mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Deprecate all BroType* in BifType:: namespace
Replaced with equivalently named IntrusivePtr in zeek::BifType::
This commit is contained in:
Jon Siwek
parent
dca587c604
commit
eedeb07550
62 changed files with 287 additions and 283 deletions
4
NEWS
4
NEWS
|
|
@ -176,6 +176,10 @@ Deprecated Functionality
|
|||
|
||||
- ``Scope::Lookup()`` is deprecated, use ``Scope::Find()``.
|
||||
|
||||
- All generated ``BroType*`` names in the ``BifType::`` namespaces are
|
||||
deprecated, but there's an equivalent name in ``zeek::BifType::`` of
|
||||
``IntrusivePtr`` type to use instead.
|
||||
|
||||
Zeek 3.1.0
|
||||
==========
|
||||
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit 970c09875a4bcfb61981d7b629e732f9a0f322ef
|
||||
Subproject commit 5afd05f72b52bd40637546203749fb7bed8dbc4d
|
||||
|
|
@ -18,7 +18,7 @@ EncapsulatingConn::EncapsulatingConn(Connection* c, BifEnum::Tunnel::Type t)
|
|||
|
||||
IntrusivePtr<RecordVal> EncapsulatingConn::ToVal() const
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::Tunnel::EncapsulatingConn);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::Tunnel::EncapsulatingConn);
|
||||
|
||||
auto id_val = make_intrusive<RecordVal>(zeek::id::conn_id);
|
||||
id_val->Assign(0, make_intrusive<AddrVal>(src_addr));
|
||||
|
|
@ -26,7 +26,7 @@ IntrusivePtr<RecordVal> EncapsulatingConn::ToVal() const
|
|||
id_val->Assign(2, make_intrusive<AddrVal>(dst_addr));
|
||||
id_val->Assign(3, val_mgr->Port(ntohs(dst_port), proto));
|
||||
rv->Assign(0, std::move(id_val));
|
||||
rv->Assign(1, BifType::Enum::Tunnel::Type->GetVal(type));
|
||||
rv->Assign(1, zeek::BifType::Enum::Tunnel::Type->GetVal(type));
|
||||
|
||||
rv->Assign(2, make_intrusive<StringVal>(uid.Base62("C").c_str()));
|
||||
|
||||
|
|
|
|||
|
|
@ -2033,16 +2033,16 @@ void TableVal::CallChangeFunc(const Val* index, Val* old_value, OnChangeType tpe
|
|||
switch ( tpe )
|
||||
{
|
||||
case ELEMENT_NEW:
|
||||
vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_NEW));
|
||||
vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_NEW));
|
||||
break;
|
||||
case ELEMENT_CHANGED:
|
||||
vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_CHANGED));
|
||||
vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_CHANGED));
|
||||
break;
|
||||
case ELEMENT_REMOVED:
|
||||
vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_REMOVED));
|
||||
vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_REMOVED));
|
||||
break;
|
||||
case ELEMENT_EXPIRED:
|
||||
vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_EXPIRED));
|
||||
vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_EXPIRED));
|
||||
}
|
||||
|
||||
for ( const auto& v : lv->Vals() )
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ refine connection DCE_RPC_Conn += {
|
|||
${header.is_orig},
|
||||
fid,
|
||||
${header.PTYPE},
|
||||
BifType::Enum::DCE_RPC::PType->GetVal(${header.PTYPE}));
|
||||
zeek::BifType::Enum::DCE_RPC::PType->GetVal(${header.PTYPE}));
|
||||
}
|
||||
return true;
|
||||
%}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ refine flow DHCP_Flow += {
|
|||
%{
|
||||
if ( ! options )
|
||||
{
|
||||
options = make_intrusive<RecordVal>(BifType::Record::DHCP::Options);
|
||||
options = make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::Options);
|
||||
all_options = make_intrusive<VectorVal>(zeek::id::index_vec);
|
||||
options->Assign(0, all_options);
|
||||
}
|
||||
|
|
@ -53,7 +53,7 @@ refine flow DHCP_Flow += {
|
|||
std::string mac_str = fmt_mac(${msg.chaddr}.data(), ${msg.chaddr}.length());
|
||||
double secs = static_cast<double>(${msg.secs});
|
||||
|
||||
auto dhcp_msg_val = make_intrusive<RecordVal>(BifType::Record::DHCP::Msg);
|
||||
auto dhcp_msg_val = make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::Msg);
|
||||
dhcp_msg_val->Assign(0, val_mgr->Count(${msg.op}));
|
||||
dhcp_msg_val->Assign(1, val_mgr->Count(${msg.type}));
|
||||
dhcp_msg_val->Assign(2, val_mgr->Count(${msg.xid}));
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ refine casetype OptionValue += {
|
|||
refine flow DHCP_Flow += {
|
||||
function process_router_option(v: OptionValue): bool
|
||||
%{
|
||||
auto router_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
|
||||
auto router_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
|
||||
int num_routers = ${v.router_list}->size();
|
||||
vector<uint32>* rlist = ${v.router_list};
|
||||
|
||||
|
|
@ -91,7 +91,7 @@ refine casetype OptionValue += {
|
|||
refine flow DHCP_Flow += {
|
||||
function process_timeserver_option(v: OptionValue): bool
|
||||
%{
|
||||
auto timeserver_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
|
||||
auto timeserver_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
|
||||
int num_servers = ${v.timeserver_list}->size();
|
||||
vector<uint32>* rlist = ${v.timeserver_list};
|
||||
|
||||
|
|
@ -125,7 +125,7 @@ refine casetype OptionValue += {
|
|||
refine flow DHCP_Flow += {
|
||||
function process_nameserver_option(v: OptionValue): bool
|
||||
%{
|
||||
auto nameserver_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
|
||||
auto nameserver_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
|
||||
int num_servers = ${v.nameserver_list}->size();
|
||||
vector<uint32>* rlist = ${v.nameserver_list};
|
||||
|
||||
|
|
@ -159,7 +159,7 @@ refine casetype OptionValue += {
|
|||
refine flow DHCP_Flow += {
|
||||
function process_dns_server_option(v: OptionValue): bool
|
||||
%{
|
||||
auto server_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
|
||||
auto server_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
|
||||
int num_servers = ${v.dns_server_list}->size();
|
||||
vector<uint32>* rlist = ${v.dns_server_list};
|
||||
|
||||
|
|
@ -298,7 +298,7 @@ refine casetype OptionValue += {
|
|||
refine flow DHCP_Flow += {
|
||||
function process_ntpserver_option(v: OptionValue): bool
|
||||
%{
|
||||
auto ntpserver_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
|
||||
auto ntpserver_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
|
||||
int num_servers = ${v.ntpserver_list}->size();
|
||||
vector<uint32>* rlist = ${v.ntpserver_list};
|
||||
|
||||
|
|
@ -356,7 +356,7 @@ refine casetype OptionValue += {
|
|||
refine flow DHCP_Flow += {
|
||||
function process_nbns_option(v: OptionValue): bool
|
||||
%{
|
||||
auto server_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
|
||||
auto server_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
|
||||
int num_servers = ${v.nbns}->size();
|
||||
vector<uint32>* rlist = ${v.nbns};
|
||||
|
||||
|
|
@ -625,7 +625,7 @@ refine casetype OptionValue += {
|
|||
refine flow DHCP_Flow += {
|
||||
function process_client_id_option(v: OptionValue): bool
|
||||
%{
|
||||
RecordVal* client_id = new RecordVal(BifType::Record::DHCP::ClientID);
|
||||
RecordVal* client_id = new RecordVal(zeek::BifType::Record::DHCP::ClientID);
|
||||
client_id->Assign(0, val_mgr->Count(${v.client_id.hwtype}));
|
||||
client_id->Assign(1, make_intrusive<StringVal>(fmt_mac(${v.client_id.hwaddr}.begin(), ${v.client_id.hwaddr}.length())));
|
||||
|
||||
|
|
@ -685,7 +685,7 @@ refine casetype OptionValue += {
|
|||
refine flow DHCP_Flow += {
|
||||
function process_client_fqdn_option(v: OptionValue): bool
|
||||
%{
|
||||
RecordVal* client_fqdn = new RecordVal(BifType::Record::DHCP::ClientFQDN);
|
||||
RecordVal* client_fqdn = new RecordVal(zeek::BifType::Record::DHCP::ClientFQDN);
|
||||
client_fqdn->Assign(0, val_mgr->Count(${v.client_fqdn.flags}));
|
||||
client_fqdn->Assign(1, val_mgr->Count(${v.client_fqdn.rcode1}));
|
||||
client_fqdn->Assign(2, val_mgr->Count(${v.client_fqdn.rcode2}));
|
||||
|
|
@ -743,14 +743,14 @@ refine flow DHCP_Flow += {
|
|||
|
||||
function process_relay_agent_inf_option(v: OptionValue): bool
|
||||
%{
|
||||
auto relay_agent_sub_opt = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::SubOpts});
|
||||
auto relay_agent_sub_opt = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::SubOpts);
|
||||
|
||||
uint16 i = 0;
|
||||
|
||||
for ( auto ptrsubopt = ${v.relay_agent_inf}->begin();
|
||||
ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt )
|
||||
{
|
||||
auto r = new RecordVal(BifType::Record::DHCP::SubOpt);
|
||||
auto r = new RecordVal(zeek::BifType::Record::DHCP::SubOpt);
|
||||
r->Assign(0, val_mgr->Count((*ptrsubopt)->code()));
|
||||
r->Assign(1, to_stringval((*ptrsubopt)->value()));
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ type ftp_port: record;
|
|||
|
||||
static IntrusivePtr<Val> parse_port(const char* line)
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(BifType::Record::ftp_port);
|
||||
auto r = make_intrusive<RecordVal>(zeek::BifType::Record::ftp_port);
|
||||
|
||||
int bytes[6];
|
||||
if ( line && sscanf(line, "%d,%d,%d,%d,%d,%d",
|
||||
|
|
@ -49,7 +49,7 @@ static IntrusivePtr<Val> parse_port(const char* line)
|
|||
|
||||
static IntrusivePtr<Val> parse_eftp(const char* line)
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(BifType::Record::ftp_port);
|
||||
auto r = make_intrusive<RecordVal>(zeek::BifType::Record::ftp_port);
|
||||
|
||||
int net_proto = 0; // currently not used
|
||||
IPAddr addr; // unspecified IPv6 address (all 128 bits zero)
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
%code{
|
||||
IntrusivePtr<RecordVal> BuildGTPv1Hdr(const GTPv1_Header* pdu)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::gtpv1_hdr);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::gtpv1_hdr);
|
||||
|
||||
rv->Assign(0, val_mgr->Count(pdu->version()));
|
||||
rv->Assign(1, val_mgr->Bool(pdu->pt_flag()));
|
||||
|
|
@ -35,7 +35,7 @@ static IntrusivePtr<Val> BuildIMSI(const InformationElement* ie)
|
|||
|
||||
static IntrusivePtr<Val> BuildRAI(const InformationElement* ie)
|
||||
{
|
||||
auto ev = make_intrusive<RecordVal>(BifType::Record::gtp_rai);
|
||||
auto ev = make_intrusive<RecordVal>(zeek::BifType::Record::gtp_rai);
|
||||
ev->Assign(0, val_mgr->Count(ie->rai()->mcc()));
|
||||
ev->Assign(1, val_mgr->Count(ie->rai()->mnc()));
|
||||
ev->Assign(2, val_mgr->Count(ie->rai()->lac()));
|
||||
|
|
@ -85,7 +85,7 @@ static IntrusivePtr<Val> BuildTraceType(const InformationElement* ie)
|
|||
|
||||
Val* BuildEndUserAddr(const InformationElement* ie)
|
||||
{
|
||||
RecordVal* ev = new RecordVal(BifType::Record::gtp_end_user_addr);
|
||||
RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_end_user_addr);
|
||||
ev->Assign(0, val_mgr->Count(ie->end_user_addr()->pdp_type_org()));
|
||||
ev->Assign(1, val_mgr->Count(ie->end_user_addr()->pdp_type_num()));
|
||||
|
||||
|
|
@ -130,7 +130,7 @@ Val* BuildProtoConfigOptions(const InformationElement* ie)
|
|||
|
||||
Val* BuildGSN_Addr(const InformationElement* ie)
|
||||
{
|
||||
RecordVal* ev = new RecordVal(BifType::Record::gtp_gsn_addr);
|
||||
RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_gsn_addr);
|
||||
|
||||
int len = ie->gsn_addr()->value().length();
|
||||
const uint8* d = ie->gsn_addr()->value().data();
|
||||
|
|
@ -156,7 +156,7 @@ Val* BuildMSISDN(const InformationElement* ie)
|
|||
|
||||
Val* BuildQoS_Profile(const InformationElement* ie)
|
||||
{
|
||||
RecordVal* ev = new RecordVal(BifType::Record::gtp_qos_profile);
|
||||
RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_qos_profile);
|
||||
|
||||
const u_char* d = (const u_char*) ie->qos_profile()->data().data();
|
||||
int len = ie->qos_profile()->data().length();
|
||||
|
|
@ -190,7 +190,7 @@ Val* BuildOMC_ID(const InformationElement* ie)
|
|||
|
||||
Val* BuildPrivateExt(const InformationElement* ie)
|
||||
{
|
||||
RecordVal* ev = new RecordVal(BifType::Record::gtp_private_extension);
|
||||
RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_private_extension);
|
||||
|
||||
const uint8* d = ie->private_ext()->value().data();
|
||||
int len = ie->private_ext()->value().length();
|
||||
|
|
@ -238,7 +238,7 @@ void CreatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
|
|||
if ( ! ::gtpv1_create_pdp_ctx_request ) return;
|
||||
|
||||
auto rv = make_intrusive<RecordVal>(
|
||||
BifType::Record::gtp_create_pdp_ctx_request_elements);
|
||||
zeek::BifType::Record::gtp_create_pdp_ctx_request_elements);
|
||||
|
||||
const vector<InformationElement *> * v = pdu->create_pdp_ctx_request();
|
||||
|
||||
|
|
@ -338,7 +338,7 @@ void CreatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
|
|||
return;
|
||||
|
||||
auto rv = make_intrusive<RecordVal>(
|
||||
BifType::Record::gtp_create_pdp_ctx_response_elements);
|
||||
zeek::BifType::Record::gtp_create_pdp_ctx_response_elements);
|
||||
|
||||
const vector<InformationElement *> * v = pdu->create_pdp_ctx_response();
|
||||
|
||||
|
|
@ -407,7 +407,7 @@ void UpdatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
|
|||
return;
|
||||
|
||||
auto rv = make_intrusive<RecordVal>(
|
||||
BifType::Record::gtp_update_pdp_ctx_request_elements);
|
||||
zeek::BifType::Record::gtp_update_pdp_ctx_request_elements);
|
||||
|
||||
const vector<InformationElement *> * v = pdu->update_pdp_ctx_request();
|
||||
|
||||
|
|
@ -485,7 +485,7 @@ void UpdatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
|
|||
return;
|
||||
|
||||
auto rv = make_intrusive<RecordVal>(
|
||||
BifType::Record::gtp_update_pdp_ctx_response_elements);
|
||||
zeek::BifType::Record::gtp_update_pdp_ctx_response_elements);
|
||||
|
||||
const vector<InformationElement *> * v = pdu->update_pdp_ctx_response();
|
||||
|
||||
|
|
@ -545,7 +545,7 @@ void DeletePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
|
|||
return;
|
||||
|
||||
auto rv = make_intrusive<RecordVal>(
|
||||
BifType::Record::gtp_delete_pdp_ctx_request_elements);
|
||||
zeek::BifType::Record::gtp_delete_pdp_ctx_request_elements);
|
||||
|
||||
const vector<InformationElement *> * v = pdu->delete_pdp_ctx_request();
|
||||
|
||||
|
|
@ -579,7 +579,7 @@ void DeletePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
|
|||
return;
|
||||
|
||||
auto rv = make_intrusive<RecordVal>(
|
||||
BifType::Record::gtp_delete_pdp_ctx_response_elements);
|
||||
zeek::BifType::Record::gtp_delete_pdp_ctx_response_elements);
|
||||
|
||||
const vector<InformationElement *> * v = pdu->delete_pdp_ctx_response();
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ bool proc_error_arguments(RecordVal* rv, const std::vector<KRB_ERROR_Arg*>* args
|
|||
%code{
|
||||
RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts)
|
||||
{
|
||||
RecordVal* rv = new RecordVal(BifType::Record::KRB::KDC_Options);
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::KDC_Options);
|
||||
|
||||
rv->Assign(0, val_mgr->Bool(opts->forwardable()));
|
||||
rv->Assign(1, val_mgr->Bool(opts->forwarded()));
