Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/master' into topic/johanna/clone

Browse source
This commit is contained in:
Johanna Amann 2019-05-22 14:36:46 -07:00
commit e7c80ae741
68 changed files with 395 additions and 754 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.travis.yml
View file

@ -16,10 +16,10 @@ branches:
notifications: notifications:
email: email:
recipients: recipients:
- bro-commits-internal@bro.org - zeek-commits-internal@zeek.org
# Build Bro and run tests in the following Linux distros (specifying "travis" # Build Zeek and run tests in the following Linux distros (specifying "travis"
# builds bro in Travis without using docker). # builds Zeek in Travis without using docker).
env: env:
- distro: centos_7 - distro: centos_7
- distro: debian_9 - distro: debian_9

22
CHANGES
View file

@ -1,4 +1,26 @@
2.6-318 | 2019-05-21 09:17:53 -0700
* Remove state_dir and state_write_delay options (Jon Siwek, Corelight)
* Remove a reference to &synchronized from docs (Jon Siwek, Corelight)
2.6-316 | 2019-05-20 20:56:46 -0700
* Additional Bro to Zeek renaming (Daniel Thayer)
* Added a new unit test for legacy Bro Plugins (Daniel Thayer)
* Added a symlink bro-path-dev.in for use by legacy Bro packages (Daniel Thayer)
2.6-314 | 2019-05-20 16:20:33 -0700
* Remove deprecated attributes. (Johanna Amann, Corelight)
To be more exact: &encrypt, &mergeable, &rotate_interval, &rotate_size
Also removes no longer used redef-able constants:
log_rotate_interval, log_max_size, log_encryption_key
2.6-311 | 2019-05-20 09:07:58 -0700 2.6-311 | 2019-05-20 09:07:58 -0700
* Add missing &optional attr to KRB record fields; also add existence * Add missing &optional attr to KRB record fields; also add existence

40
CMakeLists.txt
View file

@ -1,4 +1,4 @@
project(Bro C CXX) project(Zeek C CXX)
# When changing the minimum version here, also adapt # When changing the minimum version here, also adapt
# aux/zeek-aux/plugin-support/skeleton/CMakeLists.txt # aux/zeek-aux/plugin-support/skeleton/CMakeLists.txt
@ -21,23 +21,23 @@ if ( ENABLE_CCACHE )
set(CMAKE_CXX_COMPILER_LAUNCHER ${CCACHE_PROGRAM}) set(CMAKE_CXX_COMPILER_LAUNCHER ${CCACHE_PROGRAM})
endif () endif ()
set(BRO_ROOT_DIR ${CMAKE_INSTALL_PREFIX}) set(ZEEK_ROOT_DIR ${CMAKE_INSTALL_PREFIX})
if (NOT BRO_SCRIPT_INSTALL_PATH) if (NOT ZEEK_SCRIPT_INSTALL_PATH)
# set the default Zeek script installation path (user did not specify one) # set the default Zeek script installation path (user did not specify one)
set(BRO_SCRIPT_INSTALL_PATH ${BRO_ROOT_DIR}/share/bro) set(ZEEK_SCRIPT_INSTALL_PATH ${ZEEK_ROOT_DIR}/share/bro)
endif () endif ()
if (NOT BRO_MAN_INSTALL_PATH) if (NOT ZEEK_MAN_INSTALL_PATH)
# set the default Zeek man page installation path (user did not specify one) # set the default Zeek man page installation path (user did not specify one)
set(BRO_MAN_INSTALL_PATH ${BRO_ROOT_DIR}/share/man) set(ZEEK_MAN_INSTALL_PATH ${ZEEK_ROOT_DIR}/share/man)
endif () endif ()
# sanitize the Zeek script install directory into an absolute path # sanitize the Zeek script install directory into an absolute path
# (CMake is confused by ~ as a representation of home directory) # (CMake is confused by ~ as a representation of home directory)
get_filename_component(BRO_SCRIPT_INSTALL_PATH ${BRO_SCRIPT_INSTALL_PATH} get_filename_component(ZEEK_SCRIPT_INSTALL_PATH ${ZEEK_SCRIPT_INSTALL_PATH}
ABSOLUTE) ABSOLUTE)
set(BRO_PLUGIN_INSTALL_PATH ${BRO_ROOT_DIR}/lib/bro/plugins CACHE STRING "Installation path for plugins" FORCE) set(BRO_PLUGIN_INSTALL_PATH ${ZEEK_ROOT_DIR}/lib/bro/plugins CACHE STRING "Installation path for plugins" FORCE)
configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev) configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev)
@ -211,7 +211,7 @@ if ( ${CMAKE_SYSTEM_NAME} MATCHES Linux AND EXISTS /etc/os-release )
endif () endif ()
endif () endif ()
set(brodeps set(zeekdeps
${BinPAC_LIBRARY} ${BinPAC_LIBRARY}
${PCAP_LIBRARY} ${PCAP_LIBRARY}
${OPENSSL_LIBRARIES} ${OPENSSL_LIBRARIES}
@ -241,16 +241,16 @@ include(GetArchitecture)
include(RequireCXX11) include(RequireCXX11)
if ( (OPENSSL_VERSION VERSION_EQUAL "1.1.0") OR (OPENSSL_VERSION VERSION_GREATER "1.1.0") ) if ( (OPENSSL_VERSION VERSION_EQUAL "1.1.0") OR (OPENSSL_VERSION VERSION_GREATER "1.1.0") )
set(BRO_HAVE_OPENSSL_1_1 true CACHE INTERNAL "" FORCE) set(ZEEK_HAVE_OPENSSL_1_1 true CACHE INTERNAL "" FORCE)
endif() endif()
# Tell the plugin code that we're building as part of the main tree. # Tell the plugin code that we're building as part of the main tree.
set(BRO_PLUGIN_INTERNAL_BUILD true CACHE INTERNAL "" FORCE) set(ZEEK_PLUGIN_INTERNAL_BUILD true CACHE INTERNAL "" FORCE)
set(DEFAULT_BROPATH .:${BRO_SCRIPT_INSTALL_PATH}:${BRO_SCRIPT_INSTALL_PATH}/policy:${BRO_SCRIPT_INSTALL_PATH}/site) set(DEFAULT_ZEEKPATH .:${ZEEK_SCRIPT_INSTALL_PATH}:${ZEEK_SCRIPT_INSTALL_PATH}/policy:${ZEEK_SCRIPT_INSTALL_PATH}/site)
if ( NOT BINARY_PACKAGING_MODE ) if ( NOT BINARY_PACKAGING_MODE )
set(BRO_DIST ${CMAKE_SOURCE_DIR}) set(ZEEK_DIST ${CMAKE_SOURCE_DIR})
endif () endif ()
string(TOLOWER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_LOWER) string(TOLOWER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_LOWER)
@ -262,19 +262,19 @@ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zeek-config.h DESTINATION include/bro)
if ( CAF_ROOT_DIR ) if ( CAF_ROOT_DIR )
set(ZEEK_CONFIG_CAF_ROOT_DIR ${CAF_ROOT_DIR}) set(ZEEK_CONFIG_CAF_ROOT_DIR ${CAF_ROOT_DIR})
else () else ()
set(ZEEK_CONFIG_CAF_ROOT_DIR ${BRO_ROOT_DIR}) set(ZEEK_CONFIG_CAF_ROOT_DIR ${ZEEK_ROOT_DIR})
endif () endif ()
if ( BinPAC_ROOT_DIR ) if ( BinPAC_ROOT_DIR )
set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${BinPAC_ROOT_DIR}) set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${BinPAC_ROOT_DIR})
else () else ()
set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${BRO_ROOT_DIR}) set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${ZEEK_ROOT_DIR})
endif () endif ()
if ( BROKER_ROOT_DIR ) if ( BROKER_ROOT_DIR )
set(ZEEK_CONFIG_BROKER_ROOT_DIR ${BROKER_ROOT_DIR}) set(ZEEK_CONFIG_BROKER_ROOT_DIR ${BROKER_ROOT_DIR})
else () else ()
set(ZEEK_CONFIG_BROKER_ROOT_DIR ${BRO_ROOT_DIR}) set(ZEEK_CONFIG_BROKER_ROOT_DIR ${ZEEK_ROOT_DIR})
endif () endif ()
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.in configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.in
@ -298,7 +298,7 @@ if ( BROKER_ROOT_DIR )
find_package(Broker REQUIRED) find_package(Broker REQUIRED)
find_package(CAF COMPONENTS core io openssl REQUIRED) find_package(CAF COMPONENTS core io openssl REQUIRED)
set(brodeps ${brodeps} ${BROKER_LIBRARY} ${CAF_LIBRARIES}) set(zeekdeps ${zeekdeps} ${BROKER_LIBRARY} ${CAF_LIBRARIES})
include_directories(BEFORE ${BROKER_INCLUDE_DIR}) include_directories(BEFORE ${BROKER_INCLUDE_DIR})
else () else ()
set(ENABLE_STATIC_ONLY_SAVED ${ENABLE_STATIC_ONLY}) set(ENABLE_STATIC_ONLY_SAVED ${ENABLE_STATIC_ONLY})
@ -311,9 +311,9 @@ else ()
set(ENABLE_STATIC_ONLY ${ENABLE_STATIC_ONLY_SAVED}) set(ENABLE_STATIC_ONLY ${ENABLE_STATIC_ONLY_SAVED})
if ( BUILD_STATIC_BROKER ) if ( BUILD_STATIC_BROKER )
set(brodeps ${brodeps} broker_static) set(zeekdeps ${zeekdeps} broker_static)
else() else()
set(brodeps ${brodeps} broker) set(zeekdeps ${zeekdeps} broker)
endif() endif()
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/aux/broker include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/aux/broker
${CMAKE_CURRENT_BINARY_DIR}/aux/broker) ${CMAKE_CURRENT_BINARY_DIR}/aux/broker)
@ -363,7 +363,7 @@ message(
"\nBuild type: ${CMAKE_BUILD_TYPE}" "\nBuild type: ${CMAKE_BUILD_TYPE}"
"\nBuild dir: ${CMAKE_BINARY_DIR}" "\nBuild dir: ${CMAKE_BINARY_DIR}"
"\nInstall prefix: ${CMAKE_INSTALL_PREFIX}" "\nInstall prefix: ${CMAKE_INSTALL_PREFIX}"
"\nZeek Script Path: ${BRO_SCRIPT_INSTALL_PATH}" "\nZeek Script Path: ${ZEEK_SCRIPT_INSTALL_PATH}"
"\nDebug mode: ${ENABLE_DEBUG}" "\nDebug mode: ${ENABLE_DEBUG}"
"\n" "\n"
"\nCC: ${CMAKE_C_COMPILER}" "\nCC: ${CMAKE_C_COMPILER}"

11
NEWS
View file

@ -295,6 +295,11 @@ Removed Functionality
- ``remote_trace_sync_interval`` - ``remote_trace_sync_interval``
- ``remote_trace_sync_peers`` - ``remote_trace_sync_peers``
- ``remote_check_sync_consistency`` - ``remote_check_sync_consistency``
- ``log_rotate_interval``
- ``log_max_size``
- ``log_encryption_key``
- ``state_dir``
- ``state_write_delay``
- The following constants were used as part of deprecated functionality in version 2.6 - The following constants were used as part of deprecated functionality in version 2.6
or below and are removed from this release: or below and are removed from this release:
@ -311,9 +316,9 @@ Removed Functionality
- Broccoli, which had been deprecated in version 2.6 and was no longer built by default - Broccoli, which had been deprecated in version 2.6 and was no longer built by default
was removed from the source tree. was removed from the source tree.
- Support for the &persistent and the &synchronized attributes, which were deprecated - Support for the &persistent, &synchronized, &mergeable, &encrypt, &rotate_interval,
in Bro 2.6, was removed. The ``-g`` command-line option (dump-config) which relied on and &rotate_size attributes, which were deprecated in Bro 2.6, was removed. The ``-g``
this functionality was also removed. command-line option (dump-config) which relied on this functionality was also removed.
- Removed the BroControl ``update`` command, which was deprecated in Bro 2.6. - Removed the BroControl ``update`` command, which was deprecated in Bro 2.6.

