FILE* f = nullptr; if ( streq(orig_file, "-") ) { @@ -622,7 +622,7 @@ static int load_files(const char* orig_file) zeek::reporter->FatalError("can't open %s", file_path.c_str()); } - ScannedFile sf(file_stack.length(), file_path); + zeek::net::detail::ScannedFile sf(file_stack.length(), file_path); if ( sf.AlreadyScanned() ) { @@ -632,7 +632,7 @@ static int load_files(const char* orig_file) return 0; } - files_scanned.push_back(std::move(sf)); + zeek::net::detail::files_scanned.push_back(std::move(sf)); if ( zeek::detail::g_policy_debug && ! file_path.empty() ) { @@ -888,9 +888,9 @@ int yywrap() // the scanned file is "__load__.zeek", that part of the flattened // file name is discarded. If the prefix is non-empty, it gets placed // in front of the flattened path, separated with another '.' - std::list::iterator it; bool found_prefixed_files = false; - for ( it = files_scanned.begin(); it != files_scanned.end(); ++it ) + for ( auto it = zeek::net::detail::files_scanned.begin(); + it != zeek::net::detail::files_scanned.end(); ++it ) { if ( it->skipped || it->prefixes_checked ) continue; @@ -1028,10 +1028,10 @@ FileInfo::~FileInfo() zeek::detail::current_module = restore_module; } -ScannedFile::ScannedFile(int arg_include_level, - std::string arg_name, - bool arg_skipped, - bool arg_prefixes_checked) +zeek::net::detail::ScannedFile::ScannedFile(int arg_include_level, + std::string arg_name, + bool arg_skipped, + bool arg_prefixes_checked) : include_level(arg_include_level), skipped(arg_skipped), prefixes_checked(arg_prefixes_checked), @@ -1052,11 +1052,11 @@ ScannedFile::ScannedFile(int arg_include_level, } } -bool ScannedFile::AlreadyScanned() const +bool zeek::net::detail::ScannedFile::AlreadyScanned() const { auto rval = false; - for ( const auto& it : files_scanned ) + for ( const auto& it : zeek::net::detail::files_scanned ) if ( it.canonical_path == canonical_path ) { rval = true; diff --git a/src/stats.bif b/src/stats.bif index 0908e3b427..9d619c451a 100644 --- a/src/stats.bif +++ b/src/stats.bif @@ -140,7 +140,7 @@ function get_proc_stats%(%): ProcStats auto r = zeek::make_intrusive(ProcStats); int n = 0; - double elapsed_time = current_time() - bro_start_time; + double elapsed_time = current_time() - zeek::net::zeek_start_time; double user_time = double(ru.ru_utime.tv_sec) + double(ru.ru_utime.tv_usec) / 1e6; double system_time = @@ -152,7 +152,7 @@ function get_proc_stats%(%): ProcStats r->Assign(n++, zeek::val_mgr->Count(0)); #endif - r->Assign(n++, zeek::make_intrusive(bro_start_time)); + r->Assign(n++, zeek::make_intrusive(zeek::net::zeek_start_time)); r->Assign(n++, zeek::make_intrusive(elapsed_time, Seconds)); r->Assign(n++, zeek::make_intrusive(user_time, Seconds)); diff --git a/src/supervisor/Supervisor.cc b/src/supervisor/Supervisor.cc index 6c67856cf9..efb4abbe6f 100644 --- a/src/supervisor/Supervisor.cc +++ b/src/supervisor/Supervisor.cc @@ -200,10 +200,10 @@ void zeek::detail::ParentProcessCheckTimer::Dispatch(double t, bool is_expire) // FreeBSD: procctl(PROC_PDEATHSIG_CTL) // Also note the Stem process has its own polling loop with similar logic. if ( zeek::Supervisor::ThisNode()->parent_pid != getppid() ) - zeek_terminate_loop("supervised node was orphaned"); + zeek::net::detail::zeek_terminate_loop("supervised node was orphaned"); if ( ! is_expire ) - timer_mgr->Add(new ParentProcessCheckTimer(network_time + interval, + timer_mgr->Add(new ParentProcessCheckTimer(zeek::net::network_time + interval, interval)); } diff --git a/src/threading/Manager.cc b/src/threading/Manager.cc index d5604668d3..9b2e312d7b 100644 --- a/src/threading/Manager.cc +++ b/src/threading/Manager.cc @@ -130,7 +130,7 @@ void Manager::SendHeartbeats() void Manager::StartHeartbeatTimer() { heartbeat_timer_running = true; - zeek::detail::timer_mgr->Add(new detail::HeartbeatTimer(network_time + zeek::BifConst::Threading::heartbeat_interval)); + zeek::detail::timer_mgr->Add(new