|
||||
|
|
@ -29,7 +29,7 @@ RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts)
|
|||
|
||||
RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer)
|
||||
{
|
||||
RecordVal* rv = new RecordVal(BifType::Record::KRB::KDC_Request);
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::KDC_Request);
|
||||
|
||||
rv->Assign(0, asn1_integer_to_val(msg->pvno()->data(), TYPE_COUNT));
|
||||
rv->Assign(1, asn1_integer_to_val(msg->msg_type()->data(), TYPE_COUNT));
|
||||
|
|
@ -203,7 +203,7 @@ refine connection KRB_Conn += {
|
|||
auto msg_type = binary_to_int64(${msg.msg_type.data.content});
|
||||
auto make_arg = [this, msg]() -> IntrusivePtr<RecordVal>
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::KDC_Response);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::KDC_Response);
|
||||
|
||||
rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT));
|
||||
rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT));
|
||||
|
|
@ -244,7 +244,7 @@ refine connection KRB_Conn += {
|
|||
bro_analyzer()->ProtocolConfirmation();
|
||||
if ( krb_error )
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::Error_Msg);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::Error_Msg);
|
||||
proc_error_arguments(rv.get(), ${msg.args1}, 0);
|
||||
rv->Assign(4, asn1_integer_to_val(${msg.error_code}, TYPE_COUNT));
|
||||
proc_error_arguments(rv.get(), ${msg.args2}, binary_to_int64(${msg.error_code.encoding.content}));
|
||||
|
|
@ -258,7 +258,7 @@ refine connection KRB_Conn += {
|
|||
bro_analyzer()->ProtocolConfirmation();
|
||||
if ( krb_ap_request )
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::AP_Options);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::AP_Options);
|
||||
rv->Assign(0, val_mgr->Bool(${msg.ap_options.use_session_key}));
|
||||
rv->Assign(1, val_mgr->Bool(${msg.ap_options.mutual_required}));
|
||||
|
||||
|
|
@ -289,7 +289,7 @@ refine connection KRB_Conn += {
|
|||
bro_analyzer()->ProtocolConfirmation();
|
||||
if ( krb_safe )
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::SAFE_Msg);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::SAFE_Msg);
|
||||
|
||||
rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT));
|
||||
rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT));
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
|
|||
break;
|
||||
case PA_PW_SALT:
|
||||
{
|
||||
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
|
||||
RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value);
|
||||
type_val->Assign(0, val_mgr->Count(element->data_type()));
|
||||
type_val->Assign(1, to_stringval(element->pa_data_element()->pa_pw_salt()->encoding()->content()));
|
||||
vv->Assign(vv->Size(), type_val);
|
||||
|
|
@ -44,7 +44,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
|
|||
}
|
||||
case PA_ENCTYPE_INFO:
|
||||
{
|
||||
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
|
||||
RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value);
|
||||
type_val->Assign(0, val_mgr->Count(element->data_type()));
|
||||
type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info()->salt()));
|
||||
vv->Assign(vv->Size(), type_val);
|
||||
|
|
@ -52,7 +52,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
|
|||
}
|
||||
case PA_ENCTYPE_INFO2:
|
||||
{
|
||||
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
|
||||
RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value);
|
||||
type_val->Assign(0, val_mgr->Count(element->data_type()));
|
||||
type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info2()->salt()));
|
||||
vv->Assign(vv->Size(), type_val);
|
||||
|
|
@ -110,7 +110,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
|
|||
{
|
||||
if ( ! is_error && element->pa_data_element()->unknown()->meta()->length() > 0 )
|
||||
{
|
||||
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
|
||||
RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value);
|
||||
type_val->Assign(0, val_mgr->Count(element->data_type()));
|
||||
type_val->Assign(1, to_stringval(element->pa_data_element()->unknown()->content()));
|
||||
vv->Assign(vv->Size(), type_val);
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ VectorVal* proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses*
|
|||
|
||||
RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr)
|
||||
{
|
||||
RecordVal* rv = new RecordVal(BifType::Record::KRB::Host_Address);
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::Host_Address);
|
||||
const auto& addr_bytes = addr->address()->data()->content();
|
||||
|
||||
switch ( binary_to_int64(addr->addr_type()->encoding()->content()) )
|
||||
|
|
@ -85,7 +85,7 @@ RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr)
|
|||
break;
|
||||
}
|
||||
|
||||
RecordVal* unk = new RecordVal(BifType::Record::KRB::Type_Value);
|
||||
RecordVal* unk = new RecordVal(zeek::BifType::Record::KRB::Type_Value);
|
||||
unk->Assign(0, asn1_integer_to_val(addr->addr_type(), TYPE_COUNT));
|
||||
unk->Assign(1, to_stringval(addr_bytes));
|
||||
rv->Assign(2, unk);
|
||||
|
|
@ -107,7 +107,7 @@ IntrusivePtr<VectorVal> proc_tickets(const KRB_Ticket_Sequence* list)
|
|||
|
||||
IntrusivePtr<RecordVal> proc_ticket(const KRB_Ticket* ticket)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::Ticket);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::Ticket);
|
||||
|
||||
rv->Assign(0, asn1_integer_to_val(ticket->tkt_vno()->data(), TYPE_COUNT));
|
||||
rv->Assign(1, to_stringval(ticket->realm()->data()->content()));
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
%code{
|
||||
IntrusivePtr<VectorVal> bytestring_to_coils(const bytestring& coils, uint quantity)
|
||||
{
|
||||
auto modbus_coils = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusCoils});
|
||||
auto modbus_coils = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusCoils);
|
||||
|
||||
for ( uint i = 0; i < quantity; i++ )
|
||||
{
|
||||
|
|
@ -29,7 +29,7 @@
|
|||
|
||||
IntrusivePtr<RecordVal> HeaderToVal(ModbusTCP_TransportHeader* header)
|
||||
{
|
||||
auto modbus_header = make_intrusive<RecordVal>(BifType::Record::ModbusHeaders);
|
||||
auto modbus_header = make_intrusive<RecordVal>(zeek::BifType::Record::ModbusHeaders);
|
||||
modbus_header->Assign(0, val_mgr->Count(header->tid()));
|
||||
modbus_header->Assign(1, val_mgr->Count(header->pid()));
|
||||
modbus_header->Assign(2, val_mgr->Count(header->uid()));
|
||||
|
|
@ -209,7 +209,7 @@ refine flow ModbusTCP_Flow += {
|
|||
|
||||
if ( ::modbus_read_holding_registers_response )
|
||||
{
|
||||
auto t = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters});
|
||||
auto t = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusRegisters);
|
||||
|
||||
for ( unsigned int i=0; i < ${message.registers}->size(); ++i )
|
||||
{
|
||||
|
|
@ -253,7 +253,7 @@ refine flow ModbusTCP_Flow += {
|
|||
|
||||
if ( ::modbus_read_input_registers_response )
|
||||
{
|
||||
auto t = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters});
|
||||
auto t = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusRegisters);
|
||||
|
||||
for ( unsigned int i=0; i < (${message.registers})->size(); ++i )
|
||||
{
|
||||
|
|
@ -397,7 +397,7 @@ refine flow ModbusTCP_Flow += {
|
|||
|
||||
if ( ::modbus_write_multiple_registers_request )
|
||||
{
|
||||
auto t = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters});
|
||||
auto t = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusRegisters);
|
||||
|
||||
for ( unsigned int i = 0; i < (${message.registers}->size()); ++i )
|
||||
{
|
||||
|
|
@ -582,7 +582,7 @@ refine flow ModbusTCP_Flow += {
|
|||
|
||||
if ( ::modbus_read_write_multiple_registers_request )
|
||||
{
|
||||
auto t = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters});
|
||||
auto t = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusRegisters);
|
||||
|
||||
for ( unsigned int i = 0; i < ${message.write_register_values}->size(); ++i )
|
||||
{
|
||||
|
|
@ -614,7 +614,7 @@ refine flow ModbusTCP_Flow += {
|
|||
|
||||
if ( ::modbus_read_write_multiple_registers_response )
|
||||
{
|
||||
auto t = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters});
|
||||
auto t = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusRegisters);
|
||||
|
||||
for ( unsigned int i = 0; i < ${message.registers}->size(); ++i )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ refine flow MQTT_Flow += {
|
|||
%{
|
||||
if ( mqtt_connack )
|
||||
{
|
||||
auto m = make_intrusive<RecordVal>(BifType::Record::MQTT::ConnectAckMsg);
|
||||
auto m = make_intrusive<RecordVal>(zeek::BifType::Record::MQTT::ConnectAckMsg);
|
||||
m->Assign(0, val_mgr->Count(${msg.return_code}));
|
||||
m->Assign(1, val_mgr->Bool(${msg.session_present}));
|
||||
BifEvent::enqueue_mqtt_connack(connection()->bro_analyzer(),
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ refine flow MQTT_Flow += {
|
|||
%{
|
||||
if ( mqtt_connect )
|
||||
{
|
||||
auto m = make_intrusive<RecordVal>(BifType::Record::MQTT::ConnectMsg);
|
||||
auto m = make_intrusive<RecordVal>(zeek::BifType::Record::MQTT::ConnectMsg);
|
||||
m->Assign(0, make_intrusive<StringVal>(${msg.protocol_name.str}.length(),
|
||||
reinterpret_cast<const char*>(${msg.protocol_name.str}.begin())));
|
||||
m->Assign(1, val_mgr->Count(${msg.protocol_version}));
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ refine flow MQTT_Flow += {
|
|||
%{
|
||||
if ( mqtt_publish )
|
||||
{
|
||||
auto m = make_intrusive<RecordVal>(BifType::Record::MQTT::PublishMsg);
|
||||
auto m = make_intrusive<RecordVal>(zeek::BifType::Record::MQTT::PublishMsg);
|
||||
m->Assign(0, val_mgr->Bool(${msg.dup}));
|
||||
m->Assign(1, val_mgr->Count(${msg.qos}));
|
||||
m->Assign(2, val_mgr->Bool(${msg.retain}));
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ refine connection NTLM_Conn += {
|
|||
|
||||
function build_version_record(val: NTLM_Version): BroVal
|
||||
%{
|
||||
RecordVal* result = new RecordVal(BifType::Record::NTLM::Version);
|
||||
RecordVal* result = new RecordVal(zeek::BifType::Record::NTLM::Version);
|
||||
result->Assign(0, val_mgr->Count(${val.major_version}));
|
||||
result->Assign(1, val_mgr->Count(${val.minor_version}));
|
||||
result->Assign(2, val_mgr->Count(${val.build_number}));
|
||||
|
|
@ -26,7 +26,7 @@ refine connection NTLM_Conn += {
|
|||
|
||||
function build_av_record(val: NTLM_AV_Pair_Sequence, len: uint16): BroVal
|
||||
%{
|
||||
RecordVal* result = new RecordVal(BifType::Record::NTLM::AVs);
|
||||
RecordVal* result = new RecordVal(zeek::BifType::Record::NTLM::AVs);
|
||||
for ( uint i = 0; ; i++ )
|
||||
{
|
||||
if ( i >= ${val.pairs}->size() )
|
||||
|
|
@ -78,7 +78,7 @@ refine connection NTLM_Conn += {
|
|||
|
||||
function build_negotiate_flag_record(val: NTLM_Negotiate_Flags): BroVal
|
||||
%{
|
||||
RecordVal* flags = new RecordVal(BifType::Record::NTLM::NegotiateFlags);
|
||||
RecordVal* flags = new RecordVal(zeek::BifType::Record::NTLM::NegotiateFlags);
|
||||
flags->Assign(0, val_mgr->Bool(${val.negotiate_56}));
|
||||
flags->Assign(1, val_mgr->Bool(${val.negotiate_key_exch}));
|
||||
flags->Assign(2, val_mgr->Bool(${val.negotiate_128}));
|
||||
|
|
@ -110,7 +110,7 @@ refine connection NTLM_Conn += {
|
|||
if ( ! ntlm_negotiate )
|
||||
return true;
|
||||
|
||||
auto result = make_intrusive<RecordVal>(BifType::Record::NTLM::Negotiate);
|
||||
auto result = make_intrusive<RecordVal>(zeek::BifType::Record::NTLM::Negotiate);
|
||||
result->Assign(0, build_negotiate_flag_record(${val.flags}));
|
||||
|
||||
if ( ${val}->has_domain_name() )
|
||||
|
|
@ -134,7 +134,7 @@ refine connection NTLM_Conn += {
|
|||
if ( ! ntlm_challenge )
|
||||
return true;
|
||||
|
||||
auto result = make_intrusive<RecordVal>(BifType::Record::NTLM::Challenge);
|
||||
auto result = make_intrusive<RecordVal>(zeek::BifType::Record::NTLM::Challenge);
|
||||
result->Assign(0, build_negotiate_flag_record(${val.flags}));
|
||||
|
||||
if ( ${val}->has_target_name() )
|
||||
|
|
@ -158,7 +158,7 @@ refine connection NTLM_Conn += {
|
|||
if ( ! ntlm_authenticate )
|
||||
return true;
|
||||
|
||||
auto result = make_intrusive<RecordVal>(BifType::Record::NTLM::Authenticate);
|
||||
auto result = make_intrusive<RecordVal>(zeek::BifType::Record::NTLM::Authenticate);
|
||||
result->Assign(0, build_negotiate_flag_record(${val.flags}));
|
||||
|
||||
if ( ${val}->has_domain_name() > 0 )
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ refine flow NTP_Flow += {
|
|||
# This builds the standard msg record
|
||||
function BuildNTPStdMsg(nsm: NTP_std_msg): BroVal
|
||||
%{
|
||||
RecordVal* rv = new RecordVal(BifType::Record::NTP::StandardMessage);
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::StandardMessage);
|
||||
|
||||
rv->Assign(0, val_mgr->Count(${nsm.stratum}));
|
||||
rv->Assign(1, make_intrusive<Val>(pow(2, ${nsm.poll}), TYPE_INTERVAL));
|
||||
|
|
@ -88,7 +88,7 @@ refine flow NTP_Flow += {
|
|||
# This builds the control msg record
|
||||
function BuildNTPControlMsg(ncm: NTP_control_msg): BroVal
|
||||
%{
|
||||
RecordVal* rv = new RecordVal(BifType::Record::NTP::ControlMessage);
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::ControlMessage);
|
||||
|
||||
rv->Assign(0, val_mgr->Count(${ncm.OpCode}));
|
||||
rv->Assign(1, val_mgr->Bool(${ncm.R}));
|
||||
|
|
@ -113,7 +113,7 @@ refine flow NTP_Flow += {
|
|||
# This builds the mode7 msg record
|
||||
function BuildNTPMode7Msg(m7: NTP_mode7_msg): BroVal
|
||||
%{
|
||||
RecordVal* rv = new RecordVal(BifType::Record::NTP::Mode7Message);
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::Mode7Message);
|
||||
|
||||
rv->Assign(0, val_mgr->Count(${m7.request_code}));
|
||||
rv->Assign(1, val_mgr->Bool(${m7.auth_bit}));
|
||||
|
|
@ -135,7 +135,7 @@ refine flow NTP_Flow += {
|
|||
if ( ! ntp_message )
|
||||
return false;
|
||||
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::NTP::Message);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::NTP::Message);
|
||||
rv->Assign(0, val_mgr->Count(${msg.version}));
|
||||
rv->Assign(1, val_mgr->Count(${msg.mode}));
|
||||
|
||||
|
|
|
|||
|
|
@ -7,14 +7,14 @@ refine flow RADIUS_Flow += {
|
|||
if ( ! radius_message )
|
||||
return false;
|
||||
|
||||
auto result = make_intrusive<RecordVal>(BifType::Record::RADIUS::Message);
|
||||
auto result = make_intrusive<RecordVal>(zeek::BifType::Record::RADIUS::Message);
|
||||
result->Assign(0, val_mgr->Count(${msg.code}));
|
||||
result->Assign(1, val_mgr->Count(${msg.trans_id}));
|
||||
result->Assign(2, to_stringval(${msg.authenticator}));
|
||||
|
||||
if ( ${msg.attributes}->size() )
|
||||
{
|
||||
TableVal* attributes = new TableVal({NewRef{}, BifType::Table::RADIUS::Attributes});
|
||||