2
VERSION
View file

@ -1 +1 @@
2.6-311 2.6-318

2
aux/bifcl

@ -1 +1 @@
Subproject commit 7a375f0749f2bc28083863ff7ec44f3fba3510fa Subproject commit bbf503e67cdcddbb13f8e067b0cbb2d874728c4f

2
aux/binpac

@ -1 +1 @@
Subproject commit 1446af96ea4b76cc7a837e06b2da021754dde6e8 Subproject commit 6ed824a38ea23dc10ec8bb21f813496719e9f76c

2
aux/broker

@ -1 +1 @@
Subproject commit 53f7e0da11c4d6ce014f27ae4dcf807a651fb634 Subproject commit 0c7a8816fd385af4f633cb7239e3c63e6c88c27e

2
aux/netcontrol-connectors

@ -1 +1 @@
Subproject commit 6501fef1fffc0b49dda59b3716b03034edcfeee6 Subproject commit e93235aa6e45820af7e23e97627845a7b2b3d919

2
aux/zeek-aux

@ -1 +1 @@
Subproject commit 117e8a550de1266e2d50428344caf858aab0485b Subproject commit 3ecc7b8c348a7b768092dad75e6cb54c6357b9d7

2
aux/zeekctl

@ -1 +1 @@
Subproject commit bbfcb91b077a8bc145e39d7c941c50ba62826070 Subproject commit a955e66c8b07fd6715c7ed379d0759acc592bb78

1
bro-path-dev.in Symbolic link
View file

@ -0,0 +1 @@
zeek-path-dev.in

2
cmake

@ -1 +1 @@
Subproject commit 5521da04df0190e3362e4c5164df5c2c8884dd2c Subproject commit 8fb99b7aa9851caae2d938675324661571f8758e

22
configure vendored
View file

@ -130,10 +130,10 @@ builddir=build
prefix=/usr/local/bro prefix=/usr/local/bro
CMakeCacheEntries="" CMakeCacheEntries=""
append_cache_entry CMAKE_INSTALL_PREFIX PATH $prefix append_cache_entry CMAKE_INSTALL_PREFIX PATH $prefix
append_cache_entry BRO_ROOT_DIR PATH $prefix append_cache_entry ZEEK_ROOT_DIR PATH $prefix
append_cache_entry PY_MOD_INSTALL_DIR PATH $prefix/lib/zeekctl append_cache_entry PY_MOD_INSTALL_DIR PATH $prefix/lib/zeekctl
append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $prefix/share/bro append_cache_entry ZEEK_SCRIPT_INSTALL_PATH STRING $prefix/share/bro
append_cache_entry BRO_ETC_INSTALL_DIR PATH $prefix/etc append_cache_entry ZEEK_ETC_INSTALL_DIR PATH $prefix/etc
append_cache_entry ENABLE_DEBUG BOOL false append_cache_entry ENABLE_DEBUG BOOL false
append_cache_entry ENABLE_PERFTOOLS BOOL false append_cache_entry ENABLE_PERFTOOLS BOOL false
append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL false append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL false
@ -179,25 +179,25 @@ while [ $# -ne 0 ]; do
--prefix=*) --prefix=*)
prefix=$optarg prefix=$optarg
append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg
append_cache_entry BRO_ROOT_DIR PATH $optarg append_cache_entry ZEEK_ROOT_DIR PATH $optarg
append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg/lib/zeekctl append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg/lib/zeekctl
;; ;;
--scriptdir=*) --scriptdir=*)
append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $optarg append_cache_entry ZEEK_SCRIPT_INSTALL_PATH STRING $optarg
user_set_scriptdir="true" user_set_scriptdir="true"
;; ;;
--conf-files-dir=*) --conf-files-dir=*)
append_cache_entry BRO_ETC_INSTALL_DIR PATH $optarg append_cache_entry ZEEK_ETC_INSTALL_DIR PATH $optarg
user_set_conffilesdir="true" user_set_conffilesdir="true"
;; ;;
--localstatedir=*) --localstatedir=*)
append_cache_entry BRO_LOCAL_STATE_DIR PATH $optarg append_cache_entry ZEEK_LOCAL_STATE_DIR PATH $optarg
;; ;;
--spooldir=*) --spooldir=*)
append_cache_entry BRO_SPOOL_DIR PATH $optarg append_cache_entry ZEEK_SPOOL_DIR PATH $optarg
;; ;;
--logdir=*) --logdir=*)
append_cache_entry BRO_LOG_DIR PATH $optarg append_cache_entry ZEEK_LOG_DIR PATH $optarg
;; ;;
--enable-coverage) --enable-coverage)
append_cache_entry ENABLE_COVERAGE BOOL true append_cache_entry ENABLE_COVERAGE BOOL true
@ -321,11 +321,11 @@ while [ $# -ne 0 ]; do
done done
if [ "$user_set_scriptdir" != "true" ]; then if [ "$user_set_scriptdir" != "true" ]; then
append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $prefix/share/bro append_cache_entry ZEEK_SCRIPT_INSTALL_PATH STRING $prefix/share/bro
fi fi
if [ "$user_set_conffilesdir" != "true" ]; then if [ "$user_set_conffilesdir" != "true" ]; then
append_cache_entry BRO_ETC_INSTALL_DIR PATH $prefix/etc append_cache_entry ZEEK_ETC_INSTALL_DIR PATH $prefix/etc
fi fi
if [ -d $builddir ]; then if [ -d $builddir ]; then

2
doc

@ -1 +1 @@
Subproject commit b5720567293c652233287a17cf781f6195073159 Subproject commit 8c3395b7e3b1bdbe03bbdd3e290f98414a307651

2
man/CMakeLists.txt
View file

@ -1,5 +1,5 @@
install(DIRECTORY . DESTINATION ${BRO_MAN_INSTALL_PATH}/man8 FILES_MATCHING install(DIRECTORY . DESTINATION ${ZEEK_MAN_INSTALL_PATH}/man8 FILES_MATCHING
PATTERN "*.8" PATTERN "*.8"
) )

10
man/zeek.8
View file

@ -1,8 +1,8 @@
.TH BRO "8" "November 2014" "bro" "System Administration Utilities" .TH ZEEK "8" "November 2014" "zeek" "System Administration Utilities"
.SH NAME .SH NAME
bro \- passive network traffic analyzer zeek \- passive network traffic analyzer
.SH SYNOPSIS .SH SYNOPSIS
.B bro .B zeek
\/\fP [\fIoptions\fR] [\fIfile\fR ...] \/\fP [\fIoptions\fR] [\fIfile\fR ...]
.SH DESCRIPTION .SH DESCRIPTION
Zeek is primarily a security monitor that inspects all traffic on a link in Zeek is primarily a security monitor that inspects all traffic on a link in
@ -30,7 +30,7 @@ don't load scripts from the base/ directory
\fB\-d\fR,\ \-\-debug\-policy \fB\-d\fR,\ \-\-debug\-policy
activate policy file debugging activate policy file debugging
.TP .TP
\fB\-e\fR,\ \-\-exec <bro code> \fB\-e\fR,\ \-\-exec <zeek code>
augment loaded policies by given code augment loaded policies by given code
.TP .TP
\fB\-f\fR,\ \-\-filter <filter> \fB\-f\fR,\ \-\-filter <filter>
@ -149,5 +149,5 @@ Output file for script execution statistics
.B BRO_DISABLE_BROXYGEN .B BRO_DISABLE_BROXYGEN
Disable Zeekygen (Broxygen) documentation support Disable Zeekygen (Broxygen) documentation support
.SH AUTHOR .SH AUTHOR
.B bro .B zeek
was written by The Zeek Project <info@zeek.org>. was written by The Zeek Project <info@zeek.org>.

8
scripts/CMakeLists.txt
View file

@ -1,6 +1,6 @@
include(InstallPackageConfigFile) include(InstallPackageConfigFile)
install(DIRECTORY ./ DESTINATION ${BRO_SCRIPT_INSTALL_PATH} FILES_MATCHING install(DIRECTORY ./ DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH} FILES_MATCHING
PATTERN "site/local*" EXCLUDE PATTERN "site/local*" EXCLUDE
PATTERN "test-all-policy.zeek" EXCLUDE PATTERN "test-all-policy.zeek" EXCLUDE
PATTERN "*.zeek" PATTERN "*.zeek"
@ -14,8 +14,8 @@ if ( NOT BINARY_PACKAGING_MODE )
# because ZeekControl will now prefer to load local.zeek rather than local.bro # because ZeekControl will now prefer to load local.zeek rather than local.bro
# and we're about to install a default version of local.zeek. # and we're about to install a default version of local.zeek.
set(_local_bro_dst ${BRO_SCRIPT_INSTALL_PATH}/site/local.bro) set(_local_bro_dst ${ZEEK_SCRIPT_INSTALL_PATH}/site/local.bro)
set(_local_zeek_dst ${BRO_SCRIPT_INSTALL_PATH}/site/local.zeek) set(_local_zeek_dst ${ZEEK_SCRIPT_INSTALL_PATH}/site/local.zeek)
install(CODE " install(CODE "
if ( \"\$ENV{DESTDIR}\" STREQUAL \"\" ) if ( \"\$ENV{DESTDIR}\" STREQUAL \"\" )
@ -31,5 +31,5 @@ endif ()
# Install local script as a config file since it's meant to be modified directly. # Install local script as a config file since it's meant to be modified directly.
InstallPackageConfigFile( InstallPackageConfigFile(
${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek ${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek
${BRO_SCRIPT_INSTALL_PATH}/site ${ZEEK_SCRIPT_INSTALL_PATH}/site
local.zeek) local.zeek)

18
scripts/base/init-bare.zeek
View file

@ -1801,15 +1801,6 @@ global log_file_name: function(tag: string): string &redef;
## Deprecated. This is superseded by the new logging framework. ## Deprecated. This is superseded by the new logging framework.
global open_log_file: function(tag: string): file &redef; global open_log_file: function(tag: string): file &redef;
## Specifies a directory for Zeek to store its persistent state. All globals can
## be declared persistent via the :zeek:attr:`&persistent` attribute.
const state_dir = ".state" &redef;
## Length of the delays inserted when storing state incrementally. To avoid
## dropping packets when serializing larger volumes of persistent state to
## disk, Zeek interleaves the operation with continued packet processing.
const state_write_delay = 0.01 secs &redef;
global done_with_network = F; global done_with_network = F;
event net_done(t: time) { done_with_network = T; } event net_done(t: time) { done_with_network = T; }
@ -4588,18 +4579,9 @@ const cmd_line_bpf_filter = "" &redef;
## the current/maximum limit on open files for the process. ## the current/maximum limit on open files for the process.
const max_files_in_cache = 0 &redef; const max_files_in_cache = 0 &redef;
## Deprecated.
const log_rotate_interval = 0 sec &redef;
## Deprecated. ## Deprecated.
const log_rotate_base_time = "0:00" &redef; const log_rotate_base_time = "0:00" &redef;
## Deprecated.
const log_max_size = 0.0 &redef;
## Deprecated.
const log_encryption_key = "<undefined>" &redef;
## Write profiling info into this file in regular intervals. The easiest way to ## Write profiling info into this file in regular intervals. The easiest way to
## activate profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`. ## activate profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`.
## ##