detail::HeartbeatTimer(zeek::net::network_time + zeek::BifConst::Threading::heartbeat_interval)); } // Raise everything in here as warnings so it is passed to scriptland without @@ -191,10 +191,10 @@ void Manager::Flush() { bool do_beat = false; - if ( network_time && (network_time > next_beat || ! next_beat) ) + if ( zeek::net::network_time && (zeek::net::network_time > next_beat || ! next_beat) ) { do_beat = true; - next_beat = ::network_time + zeek::BifConst::Threading::heartbeat_interval; + next_beat = ::zeek::net::network_time + zeek::BifConst::Threading::heartbeat_interval; } did_process = false; @@ -213,7 +213,7 @@ void Manager::Flush() if ( msg->Process() ) { - if ( network_time ) + if ( zeek::net::network_time ) did_process = true; } @@ -253,7 +253,8 @@ void Manager::Flush() delete t; } -// fprintf(stderr, "P %.6f %.6f do_beat=%d did_process=%d next_next=%.6f\n", network_time, zeek::detail::timer_mgr->Time(), do_beat, (int)did_process, next_beat); + // fprintf(stderr, "P %.6f %.6f do_beat=%d did_process=%d next_next=%.6f\n", zeek::net::network_time, + // zeek::detail::timer_mgr->Time(), do_beat, (int)did_process, next_beat); } const threading::Manager::msg_stats_list& threading::Manager::GetMsgThreadStats() diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index dac9254adf..9417a58892 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -7,6 +7,7 @@ #include "MsgThread.h" #include "Manager.h" #include "iosource/Manager.h" +#include "Net.h" // Set by Zeek's main signal handler. extern int signal_val; @@ -228,7 +229,7 @@ void MsgThread::OnSignalStop() child_sent_finish = true; // Signal thread to terminate. - SendIn(new detail::FinishMessage(this, network_time), true); + SendIn(new detail::FinishMessage(this, zeek::net::network_time), true); } void MsgThread::OnWaitForStop() @@ -302,7 +303,7 @@ void MsgThread::Heartbeat() if ( child_sent_finish ) return; - SendIn(new detail::HeartbeatMessage(this, network_time, current_time())); + SendIn(new detail::HeartbeatMessage(this, zeek::net::network_time, current_time())); } void MsgThread::Finished() @@ -449,7 +450,7 @@ void MsgThread::Run() // anymore. if ( ! child_finished && ! Killed() ) { - OnFinish(network_time); + OnFinish(zeek::net::network_time); Finished(); } } diff --git a/src/util.cc b/src/util.cc index c8ef5d2883..d370bdd213 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1853,7 +1853,7 @@ FILE* rotate_file(const char* name, zeek::RecordVal* rotate_info) auto tmpname = tmpname_buf.get(); snprintf(newname, buflen, "%s.%d.%.06f.tmp", - name, getpid(), network_time); + name, getpid(), zeek::net::network_time); newname[buflen-1] = '\0'; strcpy(tmpname, newname); strcat(tmpname, ".tmp"); @@ -1890,8 +1890,8 @@ FILE* rotate_file(const char* name, zeek::RecordVal* rotate_info) { rotate_info->Assign(0, name); rotate_info->Assign(1, newname); - rotate_info->Assign(2, network_time); - rotate_info->Assign(3, network_time); + rotate_info->Assign(2, zeek::net::network_time); + rotate_info->Assign(3, zeek::net::network_time); } return newf; @@ -1959,7 +1959,7 @@ RETSIGTYPE sig_handler(int signo); void terminate_processing() { - if ( ! terminating ) + if ( ! zeek::net::terminating ) raise(SIGTERM); } @@ -2025,13 +2025,13 @@ double current_time(bool real) double t = double(tv.tv_sec) + double(tv.tv_usec) / 1e6; - if ( ! pseudo_realtime || real || ! zeek::iosource_mgr || ! zeek::iosource_mgr->GetPktSrc() ) + if ( ! zeek::net::pseudo_realtime || real || ! zeek::iosource_mgr || ! zeek::iosource_mgr->GetPktSrc() ) return t; // This obviously only works for a single source ... zeek::iosource::PktSrc* src = zeek::iosource_mgr->GetPktSrc(); - if ( net_is_processing_suspended() ) + if ( zeek::net::net_is_processing_suspended() ) return src->CurrentPacketTimestamp(); // We don't scale with pseudo_realtime here as that would give us a @@ -2274,7 +2274,7 @@ void* debug_malloc(size_t t) { void* v = malloc(t); if ( malloc_debug ) - printf("%.6f malloc %x %d\n", network_time, v, t); + printf("%.6f malloc %x %d\n", zeek::net::network_time, v, t); return v; } @@ -2282,14 +2282,14 @@ void* debug_realloc(void* v, size_t t) { v = realloc(v, t); if ( malloc_debug ) - printf("%.6f realloc %x %d\n", network_time, v, t); + printf("%.6f realloc %x %d\n", zeek::net::network_time, v, t); return v; } void debug_free(void* v) { if ( malloc_debug ) - printf("%.6f free %x\n", network_time, v); + printf("%.6f free %x\n", zeek::net::network_time, v); free(v); } @@ -2297,7 +2297,7 @@ void* operator new(size_t t) { void* v = malloc(t); if ( malloc_debug ) - printf("%.6f new %x %d\n", network_time, v, t); + printf("%.6f new %x %d\n", zeek::net::network_time, v, t); return v; } @@ -2305,21 +2305,21 @@ void* operator new[](size_t t) { void* v = malloc(t); if ( malloc_debug ) - printf("%.6f new[] %x %d\n", network_time, v, t); + printf("%.6f new[] %x %d\n", zeek::net::network_time, v, t); return v; } void operator delete(void* v) { if ( malloc_debug ) - printf("%.6f delete %x\n", network_time, v); + printf("%.6f delete %x\n", zeek::net::network_time, v); free(v); } void operator delete[](void* v) { if ( malloc_debug ) - printf("%.6f delete %x\n", network_time, v); + printf("%.6f delete %x\n", zeek::net::network_time, v); free(v); } @@ -2546,3 +2546,6 @@ void zeek::set_thread_name(const char* name, pthread_t tid) pthread_set_name_np(tid, name); #endif } + +// Remove in v4.1. +double& network_time = zeek::net::network_time; diff --git a/src/util.h b/src/util.h index 5d18591ef0..8191e98cba 100644 --- a/src/util.h +++ b/src/util.h @@ -419,7 +419,7 @@ void set_processing_status(const char* status, const char* reason); // perspective. In particular, if we're reading from a savefile this // is the time of the most recent packet, not the time returned by // gettimeofday(). -extern double network_time; +extern double& network_time [[deprecated("Remove in v4.1. Use zeek::net::network_time.")]]; // Returns the current time. // (In pseudo-realtime mode this is faked to be the start time of the diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc index bc1638aeeb..d984a06c82 100644 --- a/src/zeek-setup.cc +++ b/src/zeek-setup.cc @@ -249,7 +249,7 @@ void done_with_network() if ( zeek::detail::profiling_logger ) zeek::detail::profiling_logger->Log(); - terminating = true; + zeek::net::terminating = true; zeek::analyzer_mgr->Done(); zeek::detail::timer_mgr->Expire(); @@ -257,7 +257,7 @@ void done_with_network() zeek::event_mgr.Drain(); zeek::event_mgr.Drain(); - net_finish(1); + zeek::net::detail::net_finish(1); #ifdef USE_PERFTOOLS_DEBUG @@ -281,7 +281,7 @@ void terminate_bro() { set_processing_status("TERMINATING", "terminate_bro"); - terminating = true; + zeek::net::terminating = true; zeek::iosource_mgr->Wakeup("terminate_bro"); @@ -337,6 +337,8 @@ void terminate_bro() zeek::reporter = nullptr; } +namespace zeek::net::detail { + void zeek_terminate_loop(const char* reason) { set_processing_status("TERMINATING", reason); @@ -357,12 +359,14 @@ void zeek_terminate_loop(const char* reason) exit(0); } +} // namespace zeek::net::detail + RETSIGTYPE sig_handler(int signo) { set_processing_status("TERMINATING", "sig_handler"); signal_val = signo; - if ( ! terminating ) + if ( ! zeek::net::terminating ) zeek::iosource_mgr->Wakeup("sig_handler"); return RETSIGVAL; @@ -456,7 +460,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, if ( zeek_prefixes ) tokenize_string(zeek_prefixes, ":", &zeek_script_prefixes); - pseudo_realtime = options.pseudo_realtime; + zeek::net::pseudo_realtime = options.pseudo_realtime; #ifdef USE_PERFTOOLS_DEBUG perftools_leaks = options.perftools_check_leaks; @@ -484,7 +488,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, atexit(atexit_handler); set_processing_status("INITIALIZING", "main"); - bro_start_time = current_time(true); + zeek::net::zeek_start_time = current_time(true); zeek::val_mgr = new ValManager(); reporter = new Reporter(options.abort_on_scripting_errors); @@ -636,9 +640,9 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, HeapLeakChecker::Disabler disabler; #endif - is_parsing = true; + zeek::net::is_parsing = true; yyparse(); - is_parsing = false; + zeek::net::is_parsing = false; RecordVal::DoneParsing(); TableVal::DoneParsing(); @@ -721,7 +725,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, all_signature_files.emplace_back(std::move(sf)); // Append signature files defined in @load-sigs - for ( const auto& sf : sig_files ) + for ( const auto& sf : zeek::net::detail::sig_files ) all_signature_files.emplace_back(sf); if ( ! all_signature_files.empty() ) @@ -759,7 +763,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, } if ( dns_type != DNS_PRIME ) - net_init(options.interface, options.pcap_file, options.pcap_output_file, options.use_watchdog); + zeek::net::detail::net_init(options.interface, options.pcap_file, options.pcap_output_file, options.use_watchdog); if ( ! g_policy_debug ) { @@ -811,10 +815,10 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, zeek::detail::segment_logger = zeek::detail::profiling_logger; } - if ( ! reading_live && ! reading_traces ) + if ( ! zeek::net::reading_live && ! zeek::net::reading_traces ) // Set up network_time to track real-time, since // we don't have any other source for it. - net_update_time(current_time()); + zeek::net::detail::net_update_time(current_time()); if ( zeek_init ) zeek::event_mgr.Enqueue(zeek_init, zeek::Args{}); @@ -859,14 +863,14 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, if ( zeek_script_loaded ) { // Queue events reporting loaded scripts. - for ( std::list::iterator i = files_scanned.begin(); i != files_scanned.end(); i++ ) + for ( const auto& file : zeek::net::detail::files_scanned ) { - if ( i->skipped ) + if ( file.skipped ) continue; zeek::event_mgr.Enqueue(zeek_script_loaded, - zeek::make_intrusive(i->name.c_str()), - zeek::val_mgr->Count(i->include_level)); + zeek::make_intrusive(file.name.c_str()), + zeek::val_mgr->Count(file.include_level)); } } @@ -882,7 +886,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, zeek::reporter->ZeekInitDone(); zeek::analyzer_mgr->DumpDebug(); - have_pending_timers = ! reading_traces && zeek::detail::timer_mgr->Size() > 0; + zeek::net::detail::have_pending_timers = ! zeek::net::reading_traces && zeek::detail::timer_mgr->Size() > 0; return {0, std::move(options)}; } @@ -892,7 +896,7 @@ int zeek::detail::cleanup(bool did_net_run) if ( did_net_run ) done_with_network(); - net_delete(); + zeek::net::detail::net_delete(); terminate_bro(); sqlite3_shutdown(); diff --git a/src/zeek.bif b/src/zeek.bif index 42d0466976..d164998a45 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -331,7 +331,7 @@ function current_time%(%): time ## .. zeek:see:: current_time function network_time%(%): time %{ - return zeek::make_intrusive(network_time); + return zeek::make_intrusive(zeek::net::network_time); %} ## Returns a system environment variable. @@ -388,7 +388,7 @@ function exit%(code: int%): any ## .. zeek:see:: exit zeek_is_terminating function terminate%(%): bool %{ - if ( terminating ) + if ( zeek::net::terminating ) return zeek::val_mgr->False(); terminate_processing(); @@ -1871,7 +1871,7 @@ function zeek_args%(%): string_vec ## .. zeek:see:: reading_traces packet_source function reading_live_traffic%(%): bool %{ - return zeek::val_mgr->Bool(reading_live); + return zeek::val_mgr->Bool(zeek::net::reading_live); %} ## Checks whether Zeek reads traffic from a trace file (as opposed to from a @@ -1882,7 +1882,7 @@ function reading_live_traffic%(%): bool ## .. zeek:see:: reading_live_traffic packet_source function reading_traces%(%): bool %{ - return zeek::val_mgr->Bool(reading_traces); + return zeek::val_mgr->Bool(zeek::net::reading_traces); %} ## Returns: the packet source being