TableVal* attributes = new TableVal(zeek::BifType::Table::RADIUS::Attributes);
|
||||
|
||||
for ( uint i = 0; i < ${msg.attributes}->size(); ++i )
|
||||
{
|
||||
|
|
@ -32,7 +32,7 @@ refine flow RADIUS_Flow += {
|
|||
|
||||
else
|
||||
{
|
||||
auto attribute_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::RADIUS::AttributeList});
|
||||
auto attribute_list = make_intrusive<VectorVal>(zeek::BifType::Vector::RADIUS::AttributeList);
|
||||
attribute_list->Assign((unsigned int)0, std::move(val));
|
||||
attributes->Assign(index.get(), std::move(attribute_list));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ refine flow RDP_Flow += {
|
|||
|
||||
if ( rdp_client_core_data )
|
||||
{
|
||||
auto ec_flags = make_intrusive<RecordVal>(BifType::Record::RDP::EarlyCapabilityFlags);
|
||||
auto ec_flags = make_intrusive<RecordVal>(zeek::BifType::Record::RDP::EarlyCapabilityFlags);
|
||||
ec_flags->Assign(0, val_mgr->Bool(${ccore.SUPPORT_ERRINFO_PDU}));
|
||||
ec_flags->Assign(1, val_mgr->Bool(${ccore.WANT_32BPP_SESSION}));
|
||||
ec_flags->Assign(2, val_mgr->Bool(${ccore.SUPPORT_STATUSINFO_PDU}));
|
||||
|
|
@ -72,7 +72,7 @@ refine flow RDP_Flow += {
|
|||
ec_flags->Assign(7, val_mgr->Bool(${ccore.SUPPORT_DYNAMIC_TIME_ZONE}));
|
||||
ec_flags->Assign(8, val_mgr->Bool(${ccore.SUPPORT_HEARTBEAT_PDU}));
|
||||
|
||||
auto ccd = make_intrusive<RecordVal>(BifType::Record::RDP::ClientCoreData);
|
||||
auto ccd = make_intrusive<RecordVal>(zeek::BifType::Record::RDP::ClientCoreData);
|
||||
ccd->Assign(0, val_mgr->Count(${ccore.version_major}));
|
||||
ccd->Assign(1, val_mgr->Count(${ccore.version_minor}));
|
||||
ccd->Assign(2, val_mgr->Count(${ccore.desktop_width}));
|
||||
|
|
@ -107,7 +107,7 @@ refine flow RDP_Flow += {
|
|||
if ( ! rdp_client_security_data )
|
||||
return false;
|
||||
|
||||
auto csd = make_intrusive<RecordVal>(BifType::Record::RDP::ClientSecurityData);
|
||||
auto csd = make_intrusive<RecordVal>(zeek::BifType::Record::RDP::ClientSecurityData);
|
||||
csd->Assign(0, val_mgr->Count(${csec.encryption_methods}));
|
||||
csd->Assign(1, val_mgr->Count(${csec.ext_encryption_methods}));
|
||||
|
||||
|
|
@ -124,11 +124,11 @@ refine flow RDP_Flow += {
|
|||
|
||||
if ( ${cnetwork.channel_def_array}->size() )
|
||||
{
|
||||
auto channels = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::RDP::ClientChannelList});
|
||||
auto channels = make_intrusive<VectorVal>(zeek::BifType::Vector::RDP::ClientChannelList);
|
||||
|
||||
for ( uint i = 0; i < ${cnetwork.channel_def_array}->size(); ++i )
|
||||
{
|
||||
auto channel_def = make_intrusive<RecordVal>(BifType::Record::RDP::ClientChannelDef);
|
||||
auto channel_def = make_intrusive<RecordVal>(zeek::BifType::Record::RDP::ClientChannelDef);
|
||||
|
||||
channel_def->Assign(0, to_stringval(${cnetwork.channel_def_array[i].name}));
|
||||
channel_def->Assign(1, val_mgr->Count(${cnetwork.channel_def_array[i].options}));
|
||||
|
|
@ -161,7 +161,7 @@ refine flow RDP_Flow += {
|
|||
if ( ! rdp_client_cluster_data )
|
||||
return false;
|
||||
|
||||
auto ccld = make_intrusive<RecordVal>(BifType::Record::RDP::ClientClusterData);
|
||||
auto ccld = make_intrusive<RecordVal>(zeek::BifType::Record::RDP::ClientClusterData);
|
||||
ccld->Assign(0, val_mgr->Count(${ccluster.flags}));
|
||||
ccld->Assign(1, val_mgr->Count(${ccluster.redir_session_id}));
|
||||
ccld->Assign(2, val_mgr->Bool(${ccluster.REDIRECTION_SUPPORTED}));
|
||||
|
|
|
|||
|
|
@ -139,7 +139,7 @@ bool MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_statu
|
|||
// Otherwise DeliverRPC would complain about
|
||||
// excess_RPC.
|
||||
n = 0;
|
||||
reply = BifType::Enum::MOUNT3::proc_t->GetVal(c->Proc()).release();
|
||||
reply = zeek::BifType::Enum::MOUNT3::proc_t->GetVal(c->Proc()).release();
|
||||
event = mount_proc_not_implemented;
|
||||
}
|
||||
else
|
||||
|
|
@ -199,9 +199,9 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
|
|||
auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i]));
|
||||
}
|
||||
|
||||
auto info = make_intrusive<RecordVal>(BifType::Record::MOUNT3::info_t);
|
||||
info->Assign(0, BifType::Enum::rpc_status->GetVal(rpc_status));
|
||||
info->Assign(1, BifType::Enum::MOUNT3::status_t->GetVal(mount_status));
|
||||
auto info = make_intrusive<RecordVal>(zeek::BifType::Record::MOUNT3::info_t);
|
||||
info->Assign(0, zeek::BifType::Enum::rpc_status->GetVal(rpc_status));
|
||||
info->Assign(1, zeek::BifType::Enum::MOUNT3::status_t->GetVal(mount_status));
|
||||
info->Assign(2, make_intrusive<Val>(c->StartTime(), TYPE_TIME));
|
||||
info->Assign(3, make_intrusive<Val>(c->LastTime() - c->StartTime(), TYPE_INTERVAL));
|
||||
info->Assign(4, val_mgr->Count(c->RPCLen()));
|
||||
|
|
@ -221,7 +221,7 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
|
|||
EnumVal* MOUNT_Interp::mount3_auth_flavor(const u_char*& buf, int& n)
|
||||
{
|
||||
BifEnum::MOUNT3::auth_flavor_t t = (BifEnum::MOUNT3::auth_flavor_t)extract_XDR_uint32(buf, n);
|
||||
return BifType::Enum::MOUNT3::auth_flavor_t->GetVal(t).release();
|
||||
return zeek::BifType::Enum::MOUNT3::auth_flavor_t->GetVal(t).release();
|
||||
}
|
||||
|
||||
StringVal* MOUNT_Interp::mount3_fh(const u_char*& buf, int& n)
|
||||
|
|
@ -248,7 +248,7 @@ StringVal* MOUNT_Interp::mount3_filename(const u_char*& buf, int& n)
|
|||
|
||||
RecordVal* MOUNT_Interp::mount3_dirmntargs(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal* dirmntargs = new RecordVal(BifType::Record::MOUNT3::dirmntargs_t);
|
||||
RecordVal* dirmntargs = new RecordVal(zeek::BifType::Record::MOUNT3::dirmntargs_t);
|
||||
dirmntargs->Assign(0, mount3_filename(buf, n));
|
||||
return dirmntargs;
|
||||
}
|
||||
|
|
@ -256,7 +256,7 @@ RecordVal* MOUNT_Interp::mount3_dirmntargs(const u_char*& buf, int& n)
|
|||
RecordVal* MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n,
|
||||
BifEnum::MOUNT3::status_t status)
|
||||
{
|
||||
RecordVal* rep = new RecordVal(BifType::Record::MOUNT3::mnt_reply_t);
|
||||
RecordVal* rep = new RecordVal(zeek::BifType::Record::MOUNT3::mnt_reply_t);
|
||||
|
||||
if ( status == BifEnum::MOUNT3::MNT3_OK )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -251,7 +251,7 @@ bool NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status,
|
|||
// Otherwise DeliverRPC would complain about
|
||||
// excess_RPC.
|
||||
n = 0;
|
||||
reply = BifType::Enum::NFS3::proc_t->GetVal(c->Proc()).release();
|
||||
reply = zeek::BifType::Enum::NFS3::proc_t->GetVal(c->Proc()).release();
|
||||
event = nfs_proc_not_implemented;
|
||||
}
|
||||
else
|
||||
|
|
@ -333,9 +333,9 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_
|
|||
for ( size_t i = 0; i < c->AuxGIDs().size(); ++i )
|
||||
auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i]));
|
||||
|
||||
auto info = make_intrusive<RecordVal>(BifType::Record::NFS3::info_t);
|
||||
info->Assign(0, BifType::Enum::rpc_status->GetVal(rpc_status));
|
||||
info->Assign(1, BifType::Enum::NFS3::status_t->GetVal(nfs_status));
|
||||
auto info = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::info_t);
|
||||
info->Assign(0, zeek::BifType::Enum::rpc_status->GetVal(rpc_status));
|
||||
info->Assign(1, zeek::BifType::Enum::NFS3::status_t->GetVal(nfs_status));
|
||||
info->Assign(2, make_intrusive<Val>(c->StartTime(), TYPE_TIME));
|
||||
info->Assign(3, make_intrusive<Val>(c->LastTime()-c->StartTime(), TYPE_INTERVAL));
|
||||
info->Assign(4, val_mgr->Count(c->RPCLen()));
|
||||
|
|
@ -366,7 +366,7 @@ StringVal* NFS_Interp::nfs3_fh(const u_char*& buf, int& n)
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_sattr(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal* attrs = new RecordVal(BifType::Record::NFS3::sattr_t);
|
||||
RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::sattr_t);
|
||||
|
||||
attrs->Assign(0, nullptr); // mode
|
||||
int mode_set_it = extract_XDR_uint32(buf, n);
|
||||
|
|
@ -397,7 +397,7 @@ RecordVal* NFS_Interp::nfs3_sattr(const u_char*& buf, int& n)
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
|
||||
{
|
||||
RecordVal* rep = new RecordVal(BifType::Record::NFS3::sattr_reply_t);
|
||||
RecordVal* rep = new RecordVal(zeek::BifType::Record::NFS3::sattr_reply_t);
|
||||
|
||||
if ( status == BifEnum::NFS3::NFS3ERR_OK )
|
||||
{
|
||||
|
|
@ -415,7 +415,7 @@ RecordVal* NFS_Interp::nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::NFS
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_fattr(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal* attrs = new RecordVal(BifType::Record::NFS3::fattr_t);
|
||||
RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::fattr_t);
|
||||
|
||||
attrs->Assign(0, nfs3_ftype(buf, n)); // file type
|
||||
attrs->Assign(1, ExtractUint32(buf, n)); // mode
|
||||
|
|
@ -438,18 +438,18 @@ RecordVal* NFS_Interp::nfs3_fattr(const u_char*& buf, int& n)
|
|||
EnumVal* NFS_Interp::nfs3_time_how(const u_char*& buf, int& n)
|
||||
{
|
||||
BifEnum::NFS3::time_how_t t = (BifEnum::NFS3::time_how_t)extract_XDR_uint32(buf, n);
|
||||
return BifType::Enum::NFS3::time_how_t->GetVal(t).release();
|
||||
return zeek::BifType::Enum::NFS3::time_how_t->GetVal(t).release();
|
||||
}
|
||||
|
||||
EnumVal* NFS_Interp::nfs3_ftype(const u_char*& buf, int& n)
|
||||
{
|
||||
BifEnum::NFS3::file_type_t t = (BifEnum::NFS3::file_type_t)extract_XDR_uint32(buf, n);
|
||||
return BifType::Enum::NFS3::file_type_t->GetVal(t).release();
|
||||
return zeek::BifType::Enum::NFS3::file_type_t->GetVal(t).release();
|
||||
}
|
||||
|
||||
RecordVal* NFS_Interp::nfs3_wcc_attr(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal* attrs = new RecordVal(BifType::Record::NFS3::wcc_attr_t);
|
||||
RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::wcc_attr_t);
|
||||
|
||||
attrs->Assign(0, ExtractUint64(buf, n)); // size
|
||||
attrs->Assign(1, ExtractTime(buf, n)); // mtime
|
||||
|
|
@ -471,7 +471,7 @@ StringVal *NFS_Interp::nfs3_filename(const u_char*& buf, int& n)
|
|||
|
||||
RecordVal *NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal *diropargs = new RecordVal(BifType::Record::NFS3::diropargs_t);
|
||||
RecordVal *diropargs = new RecordVal(zeek::BifType::Record::NFS3::diropargs_t);
|
||||
|
||||
diropargs->Assign(0, nfs3_fh(buf, n));
|
||||
diropargs->Assign(1, nfs3_filename(buf, n));
|
||||
|
|
@ -481,7 +481,7 @@ RecordVal *NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n)
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_symlinkdata(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal* symlinkdata = new RecordVal(BifType::Record::NFS3::symlinkdata_t);
|
||||
RecordVal* symlinkdata = new RecordVal(zeek::BifType::Record::NFS3::symlinkdata_t);
|
||||
|
||||
symlinkdata->Assign(0, nfs3_sattr(buf, n));
|
||||
symlinkdata->Assign(1, nfs3_nfspath(buf, n));
|
||||
|
|
@ -491,7 +491,7 @@ RecordVal* NFS_Interp::nfs3_symlinkdata(const u_char*& buf, int& n)
|
|||
|
||||
RecordVal *NFS_Interp::nfs3_renameopargs(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal *renameopargs = new RecordVal(BifType::Record::NFS3::renameopargs_t);
|
||||
RecordVal *renameopargs = new RecordVal(zeek::BifType::Record::NFS3::renameopargs_t);
|
||||
|
||||
renameopargs->Assign(0, nfs3_fh(buf, n));
|
||||
renameopargs->Assign(1, nfs3_filename(buf, n));
|
||||
|
|
@ -533,12 +533,12 @@ RecordVal* NFS_Interp::nfs3_pre_op_attr(const u_char*& buf, int& n)
|
|||
EnumVal *NFS_Interp::nfs3_stable_how(const u_char*& buf, int& n)
|
||||
{
|
||||
BifEnum::NFS3::stable_how_t stable = (BifEnum::NFS3::stable_how_t)extract_XDR_uint32(buf, n);
|
||||
return BifType::Enum::NFS3::stable_how_t->GetVal(stable).release();
|
||||
return zeek::BifType::Enum::NFS3::stable_how_t->GetVal(stable).release();
|
||||
}
|
||||
|
||||
RecordVal* NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
|
||||
{
|
||||
RecordVal *rep = new RecordVal(BifType::Record::NFS3::lookup_reply_t);
|
||||
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::lookup_reply_t);
|
||||
|
||||
if ( status == BifEnum::NFS3::NFS3ERR_OK )
|
||||
{
|
||||
|
|
@ -557,7 +557,7 @@ RecordVal* NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NF
|
|||
|
||||
RecordVal *NFS_Interp::nfs3_readargs(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal *readargs = new RecordVal(BifType::Record::NFS3::readargs_t);
|
||||
RecordVal *readargs = new RecordVal(zeek::BifType::Record::NFS3::readargs_t);
|
||||
|
||||
readargs->Assign(0, nfs3_fh(buf, n));
|
||||
readargs->Assign(1, ExtractUint64(buf, n)); // offset
|
||||
|
|
@ -569,7 +569,7 @@ RecordVal *NFS_Interp::nfs3_readargs(const u_char*& buf, int& n)
|
|||
RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status,
|
||||
bro_uint_t offset)
|
||||
{
|
||||
RecordVal *rep = new RecordVal(BifType::Record::NFS3::read_reply_t);
|
||||
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::read_reply_t);
|
||||
|
||||
if (status == BifEnum::NFS3::NFS3ERR_OK)
|
||||
{
|
||||
|
|
@ -591,7 +591,7 @@ RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
|
||||
{
|
||||
RecordVal *rep = new RecordVal(BifType::Record::NFS3::readlink_reply_t);
|
||||
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::readlink_reply_t);
|
||||
|
||||
if (status == BifEnum::NFS3::NFS3ERR_OK)
|
||||
{
|
||||
|
|
@ -608,7 +608,7 @@ RecordVal* NFS_Interp::nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum::
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_link_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
|
||||
{
|
||||
RecordVal* rep = new RecordVal(BifType::Record::NFS3::link_reply_t);
|
||||
RecordVal* rep = new RecordVal(zeek::BifType::Record::NFS3::link_reply_t);
|
||||
|
||||
if ( status == BifEnum::NFS3::NFS3ERR_OK )
|
||||
{
|
||||
|
|
@ -624,7 +624,7 @@ RecordVal* NFS_Interp::nfs3_link_reply(const u_char*& buf, int& n, BifEnum::NFS3
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_symlinkargs(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal* symlinkargs = new RecordVal(BifType::Record::NFS3::symlinkargs_t);
|
||||
RecordVal* symlinkargs = new RecordVal(zeek::BifType::Record::NFS3::symlinkargs_t);
|
||||
|
||||
symlinkargs->Assign(0, nfs3_diropargs(buf, n));
|
||||
symlinkargs->Assign(1, nfs3_symlinkdata(buf, n));
|
||||
|
|
@ -634,7 +634,7 @@ RecordVal* NFS_Interp::nfs3_symlinkargs(const u_char*& buf, int& n)
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_sattrargs(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal* sattrargs = new RecordVal(BifType::Record::NFS3::sattrargs_t);
|
||||
RecordVal* sattrargs = new RecordVal(zeek::BifType::Record::NFS3::sattrargs_t);
|
||||
|
||||
sattrargs->Assign(0, nfs3_fh(buf, n));
|
||||
sattrargs->Assign(1, nfs3_sattr(buf, n));
|
||||
|
|
@ -644,7 +644,7 @@ RecordVal* NFS_Interp::nfs3_sattrargs(const u_char*& buf, int& n)