24
src/Attr.cc
View file

@ -11,11 +11,9 @@ const char* attr_name(attr_tag t)
{ {
static const char* attr_names[int(NUM_ATTRS)] = { static const char* attr_names[int(NUM_ATTRS)] = {
"&optional", "&default", "&redef", "&optional", "&default", "&redef",
"&rotate_interval", "&rotate_size",
"&add_func", "&delete_func", "&expire_func", "&add_func", "&delete_func", "&expire_func",
"&read_expire", "&write_expire", "&create_expire", "&read_expire", "&write_expire", "&create_expire",
"&encrypt", "&raw_output", "&priority",
"&raw_output", "&mergeable", "&priority",
"&group", "&log", "&error_handler", "&type_column", "&group", "&log", "&error_handler", "&type_column",
"(&tracked)", "&deprecated", "(&tracked)", "&deprecated",
}; };
@ -357,21 +355,6 @@ void Attributes::CheckAttr(Attr* a)
} }
break; break;
case ATTR_ROTATE_INTERVAL:
if ( type->Tag() != TYPE_FILE )
Error("&rotate_interval only applicable to files");
break;
case ATTR_ROTATE_SIZE:
if ( type->Tag() != TYPE_FILE )
Error("&rotate_size only applicable to files");
break;
case ATTR_ENCRYPT:
if ( type->Tag() != TYPE_FILE )
Error("&encrypt only applicable to files");
break;
case ATTR_EXPIRE_READ: case ATTR_EXPIRE_READ:
case ATTR_EXPIRE_WRITE: case ATTR_EXPIRE_WRITE:
case ATTR_EXPIRE_CREATE: case ATTR_EXPIRE_CREATE:
@ -446,11 +429,6 @@ void Attributes::CheckAttr(Attr* a)
Error("&raw_output only applicable to files"); Error("&raw_output only applicable to files");
break; break;
case ATTR_MERGEABLE:
if ( type->Tag() != TYPE_TABLE )
Error("&mergeable only applicable to tables/sets");
break;
case ATTR_PRIORITY: case ATTR_PRIORITY:
Error("&priority only applicable to event bodies"); Error("&priority only applicable to event bodies");
break; break;

4
src/Attr.h
View file

@ -15,17 +15,13 @@ typedef enum {
ATTR_OPTIONAL, ATTR_OPTIONAL,
ATTR_DEFAULT, ATTR_DEFAULT,
ATTR_REDEF, ATTR_REDEF,
ATTR_ROTATE_INTERVAL,
ATTR_ROTATE_SIZE,
ATTR_ADD_FUNC, ATTR_ADD_FUNC,
ATTR_DEL_FUNC, ATTR_DEL_FUNC,
ATTR_EXPIRE_FUNC, ATTR_EXPIRE_FUNC,
ATTR_EXPIRE_READ, ATTR_EXPIRE_READ,
ATTR_EXPIRE_WRITE, ATTR_EXPIRE_WRITE,
ATTR_EXPIRE_CREATE, ATTR_EXPIRE_CREATE,
ATTR_ENCRYPT,
ATTR_RAW_OUTPUT, ATTR_RAW_OUTPUT,
ATTR_MERGEABLE,
ATTR_PRIORITY, ATTR_PRIORITY,
ATTR_GROUP, ATTR_GROUP,
ATTR_LOG, ATTR_LOG,

12
src/CMakeLists.txt
View file

@ -352,10 +352,10 @@ collect_headers(bro_HEADERS ${bro_SRCS})
if ( bro_HAVE_OBJECT_LIBRARIES ) if ( bro_HAVE_OBJECT_LIBRARIES )
add_executable(zeek ${bro_SRCS} ${bro_HEADERS} ${bro_SUBDIRS}) add_executable(zeek ${bro_SRCS} ${bro_HEADERS} ${bro_SUBDIRS})
target_link_libraries(zeek ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) target_link_libraries(zeek ${zeekdeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
else () else ()
add_executable(zeek ${bro_SRCS} ${bro_HEADERS}) add_executable(zeek ${bro_SRCS} ${bro_HEADERS})
target_link_libraries(zeek ${bro_SUBDIRS} ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) target_link_libraries(zeek ${bro_SUBDIRS} ${zeekdeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
endif () endif ()
if ( NOT "${bro_LINKER_FLAGS}" STREQUAL "" ) if ( NOT "${bro_LINKER_FLAGS}" STREQUAL "" )
@ -399,7 +399,7 @@ add_dependencies(bif_loader_plugins ${bro_SUBDIRS})
add_dependencies(zeek bif_loader_plugins) add_dependencies(zeek bif_loader_plugins)
# Install *.bif.zeek. # Install *.bif.zeek.
install(DIRECTORY ${CMAKE_BINARY_DIR}/scripts/base/bif DESTINATION ${BRO_SCRIPT_INSTALL_PATH}/base) install(DIRECTORY ${CMAKE_BINARY_DIR}/scripts/base/bif DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/base)
# Create plugin directory at install time. # Create plugin directory at install time.
install(DIRECTORY DESTINATION ${BRO_PLUGIN_INSTALL_PATH}) install(DIRECTORY DESTINATION ${BRO_PLUGIN_INSTALL_PATH})
@ -411,9 +411,9 @@ set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ${CMAKE_BINARY_D
# place, yet make confuse us now. This makes upgrading easier. # place, yet make confuse us now. This makes upgrading easier.
install(CODE " install(CODE "
file(REMOVE_RECURSE file(REMOVE_RECURSE
${BRO_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/dataseries.bro ${ZEEK_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/dataseries.bro
${BRO_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/elasticsearch.bro ${ZEEK_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/elasticsearch.bro
${BRO_SCRIPT_INSTALL_PATH}/policy/tuning/logs-to-elasticsearch.bro ${ZEEK_SCRIPT_INSTALL_PATH}/policy/tuning/logs-to-elasticsearch.bro
) )
") ")