read by Zeek. @@ -2105,7 +2105,7 @@ function dump_rule_stats%(f: file%): bool ## .. zeek:see:: terminate function zeek_is_terminating%(%): bool %{ - return zeek::val_mgr->Bool(terminating); + return zeek::val_mgr->Bool(zeek::net::terminating); %} ## Returns the hostname of the machine Zeek runs on. @@ -3361,7 +3361,7 @@ function lookup_connection%(cid: conn_id%): connection c->Assign(1, std::move(orig_endp)); c->Assign(2, std::move(resp_endp)); - c->Assign(3, zeek::make_intrusive(network_time)); + c->Assign(3, zeek::make_intrusive(zeek::net::network_time)); c->Assign(4, zeek::make_intrusive(0.0)); c->Assign(5, zeek::make_intrusive(zeek::id::string_set)); // service c->Assign(6, zeek::val_mgr->EmptyString()); // history @@ -3396,8 +3396,8 @@ function dump_current_packet%(file_name: string%) : bool %{ const Packet* pkt; - if ( ! current_pktsrc || - ! current_pktsrc->GetCurrentPacket(&pkt) ) + if ( ! zeek::net::detail::current_pktsrc || + ! zeek::net::detail::current_pktsrc->GetCurrentPacket(&pkt) ) return zeek::val_mgr->False(); if ( addl_pkt_dumper && addl_pkt_dumper->Path() != file_name->CheckString()) @@ -3429,8 +3429,8 @@ function get_current_packet%(%) : pcap_packet const Packet* p; auto pkt = zeek::make_intrusive(pcap_packet); - if ( ! current_pktsrc || - ! current_pktsrc->GetCurrentPacket(&p) ) + if ( ! zeek::net::detail::current_pktsrc || + ! zeek::net::detail::current_pktsrc->GetCurrentPacket(&p) ) { pkt->Assign(0, zeek::val_mgr->Count(0)); pkt->Assign(1, zeek::val_mgr->Count(0)); @@ -3461,8 +3461,8 @@ function get_current_packet_header%(%) : raw_pkt_hdr %{ const Packet* p; - if ( current_pktsrc && - current_pktsrc->GetCurrentPacket(&p) ) + if ( zeek::net::detail::current_pktsrc && + zeek::net::detail::current_pktsrc->GetCurrentPacket(&p) ) { return p->ToRawPktHdrVal(); } @@ -3684,10 +3684,10 @@ static constexpr double mmdb_msg_suppression_duration = 300; static void report_mmdb_msg(const char* format, ...) { - if ( network_time > mmdb_msg_suppression_time + mmdb_msg_suppression_duration ) + if ( zeek::net::network_time > mmdb_msg_suppression_time + mmdb_msg_suppression_duration ) { mmdb_msg_count = 0; - mmdb_msg_suppression_time = network_time; + mmdb_msg_suppression_time = zeek::net::network_time; } if ( mmdb_msg_count >= mmdb_msg_limit ) @@ -4697,10 +4697,10 @@ function rotate_file_by_name%(f: string%): rotate_info bool is_addl_pkt_dumper = false; // Special case: one of current dump files. - if ( pkt_dumper && streq(pkt_dumper->Path().c_str(), f->CheckString()) ) + if ( zeek::net::detail::pkt_dumper && streq(zeek::net::detail::pkt_dumper->Path().c_str(), f->CheckString()) ) { is_pkt_dumper = true; - pkt_dumper->Close(); + zeek::net::detail::pkt_dumper->Close(); } if ( addl_pkt_dumper && @@ -4725,8 +4725,8 @@ function rotate_file_by_name%(f: string%): rotate_info if ( is_pkt_dumper ) { - info->Assign(2, zeek::make_intrusive(pkt_dumper->OpenTime())); - pkt_dumper->Open(); + info->Assign(2, zeek::make_intrusive(zeek::net::detail::pkt_dumper->OpenTime())); + zeek::net::detail::pkt_dumper->Open(); } if ( is_addl_pkt_dumper ) @@ -4749,7 +4749,7 @@ function calc_next_rotate%(i: interval%) : interval static auto base_time = log_rotate_base_time->AsString()->CheckString(); double base = parse_rotate_base_time(base_time); - return zeek::make_intrusive(calc_next_rotate(network_time, i, base)); + return zeek::make_intrusive(calc_next_rotate(zeek::net::network_time, i, base)); %} ## Returns the size of a given file. @@ -5007,7 +5007,7 @@ function is_remote_event%(%) : bool ## .. zeek:see:: continue_processing function suspend_processing%(%) : any %{ - net_suspend_processing(); + zeek::net::net_suspend_processing(); return nullptr; %} @@ -5016,7 +5016,7 @@ function suspend_processing%(%) : any ## .. zeek:see:: suspend_processing function continue_processing%(%) : any %{ - net_continue_processing(); + zeek::net::net_continue_processing(); return nullptr; %}