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_linkargs(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal* linkargs = new RecordVal(BifType::Record::NFS3::linkargs_t);
|
||||
RecordVal* linkargs = new RecordVal(zeek::BifType::Record::NFS3::linkargs_t);
|
||||
|
||||
linkargs->Assign(0, nfs3_fh(buf, n));
|
||||
linkargs->Assign(1, nfs3_diropargs(buf, n));
|
||||
|
|
@ -656,7 +656,7 @@ RecordVal *NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n)
|
|||
{
|
||||
uint32_t bytes;
|
||||
uint64_t offset;
|
||||
RecordVal *writeargs = new RecordVal(BifType::Record::NFS3::writeargs_t);
|
||||
RecordVal *writeargs = new RecordVal(zeek::BifType::Record::NFS3::writeargs_t);
|
||||
|
||||
writeargs->Assign(0, nfs3_fh(buf, n));
|
||||
offset = extract_XDR_uint64(buf, n);
|
||||
|
|
@ -672,7 +672,7 @@ RecordVal *NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n)
|
|||
|
||||
RecordVal *NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
|
||||
{
|
||||
RecordVal *rep = new RecordVal(BifType::Record::NFS3::write_reply_t);
|
||||
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::write_reply_t);
|
||||
|
||||
if ( status == BifEnum::NFS3::NFS3ERR_OK )
|
||||
{
|
||||
|
|
@ -697,7 +697,7 @@ RecordVal *NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
|
||||
{
|
||||
RecordVal *rep = new RecordVal(BifType::Record::NFS3::newobj_reply_t);
|
||||
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::newobj_reply_t);
|
||||
|
||||
if (status == BifEnum::NFS3::NFS3ERR_OK)
|
||||
{
|
||||
|
|
@ -721,7 +721,7 @@ RecordVal* NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::NF
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_delobj_reply(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal *rep = new RecordVal(BifType::Record::NFS3::delobj_reply_t);
|
||||
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::delobj_reply_t);
|
||||
|
||||
// wcc_data
|
||||
rep->Assign(0, nfs3_pre_op_attr(buf, n));
|
||||
|
|
@ -732,7 +732,7 @@ RecordVal* NFS_Interp::nfs3_delobj_reply(const u_char*& buf, int& n)
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_renameobj_reply(const u_char*& buf, int& n)
|
||||
{
|
||||
RecordVal *rep = new RecordVal(BifType::Record::NFS3::renameobj_reply_t);
|
||||
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::renameobj_reply_t);
|
||||
|
||||
// wcc_data
|
||||
rep->Assign(0, nfs3_pre_op_attr(buf, n));
|
||||
|
|
@ -745,7 +745,7 @@ RecordVal* NFS_Interp::nfs3_renameobj_reply(const u_char*& buf, int& n)
|
|||
|
||||
RecordVal* NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n)
|
||||
{
|
||||
RecordVal *args = new RecordVal(BifType::Record::NFS3::readdirargs_t);
|
||||
RecordVal *args = new RecordVal(zeek::BifType::Record::NFS3::readdirargs_t);
|
||||
|
||||
args->Assign(0, val_mgr->Bool(isplus));
|
||||
args->Assign(1, nfs3_fh(buf, n));
|
||||
|
|
@ -762,14 +762,14 @@ RecordVal* NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n)
|
|||
RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf,
|
||||
int&n, BifEnum::NFS3::status_t status)
|
||||
{
|
||||
RecordVal *rep = new RecordVal(BifType::Record::NFS3::readdir_reply_t);
|
||||
RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::readdir_reply_t);
|
||||
|
||||
rep->Assign(0, val_mgr->Bool(isplus));
|
||||
|
||||
if ( status == BifEnum::NFS3::NFS3ERR_OK )
|
||||
{
|
||||
unsigned pos;
|
||||
auto entries = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::NFS3::direntry_vec_t});
|
||||
auto entries = make_intrusive<VectorVal>(zeek::BifType::Vector::NFS3::direntry_vec_t);
|
||||
|
||||
rep->Assign(1, nfs3_post_op_attr(buf,n)); // dir_attr
|
||||
rep->Assign(2, ExtractUint64(buf,n)); // cookieverf
|
||||
|
|
@ -778,7 +778,7 @@ RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf,
|
|||
|
||||
while ( extract_XDR_uint32(buf,n) )
|
||||
{
|
||||
RecordVal *entry = new RecordVal(BifType::Record::NFS3::direntry_t);
|
||||
RecordVal *entry = new RecordVal(zeek::BifType::Record::NFS3::direntry_t);
|
||||
entry->Assign(0, ExtractUint64(buf,n)); // fileid
|
||||
entry->Assign(1, nfs3_filename(buf,n)); // fname
|
||||
entry->Assign(2, ExtractUint64(buf,n)); // cookie
|
||||
|
|
|
|||
|
|
@ -296,7 +296,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu
|
|||
}
|
||||
else
|
||||
{
|
||||
vl.emplace_back(BifType::Enum::rpc_status->GetVal(status));
|
||||
vl.emplace_back(zeek::BifType::Enum::rpc_status->GetVal(status));
|
||||
|
||||
if ( request )
|
||||
vl.emplace_back(AdoptRef{}, request);
|
||||
|
|
|
|||
|
|
@ -343,7 +343,7 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st
|
|||
val_mgr->Count(c->Program()),
|
||||
val_mgr->Count(c->Version()),
|
||||
val_mgr->Count(c->Proc()),
|
||||
BifType::Enum::rpc_status->GetVal(status),
|
||||
zeek::BifType::Enum::rpc_status->GetVal(status),
|
||||
make_intrusive<Val>(c->StartTime(), TYPE_TIME),
|
||||
val_mgr->Count(c->CallLen()),
|
||||
val_mgr->Count(reply_len)
|
||||
|
|
@ -369,7 +369,7 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status,
|
|||
analyzer->EnqueueConnEvent(rpc_reply,
|
||||
analyzer->ConnVal(),
|
||||
val_mgr->Count(xid),
|
||||
BifType::Enum::rpc_status->GetVal(status),
|
||||
zeek::BifType::Enum::rpc_status->GetVal(status),
|
||||
val_mgr->Count(reply_len)
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ IntrusivePtr<Val> time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz)
|
|||
IntrusivePtr<RecordVal> SMB_BuildMACTimes(uint64_t modify, uint64_t access,
|
||||
uint64_t create, uint64_t change)
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(BifType::Record::SMB::MACTimes);
|
||||
auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB::MACTimes);
|
||||
r->Assign(0, filetime2brotime(modify));
|
||||
r->Assign(1, filetime2brotime(access));
|
||||
r->Assign(2, filetime2brotime(create));
|
||||
|
|
|
|||
|
|
@ -35,13 +35,13 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb1_negotiate_response )
|
||||
{
|
||||
auto response = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponse);
|
||||
auto response = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponse);
|
||||
|
||||
switch ( ${val.word_count} )
|
||||
{
|
||||
case 0x01:
|
||||
{
|
||||
auto core = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponseCore);
|
||||
auto core = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseCore);
|
||||
core->Assign(0, val_mgr->Count(${val.dialect_index}));
|
||||
|
||||
response->Assign(0, std::move(core));
|
||||
|
|
@ -50,15 +50,15 @@ refine connection SMB_Conn += {
|
|||
|
||||
case 0x0d:
|
||||
{
|
||||
auto security = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponseSecurity);
|
||||
auto security = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity);
|
||||
security->Assign(0, val_mgr->Bool(${val.lanman.security_user_level}));
|
||||
security->Assign(1, val_mgr->Bool(${val.lanman.security_challenge_response}));
|
||||
|
||||
auto raw = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateRawMode);
|
||||
auto raw = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateRawMode);
|
||||
raw->Assign(0, val_mgr->Bool(${val.lanman.raw_read_supported}));
|
||||
raw->Assign(1, val_mgr->Bool(${val.lanman.raw_write_supported}));
|
||||
|
||||
auto lanman = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponseLANMAN);
|
||||
auto lanman = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseLANMAN);
|
||||
lanman->Assign(0, val_mgr->Count(${val.word_count}));
|
||||
lanman->Assign(1, val_mgr->Count(${val.dialect_index}));
|
||||
lanman->Assign(2, std::move(security));
|
||||
|
|
@ -79,13 +79,13 @@ refine connection SMB_Conn += {
|
|||
|
||||
case 0x11:
|
||||
{
|
||||
auto security = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponseSecurity);
|
||||
auto security = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity);
|
||||
security->Assign(0, val_mgr->Bool(${val.ntlm.security_user_level}));
|
||||
security->Assign(1, val_mgr->Bool(${val.ntlm.security_challenge_response}));
|
||||
security->Assign(2, val_mgr->Bool(${val.ntlm.security_signatures_enabled}));
|
||||
security->Assign(3, val_mgr->Bool(${val.ntlm.security_signatures_required}));
|
||||
|
||||
auto capabilities = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateCapabilities);
|
||||
auto capabilities = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateCapabilities);
|
||||
capabilities->Assign(0, val_mgr->Bool(${val.ntlm.capabilities_raw_mode}));
|
||||
capabilities->Assign(1, val_mgr->Bool(${val.ntlm.capabilities_mpx_mode}));
|
||||
capabilities->Assign(2, val_mgr->Bool(${val.ntlm.capabilities_unicode}));
|
||||
|
|
@ -108,7 +108,7 @@ refine connection SMB_Conn += {
|
|||
capabilities->Assign(16, val_mgr->Bool(${val.ntlm.capabilities_compressed_data}));
|
||||
capabilities->Assign(17, val_mgr->Bool(${val.ntlm.capabilities_extended_security}));
|
||||
|
||||
auto ntlm = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponseNTLM);
|
||||
auto ntlm = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseNTLM);
|
||||
ntlm->Assign(0, val_mgr->Count(${val.word_count}));
|
||||
ntlm->Assign(1, val_mgr->Count(${val.dialect_index}));
|
||||
ntlm->Assign(2, std::move(security));
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb1_session_setup_andx_request )
|
||||
{
|
||||
auto request = make_intrusive<RecordVal>(BifType::Record::SMB1::SessionSetupAndXRequest);
|
||||
auto request = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXRequest);
|
||||
|
||||
request->Assign(0, val_mgr->Count(${val.word_count}));
|
||||
switch ( ${val.word_count} ) {
|
||||
|
|
@ -31,7 +31,7 @@ refine connection SMB_Conn += {
|
|||
break;
|
||||
case 12: // NT LM 0.12 with extended security
|
||||
{
|
||||
auto capabilities = make_intrusive<RecordVal>(BifType::Record::SMB1::SessionSetupAndXCapabilities);
|
||||
auto capabilities = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities);
|
||||
capabilities->Assign(0, val_mgr->Bool(${val.ntlm_extended_security.capabilities.unicode}));
|
||||
capabilities->Assign(1, val_mgr->Bool(${val.ntlm_extended_security.capabilities.large_files}));
|
||||
capabilities->Assign(2, val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_smbs}));
|
||||
|
|
@ -53,7 +53,7 @@ refine connection SMB_Conn += {
|
|||
|
||||
case 13: // NT LM 0.12 without extended security
|
||||
{
|
||||
auto capabilities = make_intrusive<RecordVal>(BifType::Record::SMB1::SessionSetupAndXCapabilities);
|
||||
auto capabilities = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities);
|
||||
capabilities->Assign(0, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.unicode}));
|
||||
capabilities->Assign(1, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.large_files}));
|
||||
capabilities->Assign(2, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_smbs}));
|
||||
|
|
@ -90,7 +90,7 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb1_session_setup_andx_response )
|
||||
{
|
||||
auto response = make_intrusive<RecordVal>(BifType::Record::SMB1::SessionSetupAndXResponse);
|
||||
auto response = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXResponse);
|
||||
response->Assign(0, val_mgr->Count(${val.word_count}));
|
||||
|
||||
switch ( ${val.word_count} )
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ refine connection SMB_Conn += {
|
|||
if ( ! smb1_transaction_secondary_request )
|
||||
return false;
|
||||
|
||||
auto args = make_intrusive<RecordVal>(BifType::Record::SMB1::Trans_Sec_Args);
|
||||
auto args = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::Trans_Sec_Args);
|
||||
args->Assign(0, val_mgr->Count(${val.total_param_count}));
|
||||
args->Assign(1, val_mgr->Count(${val.total_data_count}));
|
||||
args->Assign(2, val_mgr->Count(${val.param_count}));
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ refine connection SMB_Conn += {
|
|||
if ( ! smb1_transaction2_secondary_request )
|
||||
return false;
|
||||
|
||||
auto args = make_intrusive<RecordVal>(BifType::Record::SMB1::Trans2_Sec_Args);
|
||||
auto args = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::Trans2_Sec_Args);
|
||||
args->Assign(0, val_mgr->Count(${val.total_param_count}));
|
||||
args->Assign(1, val_mgr->Count(${val.total_data_count}));
|
||||
args->Assign(2, val_mgr->Count(${val.param_count}));
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb1_transaction2_request )
|
||||
{
|
||||
auto args = make_intrusive<RecordVal>(BifType::Record::SMB1::Trans2_Args);
|
||||
auto args = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::Trans2_Args);
|
||||
args->Assign(0, val_mgr->Count(${val.total_param_count}));
|
||||
args->Assign(1, val_mgr->Count(${val.total_data_count}));
|
||||
args->Assign(2, val_mgr->Count(${val.max_param_count}));
|
||||
|
|
@ -131,7 +131,7 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb1_trans2_find_first2_request )
|
||||
{
|
||||
auto result = make_intrusive<RecordVal>(BifType::Record::SMB1::Find_First2_Request_Args);
|
||||
auto result = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::Find_First2_Request_Args);
|
||||
result->Assign(0, val_mgr->Count(${val.search_attrs}));
|
||||
result->Assign(1, val_mgr->Count(${val.search_count}));
|
||||
result->Assign(2, val_mgr->Count(${val.flags}));
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
%code{
|
||||
IntrusivePtr<RecordVal> SMBHeaderVal(SMB_Header* hdr)
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(BifType::Record::SMB1::Header);
|
||||
auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::Header);
|
||||
|
||||
//unsigned int status = 0;
|
||||
//
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb2_close_response )
|
||||
{
|
||||
auto resp = make_intrusive<RecordVal>(BifType::Record::SMB2::CloseResponse);
|
||||
auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::CloseResponse);
|
||||
|
||||
resp->Assign(0, val_mgr->Count(${val.alloc_size}));
|
||||
resp->Assign(1, val_mgr->Count(${val.eof}));
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ refine connection SMB_Conn += {
|
|||
|
||||
if ( smb2_create_request )
|
||||
{
|
||||
auto requestinfo = make_intrusive<RecordVal>(BifType::Record::SMB2::CreateRequest);
|
||||
auto requestinfo = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::CreateRequest);
|
||||
requestinfo->Assign(0, std::move(filename));
|
||||
requestinfo->Assign(1, val_mgr->Count(${val.disposition}));
|
||||
requestinfo->Assign(2, val_mgr->Count(${val.create_options}));
|
||||
|
|
@ -33,7 +33,7 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb2_create_response )
|
||||
{
|
||||
auto responseinfo = make_intrusive<RecordVal>(BifType::Record::SMB2::CreateResponse);
|
||||