323
src/File.cc
View file

@ -18,15 +18,10 @@
#include <errno.h> #include <errno.h>
#include <unistd.h> #include <unistd.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <algorithm> #include <algorithm>
#include "File.h" #include "File.h"
#include "Type.h" #include "Type.h"
#include "Timer.h"
#include "Expr.h" #include "Expr.h"
#include "NetVar.h" #include "NetVar.h"
#include "Net.h" #include "Net.h"
@ -34,46 +29,6 @@
#include "Event.h" #include "Event.h"
#include "Reporter.h" #include "Reporter.h"
// Timer which on dispatching rotates the file.
class RotateTimer : public Timer {
public:
RotateTimer(double t, BroFile* f, bool arg_raise) : Timer(t, TIMER_ROTATE)
{ file = f; raise = arg_raise; name = copy_string(f->Name()); }
~RotateTimer();
void Dispatch(double t, int is_expire);
protected:
BroFile* file;
bool raise;
const char* name;
};
RotateTimer::~RotateTimer()
{
if ( file->rotate_timer == this )
file->rotate_timer = 0;
delete [] name;
}
void RotateTimer::Dispatch(double t, int is_expire)
{
file->rotate_timer = 0;
if ( ! is_expire )
{
if ( raise )
{
Ref(file);
mgr.QueueEvent(rotate_interval, {new Val(file)});
}
file->InstallRotateTimer();
}
}
// The following could in principle be part of a "file manager" object. // The following could in principle be part of a "file manager" object.
#define MAX_FILE_CACHE_SIZE 512 #define MAX_FILE_CACHE_SIZE 512
@ -81,9 +36,6 @@ static int num_files_in_cache = 0;
static BroFile* head = 0; static BroFile* head = 0;
static BroFile* tail = 0; static BroFile* tail = 0;
double BroFile::default_rotation_interval = 0;
double BroFile::default_rotation_size = 0;
// Maximizes the number of open file descriptors and returns the number // Maximizes the number of open file descriptors and returns the number
// that we should use for the cache. // that we should use for the cache.
static int maximize_num_fds() static int maximize_num_fds()
@ -119,9 +71,6 @@ BroFile::BroFile(FILE* arg_f)
name = access = 0; name = access = 0;
t = base_type(TYPE_STRING); t = base_type(TYPE_STRING);
is_open = (f != 0); is_open = (f != 0);
if ( f )
UpdateFileSize();
} }
BroFile::BroFile(FILE* arg_f, const char* arg_name, const char* arg_access) BroFile::BroFile(FILE* arg_f, const char* arg_name, const char* arg_access)
@ -132,9 +81,6 @@ BroFile::BroFile(FILE* arg_f, const char* arg_name, const char* arg_access)
access = copy_string(arg_access); access = copy_string(arg_access);
t = base_type(TYPE_STRING); t = base_type(TYPE_STRING);
is_open = (f != 0); is_open = (f != 0);
if ( f )
UpdateFileSize();
} }
BroFile::BroFile(const char* arg_name, const char* arg_access, BroType* arg_t) BroFile::BroFile(const char* arg_name, const char* arg_access, BroType* arg_t)
@ -193,16 +139,6 @@ bool BroFile::Open(FILE* file, const char* mode)
f = file; f = file;
if ( default_rotation_interval &&
(! attrs || ! attrs->FindAttr(ATTR_ROTATE_INTERVAL)) )
rotate_interval = default_rotation_interval;
if ( default_rotation_size &&
(! attrs || ! attrs->FindAttr(ATTR_ROTATE_SIZE)) )
rotate_size = default_rotation_size;
InstallRotateTimer();
if ( ! f ) if ( ! f )
{ {
if ( ! mode ) if ( ! mode )
@ -221,7 +157,6 @@ bool BroFile::Open(FILE* file, const char* mode)
is_open = okay_to_manage = 1; is_open = okay_to_manage = 1;
InsertAtBeginning(); InsertAtBeginning();
UpdateFileSize();
} }
else else
{ {
@ -243,7 +178,6 @@ BroFile::~BroFile()
delete [] name; delete [] name;
delete [] access; delete [] access;
delete [] cipher_buffer;
#ifdef USE_PERFTOOLS_DEBUG #ifdef USE_PERFTOOLS_DEBUG
heap_checker->UnIgnoreObject(this); heap_checker->UnIgnoreObject(this);
@ -255,18 +189,11 @@ void BroFile::Init()
is_open = okay_to_manage = is_in_cache = 0; is_open = okay_to_manage = is_in_cache = 0;
position = 0; position = 0;
next = prev = 0; next = prev = 0;
rotate_timer = 0;
rotate_interval = 0.0;
rotate_size = current_size = 0.0;
open_time = 0;
attrs = 0; attrs = 0;
buffered = true; buffered = true;
print_hook = true; print_hook = true;
raw_output = false; raw_output = false;
t = 0; t = 0;
pub_key = 0;
cipher_ctx = 0;
cipher_buffer = 0;
#ifdef USE_PERFTOOLS_DEBUG #ifdef USE_PERFTOOLS_DEBUG
heap_checker->IgnoreObject(this); heap_checker->IgnoreObject(this);
@ -316,8 +243,6 @@ FILE* BroFile::BringIntoCache()
return 0; return 0;
} }
UpdateFileSize();
if ( fseek(f, position, SEEK_SET) < 0 ) if ( fseek(f, position, SEEK_SET) < 0 )
{ {
bro_strerror_r(errno, buf, sizeof(buf)); bro_strerror_r(errno, buf, sizeof(buf));
@ -325,7 +250,6 @@ FILE* BroFile::BringIntoCache()
} }
InsertAtBeginning(); InsertAtBeginning();
RaiseOpenEvent(); RaiseOpenEvent();
return f; return f;
@ -355,17 +279,9 @@ void BroFile::SetBuf(bool arg_buffered)
int BroFile::Close() int BroFile::Close()
{ {
if ( rotate_timer )
{
timer_mgr->Cancel(rotate_timer);
rotate_timer = 0;
}
if ( ! is_open ) if ( ! is_open )
return 1; return 1;
FinishEncrypt();
// Do not close stdin/stdout/stderr. // Do not close stdin/stdout/stderr.
if ( f == stdin || f == stdout || f == stderr ) if ( f == stdin || f == stdout || f == stderr )
return 0; return 0;
@ -516,33 +432,8 @@ void BroFile::SetAttrs(Attributes* arg_attrs)
attrs = arg_attrs; attrs = arg_attrs;
Ref(attrs); Ref(attrs);
Attr* ef = attrs->FindAttr(ATTR_ROTATE_INTERVAL);
if ( ef )
rotate_interval = ef->AttrExpr()->ExprVal()->AsInterval();
ef = attrs->FindAttr(ATTR_ROTATE_SIZE);
if ( ef )
rotate_size = ef->AttrExpr()->ExprVal()->AsDouble();
ef = attrs->FindAttr(ATTR_ENCRYPT);
if ( ef )
{
if ( ef->AttrExpr() )
InitEncrypt(ef->AttrExpr()->ExprVal()->AsString()->CheckString());
else
InitEncrypt(opt_internal_string("log_encryption_key")->CheckString());
}
if ( attrs->FindAttr(ATTR_RAW_OUTPUT) ) if ( attrs->FindAttr(ATTR_RAW_OUTPUT) )
EnableRawOutput(); EnableRawOutput();
InstallRotateTimer();
}
void BroFile::SetRotateInterval(double secs)
{
rotate_interval = secs;
InstallRotateTimer();
} }
RecordVal* BroFile::Rotate() RecordVal* BroFile::Rotate()
@ -576,178 +467,17 @@ RecordVal* BroFile::Rotate()
return info; return info;
} }
void BroFile::InstallRotateTimer()
{
if ( terminating )
return;
if ( rotate_timer )
{
timer_mgr->Cancel(rotate_timer);
rotate_timer = 0;
}
if ( rotate_interval )
{
// When this is called for the first time, network_time can
// still be zero. If so, we set a timer which fires
// immediately but doesn't rotate when it expires.
if ( ! network_time )
rotate_timer = new RotateTimer(1, this, false);
else
{
if ( ! open_time )
open_time = network_time;
const char* base_time = log_rotate_base_time ?
log_rotate_base_time->AsString()->CheckString() : 0;
double base = parse_rotate_base_time(base_time);
double delta_t =
calc_next_rotate(network_time, rotate_interval, base);
rotate_timer = new RotateTimer(network_time + delta_t,
this, true);
}
timer_mgr->Add(rotate_timer);
}
}
void BroFile::SetDefaultRotation(double interval, double max_size)
{
for ( BroFile* f = head; f; f = f->next )
{
if ( ! (f->attrs && f->attrs->FindAttr(ATTR_ROTATE_INTERVAL)) )
{
f->rotate_interval = interval;
f->InstallRotateTimer();
}
if ( ! (f->attrs && f->attrs->FindAttr(ATTR_ROTATE_SIZE)) )
f->rotate_size = max_size;
}
default_rotation_interval = interval;
default_rotation_size = max_size;
}
void BroFile::CloseCachedFiles() void BroFile::CloseCachedFiles()
{ {
BroFile* next; BroFile* next;
for ( BroFile* f = head; f; f = next ) for ( BroFile* f = head; f; f = next )
{ {
// Send final rotate events (immediately).
if ( f->rotate_interval )
{
Ref(f);
Event* event = new Event(::rotate_interval, {new Val(f)});
mgr.Dispatch(event, true);
}
if ( f->rotate_size )
{
Ref(f);
Event* event = new ::Event(::rotate_size, {new Val(f)});
mgr.Dispatch(event, true);
}
next = f->next; next = f->next;
if ( f->is_in_cache ) if ( f->is_in_cache )
f->Close(); f->Close();
} }
} }
void BroFile::InitEncrypt(const char* keyfile)
{
if ( ! (pub_key || keyfile) )
return;
if ( ! pub_key )
{
FILE* key = fopen(keyfile, "r");
if ( ! key )
{
reporter->Error("can't open key file %s: %s", keyfile, strerror(errno));
Close();
return;
}
pub_key = PEM_read_PUBKEY(key, 0, 0, 0);
if ( ! pub_key )
{
reporter->Error("can't read key from %s: %s", keyfile,
ERR_error_string(ERR_get_error(), 0));
Close();
return;
}
}
// Depending on the OpenSSL version, EVP_*_cbc()
// returns a const or a non-const.
EVP_CIPHER* cipher_type = (EVP_CIPHER*) EVP_bf_cbc();
cipher_ctx = EVP_CIPHER_CTX_new();
unsigned char secret[EVP_PKEY_size(pub_key)];
unsigned char* psecret = secret;
unsigned int secret_len;
int iv_len = EVP_CIPHER_iv_length(cipher_type);
unsigned char iv[iv_len];
if ( ! EVP_SealInit(cipher_ctx, cipher_type, &psecret,
(int*) &secret_len, iv, &pub_key, 1) )
{
reporter->Error("can't init cipher context for %s: %s", keyfile,
ERR_error_string(ERR_get_error(), 0));
Close();
return;
}
secret_len = htonl(secret_len);
if ( fwrite("BROENC1", 7, 1, f) < 1 ||
fwrite(&secret_len, sizeof(secret_len), 1, f) < 1 ||
fwrite(secret, ntohl(secret_len), 1, f) < 1 ||
fwrite(iv, iv_len, 1, f) < 1 )
{
reporter->Error("can't write header to log file %s: %s",
name, strerror(errno));
Close();
return;
}
int buf_size = MIN_BUFFER_SIZE + EVP_CIPHER_block_size(cipher_type);
cipher_buffer = new unsigned char[buf_size];
}
void BroFile::FinishEncrypt()
{
if ( ! is_open )
return;
if ( ! pub_key )
return;
if ( cipher_ctx )
{
int outl;
EVP_SealFinal(cipher_ctx, cipher_buffer, &outl);
if ( outl && fwrite(cipher_buffer, outl, 1, f) < 1 )
{
reporter->Error("write error for %s: %s",
name, strerror(errno));
return;
}
EVP_CIPHER_CTX_free(cipher_ctx);
cipher_ctx = 0;
}
}
int BroFile::Write(const char* data, int len) int BroFile::Write(const char* data, int len)
{ {
if ( ! is_open ) if ( ! is_open )
@ -759,50 +489,9 @@ int BroFile::Write(const char* data, int len)
if ( ! len ) if ( ! len )
len = strlen(data); len = strlen(data);
if ( cipher_ctx )
{
while ( len )
{
int outl;
int inl = min(+MIN_BUFFER_SIZE, len);
if ( ! EVP_SealUpdate(cipher_ctx, cipher_buffer, &outl,
(unsigned char*)data, inl) )
{
reporter->Error("encryption error for %s: %s",
name,
ERR_error_string(ERR_get_error(), 0));
Close();
return 0;
}
if ( outl && fwrite(cipher_buffer, outl, 1, f) < 1 )
{
reporter->Error("write error for %s: %s",
name, strerror(errno));
Close();
return 0;
}
data += inl;
len -= inl;
}
return 1;
}
if ( fwrite(data, len, 1, f) < 1 ) if ( fwrite(data, len, 1, f) < 1 )
return false; return false;
if ( rotate_size && current_size < rotate_size && current_size + len >= rotate_size )
{
mgr.QueueEvent(::rotate_size, {new Val(this)});
}
// This does not work if we seek around. But none of the logs does that
// and we avoid stat()'ing the file all the time.
current_size += len;
return true; return true;
} }
@ -816,17 +505,17 @@ void BroFile::RaiseOpenEvent()
mgr.Dispatch(event, true); mgr.Dispatch(event, true);
} }
void BroFile::UpdateFileSize() double BroFile::Size()
{ {
fflush(f);
struct stat s; struct stat s;
if ( fstat(fileno(f), &s) < 0 ) if ( fstat(fileno(f), &s) < 0 )
{ {
reporter->Error("can't stat fd for %s: %s", name, strerror(errno)); reporter->Error("can't stat fd for %s: %s", name, strerror(errno));
current_size = 0; return 0;
return;
} }
current_size = double(s.st_size); return s.st_size;
} }
bool BroFile::Serialize(SerialInfo* info) const bool BroFile::Serialize(SerialInfo* info) const
@ -887,10 +576,6 @@ BroFile* BroFile::Unserialize(UnserialInfo* info)
// *never* be closed anymore (as long the file cache does not overflow). // *never* be closed anymore (as long the file cache does not overflow).
Ref(file); Ref(file);
// We deliberately override log rotation attributes with our defaults.
file->rotate_interval = log_rotate_interval;
file->rotate_size = log_max_size;
file->InstallRotateTimer();
file->SetBuf(file->buffered); file->SetBuf(file->buffered);
return file; return file;

44
src/File.h
View file

@ -12,13 +12,7 @@
# include <krb5.h> # include <krb5.h>
# endif // NEED_KRB5_H # endif // NEED_KRB5_H
// From OpenSSL. We forward-declare these here to avoid introducing a
// dependency on OpenSSL headers just for this header file.
typedef struct evp_pkey_st EVP_PKEY;
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
class BroType; class BroType;
class RotateTimer;
class BroFile : public BroObj { class BroFile : public BroObj {
public: public:
@ -51,21 +45,14 @@ public:
void Describe(ODesc* d) const override; void Describe(ODesc* d) const override;
void SetRotateInterval(double secs);
// Rotates the logfile. Returns rotate_info. // Rotates the logfile. Returns rotate_info.
RecordVal* Rotate(); RecordVal* Rotate();
// Set &rotate_interval, &rotate_size, // Set &raw_output attribute.
// and &raw_output attributes.
void SetAttrs(Attributes* attrs); void SetAttrs(Attributes* attrs);
// Returns the current size of the file, after fresh stat'ing. // Returns the current size of the file, after fresh stat'ing.
double Size() { fflush(f); UpdateFileSize(); return current_size; } double Size();
// Set rotate/postprocessor for all files that don't define them
// by their own. (interval/max_size=0 for no rotation; size in bytes).
static void SetDefaultRotation(double interval, double max_size);
// Close all files which are managed by us. // Close all files which are managed by us.
static void CloseCachedFiles(); static void CloseCachedFiles();
@ -83,8 +70,6 @@ public:
static BroFile* Unserialize(UnserialInfo* info); static BroFile* Unserialize(UnserialInfo* info);
protected: protected:
friend class RotateTimer;
BroFile() { Init(); } BroFile() { Init(); }
void Init(); void Init();
@ -105,7 +90,6 @@ protected:
void Unlink(); void Unlink();
void InsertAtBeginning(); void InsertAtBeginning();
void MoveToBeginning(); void MoveToBeginning();
void InstallRotateTimer();
// Returns nil if the file is not active, was in error, etc. // Returns nil if the file is not active, was in error, etc.
// (Protected because we do not want anyone to write directly // (Protected because we do not want anyone to write directly
@ -113,17 +97,9 @@ protected:
FILE* File(); FILE* File();
FILE* BringIntoCache(); FILE* BringIntoCache();
// Stats the file to get its current size.
void UpdateFileSize();
// Raises a file_opened event. // Raises a file_opened event.
void RaiseOpenEvent(); void RaiseOpenEvent();
// Initialize encryption with the given public key.
void InitEncrypt(const char* keyfile);
// Finalize encryption.
void FinishEncrypt();
DECLARE_SERIAL(BroFile); DECLARE_SERIAL(BroFile);
FILE* f; FILE* f;
@ -137,28 +113,12 @@ protected:
BroFile* next; // doubly-linked list of cached files BroFile* next; // doubly-linked list of cached files
BroFile* prev; BroFile* prev;
Attributes* attrs; Attributes* attrs;
double rotate_interval;
bool buffered; bool buffered;
// Sizes are double's so that it's easy to specify large
// ones with scientific notation, and so they can exceed 4GB.
double rotate_size;
double current_size;
Timer* rotate_timer;
double open_time; double open_time;
bool print_hook; bool print_hook;
bool raw_output; bool raw_output;
static double default_rotation_interval;
static double default_rotation_size;
EVP_PKEY* pub_key;
EVP_CIPHER_CTX* cipher_ctx;
static const int MIN_BUFFER_SIZE = 1024; static const int MIN_BUFFER_SIZE = 1024;
unsigned char* cipher_buffer;
}; };
#endif #endif

10
src/ID.cc
View file

@ -64,16 +64,6 @@ void ID::SetVal(Val* v, Opcode op, bool arg_weak_ref)
{ {
if ( op != OP_NONE ) if ( op != OP_NONE )
{ {
if ( type && val && type->Tag() == TYPE_TABLE &&
val->AsTableVal()->FindAttr(ATTR_MERGEABLE) &&
v->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
{
StateAccess::Log(new StateAccess(OP_ASSIGN, this,
v, val));
v->AsTableVal()->AddTo(val->AsTableVal(), 0, false);
return;
}
MutableVal::Properties props = 0; MutableVal::Properties props = 0;
if ( attrs && attrs->FindAttr(ATTR_TRACKED) ) if ( attrs && attrs->FindAttr(ATTR_TRACKED) )

12
src/NetVar.cc
View file

@ -155,9 +155,6 @@ RecordType* packet_type;
double connection_status_update_interval; double connection_status_update_interval;
StringVal* state_dir;
double state_write_delay;
int orig_addr_anonymization, resp_addr_anonymization; int orig_addr_anonymization, resp_addr_anonymization;
int other_addr_anonymization; int other_addr_anonymization;
TableVal* preserve_orig_addr; TableVal* preserve_orig_addr;
@ -165,10 +162,7 @@ TableVal* preserve_resp_addr;
TableVal* preserve_other_addr; TableVal* preserve_other_addr;
int max_files_in_cache; int max_files_in_cache;
double log_rotate_interval;
double log_max_size;
RecordType* rotate_info; RecordType* rotate_info;
StringVal* log_encryption_key;
StringVal* log_rotate_base_time; StringVal* log_rotate_base_time;
StringVal* peer_description; StringVal* peer_description;
@ -245,14 +239,8 @@ void init_general_global_var()
table_expire_delay = opt_internal_double("table_expire_delay"); table_expire_delay = opt_internal_double("table_expire_delay");
table_incremental_step = opt_internal_int("table_incremental_step"); table_incremental_step = opt_internal_int("table_incremental_step");
state_dir = internal_val("state_dir")->AsStringVal();
state_write_delay = opt_internal_double("state_write_delay");
max_files_in_cache = opt_internal_int("max_files_in_cache"); max_files_in_cache = opt_internal_int("max_files_in_cache");
log_rotate_interval = opt_internal_double("log_rotate_interval");
log_max_size = opt_internal_double("log_max_size");
rotate_info = internal_type("rotate_info")->AsRecordType(); rotate_info = internal_type("rotate_info")->AsRecordType();
log_encryption_key = opt_internal_string("log_encryption_key");
log_rotate_base_time = opt_internal_string("log_rotate_base_time"); log_rotate_base_time = opt_internal_string("log_rotate_base_time");
peer_description = peer_description =

6
src/NetVar.h
View file

@ -164,14 +164,8 @@ extern TableVal* preserve_other_addr;
extern double connection_status_update_interval; extern double connection_status_update_interval;
extern StringVal* state_dir;
extern double state_write_delay;
extern int max_files_in_cache; extern int max_files_in_cache;
extern double log_rotate_interval;
extern double log_max_size;
extern RecordType* rotate_info; extern RecordType* rotate_info;
extern StringVal* log_encryption_key;
extern StringVal* log_rotate_base_time; extern StringVal* log_rotate_base_time;
extern StringVal* peer_description; extern StringVal* peer_description;

65
src/StateAccess.cc
View file

@ -133,29 +133,6 @@ void StateAccess::RefThem()
Ref(op3); Ref(op3);
} }
bool StateAccess::MergeTables(TableVal* dst, Val* src)
{
if ( src->Type()->Tag() != TYPE_TABLE )
{
reporter->Error("type mismatch while merging tables");
return false;
}
if ( ! src->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
return false;
DBG_LOG(DBG_STATE, "merging tables %s += %s", dst->UniqueID()->Name(),
src->AsTableVal()->UniqueID()->Name());
src->AsTableVal()->AddTo(dst, 0);
// We need to make sure that the resulting table is accessible by
// the new name (while keeping the old as an alias).
dst->TransferUniqueID(src->AsMutableVal());
return true;
}
static Val* GetInteger(bro_int_t n, TypeTag t) static Val* GetInteger(bro_int_t n, TypeTag t)
{ {
if ( t == TYPE_INT ) if ( t == TYPE_INT )
@ -192,11 +169,6 @@ void StateAccess::Replay()
// There mustn't be a direct assignment to a unique ID. // There mustn't be a direct assignment to a unique ID.
assert(target.id->Name()[0] != '#'); assert(target.id->Name()[0] != '#');
if ( t == TYPE_TABLE && v &&
v->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
if ( MergeTables(v->AsTableVal(), op1.val) )
break;
target.id->SetVal(op1.val->Ref()); target.id->SetVal(op1.val->Ref());
break; break;
@ -220,18 +192,6 @@ void StateAccess::Replay()
if ( t == TYPE_TABLE ) if ( t == TYPE_TABLE )
{ {
assert(op2); assert(op2);
BroType* yt = v->Type()->AsTableType()->YieldType();
if ( yt && yt->Tag() == TYPE_TABLE )
{
TableVal* tv = v->AsTableVal();
Val* w = tv->Lookup(op1.val);
if ( w && w->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
if ( MergeTables(w->AsTableVal(), op2) )
break;
}
v->AsTableVal()->Assign(op1.val, op2 ? op2->Ref() : 0); v->AsTableVal()->Assign(op1.val, op2 ? op2->Ref() : 0);
} }
@ -241,20 +201,7 @@ void StateAccess::Replay()
int idx = v->Type()->AsRecordType()->FieldOffset(field); int idx = v->Type()->AsRecordType()->FieldOffset(field);
if ( idx >= 0 ) if ( idx >= 0 )
{
BroType* ft = v->Type()->AsRecordType()->FieldType(field);
if ( ft && ft->Tag() == TYPE_TABLE )
{
RecordVal* rv = v->AsRecordVal();
Val* w = rv->Lookup(idx);
if ( w && w->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
if ( MergeTables(w->AsTableVal(), op2) )
break;
}
v->AsRecordVal()->Assign(idx, op2 ? op2->Ref() : 0); v->AsRecordVal()->Assign(idx, op2 ? op2->Ref() : 0);
}
else else
reporter->Error("access replay: unknown record field %s for assign", field); reporter->Error("access replay: unknown record field %s for assign", field);
} }
@ -263,18 +210,6 @@ void StateAccess::Replay()
{ {
assert(op2); assert(op2);
bro_uint_t index = op1.val->AsCount(); bro_uint_t index = op1.val->AsCount();
BroType* yt = v->Type()->AsVectorType()->YieldType();
if ( yt && yt->Tag() == TYPE_TABLE )
{
VectorVal* vv = v->AsVectorVal();
Val* w = vv->Lookup(index);
if ( w && w->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
if ( MergeTables(w->AsTableVal(), op2) )
break;
}
v->AsVectorVal()->Assign(index, op2 ? op2->Ref() : 0); v->AsVectorVal()->Assign(index, op2 ? op2->Ref() : 0);
} }

2
src/StateAccess.h
View file

@ -74,8 +74,6 @@ private:
StateAccess() { target.id = 0; op1.val = op2 = op3 = 0; } StateAccess() { target.id = 0; op1.val = op2 = op3 = 0; }
void RefThem(); void RefThem();
bool MergeTables(TableVal* dst, Val* src);
DECLARE_SERIAL(StateAccess); DECLARE_SERIAL(StateAccess);
Opcode opcode; Opcode opcode;

63
src/Val.cc
View file

@ -1555,24 +1555,6 @@ int TableVal::Assign(Val* index, HashKey* k, Val* new_val, Opcode op)
if ( (is_set && new_val) || (! is_set && ! new_val) ) if ( (is_set && new_val) || (! is_set && ! new_val) )
InternalWarning("bad set/table in TableVal::Assign"); InternalWarning("bad set/table in TableVal::Assign");
BroType* yt = Type()->AsTableType()->YieldType();
if ( yt && yt->Tag() == TYPE_TABLE &&
new_val->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
{
// Join two mergeable sets.
Val* old = Lookup(index, false);
if ( old && old->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
{
if ( LoggingAccess() && op != OP_NONE )
StateAccess::Log(new StateAccess(OP_ASSIGN_IDX,
this, index, new_val, old));
new_val->AsTableVal()->AddTo(old->AsTableVal(), 0, false);
Unref(new_val);
return 1;
}
}
TableEntryVal* new_entry_val = new TableEntryVal(new_val); TableEntryVal* new_entry_val = new TableEntryVal(new_val);
HashKey k_copy(k->Key(), k->Size(), k->Hash()); HashKey k_copy(k->Key(), k->Size(), k->Hash());
TableEntryVal* old_entry_val = AsNonConstTable()->Insert(k, new_entry_val); TableEntryVal* old_entry_val = AsNonConstTable()->Insert(k, new_entry_val);
@ -2961,27 +2943,6 @@ RecordVal::~RecordVal()
void RecordVal::Assign(int field, Val* new_val, Opcode op) void RecordVal::Assign(int field, Val* new_val, Opcode op)
{ {
if ( new_val && Lookup(field) &&
record_type->FieldType(field)->Tag() == TYPE_TABLE &&
new_val->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
{
// Join two mergeable sets.
Val* old = Lookup(field);
if ( old->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
{
if ( LoggingAccess() && op != OP_NONE )
{
StringVal* index = new StringVal(Type()->AsRecordType()->FieldName(field));
StateAccess::Log(new StateAccess(OP_ASSIGN_IDX, this, index, new_val, old));
Unref(index);
}
new_val->AsTableVal()->AddTo(old->AsTableVal(), 0, false);
Unref(new_val);
return;
}
}
Val* old_val = AsNonConstRecord()->replace(field, new_val); Val* old_val = AsNonConstRecord()->replace(field, new_val);
if ( LoggingAccess() && op != OP_NONE ) if ( LoggingAccess() && op != OP_NONE )
@ -3367,30 +3328,6 @@ bool VectorVal::Assign(unsigned int index, Val* element, Opcode op)
return false; return false;
} }
BroType* yt = Type()->AsVectorType()->YieldType();
if ( yt && yt->Tag() == TYPE_TABLE &&
element->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
{
// Join two mergeable sets.
Val* old = Lookup(index);
if ( old && old->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
{
if ( LoggingAccess() && op != OP_NONE )
{
Val* ival = val_mgr->GetCount(index);
StateAccess::Log(new StateAccess(OP_ASSIGN_IDX,
this, ival, element,
(*val.vector_val)[index]));
Unref(ival);
}
element->AsTableVal()->AddTo(old->AsTableVal(), 0, false);
Unref(element);
return true;
}
}
Val* val_at_index = 0; Val* val_at_index = 0;
if ( index < val.vector_val->size() ) if ( index < val.vector_val->size() )

2
src/analyzer/CMakeLists.txt
View file

@ -1,5 +1,5 @@
include(BroSubdir) include(ZeekSubdir)
include_directories(BEFORE include_directories(BEFORE
${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}

3
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -106,9 +106,6 @@ void TCP_Reassembler::SetContentsFile(BroFile* f)
RecordToSeq(blocks->seq, last_reassem_seq, f); RecordToSeq(blocks->seq, last_reassem_seq, f);
} }
// Don't want rotation on these files.
f->SetRotateInterval(0);
Ref(f); Ref(f);
record_contents_file = f; record_contents_file = f;
} }

6
src/bro.bif
View file

@ -3523,7 +3523,7 @@ function lookup_addr%(host: addr%) : string
## Issues an asynchronous TEXT DNS lookup and delays the function result. ## Issues an asynchronous TEXT DNS lookup and delays the function result.
## This function can therefore only be called inside a ``when`` condition, ## This function can therefore only be called inside a ``when`` condition,
## e.g., ``when ( local h = lookup_hostname_txt("www.bro.org") ) { f(h); }``. ## e.g., ``when ( local h = lookup_hostname_txt("www.zeek.org") ) { f(h); }``.
## ##
## host: The hostname to lookup. ## host: The hostname to lookup.
## ##
@ -3552,7 +3552,7 @@ function lookup_hostname_txt%(host: string%) : string
## Issues an asynchronous DNS lookup and delays the function result. ## Issues an asynchronous DNS lookup and delays the function result.
## This function can therefore only be called inside a ``when`` condition, ## This function can therefore only be called inside a ``when`` condition,
## e.g., ``when ( local h = lookup_hostname("www.bro.org") ) { f(h); }``. ## e.g., ``when ( local h = lookup_hostname("www.zeek.org") ) { f(h); }``.
## ##
## host: The hostname to lookup. ## host: The hostname to lookup.
## ##
@ -4904,7 +4904,7 @@ function capture_events%(filename: string%) : bool
(const char*) filename->CheckString())); (const char*) filename->CheckString()));
%} %}
## Writes state updates generated by :zeek:attr:`&synchronized` variables to a ## Writes state updates generated by synchronized variables to a
## file. ## file.
## ##
## filename: The name of the file which stores the state updates. ## filename: The name of the file which stores the state updates.