auto responseinfo = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::CreateResponse);
|
||||
responseinfo->Assign(0, BuildSMB2GUID(${val.file_id}));
|
||||
responseinfo->Assign(1, val_mgr->Count(${val.eof}));
|
||||
responseinfo->Assign(2, SMB_BuildMACTimes(${val.last_write_time},
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb2_negotiate_response )
|
||||
{
|
||||
auto nr = make_intrusive<RecordVal>(BifType::Record::SMB2::NegotiateResponse);
|
||||
auto nr = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::NegotiateResponse);
|
||||
|
||||
nr->Assign(0, val_mgr->Count(${val.dialect_revision}));
|
||||
nr->Assign(1, val_mgr->Count(${val.security_mode}));
|
||||
|
|
@ -48,7 +48,7 @@ refine connection SMB_Conn += {
|
|||
nr->Assign(4, filetime2brotime(${val.server_start_time}));
|
||||
nr->Assign(5, val_mgr->Count(${val.negotiate_context_count}));
|
||||
|
||||
auto cv = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::SMB2::NegotiateContextValues});
|
||||
auto cv = make_intrusive<VectorVal>(zeek::BifType::Vector::SMB2::NegotiateContextValues);
|
||||
|
||||
if ( ${val.dialect_revision} == 0x0311 && ${val.negotiate_context_count} > 0 )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb2_session_setup_request )
|
||||
{
|
||||
auto req = make_intrusive<RecordVal>(BifType::Record::SMB2::SessionSetupRequest);
|
||||
auto req = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupRequest);
|
||||
req->Assign(0, val_mgr->Count(${val.security_mode}));
|
||||
|
||||
BifEvent::enqueue_smb2_session_setup_request(bro_analyzer(),
|
||||
|
|
@ -20,12 +20,12 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb2_session_setup_response )
|
||||
{
|
||||
auto flags = make_intrusive<RecordVal>(BifType::Record::SMB2::SessionSetupFlags);
|
||||
auto flags = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupFlags);
|
||||
flags->Assign(0, val_mgr->Bool(${val.flag_guest}));
|
||||
flags->Assign(1, val_mgr->Bool(${val.flag_anonymous}));
|
||||
flags->Assign(2, val_mgr->Bool(${val.flag_encrypt}));
|
||||
|
||||
auto resp = make_intrusive<RecordVal>(BifType::Record::SMB2::SessionSetupResponse);
|
||||
auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupResponse);
|
||||
resp->Assign(0, std::move(flags));
|
||||
|
||||
BifEvent::enqueue_smb2_session_setup_response(bro_analyzer(),
|
||||
|
|
|
|||
|
|
@ -93,11 +93,11 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb2_file_fullea )
|
||||
{
|
||||
auto eas = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::SMB2::FileEAs});
|
||||
auto eas = make_intrusive<VectorVal>(zeek::BifType::Vector::SMB2::FileEAs);
|
||||
|
||||
for ( auto i = 0u; i < ${val.ea_vector}->size(); ++i )
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::FileEA);
|
||||
auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::FileEA);
|
||||
r->Assign(0, smb2_string2stringval(${val.ea_vector[i].ea_name}));
|
||||
r->Assign(1, smb2_string2stringval(${val.ea_vector[i].ea_value}));
|
||||
|
||||
|
|
@ -192,7 +192,7 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb2_file_fscontrol )
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::Fscontrol);
|
||||
auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::Fscontrol);
|
||||
r->Assign(0, val_mgr->Int(${val.free_space_start_filtering}));
|
||||
r->Assign(1, val_mgr->Int(${val.free_space_start_threshold}));
|
||||
r->Assign(2, val_mgr->Int(${val.free_space_stop_filtering}));
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( smb2_transform_header )
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::Transform_header);
|
||||
auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::Transform_header);
|
||||
r->Assign(0, to_stringval(${hdr.signature}));
|
||||
r->Assign(1, to_stringval(${hdr.nonce}));
|
||||
r->Assign(2, val_mgr->Count(${hdr.orig_msg_size}));
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ refine connection SMB_Conn += {
|
|||
|
||||
if ( smb2_tree_connect_response )
|
||||
{
|
||||
auto resp = make_intrusive<RecordVal>(BifType::Record::SMB2::TreeConnectResponse);
|
||||
auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::TreeConnectResponse);
|
||||
resp->Assign(0, val_mgr->Count(${val.share_type}));
|
||||
|
||||
BifEvent::enqueue_smb2_tree_connect_response(bro_analyzer(),
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv);
|
|||
%code{
|
||||
IntrusivePtr<RecordVal> BuildSMB2HeaderVal(SMB2_Header* hdr)
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::Header);
|
||||
auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::Header);
|
||||
r->Assign(0, val_mgr->Count(${hdr.credit_charge}));
|
||||
r->Assign(1, val_mgr->Count(${hdr.status}));
|
||||
r->Assign(2, val_mgr->Count(${hdr.command}));
|
||||
|
|
@ -27,7 +27,7 @@ IntrusivePtr<RecordVal> BuildSMB2HeaderVal(SMB2_Header* hdr)
|
|||
|
||||
IntrusivePtr<RecordVal> BuildSMB2GUID(SMB2_guid* file_id)
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::GUID);
|
||||
auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::GUID);
|
||||
r->Assign(0, val_mgr->Count(${file_id.persistent}));
|
||||
r->Assign(1, val_mgr->Count(${file_id._volatile}));
|
||||
return r;
|
||||
|
|
@ -35,7 +35,7 @@ IntrusivePtr<RecordVal> BuildSMB2GUID(SMB2_guid* file_id)
|
|||
|
||||
IntrusivePtr<RecordVal> smb2_file_attrs_to_bro(SMB2_file_attributes* val)
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::FileAttrs);
|
||||
auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::FileAttrs);
|
||||
r->Assign(0, val_mgr->Bool(${val.read_only}));
|
||||
r->Assign(1, val_mgr->Bool(${val.hidden}));
|
||||
r->Assign(2, val_mgr->Bool(${val.system}));
|
||||
|
|
@ -56,7 +56,7 @@ IntrusivePtr<RecordVal> smb2_file_attrs_to_bro(SMB2_file_attributes* val)
|
|||
|
||||
IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
|
||||
{
|
||||
auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::NegotiateContextValue);
|
||||
auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::NegotiateContextValue);
|
||||
|
||||
r->Assign(0, val_mgr->Count(${ncv.context_type}));
|
||||
r->Assign(1, val_mgr->Count(${ncv.data_length}));
|
||||
|
|
@ -64,7 +64,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
|
|||
switch ( ${ncv.context_type} ) {
|
||||
case SMB2_PREAUTH_INTEGRITY_CAPABILITIES:
|
||||
{
|
||||
auto rpreauth = make_intrusive<RecordVal>(BifType::Record::SMB2::PreAuthIntegrityCapabilities);
|
||||
auto rpreauth = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::PreAuthIntegrityCapabilities);
|
||||
rpreauth->Assign(0, val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg_count}));
|
||||
rpreauth->Assign(1, val_mgr->Count(${ncv.preauth_integrity_capabilities.salt_length}));
|
||||
|
||||
|
|
@ -84,7 +84,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
|
|||
|
||||
case SMB2_ENCRYPTION_CAPABILITIES:
|
||||
{
|
||||
auto rencr = make_intrusive<RecordVal>(BifType::Record::SMB2::EncryptionCapabilities);
|
||||
auto rencr = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::EncryptionCapabilities);
|
||||
rencr->Assign(0, val_mgr->Count(${ncv.encryption_capabilities.cipher_count}));
|
||||
|
||||
auto c = make_intrusive<VectorVal>(zeek::id::index_vec);
|
||||
|
|
@ -102,7 +102,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
|
|||
|
||||
case SMB2_COMPRESSION_CAPABILITIES:
|
||||
{
|
||||
auto rcomp = make_intrusive<RecordVal>(BifType::Record::SMB2::CompressionCapabilities);
|
||||
auto rcomp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::CompressionCapabilities);
|
||||
rcomp->Assign(0, val_mgr->Count(${ncv.compression_capabilities.alg_count}));
|
||||
|
||||
auto c = make_intrusive<VectorVal>(zeek::id::index_vec);
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ AddrVal* network_address_to_val(const ASN1Encoding* na)
|
|||
|
||||
Val* asn1_obj_to_val(const ASN1Encoding* obj)
|
||||
{
|
||||
RecordVal* rval = new RecordVal(BifType::Record::SNMP::ObjectValue);
|
||||
RecordVal* rval = new RecordVal(zeek::BifType::Record::SNMP::ObjectValue);
|
||||
uint8 tag = obj->meta()->tag();
|
||||
|
||||
rval->Assign(0, val_mgr->Count(tag));
|
||||
|
|
@ -92,13 +92,13 @@ Val* time_ticks_to_val(const TimeTicks* tt)
|
|||
|
||||
IntrusivePtr<RecordVal> build_hdr(const Header* header)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::SNMP::Header);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::Header);
|
||||
rv->Assign(0, val_mgr->Count(header->version()));
|
||||
|
||||
switch ( header->version() ) {
|
||||
case SNMPV1_TAG:
|
||||
{
|
||||
RecordVal* v1 = new RecordVal(BifType::Record::SNMP::HeaderV1);
|
||||
RecordVal* v1 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV1);
|
||||
v1->Assign(0, asn1_octet_string_to_val(header->v1()->community()));
|
||||
rv->Assign(1, v1);
|
||||
}
|
||||
|
|
@ -106,7 +106,7 @@ IntrusivePtr<RecordVal> build_hdr(const Header* header)
|
|||
|
||||
case SNMPV2_TAG:
|
||||
{
|
||||
RecordVal* v2 = new RecordVal(BifType::Record::SNMP::HeaderV2);
|
||||
RecordVal* v2 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV2);
|
||||
v2->Assign(0, asn1_octet_string_to_val(header->v2()->community()));
|
||||
rv->Assign(2, v2);
|
||||
}
|
||||
|
|
@ -124,7 +124,7 @@ IntrusivePtr<RecordVal> build_hdr(const Header* header)
|
|||
|
||||
RecordVal* build_hdrV3(const Header* header)
|
||||
{
|
||||
RecordVal* v3 = new RecordVal(BifType::Record::SNMP::HeaderV3);
|
||||
RecordVal* v3 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV3);
|
||||
const v3Header* v3hdr = header->v3();
|
||||
const v3HeaderData* global_data = v3hdr->global_data();
|
||||
bytestring const& flags = global_data->flags()->encoding()->content();
|
||||
|
|
@ -144,7 +144,7 @@ RecordVal* build_hdrV3(const Header* header)
|
|||
if ( v3hdr->next()->tag() == ASN1_SEQUENCE_TAG )
|
||||
{
|
||||
const v3ScopedPDU* spdu = v3hdr->plaintext_pdu();
|
||||
RecordVal* rv = new RecordVal(BifType::Record::SNMP::ScopedPDU_Context);
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::SNMP::ScopedPDU_Context);
|
||||
rv->Assign(0, asn1_octet_string_to_val(spdu->context_engine_id()));
|
||||
rv->Assign(1, asn1_octet_string_to_val(spdu->context_name()));
|
||||
v3->Assign(8, rv);
|
||||
|
|
@ -155,12 +155,12 @@ RecordVal* build_hdrV3(const Header* header)
|
|||
|
||||
VectorVal* build_bindings(const VarBindList* vbl)
|
||||
{
|
||||
auto vv = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::SNMP::Bindings});
|
||||
auto vv = make_intrusive<VectorVal>(zeek::BifType::Vector::SNMP::Bindings);
|
||||
|
||||
for ( size_t i = 0; i < vbl->bindings()->size(); ++i )
|
||||
{
|
||||
VarBind* vb = (*vbl->bindings())[i];
|
||||
RecordVal* binding = new RecordVal(BifType::Record::SNMP::Binding);
|
||||
RecordVal* binding = new RecordVal(zeek::BifType::Record::SNMP::Binding);
|
||||
binding->Assign(0, asn1_oid_to_val(vb->name()->oid()));
|
||||
binding->Assign(1, asn1_obj_to_val(vb->value()->encoding()));
|
||||
vv->Assign(i, binding);
|
||||
|
|
@ -171,7 +171,7 @@ VectorVal* build_bindings(const VarBindList* vbl)
|
|||
|
||||
IntrusivePtr<RecordVal> build_pdu(const CommonPDU* pdu)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::SNMP::PDU);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::PDU);
|
||||
rv->Assign(0, asn1_integer_to_val(pdu->request_id(), TYPE_INT));
|
||||
rv->Assign(1, asn1_integer_to_val(pdu->error_status(), TYPE_INT));
|
||||
rv->Assign(2, asn1_integer_to_val(pdu->error_index(), TYPE_INT));
|
||||
|
|
@ -181,7 +181,7 @@ IntrusivePtr<RecordVal> build_pdu(const CommonPDU* pdu)
|
|||
|
||||
IntrusivePtr<RecordVal> build_trap_pdu(const TrapPDU* pdu)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::SNMP::TrapPDU);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::TrapPDU);
|
||||
rv->Assign(0, asn1_oid_to_val(pdu->enterprise()));
|
||||
rv->Assign(1, network_address_to_val(pdu->agent_addr()));
|
||||
rv->Assign(2, asn1_integer_to_val(pdu->generic_trap(), TYPE_INT));
|
||||
|
|
@ -193,7 +193,7 @@ IntrusivePtr<RecordVal> build_trap_pdu(const TrapPDU* pdu)
|
|||
|
||||
IntrusivePtr<RecordVal> build_bulk_pdu(const GetBulkRequestPDU* pdu)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(BifType::Record::SNMP::BulkPDU);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::BulkPDU);
|
||||
rv->Assign(0, asn1_integer_to_val(pdu->request_id(), TYPE_INT));
|
||||
rv->Assign(1, asn1_integer_to_val(pdu->non_repeaters(), TYPE_COUNT));
|
||||
rv->Assign(2, asn1_integer_to_val(pdu->max_repititions(), TYPE_COUNT));
|
||||
|
|
|
|||
|
|
@ -70,28 +70,28 @@ refine flow SSH_Flow += {
|
|||
if ( ! ssh_capabilities )
|
||||
return false;
|
||||
|
||||
auto result = make_intrusive<RecordVal>(BifType::Record::SSH::Capabilities);
|
||||
auto result = make_intrusive<RecordVal>(zeek::BifType::Record::SSH::Capabilities);
|
||||
result->Assign(0, name_list_to_vector(${msg.kex_algorithms.val}));
|
||||
result->Assign(1, name_list_to_vector(${msg.server_host_key_algorithms.val}));
|
||||
|
||||
RecordVal* encryption_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
|
||||
RecordVal* encryption_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
encryption_algs->Assign(0, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val}));
|
||||
encryption_algs->Assign(1, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val}));
|
||||
result->Assign(2, encryption_algs);
|
||||
|
||||
RecordVal* mac_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
|
||||
RecordVal* mac_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
mac_algs->Assign(0, name_list_to_vector(${msg.mac_algorithms_client_to_server.val}));
|
||||
mac_algs->Assign(1, name_list_to_vector(${msg.mac_algorithms_server_to_client.val}));
|
||||
result->Assign(3, mac_algs);
|
||||
|
||||
RecordVal* compression_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
|
||||
RecordVal* compression_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
compression_algs->Assign(0, name_list_to_vector(${msg.compression_algorithms_client_to_server.val}));
|
||||
compression_algs->Assign(1, name_list_to_vector(${msg.compression_algorithms_server_to_client.val}));
|
||||
result->Assign(4, compression_algs);
|
||||
|
||||
if ( ${msg.languages_client_to_server.len} || ${msg.languages_server_to_client.len} )
|
||||
{
|
||||
RecordVal* languages = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
|
||||
RecordVal* languages = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
if ( ${msg.languages_client_to_server.len} )
|
||||
languages->Assign(0, name_list_to_vector(${msg.languages_client_to_server.val}));
|
||||
if ( ${msg.languages_server_to_client.len} )
|
||||
|
|
|
|||
|
|
@ -161,7 +161,7 @@ refine connection Handshake_Conn += {
|
|||
{
|
||||
for ( unsigned int i = 0; i < supported_signature_algorithms->size(); ++i )
|
||||
{
|
||||