2
src/broker/CMakeLists.txt
View file

@ -1,4 +1,4 @@
include(BroSubdir) include(ZeekSubdir)
include_directories(BEFORE include_directories(BEFORE
${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}

6
src/event.bif
View file

@ -884,11 +884,5 @@ event gaobot_signature_found%(c: connection%);
## Deprecated. Will be removed. ## Deprecated. Will be removed.
event anonymization_mapping%(orig: addr, mapped: addr%); event anonymization_mapping%(orig: addr, mapped: addr%);
## Deprecated. Will be removed.
event rotate_interval%(f: file%);
## Deprecated. Will be removed.
event rotate_size%(f: file%);
## Deprecated. Will be removed. ## Deprecated. Will be removed.
event print_hook%(f:file, s: string%); event print_hook%(f:file, s: string%);

2
src/file_analysis/CMakeLists.txt
View file

@ -1,4 +1,4 @@
include(BroSubdir) include(ZeekSubdir)
include_directories(BEFORE include_directories(BEFORE
${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}

2
src/input/CMakeLists.txt
View file

@ -1,5 +1,5 @@
include(BroSubdir) include(ZeekSubdir)
include_directories(BEFORE include_directories(BEFORE
${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}

2
src/iosource/CMakeLists.txt
View file

@ -1,5 +1,5 @@
include(BroSubdir) include(ZeekSubdir)
include_directories(BEFORE include_directories(BEFORE
${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}

2
src/logging/CMakeLists.txt
View file

@ -1,5 +1,5 @@
include(BroSubdir) include(ZeekSubdir)
include_directories(BEFORE include_directories(BEFORE
${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}

4
src/main.cc
View file

@ -161,7 +161,7 @@ void usage(int code = 1)
fprintf(stderr, " -a|--parse-only | exit immediately after parsing scripts\n"); fprintf(stderr, " -a|--parse-only | exit immediately after parsing scripts\n");
fprintf(stderr, " -b|--bare-mode | don't load scripts from the base/ directory\n"); fprintf(stderr, " -b|--bare-mode | don't load scripts from the base/ directory\n");
fprintf(stderr, " -d|--debug-policy | activate policy file debugging\n"); fprintf(stderr, " -d|--debug-policy | activate policy file debugging\n");
fprintf(stderr, " -e|--exec <bro code> | augment loaded policies by given code\n"); fprintf(stderr, " -e|--exec <zeek code> | augment loaded policies by given code\n");
fprintf(stderr, " -f|--filter <filter> | tcpdump filter\n"); fprintf(stderr, " -f|--filter <filter> | tcpdump filter\n");
fprintf(stderr, " -h|--help | command line help\n"); fprintf(stderr, " -h|--help | command line help\n");
fprintf(stderr, " -i|--iface <interface> | read from given interface\n"); fprintf(stderr, " -i|--iface <interface> | read from given interface\n");
@ -944,8 +944,6 @@ int main(int argc, char** argv)
if ( dns_type != DNS_PRIME ) if ( dns_type != DNS_PRIME )
net_init(interfaces, read_files, writefile, do_watchdog); net_init(interfaces, read_files, writefile, do_watchdog);
BroFile::SetDefaultRotation(log_rotate_interval, log_max_size);
net_done = internal_handler("net_done"); net_done = internal_handler("net_done");
if ( ! g_policy_debug ) if ( ! g_policy_debug )

19
src/parse.y
View file

@ -5,7 +5,7 @@
// Switching parser table type fixes ambiguity problems. // Switching parser table type fixes ambiguity problems.
%define lr.type ielr %define lr.type ielr
%expect 129 %expect 103
%token TOK_ADD TOK_ADD_TO TOK_ADDR TOK_ANY %token TOK_ADD TOK_ADD_TO TOK_ADDR TOK_ANY
%token TOK_ATENDIF TOK_ATELSE TOK_ATIF TOK_ATIFDEF TOK_ATIFNDEF %token TOK_ATENDIF TOK_ATELSE TOK_ATIF TOK_ATIFDEF TOK_ATIFNDEF
@ -21,11 +21,10 @@
%token TOK_TIME TOK_TIMEOUT TOK_TIMER TOK_TYPE TOK_UNION TOK_VECTOR TOK_WHEN %token TOK_TIME TOK_TIMEOUT TOK_TIMER TOK_TYPE TOK_UNION TOK_VECTOR TOK_WHEN
%token TOK_WHILE TOK_AS TOK_IS %token TOK_WHILE TOK_AS TOK_IS
%token TOK_ATTR_ADD_FUNC TOK_ATTR_ENCRYPT TOK_ATTR_DEFAULT %token TOK_ATTR_ADD_FUNC TOK_ATTR_DEFAULT TOK_ATTR_OPTIONAL TOK_ATTR_REDEF
%token TOK_ATTR_OPTIONAL TOK_ATTR_REDEF TOK_ATTR_ROTATE_INTERVAL %token TOK_ATTR_DEL_FUNC TOK_ATTR_EXPIRE_FUNC
%token TOK_ATTR_ROTATE_SIZE TOK_ATTR_DEL_FUNC TOK_ATTR_EXPIRE_FUNC
%token TOK_ATTR_EXPIRE_CREATE TOK_ATTR_EXPIRE_READ TOK_ATTR_EXPIRE_WRITE %token TOK_ATTR_EXPIRE_CREATE TOK_ATTR_EXPIRE_READ TOK_ATTR_EXPIRE_WRITE
%token TOK_ATTR_RAW_OUTPUT TOK_ATTR_MERGEABLE %token TOK_ATTR_RAW_OUTPUT
%token TOK_ATTR_PRIORITY TOK_ATTR_LOG TOK_ATTR_ERROR_HANDLER %token TOK_ATTR_PRIORITY TOK_ATTR_LOG TOK_ATTR_ERROR_HANDLER
%token TOK_ATTR_TYPE_COLUMN TOK_ATTR_DEPRECATED %token TOK_ATTR_TYPE_COLUMN TOK_ATTR_DEPRECATED
@ -1291,10 +1290,6 @@ attr:
{ $$ = new Attr(ATTR_OPTIONAL); } { $$ = new Attr(ATTR_OPTIONAL); }
| TOK_ATTR_REDEF | TOK_ATTR_REDEF
{ $$ = new Attr(ATTR_REDEF); } { $$ = new Attr(ATTR_REDEF); }
| TOK_ATTR_ROTATE_INTERVAL '=' expr
{ $$ = new Attr(ATTR_ROTATE_INTERVAL, $3); }
| TOK_ATTR_ROTATE_SIZE '=' expr
{ $$ = new Attr(ATTR_ROTATE_SIZE, $3); }
| TOK_ATTR_ADD_FUNC '=' expr | TOK_ATTR_ADD_FUNC '=' expr
{ $$ = new Attr(ATTR_ADD_FUNC, $3); } { $$ = new Attr(ATTR_ADD_FUNC, $3); }
| TOK_ATTR_DEL_FUNC '=' expr | TOK_ATTR_DEL_FUNC '=' expr
@ -1307,14 +1302,8 @@ attr:
{ $$ = new Attr(ATTR_EXPIRE_READ, $3); } { $$ = new Attr(ATTR_EXPIRE_READ, $3); }
| TOK_ATTR_EXPIRE_WRITE '=' expr | TOK_ATTR_EXPIRE_WRITE '=' expr
{ $$ = new Attr(ATTR_EXPIRE_WRITE, $3); } { $$ = new Attr(ATTR_EXPIRE_WRITE, $3); }
| TOK_ATTR_ENCRYPT
{ $$ = new Attr(ATTR_ENCRYPT); }
| TOK_ATTR_ENCRYPT '=' expr
{ $$ = new Attr(ATTR_ENCRYPT, $3); }
| TOK_ATTR_RAW_OUTPUT | TOK_ATTR_RAW_OUTPUT
{ $$ = new Attr(ATTR_RAW_OUTPUT); } { $$ = new Attr(ATTR_RAW_OUTPUT); }
| TOK_ATTR_MERGEABLE
{ $$ = new Attr(ATTR_MERGEABLE); }
| TOK_ATTR_PRIORITY '=' expr | TOK_ATTR_PRIORITY '=' expr
{ $$ = new Attr(ATTR_PRIORITY, $3); } { $$ = new Attr(ATTR_PRIORITY, $3); }
| TOK_ATTR_TYPE_COLUMN '=' expr | TOK_ATTR_TYPE_COLUMN '=' expr

2
src/probabilistic/CMakeLists.txt
View file

@ -1,5 +1,5 @@
include(BroSubdir) include(ZeekSubdir)
include_directories(BEFORE include_directories(BEFORE
${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}

20
src/scan.l
View file

@ -300,26 +300,6 @@ when return TOK_WHEN;
&redef return TOK_ATTR_REDEF; &redef return TOK_ATTR_REDEF;
&write_expire return TOK_ATTR_EXPIRE_WRITE; &write_expire return TOK_ATTR_EXPIRE_WRITE;
&encrypt {
deprecated_attr(yytext);
return TOK_ATTR_ENCRYPT;
}
&mergeable {
deprecated_attr(yytext);
return TOK_ATTR_MERGEABLE;
}
&rotate_interval {
deprecated_attr(yytext);
return TOK_ATTR_ROTATE_INTERVAL;
}
&rotate_size {
deprecated_attr(yytext);
return TOK_ATTR_ROTATE_SIZE;
}
@deprecated.* { @deprecated.* {
auto num_files = file_stack.length(); auto num_files = file_stack.length();
auto comment = skip_whitespace(yytext + 11); auto comment = skip_whitespace(yytext + 11);

4
src/util-config.h.in
View file

@ -1,3 +1,3 @@
#define BRO_SCRIPT_INSTALL_PATH "@BRO_SCRIPT_INSTALL_PATH@" #define ZEEK_SCRIPT_INSTALL_PATH "@ZEEK_SCRIPT_INSTALL_PATH@"
#define BRO_PLUGIN_INSTALL_PATH "@BRO_PLUGIN_INSTALL_PATH@" #define BRO_PLUGIN_INSTALL_PATH "@BRO_PLUGIN_INSTALL_PATH@"
#define DEFAULT_BROPATH "@DEFAULT_BROPATH@" #define DEFAULT_ZEEKPATH "@DEFAULT_ZEEKPATH@"

2
src/util.cc
View file

@ -961,7 +961,7 @@ const std::string& bro_path()
const char* path = getenv("BROPATH"); const char* path = getenv("BROPATH");
if ( ! path ) if ( ! path )
path = DEFAULT_BROPATH; path = DEFAULT_ZEEKPATH;
bro_path_value = path; bro_path_value = path;
} }

2
src/zeekygen/CMakeLists.txt
View file

@ -1,6 +1,6 @@
# See the file "COPYING" in the main distribution directory for copyright. # See the file "COPYING" in the main distribution directory for copyright.
include(BroSubdir) include(ZeekSubdir)
include_directories(BEFORE include_directories(BEFORE
${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}

6
testing/btest/Baseline/plugins.legacy/output Normal file
View file

@ -0,0 +1,6 @@
Demo::Foo - A Foo test analyzer (dynamic, version 1.0.0)
[Analyzer] Foo (ANALYZER_FOO, enabled)
[Event] foo_message
===
foo_message, [orig_h=::1, orig_p=37927/tcp, resp_h=::1, resp_p=4242/tcp], Hello, Foo!\x0a

2
testing/btest/bifs/x509_verify.zeek
View file

@ -8,7 +8,7 @@
# @TEST-EXEC: cp .stdout stdout-openssl-1.0 # @TEST-EXEC: cp .stdout stdout-openssl-1.0
# @TEST-EXEC: cp .stdout stdout-openssl-1.1 # @TEST-EXEC: cp .stdout stdout-openssl-1.1
# @TEST-EXEC: grep -q "BRO_HAVE_OPENSSL_1_1" $BUILD/CMakeCache.txt && btest-diff stdout-openssl-1.1 || btest-diff stdout-openssl-1.0 # @TEST-EXEC: grep -q "ZEEK_HAVE_OPENSSL_1_1" $BUILD/CMakeCache.txt && btest-diff stdout-openssl-1.1 || btest-diff stdout-openssl-1.0
redef SSL::root_certs += { redef SSL::root_certs += {
["OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x02\x3C\x30\x82\x01\xA5\x02\x10\x70\xBA\xE4\x1D\x10\xD9\x29\x34\xB6\x38\xCA\x7B\x03\xCC\xBA\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC9\x5C\x59\x9E\xF2\x1B\x8A\x01\x14\xB4\x10\xDF\x04\x40\xDB\xE3\x57\xAF\x6A\x45\x40\x8F\x84\x0C\x0B\xD1\x33\xD9\xD9\x11\xCF\xEE\x02\x58\x1F\x25\xF7\x2A\xA8\x44\x05\xAA\xEC\x03\x1F\x78\x7F\x9E\x93\xB9\x9A\x00\xAA\x23\x7D\xD6\xAC\x85\xA2\x63\x45\xC7\x72\x27\xCC\xF4\x4C\xC6\x75\x71\xD2\x39\xEF\x4F\x42\xF0\x75\xDF\x0A\x90\xC6\x8E\x20\x6F\x98\x0F\xF8\xAC\x23\x5F\x70\x29\x36\xA4\xC9\x86\xE7\xB1\x9A\x20\xCB\x53\xA5\x85\xE7\x3D\xBE\x7D\x9A\xFE\x24\x45\x33\xDC\x76\x15\xED\x0F\xA2\x71\x64\x4C\x65\x2E\x81\x68\x45\xA7\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x03\x81\x81\x00\xBB\x4C\x12\x2B\xCF\x2C\x26\x00\x4F\x14\x13\xDD\xA6\xFB\xFC\x0A\x11\x84\x8C\xF3\x28\x1C\x67\x92\x2F\x7C\xB6\xC5\xFA\xDF\xF0\xE8\x95\xBC\x1D\x8F\x6C\x2C\xA8\x51\xCC\x73\xD8\xA4\xC0\x53\xF0\x4E\xD6\x26\xC0\x76\x01\x57\x81\x92\x5E\x21\xF1\xD1\xB1\xFF\xE7\xD0\x21\x58\xCD\x69\x17\xE3\x44\x1C\x9C\x19\x44\x39\x89\x5C\xDC\x9C\x00\x0F\x56\x8D\x02\x99\xED\xA2\x90\x45\x4C\xE4\xBB\x10\xA4\x3D\xF0\x32\x03\x0E\xF1\xCE\xF8\xE8\xC9\x51\x8C\xE6\x62\x9F\xE6\x9F\xC0\x7D\xB7\x72\x9C\xC9\x36\x3A\x6B\x9F\x4E\xA8\xFF\x64\x0D\x64" ["OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x02\x3C\x30\x82\x01\xA5\x02\x10\x70\xBA\xE4\x1D\x10\xD9\x29\x34\xB6\x38\xCA\x7B\x03\xCC\xBA\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC9\x5C\x59\x9E\xF2\x1B\x8A\x01\x14\xB4\x10\xDF\x04\x40\xDB\xE3\x57\xAF\x6A\x45\x40\x8F\x84\x0C\x0B\xD1\x33\xD9\xD9\x11\xCF\xEE\x02\x58\x1F\x25\xF7\x2A\xA8\x44\x05\xAA\xEC\x03\x1F\x78\x7F\x9E\x93\xB9\x9A\x00\xAA\x23\x7D\xD6\xAC\x85\xA2\x63\x45\xC7\x72\x27\xCC\xF4\x4C\xC6\x75\x71\xD2\x39\xEF\x4F\x42\xF0\x75\xDF\x0A\x90\xC6\x8E\x20\x6F\x98\x0F\xF8\xAC\x23\x5F\x70\x29\x36\xA4\xC9\x86\xE7\xB1\x9A\x20\xCB\x53\xA5\x85\xE7\x3D\xBE\x7D\x9A\xFE\x24\x45\x33\xDC\x76\x15\xED\x0F\xA2\x71\x64\x4C\x65\x2E\x81\x68\x45\xA7\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x03\x81\x81\x00\xBB\x4C\x12\x2B\xCF\x2C\x26\x00\x4F\x14\x13\xDD\xA6\xFB\xFC\x0A\x11\x84\x8C\xF3\x28\x1C\x67\x92\x2F\x7C\xB6\xC5\xFA\xDF\xF0\xE8\x95\xBC\x1D\x8F\x6C\x2C\xA8\x51\xCC\x73\xD8\xA4\xC0\x53\xF0\x4E\xD6\x26\xC0\x76\x01\x57\x81\x92\x5E\x21\xF1\xD1\xB1\xFF\xE7\xD0\x21\x58\xCD\x69\x17\xE3\x44\x1C\x9C\x19\x44\x39\x89\x5C\xDC\x9C\x00\x0F\x56\x8D\x02\x99\xED\xA2\x90\x45\x4C\xE4\xBB\x10\xA4\x3D\xF0\x32\x03\x0E\xF1\xCE\xF8\xE8\xC9\x51\x8C\xE6\x62\x9F\xE6\x9F\xC0\x7D\xB7\x72\x9C\xC9\x36\x3A\x6B\x9F\x4E\xA8\xFF\x64\x0D\x64"

14
testing/btest/plugins/file-plugin/CMakeLists.txt
View file

@ -1,5 +1,5 @@
project(Bro-Plugin-Demo-Foo) project(Zeek-Plugin-Demo-Foo)
cmake_minimum_required(VERSION 2.6.3) cmake_minimum_required(VERSION 2.6.3)
@ -9,10 +9,10 @@ endif ()
set(CMAKE_MODULE_PATH ${BRO_DIST}/cmake) set(CMAKE_MODULE_PATH ${BRO_DIST}/cmake)
include(BroPlugin) include(ZeekPlugin)
bro_plugin_begin(Demo Foo) zeek_plugin_begin(Demo Foo)
bro_plugin_cc(src/Plugin.cc) zeek_plugin_cc(src/Plugin.cc)
bro_plugin_cc(src/Foo.cc) zeek_plugin_cc(src/Foo.cc)
bro_plugin_bif(src/events.bif) zeek_plugin_bif(src/events.bif)
bro_plugin_end() zeek_plugin_end()

0
testing/btest/plugins/legacy-plugin/.btest-ignore Normal file
View file

19
testing/btest/plugins/legacy-plugin/CMakeLists.txt Normal file
View file

@ -0,0 +1,19 @@
project(Zeek-Plugin-Demo-Foo)
cmake_minimum_required(VERSION 2.6.3)
if ( NOT BRO_DIST )
message(FATAL_ERROR "BRO_DIST not set")
endif ()
set(CMAKE_MODULE_PATH ${BRO_DIST}/cmake)
include(BroPlugin)
bro_plugin_begin(Demo Foo)
bro_plugin_cc(src/Plugin.cc)
bro_plugin_cc(src/Foo.cc)
bro_plugin_bif(src/events.bif)
bro_plugin_pac(src/foo.pac src/foo-protocol.pac src/foo-analyzer.pac)
bro_plugin_end()

7
testing/btest/plugins/legacy-plugin/scripts/Demo/Foo/base/main.zeek Normal file
View file

@ -0,0 +1,7 @@
const ports = { 4242/tcp };
event zeek_init() &priority=5
{
Analyzer::register_for_ports(Analyzer::ANALYZER_FOO, ports);
}

1
testing/btest/plugins/legacy-plugin/scripts/__load__.zeek Normal file
View file

@ -0,0 +1 @@
@load Demo/Foo/base/main

59
testing/btest/plugins/legacy-plugin/src/Foo.cc Normal file
View file

@ -0,0 +1,59 @@
#include "Foo.h"
#include "foo_pac.h"
#include "events.bif.h"
#include <analyzer/protocol/tcp/TCP_Reassembler.h>
using namespace plugin::Demo_Foo;
Foo::Foo(Connection* conn)
: analyzer::tcp::TCP_ApplicationAnalyzer("Foo", conn)
{
interp = new binpac::Foo::Foo_Conn(this);
}
Foo::~Foo()
{
delete interp;
}
void Foo::Done()
{
analyzer::tcp::TCP_ApplicationAnalyzer::Done();
interp->FlowEOF(true);
interp->FlowEOF(false);
}
void Foo::EndpointEOF(bool is_orig)
{
analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
interp->FlowEOF(is_orig);
}
void Foo::DeliverStream(int len, const u_char* data, bool orig)
{
analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
assert(TCP());
if ( TCP()->IsPartial() )
// punt on partial.
return;
try
{
interp->NewData(orig, data, data + len);
}
catch ( const binpac::Exception& e )
{
ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
}
}
void Foo::Undelivered(uint64 seq, int len, bool orig)
{
analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
interp->NewGap(orig, len);
}

32
testing/btest/plugins/legacy-plugin/src/Foo.h Normal file
View file

@ -0,0 +1,32 @@
#ifndef BRO_PLUGIN_DEMO_FOO_H
#define BRO_PLUGIN_DEMO_FOO_H
#include "analyzer/protocol/tcp/TCP.h"
#include "analyzer/protocol/pia/PIA.h"
namespace binpac { namespace Foo { class Foo_Conn; } }
namespace plugin {
namespace Demo_Foo {
class Foo : public analyzer::tcp::TCP_ApplicationAnalyzer {
public:
Foo(Connection* conn);
~Foo();
virtual void Done();
virtual void DeliverStream(int len, const u_char* data, bool orig);
virtual void Undelivered(uint64 seq, int len, bool orig);
virtual void EndpointEOF(bool is_orig);
static analyzer::Analyzer* Instantiate(Connection* conn)
{ return new Foo(conn); }
protected:
binpac::Foo::Foo_Conn* interp;
};
} }
#endif

21
testing/btest/plugins/legacy-plugin/src/Plugin.cc Normal file
View file

@ -0,0 +1,21 @@
#include "Plugin.h"
#include "Foo.h"
namespace plugin { namespace Demo_Foo { Plugin plugin; } }
using namespace plugin::Demo_Foo;
plugin::Configuration Plugin::Configure()
{
AddComponent(new ::analyzer::Component("Foo", plugin::Demo_Foo::Foo::Instantiate));
plugin::Configuration config;
config.name = "Demo::Foo";
config.description = "A Foo test analyzer";
config.version.major = 1;
config.version.minor = 0;
config.version.patch = 0;
return config;
}

2
testing/btest/plugins/legacy-plugin/src/events.bif Normal file
View file

@ -0,0 +1,2 @@
event foo_message%(c: connection, data: string%);