RecordVal* el = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
RecordVal* el = new RecordVal(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
el->Assign(0, val_mgr->Count((*supported_signature_algorithms)[i]->HashAlgorithm()));
|
||||
el->Assign(1, val_mgr->Count((*supported_signature_algorithms)[i]->SignatureAlgorithm()));
|
||||
slist->Assign(i, el);
|
||||
|
|
@ -342,7 +342,7 @@ refine connection Handshake_Conn += {
|
|||
|
||||
if ( ssl_server_signature )
|
||||
{
|
||||
auto ha = make_intrusive<RecordVal>(BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
auto ha = make_intrusive<RecordVal>(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
|
||||
if ( ${kex.signed_params.uses_signature_and_hashalgorithm} )
|
||||
{
|
||||
|
|
@ -414,7 +414,7 @@ refine connection Handshake_Conn += {
|
|||
if ( ! ssl_extension_signed_certificate_timestamp )
|
||||
return true;
|
||||
|
||||
auto ha = make_intrusive<RecordVal>(BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
auto ha = make_intrusive<RecordVal>(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
ha->Assign(0, val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()));
|
||||
ha->Assign(1, val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()));
|
||||
|
||||
|
|
@ -442,7 +442,7 @@ refine connection Handshake_Conn += {
|
|||
|
||||
if ( ssl_server_signature )
|
||||
{
|
||||
auto ha = make_intrusive<RecordVal>(BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
auto ha = make_intrusive<RecordVal>(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
|
||||
|
||||
if ( ${signed_params.uses_signature_and_hashalgorithm} )
|
||||
{
|
||||
|
|
@ -498,7 +498,7 @@ refine connection Handshake_Conn += {
|
|||
{
|
||||
for ( auto&& identity : *(identities->identities()) )
|
||||
{
|
||||
RecordVal* el = new RecordVal(BifType::Record::SSL::PSKIdentity);
|
||||
RecordVal* el = new RecordVal(zeek::BifType::Record::SSL::PSKIdentity);
|
||||
el->Assign(0, make_intrusive<StringVal>(identity->identity().length(), (const char*) identity->identity().data()));
|
||||
el->Assign(1, val_mgr->Count(identity->obfuscated_ticket_age()));
|
||||
slist->Assign(slist->Size(), el);
|
||||
|
|
|
|||
|
|
@ -1356,7 +1356,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
|
|||
|
||||
if ( tcp_options )
|
||||
{
|
||||
auto option_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::TCP::OptionList});
|
||||
auto option_list = make_intrusive<VectorVal>(zeek::BifType::Vector::TCP::OptionList);
|
||||
|
||||
auto add_option_data = [](RecordVal* rv, const u_char* odata, int olen)
|
||||
{
|
||||
|
|
@ -1372,7 +1372,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
|
|||
{
|
||||
auto kind = o[0];
|
||||
auto length = kind < 2 ? 1 : o[1];
|
||||
auto option_record = new RecordVal(BifType::Record::TCP::Option);
|
||||
auto option_record = new RecordVal(zeek::BifType::Record::TCP::Option);
|
||||
option_list->Assign(option_list->Size(), option_record);
|
||||
option_record->Assign(0, val_mgr->Count(kind));
|
||||
option_record->Assign(1, val_mgr->Count(length));
|
||||
|
|
|
|||
|
|
@ -1016,7 +1016,7 @@ broker::expected<broker::data> bro_broker::val_to_data(const Val* v)
|
|||
|
||||
IntrusivePtr<RecordVal> bro_broker::make_data_val(Val* v)
|
||||
{
|
||||
auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
auto data = val_to_data(v);
|
||||
|
||||
if ( data )
|
||||
|
|
@ -1029,7 +1029,7 @@ IntrusivePtr<RecordVal> bro_broker::make_data_val(Val* v)
|
|||
|
||||
IntrusivePtr<RecordVal> bro_broker::make_data_val(broker::data d)
|
||||
{
|
||||
auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
rval->Assign(0, make_intrusive<DataVal>(move(d)));
|
||||
return rval;
|
||||
}
|
||||
|
|
@ -1039,72 +1039,72 @@ struct data_type_getter {
|
|||
|
||||
result_type operator()(broker::none)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::NONE);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::NONE);
|
||||
}
|
||||
|
||||
result_type operator()(bool)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::BOOL);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::BOOL);
|
||||
}
|
||||
|
||||
result_type operator()(uint64_t)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::COUNT);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::COUNT);
|
||||
}
|
||||
|
||||
result_type operator()(int64_t)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INT);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INT);
|
||||
}
|
||||
|
||||
result_type operator()(double)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::DOUBLE);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::DOUBLE);
|
||||
}
|
||||
|
||||
result_type operator()(const std::string&)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::STRING);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::STRING);
|
||||
}
|
||||
|
||||
result_type operator()(const broker::address&)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ADDR);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ADDR);
|
||||
}
|
||||
|
||||
result_type operator()(const broker::subnet&)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SUBNET);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SUBNET);
|
||||
}
|
||||
|
||||
result_type operator()(const broker::port&)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::PORT);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::PORT);
|
||||
}
|
||||
|
||||
result_type operator()(const broker::timestamp&)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TIME);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TIME);
|
||||
}
|
||||
|
||||
result_type operator()(const broker::timespan&)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INTERVAL);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INTERVAL);
|
||||
}
|
||||
|
||||
result_type operator()(const broker::enum_value&)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ENUM);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ENUM);
|
||||
}
|
||||
|
||||
result_type operator()(const broker::set&)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SET);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SET);
|
||||
}
|
||||
|
||||
result_type operator()(const broker::table&)
|
||||
{
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TABLE);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TABLE);
|
||||
}
|
||||
|
||||
result_type operator()(const broker::vector&)
|
||||
|
|
@ -1112,7 +1112,7 @@ struct data_type_getter {
|
|||
// Note that Broker uses vectors to store record data, so there's
|
||||
// no actual way to tell if this data was originally associated
|
||||
// with a Bro record.
|
||||
return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::VECTOR);
|
||||
return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::VECTOR);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -699,7 +699,7 @@ bool Manager::AutoUnpublishEvent(const string& topic, Val* event)
|
|||
|
||||
RecordVal* Manager::MakeEvent(val_list* args, Frame* frame)
|
||||
{
|
||||
auto rval = new RecordVal(BifType::Record::Broker::Event);
|
||||
auto rval = new RecordVal(zeek::BifType::Record::Broker::Event);
|
||||
auto arg_vec = make_intrusive<VectorVal>(vector_of_data_type);
|
||||
rval->Assign(1, arg_vec);
|
||||
Func* func = nullptr;
|
||||
|
|
@ -1351,7 +1351,7 @@ void Manager::ProcessError(broker::error err)
|
|||
}
|
||||
|
||||
mgr.Enqueue(Broker::error,
|
||||
BifType::Enum::Broker::ErrorCode->GetVal(ec),
|
||||
zeek::BifType::Enum::Broker::ErrorCode->GetVal(ec),
|
||||
make_intrusive<StringVal>(msg)
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,9 +26,9 @@ EnumVal* query_status(bool success);
|
|||
*/
|
||||
inline IntrusivePtr<RecordVal> query_result()
|
||||
{
|
||||
auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::QueryResult);
|
||||
auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::QueryResult);
|
||||
rval->Assign(0, query_status(false));
|
||||
rval->Assign(1, make_intrusive<RecordVal>(BifType::Record::Broker::Data));
|
||||
rval->Assign(1, make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data));
|
||||
return rval;
|
||||
}
|
||||
|
||||
|
|
@ -39,7 +39,7 @@ inline IntrusivePtr<RecordVal> query_result()
|
|||
*/
|
||||
inline IntrusivePtr<RecordVal> query_result(IntrusivePtr<RecordVal> data)
|
||||
{
|
||||
auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::QueryResult);
|
||||
auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::QueryResult);
|
||||
rval->Assign(0, query_status(true));
|
||||
rval->Assign(1, std::move(data));
|
||||
return rval;
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ function Broker::__peers%(%): PeerInfos
|
|||
|
||||
auto ps = (BifEnum::Broker::PeerStatus)p.status;
|
||||
peer_info->Assign(0, endpoint_info);
|
||||
peer_info->Assign(1, BifType::Enum::Broker::PeerStatus->GetVal(ps));
|
||||
peer_info->Assign(1, zeek::BifType::Enum::Broker::PeerStatus->GetVal(ps));
|
||||
|
||||
rval->Assign(i, peer_info);
|
||||
++i;
|
||||
|
|
|
|||
|
|
@ -146,7 +146,7 @@ function Broker::__set_iterator_next%(it: opaque of Broker::SetIterator%): bool
|
|||
function Broker::__set_iterator_value%(it: opaque of Broker::SetIterator%): Broker::Data
|
||||
%{
|
||||
auto set_it = static_cast<bro_broker::SetIterator*>(it);
|
||||
auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
|
||||
if ( set_it->it == set_it->dat.end() )
|
||||
{
|
||||
|
|
@ -204,7 +204,7 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker::
|
|||
if ( ! k )
|
||||
{
|
||||
builtin_error("invalid Broker data conversion for key argument");
|
||||
return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
}
|
||||
|
||||
auto v = bro_broker::val_to_data(val);
|
||||
|
|
@ -212,7 +212,7 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker::
|
|||
if ( ! v )
|
||||
{
|
||||
builtin_error("invalid Broker data conversion for value argument");
|
||||
return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
}
|
||||
|
||||
try
|
||||
|
|
@ -225,7 +225,7 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker::
|
|||
catch (const std::out_of_range&)
|
||||
{
|
||||
table[std::move(*k)] = std::move(*v);
|
||||
return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
}
|
||||
%}
|
||||
|
||||
|
|
@ -239,13 +239,13 @@ function Broker::__table_remove%(t: Broker::Data, key: any%): Broker::Data
|
|||
if ( ! k )
|
||||
{
|
||||
builtin_error("invalid Broker data conversion for key argument");
|
||||
return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
}
|
||||
|
||||
auto it = table.find(*k);
|
||||
|
||||
if ( it == table.end() )
|
||||
return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
else
|
||||
{
|
||||
auto rval = bro_broker::make_data_val(move(it->second));
|
||||
|
|
@ -264,13 +264,13 @@ function Broker::__table_lookup%(t: Broker::Data, key: any%): Broker::Data
|
|||
if ( ! k )
|
||||
{
|
||||
builtin_error("invalid Broker data conversion for key argument");
|
||||
return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
}
|
||||
|
||||
auto it = table.find(*k);
|
||||
|
||||
if ( it == table.end() )
|
||||
return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
else
|
||||
return bro_broker::make_data_val(it->second);
|
||||
%}
|
||||
|
|
@ -300,9 +300,9 @@ function Broker::__table_iterator_next%(it: opaque of Broker::TableIterator%): b
|
|||
function Broker::__table_iterator_value%(it: opaque of Broker::TableIterator%): Broker::TableItem
|
||||
%{
|
||||
auto ti = static_cast<bro_broker::TableIterator*>(it);
|
||||
auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::TableItem);
|
||||
auto key_val = new RecordVal(BifType::Record::Broker::Data);
|
||||
auto val_val = new RecordVal(BifType::Record::Broker::Data);
|
||||
auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::TableItem);
|
||||
auto key_val = new RecordVal(zeek::BifType::Record::Broker::Data);
|
||||
auto val_val = new RecordVal(zeek::BifType::Record::Broker::Data);
|
||||
rval->Assign(0, key_val);
|
||||
rval->Assign(1, val_val);
|
||||
|
||||
|
|
@ -367,7 +367,7 @@ function Broker::__vector_replace%(v: Broker::Data, idx: count, d: any%): Broker
|
|||
}
|
||||
|
||||
if ( idx >= vec.size() )
|
||||
return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
|
||||
auto rval = bro_broker::make_data_val(move(vec[idx]));
|
||||
vec[idx] = std::move(*item);
|
||||
|
|
@ -380,7 +380,7 @@ function Broker::__vector_remove%(v: Broker::Data, idx: count%): Broker::Data
|
|||
TYPE_VECTOR, frame);
|
||||
|
||||
if ( idx >= vec.size() )
|
||||
return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
|
||||
auto rval = bro_broker::make_data_val(move(vec[idx]));
|
||||
vec.erase(vec.begin() + idx);
|
||||
|
|
@ -393,7 +393,7 @@ function Broker::__vector_lookup%(v: Broker::Data, idx: count%): Broker::Data
|
|||
TYPE_VECTOR, frame);
|
||||
|
||||
if ( idx >= vec.size() )
|
||||
return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
|
||||
return bro_broker::make_data_val(vec[idx]);
|
||||
%}
|
||||
|
|
@ -423,7 +423,7 @@ function Broker::__vector_iterator_next%(it: opaque of Broker::VectorIterator%):
|
|||
function Broker::__vector_iterator_value%(it: opaque of Broker::VectorIterator%): Broker::Data
|
||||
%{
|
||||
auto vi = static_cast<bro_broker::VectorIterator*>(it);
|
||||
auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
|
||||
if ( vi->it == vi->dat.end() )
|
||||
{
|
||||
|
|
@ -472,7 +472,7 @@ function Broker::__record_lookup%(r: Broker::Data, idx: count%): Broker::Data
|
|||
TYPE_RECORD, frame);
|
||||
|
||||
if ( idx >= v.size() || caf::get_if<broker::none>(&v[idx]) )
|
||||
return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
|
||||
return bro_broker::make_data_val(v[idx]);
|
||||
%}
|
||||
|
|
@ -502,7 +502,7 @@ function Broker::__record_iterator_next%(it: opaque of Broker::RecordIterator%):
|
|||
function Broker::__record_iterator_value%(it: opaque of Broker::RecordIterator%): Broker::Data
|
||||
%{
|
||||
auto ri = static_cast<bro_broker::RecordIterator*>(it);
|
||||
auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::Data);
|
||||
auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
|
||||
if ( ri->it == ri->dat.end() )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ AnalyzerSet::AnalyzerSet(File* arg_file) : file(arg_file)
|
|||
{
|
||||
auto t = make_intrusive<TypeList>();
|
||||
t->Append(file_mgr->GetTagType());
|
||||
t->Append({NewRef{}, BifType::Record::Files::AnalyzerArgs});
|
||||
t->Append(zeek::BifType::Record::Files::AnalyzerArgs);
|
||||
analyzer_hash = new CompositeHash(std::move(t));
|
||||
analyzer_map.SetDeleteFunc(analyzer_del_func);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ module FileExtract;