15
testing/btest/plugins/legacy-plugin/src/foo-analyzer.pac Normal file
View file

@ -0,0 +1,15 @@
refine connection Foo_Conn += {
function Foo_data(msg: Foo_Message): bool
%{
StringVal* data = new StringVal(${msg.data}.length(), (const char*) ${msg.data}.data());
BifEvent::generate_foo_message(bro_analyzer(), bro_analyzer()->Conn(), data);
return true;
%}
};
refine typeattr Foo_Message += &let {
proc: bool = $context.connection.Foo_data(this);
};

4
testing/btest/plugins/legacy-plugin/src/foo-protocol.pac Normal file
View file

@ -0,0 +1,4 @@
type Foo_Message(is_orig: bool) = record {
data: bytestring &restofdata;
};

26
testing/btest/plugins/legacy-plugin/src/foo.pac Normal file
View file

@ -0,0 +1,26 @@
%include binpac.pac
%include bro.pac
%extern{
#include "Foo.h"
#include "events.bif.h"
%}
analyzer Foo withcontext {
connection: Foo_Conn;
flow: Foo_Flow;
};
connection Foo_Conn(bro_analyzer: BroAnalyzer) {
upflow = Foo_Flow(true);
downflow = Foo_Flow(false);
};
%include foo-protocol.pac
flow Foo_Flow(is_orig: bool) {
datagram = Foo_Message(is_orig) withcontext(connection, this);
};
%include foo-analyzer.pac

14
testing/btest/plugins/legacy.zeek Normal file
View file

@ -0,0 +1,14 @@
# Test that legacy Bro plugins still work.
# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo
# @TEST-EXEC: cp -r %DIR/legacy-plugin/* .
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output
# @TEST-EXEC: echo === >>output
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/port4242.trace %INPUT >>output
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output
event foo_message(c: connection, data: string)
{
print "foo_message", c$id, data;
}

18
testing/btest/plugins/pktdumper-plugin/CMakeLists.txt
View file

@ -1,17 +1,17 @@
project(Bro-Plugin-Demo-Foo) project(Zeek-Plugin-Demo-Foo)
cmake_minimum_required(VERSION 2.6.3) cmake_minimum_required(VERSION 2.6.3)
if ( NOT BRO_DIST ) if ( NOT ZEEK_DIST )
message(FATAL_ERROR "BRO_DIST not set") message(FATAL_ERROR "ZEEK_DIST not set")
endif () endif ()
set(CMAKE_MODULE_PATH ${BRO_DIST}/cmake) set(CMAKE_MODULE_PATH ${ZEEK_DIST}/cmake)
include(BroPlugin) include(ZeekPlugin)
bro_plugin_begin(Demo Foo) zeek_plugin_begin(Demo Foo)
bro_plugin_cc(src/Plugin.cc) zeek_plugin_cc(src/Plugin.cc)
bro_plugin_cc(src/Foo.cc) zeek_plugin_cc(src/Foo.cc)
bro_plugin_end() zeek_plugin_end()

18
testing/btest/plugins/pktsrc-plugin/CMakeLists.txt
View file

@ -1,17 +1,17 @@
project(Bro-Plugin-Demo-Foo) project(Zeek-Plugin-Demo-Foo)
cmake_minimum_required(VERSION 2.6.3) cmake_minimum_required(VERSION 2.6.3)
if ( NOT BRO_DIST ) if ( NOT ZEEK_DIST )
message(FATAL_ERROR "BRO_DIST not set") message(FATAL_ERROR "ZEEK_DIST not set")
endif () endif ()
set(CMAKE_MODULE_PATH ${BRO_DIST}/cmake) set(CMAKE_MODULE_PATH ${ZEEK_DIST}/cmake)
include(BroPlugin) include(ZeekPlugin)
bro_plugin_begin(Demo Foo) zeek_plugin_begin(Demo Foo)
bro_plugin_cc(src/Plugin.cc) zeek_plugin_cc(src/Plugin.cc)
bro_plugin_cc(src/Foo.cc) zeek_plugin_cc(src/Foo.cc)
bro_plugin_end() zeek_plugin_end()

22
testing/btest/plugins/protocol-plugin/CMakeLists.txt
View file

@ -1,19 +1,19 @@
project(Bro-Plugin-Demo-Foo) project(Zeek-Plugin-Demo-Foo)
cmake_minimum_required(VERSION 2.6.3) cmake_minimum_required(VERSION 2.6.3)
if ( NOT BRO_DIST ) if ( NOT ZEEK_DIST )
message(FATAL_ERROR "BRO_DIST not set") message(FATAL_ERROR "ZEEK_DIST not set")
endif () endif ()
set(CMAKE_MODULE_PATH ${BRO_DIST}/cmake) set(CMAKE_MODULE_PATH ${ZEEK_DIST}/cmake)
include(BroPlugin) include(ZeekPlugin)
bro_plugin_begin(Demo Foo) zeek_plugin_begin(Demo Foo)
bro_plugin_cc(src/Plugin.cc) zeek_plugin_cc(src/Plugin.cc)
bro_plugin_cc(src/Foo.cc) zeek_plugin_cc(src/Foo.cc)
bro_plugin_bif(src/events.bif) zeek_plugin_bif(src/events.bif)
bro_plugin_pac(src/foo.pac src/foo-protocol.pac src/foo-analyzer.pac) zeek_plugin_pac(src/foo.pac src/foo-protocol.pac src/foo-analyzer.pac)
bro_plugin_end() zeek_plugin_end()

18
testing/btest/plugins/reader-plugin/CMakeLists.txt
View file

@ -1,17 +1,17 @@
project(Bro-Plugin-Demo-Foo) project(Zeek-Plugin-Demo-Foo)
cmake_minimum_required(VERSION 2.6.3) cmake_minimum_required(VERSION 2.6.3)
if ( NOT BRO_DIST ) if ( NOT ZEEK_DIST )
message(FATAL_ERROR "BRO_DIST not set") message(FATAL_ERROR "ZEEK_DIST not set")
endif () endif ()
set(CMAKE_MODULE_PATH ${BRO_DIST}/cmake) set(CMAKE_MODULE_PATH ${ZEEK_DIST}/cmake)
include(BroPlugin) include(ZeekPlugin)
bro_plugin_begin(Demo Foo) zeek_plugin_begin(Demo Foo)
bro_plugin_cc(src/Plugin.cc) zeek_plugin_cc(src/Plugin.cc)
bro_plugin_cc(src/Foo.cc) zeek_plugin_cc(src/Foo.cc)
bro_plugin_end() zeek_plugin_end()

18
testing/btest/plugins/writer-plugin/CMakeLists.txt
View file

@ -1,17 +1,17 @@
project(Bro-Plugin-Demo-Foo) project(Zeek-Plugin-Demo-Foo)
cmake_minimum_required(VERSION 2.6.3) cmake_minimum_required(VERSION 2.6.3)
if ( NOT BRO_DIST ) if ( NOT ZEEK_DIST )
message(FATAL_ERROR "BRO_DIST not set") message(FATAL_ERROR "ZEEK_DIST not set")
endif () endif ()
set(CMAKE_MODULE_PATH ${BRO_DIST}/cmake) set(CMAKE_MODULE_PATH ${ZEEK_DIST}/cmake)
include(BroPlugin) include(ZeekPlugin)
bro_plugin_begin(Demo Foo) zeek_plugin_begin(Demo Foo)
bro_plugin_cc(src/Plugin.cc) zeek_plugin_cc(src/Plugin.cc)
bro_plugin_cc(src/Foo.cc) zeek_plugin_cc(src/Foo.cc)
bro_plugin_end() zeek_plugin_end()

4
zeek-config.h.in
View file

@ -223,8 +223,8 @@
#define DYNAMIC_PLUGIN_SUFFIX "@CMAKE_SHARED_MODULE_SUFFIX@" #define DYNAMIC_PLUGIN_SUFFIX "@CMAKE_SHARED_MODULE_SUFFIX@"
/* True if we're building outside of the main Zeek source code tree. */ /* True if we're building outside of the main Zeek source code tree. */
#ifndef BRO_PLUGIN_INTERNAL_BUILD #ifndef ZEEK_PLUGIN_INTERNAL_BUILD
#define BRO_PLUGIN_INTERNAL_BUILD @BRO_PLUGIN_INTERNAL_BUILD@ #define ZEEK_PLUGIN_INTERNAL_BUILD @ZEEK_PLUGIN_INTERNAL_BUILD@
#endif #endif
/* A C function that has the Zeek version encoded into its name. */ /* A C function that has the Zeek version encoded into its name. */

26
zeek-config.in
View file

@ -3,21 +3,21 @@
version=@VERSION@ version=@VERSION@
build_type=@CMAKE_BUILD_TYPE_LOWER@ build_type=@CMAKE_BUILD_TYPE_LOWER@
prefix=@CMAKE_INSTALL_PREFIX@ prefix=@CMAKE_INSTALL_PREFIX@
script_dir=@BRO_SCRIPT_INSTALL_PATH@ script_dir=@ZEEK_SCRIPT_INSTALL_PATH@
site_dir=@BRO_SCRIPT_INSTALL_PATH@/site site_dir=@ZEEK_SCRIPT_INSTALL_PATH@/site
plugin_dir=@BRO_PLUGIN_INSTALL_PATH@ plugin_dir=@BRO_PLUGIN_INSTALL_PATH@
config_dir=@BRO_ETC_INSTALL_DIR@ config_dir=@ZEEK_ETC_INSTALL_DIR@
python_dir=@PY_MOD_INSTALL_DIR@ python_dir=@PY_MOD_INSTALL_DIR@
cmake_dir=@CMAKE_INSTALL_PREFIX@/share/bro/cmake cmake_dir=@CMAKE_INSTALL_PREFIX@/share/bro/cmake
include_dir=@CMAKE_INSTALL_PREFIX@/include/bro include_dir=@CMAKE_INSTALL_PREFIX@/include/bro
bropath=@DEFAULT_BROPATH@ zeekpath=@DEFAULT_ZEEKPATH@
bro_dist=@BRO_DIST@ zeek_dist=@ZEEK_DIST@
binpac_root=@ZEEK_CONFIG_BINPAC_ROOT_DIR@ binpac_root=@ZEEK_CONFIG_BINPAC_ROOT_DIR@
caf_root=@ZEEK_CONFIG_CAF_ROOT_DIR@ caf_root=@ZEEK_CONFIG_CAF_ROOT_DIR@
broker_root=@ZEEK_CONFIG_BROKER_ROOT_DIR@ broker_root=@ZEEK_CONFIG_BROKER_ROOT_DIR@
usage="\ usage="\
Usage: zeek-config [--version] [--build_type] [--prefix] [--script_dir] [--site_dir] [--plugin_dir] [--config_dir] [--python_dir] [--include_dir] [--cmake_dir] [--bropath] [--bro_dist] [--binpac_root] [--caf_root] [--broker_root]" Usage: zeek-config [--version] [--build_type] [--prefix] [--script_dir] [--site_dir] [--plugin_dir] [--config_dir] [--python_dir] [--include_dir] [--cmake_dir] [--zeekpath] [--zeek_dist] [--binpac_root] [--caf_root] [--broker_root]"
if [ $# -eq 0 ] ; then if [ $# -eq 0 ] ; then
echo "${usage}" 1>&2 echo "${usage}" 1>&2
@ -61,11 +61,17 @@ while [ $# -ne 0 ]; do
--include_dir) --include_dir)
echo $include_dir echo $include_dir
;; ;;
--bropath) --bropath) # For compatibility with legacy Bro plugins.
echo $bropath echo $zeekpath
;; ;;
--bro_dist) --zeekpath)
echo $bro_dist echo $zeekpath
;;
--bro_dist) # For compatibility with legacy Bro plugins.
echo $zeek_dist
;;
--zeek_dist)
echo $zeek_dist
;; ;;
--binpac_root) --binpac_root)
echo $binpac_root echo $binpac_root