|
|||
## :zeek:see:`FileExtract::set_limit`.
|
||||
function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool
|
||||
%{
|
||||
using BifType::Record::Files::AnalyzerArgs;
|
||||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
using zeek::BifType::Record::Files::AnalyzerArgs;
|
||||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs.get());
|
||||
bool result = file_mgr->SetExtractionLimit(file_id->CheckString(), rv.get(), n);
|
||||
return val_mgr->Bool(result);
|
||||
%}
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ refine flow File += {
|
|||
%{
|
||||
if ( pe_dos_header )
|
||||
{
|
||||
auto dh = make_intrusive<RecordVal>(BifType::Record::PE::DOSHeader);
|
||||
auto dh = make_intrusive<RecordVal>(zeek::BifType::Record::PE::DOSHeader);
|
||||
dh->Assign(0, make_intrusive<StringVal>(${h.signature}.length(), (const char*) ${h.signature}.data()));
|
||||
dh->Assign(1, val_mgr->Count(${h.UsedBytesInTheLastPage}));
|
||||
dh->Assign(2, val_mgr->Count(${h.FileSizeInPages}));
|
||||
|
|
@ -92,7 +92,7 @@ refine flow File += {
|
|||
%{
|
||||
if ( pe_file_header )
|
||||
{
|
||||
auto fh = make_intrusive<RecordVal>(BifType::Record::PE::FileHeader);
|
||||
auto fh = make_intrusive<RecordVal>(zeek::BifType::Record::PE::FileHeader);
|
||||
fh->Assign(0, val_mgr->Count(${h.Machine}));
|
||||
fh->Assign(1, make_intrusive<Val>(static_cast<double>(${h.TimeDateStamp}), TYPE_TIME));
|
||||
fh->Assign(2, val_mgr->Count(${h.PointerToSymbolTable}));
|
||||
|
|
@ -120,7 +120,7 @@ refine flow File += {
|
|||
|
||||
if ( pe_optional_header )
|
||||
{
|
||||
auto oh = make_intrusive<RecordVal>(BifType::Record::PE::OptionalHeader);
|
||||
auto oh = make_intrusive<RecordVal>(zeek::BifType::Record::PE::OptionalHeader);
|
||||
|
||||
oh->Assign(0, val_mgr->Count(${h.magic}));
|
||||
oh->Assign(1, val_mgr->Count(${h.major_linker_version}));
|
||||
|
|
@ -162,7 +162,7 @@ refine flow File += {
|
|||
%{
|
||||
if ( pe_section_header )
|
||||
{
|
||||
auto section_header = make_intrusive<RecordVal>(BifType::Record::PE::SectionHeader);
|
||||
auto section_header = make_intrusive<RecordVal>(zeek::BifType::Record::PE::SectionHeader);
|
||||
|
||||
// Strip null characters from the end of the section name.
|
||||
u_char* first_null = (u_char*) memchr(${h.name}.data(), 0, ${h.name}.length());
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ refine flow Flow += {
|
|||
%{
|
||||
if ( ::unified2_event )
|
||||
{
|
||||
auto ids_event = make_intrusive<RecordVal>(BifType::Record::Unified2::IDSEvent);
|
||||
auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
|
||||
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
|
|
@ -92,7 +92,7 @@ refine flow Flow += {
|
|||
%{
|
||||
if ( ::unified2_event )
|
||||
{
|
||||
auto ids_event = make_intrusive<RecordVal>(BifType::Record::Unified2::IDSEvent);
|
||||
auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
|
||||
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
|
|
@ -123,7 +123,7 @@ refine flow Flow += {
|
|||
%{
|
||||
if ( ::unified2_packet )
|
||||
{
|
||||
auto packet = make_intrusive<RecordVal>(BifType::Record::Unified2::Packet);
|
||||
auto packet = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::Packet);
|
||||
packet->Assign(0, val_mgr->Count(${pkt.sensor_id}));
|
||||
packet->Assign(1, val_mgr->Count(${pkt.event_id}));
|
||||
packet->Assign(2, val_mgr->Count(${pkt.event_second}));
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ IntrusivePtr<RecordVal> file_analysis::X509::ParseCertificate(X509Val* cert_val,
|
|||
char buf[2048]; // we need a buffer for some of the openssl functions
|
||||
memset(buf, 0, sizeof(buf));
|
||||
|
||||
auto pX509Cert = make_intrusive<RecordVal>(BifType::Record::X509::Certificate);
|
||||
auto pX509Cert = make_intrusive<RecordVal>(zeek::BifType::Record::X509::Certificate);
|
||||
BIO *bio = BIO_new(BIO_s_mem());
|
||||
|
||||
pX509Cert->Assign(0, val_mgr->Count((uint64_t) X509_get_version(ssl_cert) + 1));
|
||||
|
|
@ -286,7 +286,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
|
|||
{
|
||||
if ( x509_ext_basic_constraints )
|
||||
{
|
||||
auto pBasicConstraint = make_intrusive<RecordVal>(BifType::Record::X509::BasicConstraints);
|
||||
auto pBasicConstraint = make_intrusive<RecordVal>(zeek::BifType::Record::X509::BasicConstraints);
|
||||
pBasicConstraint->Assign(0, val_mgr->Bool(constr->ca));
|
||||
|
||||
if ( constr->pathlen )
|
||||
|
|
@ -417,7 +417,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
|
|||
}
|
||||
}
|
||||
|
||||
auto sanExt = make_intrusive<RecordVal>(BifType::Record::X509::SubjectAlternativeName);
|
||||
auto sanExt = make_intrusive<RecordVal>(zeek::BifType::Record::X509::SubjectAlternativeName);
|
||||
|
||||
if ( names != nullptr )
|
||||
sanExt->Assign(0, names);
|
||||
|
|
|
|||
|
|
@ -269,7 +269,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const EventHa
|
|||
if ( ! ext_val )
|
||||
ext_val = make_intrusive<StringVal>(0, "");
|
||||
|
||||
auto pX509Ext = make_intrusive<RecordVal>(BifType::Record::X509::Extension);
|
||||
auto pX509Ext = make_intrusive<RecordVal>(zeek::BifType::Record::X509::Extension);
|
||||
pX509Ext->Assign(0, make_intrusive<StringVal>(name));
|
||||
|
||||
if ( short_name and strlen(short_name) > 0 )
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
// construct an error record
|
||||
IntrusivePtr<RecordVal> x509_result_record(uint64_t num, const char* reason, Val* chainVector = nullptr)
|
||||
{
|
||||
auto rrecord = make_intrusive<RecordVal>(BifType::Record::X509::Result);
|
||||
auto rrecord = make_intrusive<RecordVal>(zeek::BifType::Record::X509::Result);
|
||||
|
||||
rrecord->Assign(0, val_mgr->Int(num));
|
||||
rrecord->Assign(1, make_intrusive<StringVal>(reason));
|
||||
|
|
|
|||
|
|
@ -41,8 +41,8 @@ function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool
|
|||
## :zeek:see:`Files::add_analyzer`.
|
||||
function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool
|
||||
%{
|
||||
using BifType::Record::Files::AnalyzerArgs;
|
||||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
using zeek::BifType::Record::Files::AnalyzerArgs;
|
||||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs.get());
|
||||
bool result = file_mgr->AddAnalyzer(file_id->CheckString(),
|
||||
file_mgr->GetComponentTag(tag), rv.get());
|
||||
return val_mgr->Bool(result);
|
||||
|
|
@ -51,8 +51,8 @@ function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): b
|
|||
## :zeek:see:`Files::remove_analyzer`.
|
||||
function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool
|
||||
%{
|
||||
using BifType::Record::Files::AnalyzerArgs;
|
||||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
using zeek::BifType::Record::Files::AnalyzerArgs;
|
||||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs.get());
|
||||
bool result = file_mgr->RemoveAnalyzer(file_id->CheckString(),
|
||||
file_mgr->GetComponentTag(tag) , rv.get());
|
||||
return val_mgr->Bool(result);
|
||||
|
|
|
|||
|
|
@ -225,9 +225,9 @@ ReaderBackend* Manager::CreateBackend(ReaderFrontend* frontend, EnumVal* tag)
|
|||
bool Manager::CreateStream(Stream* info, RecordVal* description)
|
||||
{
|
||||
RecordType* rtype = description->GetType()->AsRecordType();
|
||||
if ( ! ( same_type(rtype, BifType::Record::Input::TableDescription, false)
|
||||
|| same_type(rtype, BifType::Record::Input::EventDescription, false)
|
||||
|| same_type(rtype, BifType::Record::Input::AnalysisDescription, false) ) )
|
||||
if ( ! ( same_type(rtype, zeek::BifType::Record::Input::TableDescription.get(), false)
|
||||
|| same_type(rtype, zeek::BifType::Record::Input::EventDescription.get(), false)
|
||||
|| same_type(rtype, zeek::BifType::Record::Input::AnalysisDescription.get(), false) ) )
|
||||
{
|
||||
reporter->Error("Stream description argument not of right type for new input stream");
|
||||
return false;
|
||||
|
|
@ -311,7 +311,7 @@ bool Manager::CreateStream(Stream* info, RecordVal* description)
|
|||
bool Manager::CreateEventStream(RecordVal* fval)
|
||||
{
|
||||
RecordType* rtype = fval->GetType()->AsRecordType();
|
||||
if ( ! same_type(rtype, BifType::Record::Input::EventDescription, false) )
|
||||
if ( ! same_type(rtype, zeek::BifType::Record::Input::EventDescription.get(), false) )
|
||||
{
|
||||
reporter->Error("EventDescription argument not of right type");
|
||||
return false;
|
||||
|
|
@ -344,13 +344,13 @@ bool Manager::CreateEventStream(RecordVal* fval)
|
|||
return false;
|
||||
}
|
||||
|
||||
if ( ! same_type(args[1].get(), BifType::Enum::Input::Event, false) )
|
||||
if ( ! same_type(args[1].get(), zeek::BifType::Enum::Input::Event.get(), false) )
|
||||
{
|
||||
reporter->Error("Input stream %s: Event's second attribute must be of type Input::Event", stream_name.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! same_type(args[0].get(), BifType::Record::Input::EventDescription, false) )
|
||||
if ( ! same_type(args[0].get(), zeek::BifType::Record::Input::EventDescription.get(), false) )
|
||||
{
|
||||
reporter->Error("Input stream %s: Event's first attribute must be of type Input::EventDescription", stream_name.c_str());
|
||||
return false;
|
||||
|
|
@ -464,7 +464,7 @@ bool Manager::CreateEventStream(RecordVal* fval)
|
|||
bool Manager::CreateTableStream(RecordVal* fval)
|
||||
{
|
||||
RecordType* rtype = fval->GetType()->AsRecordType();
|
||||
if ( ! same_type(rtype, BifType::Record::Input::TableDescription, false) )
|
||||
if ( ! same_type(rtype, zeek::BifType::Record::Input::TableDescription.get(), false) )
|
||||
{
|
||||
reporter->Error("TableDescription argument not of right type");
|
||||
return false;
|
||||
|
|
@ -572,13 +572,13 @@ bool Manager::CreateTableStream(RecordVal* fval)
|
|||
return false;
|
||||
}
|
||||
|
||||
if ( ! same_type(args[0].get(), BifType::Record::Input::TableDescription, false) )
|
||||
if ( ! same_type(args[0].get(), zeek::BifType::Record::Input::TableDescription.get(), false) )
|
||||
{
|
||||
reporter->Error("Input stream %s: Table event's first attribute must be of type Input::TableDescription", stream_name.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! same_type(args[1].get(), BifType::Enum::Input::Event, false) )
|
||||
if ( ! same_type(args[1].get(), zeek::BifType::Enum::Input::Event.get(), false) )
|
||||
{
|
||||
reporter->Error("Input stream %s: Table event's second attribute must be of type Input::Event", stream_name.c_str());
|
||||
return false;
|
||||
|
|
@ -719,13 +719,13 @@ bool Manager::CheckErrorEventTypes(const std::string& stream_name, const Func* e
|
|||
return false;
|
||||
}
|
||||
|
||||
if ( table && ! same_type(args[0].get(), BifType::Record::Input::TableDescription, false) )
|
||||
if ( table && ! same_type(args[0].get(), zeek::BifType::Record::Input::TableDescription.get(), false) )
|
||||
{
|
||||
reporter->Error("Input stream %s: Error event's first attribute must be of type Input::TableDescription", stream_name.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! table && ! same_type(args[0].get(), BifType::Record::Input::EventDescription, false) )
|
||||
if ( ! table && ! same_type(args[0].get(), zeek::BifType::Record::Input::EventDescription.get(), false) )
|
||||
{
|
||||
reporter->Error("Input stream %s: Error event's first attribute must be of type Input::EventDescription", stream_name.c_str());
|
||||
return false;
|
||||
|
|
@ -737,7 +737,7 @@ bool Manager::CheckErrorEventTypes(const std::string& stream_name, const Func* e
|
|||
return false;
|
||||
}
|
||||
|
||||
if ( ! same_type(args[2].get(), BifType::Enum::Reporter::Level, false) )
|
||||
if ( ! same_type(args[2].get(), zeek::BifType::Enum::Reporter::Level.get(), false) )
|
||||
{
|
||||
reporter->Error("Input stream %s: Error event's third attribute must be of type Reporter::Level", stream_name.c_str());
|
||||
return false;
|
||||
|
|
@ -750,7 +750,7 @@ bool Manager::CreateAnalysisStream(RecordVal* fval)
|
|||
{
|
||||
RecordType* rtype = fval->GetType()->AsRecordType();
|
||||
|
||||
if ( ! same_type(rtype, BifType::Record::Input::AnalysisDescription, false) )
|
||||
if ( ! same_type(rtype, zeek::BifType::Record::Input::AnalysisDescription.get(), false) )
|
||||
{
|
||||
reporter->Error("AnalysisDescription argument not of right type");
|
||||
return false;
|
||||
|
|
@ -1072,7 +1072,7 @@ void Manager::SendEntry(ReaderFrontend* reader, Value* *vals)
|
|||
|
||||
else if ( i->stream_type == EVENT_STREAM )
|
||||
{
|
||||
EnumVal* type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
EnumVal* type = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
readFields = SendEventStreamEvent(i, type, vals);
|
||||
}
|
||||
|
||||
|
|
@ -1177,9 +1177,9 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals)
|
|||
if ( ! pred_convert_error )
|
||||
{
|
||||
if ( updated )
|
||||
ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
|
||||
ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
|
||||
else
|
||||
ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
|
||||
bool result;
|
||||
if ( stream->num_val_fields > 0 ) // we have values
|
||||
|
|
@ -1278,13 +1278,13 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals)
|
|||
else if ( updated )
|
||||
{ // in case of update send back the old value.
|
||||
assert ( stream->num_val_fields > 0 );
|
||||
ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
|
||||
ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
|
||||
assert ( oldval != nullptr );
|
||||
SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx, oldval.release());
|
||||
}
|
||||
else
|
||||
{
|
||||
ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
if ( stream->num_val_fields == 0 )
|
||||
{
|
||||
Ref(stream->description);
|
||||
|
|
@ -1347,7 +1347,7 @@ void Manager::EndCurrentSend(ReaderFrontend* reader)
|
|||
val = stream->tab->Lookup(idx.get());
|
||||
assert(val != nullptr);
|
||||
predidx = ListValToRecordVal(idx.get(), stream->itype, &startpos);
|
||||
ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
|
||||
ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
|
||||
}
|
||||
|
||||
if ( stream->pred )
|
||||
|
|
@ -1454,7 +1454,7 @@ void Manager::Put(ReaderFrontend* reader, Value* *vals)
|
|||
|
||||
else if ( i->stream_type == EVENT_STREAM )
|
||||
{
|
||||
EnumVal* type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
EnumVal* type = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
readFields = SendEventStreamEvent(i, type, vals);
|
||||
}
|
||||
|
||||
|
|
@ -1591,9 +1591,9 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
|
|||
else
|
||||
{
|
||||
if ( updated )
|
||||
ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
|
||||
ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
|
||||
else
|
||||
ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
|
||||
bool result;
|
||||
if ( stream->num_val_fields > 0 ) // we have values
|
||||
|
|
@ -1632,14 +1632,14 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
|
|||
{
|
||||
// in case of update send back the old value.
|
||||
assert ( stream->num_val_fields > 0 );
|
||||
ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
|
||||
ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
|
||||
assert ( oldval != nullptr );
|
||||
SendEvent(stream->event, 4, stream->description->Ref(),
|
||||
ev, predidx, oldval.release());
|
||||
}
|
||||
else
|
||||
{
|
||||
ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
|
||||
if ( stream->num_val_fields == 0 )
|
||||
SendEvent(stream->event, 4, stream->description->Ref(),
|
||||
ev, predidx);
|
||||
|
|
@ -1724,7 +1724,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals)
|
|||
Unref(predidx);
|
||||
else
|
||||
{
|
||||
EnumVal* ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
|
||||
EnumVal* ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
|
||||
|
||||
streamresult = CallPred(stream->pred, 3, ev, predidx, IntrusivePtr{val}.release());
|
||||
|
||||
|
|
@ -1743,7 +1743,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals)
|
|||
{
|
||||
Ref(idxval);
|
||||
assert(val != nullptr);
|
||||
EnumVal* ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
|
||||
EnumVal* ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
|
||||
SendEvent(stream->event, 4, stream->description->Ref(), ev, idxval, IntrusivePtr{val}.release());
|
||||
}
|
||||
}
|
||||
|
|
@ -1758,7 +1758,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals)
|
|||
|
||||
else if ( i->stream_type == EVENT_STREAM )
|
||||
{
|
||||
EnumVal* type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
|
||||
EnumVal* type = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
|
||||
readVals = SendEventStreamEvent(i, type, vals);
|
||||
success = true;
|
||||
}
|
||||
|
|
@ -2715,15 +2715,15 @@ void Manager::ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, co
|
|||
switch (et)
|
||||
{
|
||||
case ErrorType::INFO:
|
||||
ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::INFO).release();
|
||||
ev = zeek::BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::INFO).release();
|
||||
break;
|
||||
|
||||
case ErrorType::WARNING:
|
||||
ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::WARNING).release();
|
||||
ev = zeek::BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::WARNING).release();
|
||||
break;
|
||||
|
||||
case ErrorType::ERROR:
|
||||
ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::ERROR).release();
|
||||
ev = zeek::BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::ERROR).release();
|
||||
break;
|
||||
|
||||
default:
|
||||
|
|
|
|||
|
|
@ -627,7 +627,7 @@ IntrusivePtr<RecordVal> Packet::ToRawPktHdrVal() const
|
|||
{
|
||||
// Ethernet header layout is:
|
||||
// dst[6bytes] src[6bytes] ethertype[2bytes]...
|
||||
l2_hdr->Assign(0, BifType::Enum::link_encap->GetVal(BifEnum::LINK_ETHERNET));
|
||||
l2_hdr->Assign(0, zeek::BifType::Enum::link_encap->GetVal(BifEnum::LINK_ETHERNET));
|
||||
l2_hdr->Assign(3, FmtEUI48(data + 6)); // src
|
||||
l2_hdr->Assign(4, FmtEUI48(data)); // dst
|
||||
|
||||
|
|
@ -644,12 +644,12 @@ IntrusivePtr<RecordVal> Packet::ToRawPktHdrVal() const
|
|||
l3 = BifEnum::L3_ARP;
|
||||
}
|
||||
else
|
||||
l2_hdr->Assign(0, BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN));
|
||||
l2_hdr->Assign(0, zeek::BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN));
|
||||
|
||||
l2_hdr->Assign(1, val_mgr->Count(len));
|
||||
l2_hdr->Assign(2, val_mgr->Count(cap_len));
|
||||
|
||||
l2_hdr->Assign(8, BifType::Enum::layer3_proto->GetVal(l3));
|
||||
l2_hdr->Assign(8, zeek::BifType::Enum::layer3_proto->GetVal(l3));
|
||||
|
||||
pkt_hdr->Assign(0, l2_hdr);
|
||||
|
||||
|
|
|
|||
|
|
@ -231,7 +231,7 @@ bool Manager::CreateStream(EnumVal* id, RecordVal* sval)
|
|||
{
|
||||
RecordType* rtype = sval->GetType()->AsRecordType();
|
||||
|
||||
if ( ! same_type(rtype, BifType::Record::Log::Stream, false) )
|
||||
if ( ! same_type(rtype, zeek::BifType::Record::Log::Stream.get(), false) )
|
||||
{
|
||||
reporter->Error("sval argument not of right type");
|
||||
return false;
|
||||
|
|
@ -534,7 +534,7 @@ bool Manager::AddFilter(EnumVal* id, RecordVal* fval)
|
|||
{
|
||||
RecordType* rtype = fval->GetType()->AsRecordType();
|
||||
|
||||
if ( ! same_type(rtype, BifType::Record::Log::Filter, false) )
|
||||
if ( ! same_type(rtype, zeek::BifType::Record::Log::Filter.get(), false) )
|
||||
{
|
||||
reporter->Error("filter argument not of right type");
|
||||
return false;
|
||||
|
|
@ -1514,7 +1514,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con
|
|||
return true;
|
||||
|
||||
// Create the RotationInfo record.
|
||||
auto info = make_intrusive<RecordVal>(BifType::Record::Log::RotationInfo);
|
||||
auto info = make_intrusive<RecordVal>(zeek::BifType::Record::Log::RotationInfo);
|
||||
info->Assign(0, winfo->type->Ref());
|
||||
info->Assign(1, make_intrusive<StringVal>(new_name));
|
||||
info->Assign(2, make_intrusive<StringVal>(winfo->writer->Info().path));
|
||||
|
|
|
|||
|
|
@ -1104,7 +1104,7 @@ std::string Supervisor::NodeConfig::ToJSON() const
|
|||
|
||||
IntrusivePtr<RecordVal> Supervisor::NodeConfig::ToRecord() const
|
||||
{
|
||||
auto rt = BifType::Record::Supervisor::NodeConfig;
|
||||
const auto& rt = zeek::BifType::Record::Supervisor::NodeConfig;
|
||||
auto rval = make_intrusive<RecordVal>(rt);
|
||||
rval->Assign(rt->FieldOffset("name"), make_intrusive<StringVal>(name));
|
||||
|
||||
|
|
@ -1140,10 +1140,10 @@ IntrusivePtr<RecordVal> Supervisor::NodeConfig::ToRecord() const
|
|||
auto& name = e.first;
|
||||
auto& ep = e.second;
|
||||
auto key = make_intrusive<StringVal>(name);
|
||||
auto ept = BifType::Record::Supervisor::ClusterEndpoint;
|
||||
const auto& ept = zeek::BifType::Record::Supervisor::ClusterEndpoint;
|
||||
auto val = make_intrusive<RecordVal>(ept);
|
||||
|
||||
val->Assign(ept->FieldOffset("role"), BifType::Enum::Supervisor::ClusterRole->GetVal(ep.role));
|
||||
val->Assign(ept->FieldOffset("role"), zeek::BifType::Enum::Supervisor::ClusterRole->GetVal(ep.role));
|
||||
val->Assign(ept->FieldOffset("host"), make_intrusive<AddrVal>(ep.host));
|
||||
val->Assign(ept->FieldOffset("p"), val_mgr->Port(ep.port, TRANSPORT_TCP));
|
||||
|
||||
|
|
@ -1158,7 +1158,7 @@ IntrusivePtr<RecordVal> Supervisor::NodeConfig::ToRecord() const
|
|||
|
||||
IntrusivePtr<RecordVal> Supervisor::Node::ToRecord() const
|
||||
{
|
||||
auto rt = BifType::Record::Supervisor::NodeStatus;
|
||||
const auto& rt = zeek::BifType::Record::Supervisor::NodeStatus;
|
||||
auto rval = make_intrusive<RecordVal>(rt);
|
||||
|
||||
rval->Assign(rt->FieldOffset("node"), config.ToRecord());
|
||||
|
|
@ -1314,8 +1314,8 @@ void Supervisor::SupervisedNode::Init(zeek::Options* options) const
|
|||
|
||||
IntrusivePtr<RecordVal> Supervisor::Status(std::string_view node_name)
|
||||
{
|
||||
auto rval = make_intrusive<RecordVal>(BifType::Record::Supervisor::Status);
|
||||
const auto& tt = BifType::Record::Supervisor::Status->GetFieldType("nodes");
|
||||
auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Supervisor::Status);
|
||||
const auto& tt = zeek::BifType::Record::Supervisor::Status->GetFieldType("nodes");
|
||||
auto node_table_val = new TableVal(cast_intrusive<TableType>(tt));
|
||||
rval->Assign(0, node_table_val);
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ function Supervisor::__status%(node: string%): Supervisor::Status
|
|||
if ( ! zeek::supervisor_mgr )
|
||||
{
|
||||
builtin_error("supervisor mode not enabled");
|
||||
return make_intrusive<RecordVal>(BifType::Record::Supervisor::Status);
|
||||
return make_intrusive<RecordVal>(zeek::BifType::Record::Supervisor::Status);
|
||||
}
|
||||
|
||||
return zeek::supervisor_mgr->Status(node->CheckString());
|
||||
|
|
@ -84,7 +84,7 @@ function Supervisor::__node%(%): Supervisor::NodeConfig
|
|||
if ( ! zeek::Supervisor::ThisNode() )
|
||||
{
|
||||
builtin_error("not a supervised process");
|
||||
auto rt = BifType::Record::Supervisor::NodeConfig;
|
||||
const auto& rt = zeek::BifType::Record::Supervisor::NodeConfig;
|
||||
auto rval = make_intrusive<RecordVal>(rt);
|
||||
rval->Assign(rt->FieldOffset("name"), new StringVal("<invalid>"));
|
||||
return rval;
|
||||
|
|
|
|||
|
|
@ -3397,7 +3397,7 @@ function get_current_packet%(%) : pcap_packet
|
|||
pkt->Assign(2, val_mgr->Count(0));
|
||||
pkt->Assign(3, val_mgr->Count(0));
|
||||
pkt->Assign(4, val_mgr->EmptyString());
|
||||
pkt->Assign(5, BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN));
|
||||
pkt->Assign(5, zeek::BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN));
|
||||
return pkt;
|
||||
}
|
||||
|
||||
|
|
@ -3406,7 +3406,7 @@ function get_current_packet%(%) : pcap_packet
|
|||
pkt->Assign(2, val_mgr->Count(p->cap_len));
|
||||
pkt->Assign(3, val_mgr->Count(p->len));
|
||||
pkt->Assign(4, make_intrusive<StringVal>(p->cap_len, (const char*)p->data));
|
||||
pkt->Assign(5, BifType::Enum::link_encap->GetVal(p->link_type));
|
||||
pkt->Assign(5, zeek::BifType::Enum::link_encap->GetVal(p->link_type));
|
||||
|
||||
return pkt;
|
||||
%}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue