From eedeb07550bf19d7396f1df6eb39565797bc778d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 13 May 2020 20:21:51 -0700 Subject: [PATCH] Deprecate all BroType* in BifType:: namespace Replaced with equivalently named IntrusivePtr in zeek::BifType:: --- NEWS | 4 ++ aux/bifcl | 2 +- src/TunnelEncapsulation.cc | 4 +- src/Val.cc | 8 +-- .../protocol/dce-rpc/dce_rpc-analyzer.pac | 2 +- src/analyzer/protocol/dhcp/dhcp-analyzer.pac | 4 +- src/analyzer/protocol/dhcp/dhcp-options.pac | 20 +++--- src/analyzer/protocol/ftp/functions.bif | 4 +- .../protocol/gtpv1/gtpv1-analyzer.pac | 24 +++---- src/analyzer/protocol/krb/krb-analyzer.pac | 12 ++-- src/analyzer/protocol/krb/krb-padata.pac | 8 +-- src/analyzer/protocol/krb/krb-types.pac | 6 +- .../protocol/modbus/modbus-analyzer.pac | 14 ++--- .../protocol/mqtt/commands/connack.pac | 2 +- .../protocol/mqtt/commands/connect.pac | 2 +- .../protocol/mqtt/commands/publish.pac | 2 +- src/analyzer/protocol/ntlm/ntlm-analyzer.pac | 12 ++-- src/analyzer/protocol/ntp/ntp-analyzer.pac | 8 +-- .../protocol/radius/radius-analyzer.pac | 6 +- src/analyzer/protocol/rdp/rdp-analyzer.pac | 12 ++-- src/analyzer/protocol/rpc/MOUNT.cc | 14 ++--- src/analyzer/protocol/rpc/NFS.cc | 62 +++++++++---------- src/analyzer/protocol/rpc/Portmap.cc | 2 +- src/analyzer/protocol/rpc/RPC.cc | 4 +- src/analyzer/protocol/smb/smb-time.pac | 2 +- .../protocol/smb/smb1-com-negotiate.pac | 16 ++--- .../smb/smb1-com-session-setup-andx.pac | 8 +-- .../smb/smb1-com-transaction-secondary.pac | 2 +- .../smb/smb1-com-transaction2-secondary.pac | 2 +- .../protocol/smb/smb1-com-transaction2.pac | 4 +- src/analyzer/protocol/smb/smb1-protocol.pac | 2 +- src/analyzer/protocol/smb/smb2-com-close.pac | 2 +- src/analyzer/protocol/smb/smb2-com-create.pac | 4 +- .../protocol/smb/smb2-com-negotiate.pac | 4 +- .../protocol/smb/smb2-com-session-setup.pac | 6 +- .../protocol/smb/smb2-com-set-info.pac | 6 +- .../smb/smb2-com-transform-header.pac | 2 +- .../protocol/smb/smb2-com-tree-connect.pac | 2 +- src/analyzer/protocol/smb/smb2-protocol.pac | 14 ++--- src/analyzer/protocol/snmp/snmp-analyzer.pac | 22 +++---- src/analyzer/protocol/ssh/ssh-analyzer.pac | 10 +-- .../protocol/ssl/tls-handshake-analyzer.pac | 10 +-- src/analyzer/protocol/tcp/TCP.cc | 4 +- src/broker/Data.cc | 34 +++++----- src/broker/Manager.cc | 4 +- src/broker/Store.h | 6 +- src/broker/comm.bif | 2 +- src/broker/data.bif | 34 +++++----- src/file_analysis/AnalyzerSet.cc | 2 +- .../analyzer/extract/functions.bif | 4 +- src/file_analysis/analyzer/pe/pe-analyzer.pac | 8 +-- .../analyzer/unified2/unified2-analyzer.pac | 6 +- src/file_analysis/analyzer/x509/X509.cc | 6 +- src/file_analysis/analyzer/x509/X509Common.cc | 2 +- src/file_analysis/analyzer/x509/functions.bif | 2 +- src/file_analysis/file_analysis.bif | 8 +-- src/input/Manager.cc | 60 +++++++++--------- src/iosource/Packet.cc | 6 +- src/logging/Manager.cc | 6 +- src/supervisor/Supervisor.cc | 12 ++-- src/supervisor/supervisor.bif | 4 +- src/zeek.bif | 4 +- 62 files changed, 287 insertions(+), 283 deletions(-) diff --git a/NEWS b/NEWS index 9ccc59bc80..fe2629d8a7 100644 --- a/NEWS +++ b/NEWS @@ -176,6 +176,10 @@ Deprecated Functionality - ``Scope::Lookup()`` is deprecated, use ``Scope::Find()``. +- All generated ``BroType*`` names in the ``BifType::`` namespaces are + deprecated, but there's an equivalent name in ``zeek::BifType::`` of + ``IntrusivePtr`` type to use instead. + Zeek 3.1.0 ========== diff --git a/aux/bifcl b/aux/bifcl index 970c09875a..5afd05f72b 160000 --- a/aux/bifcl +++ b/aux/bifcl @@ -1 +1 @@ -Subproject commit 970c09875a4bcfb61981d7b629e732f9a0f322ef +Subproject commit 5afd05f72b52bd40637546203749fb7bed8dbc4d diff --git a/src/TunnelEncapsulation.cc b/src/TunnelEncapsulation.cc index 61a4e7bbbb..1b36a3f898 100644 --- a/src/TunnelEncapsulation.cc +++ b/src/TunnelEncapsulation.cc @@ -18,7 +18,7 @@ EncapsulatingConn::EncapsulatingConn(Connection* c, BifEnum::Tunnel::Type t) IntrusivePtr EncapsulatingConn::ToVal() const { - auto rv = make_intrusive(BifType::Record::Tunnel::EncapsulatingConn); + auto rv = make_intrusive(zeek::BifType::Record::Tunnel::EncapsulatingConn); auto id_val = make_intrusive(zeek::id::conn_id); id_val->Assign(0, make_intrusive(src_addr)); @@ -26,7 +26,7 @@ IntrusivePtr EncapsulatingConn::ToVal() const id_val->Assign(2, make_intrusive(dst_addr)); id_val->Assign(3, val_mgr->Port(ntohs(dst_port), proto)); rv->Assign(0, std::move(id_val)); - rv->Assign(1, BifType::Enum::Tunnel::Type->GetVal(type)); + rv->Assign(1, zeek::BifType::Enum::Tunnel::Type->GetVal(type)); rv->Assign(2, make_intrusive(uid.Base62("C").c_str())); diff --git a/src/Val.cc b/src/Val.cc index 7b5962f403..e721f42dc0 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2033,16 +2033,16 @@ void TableVal::CallChangeFunc(const Val* index, Val* old_value, OnChangeType tpe switch ( tpe ) { case ELEMENT_NEW: - vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_NEW)); + vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_NEW)); break; case ELEMENT_CHANGED: - vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_CHANGED)); + vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_CHANGED)); break; case ELEMENT_REMOVED: - vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_REMOVED)); + vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_REMOVED)); break; case ELEMENT_EXPIRED: - vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_EXPIRED)); + vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_EXPIRED)); } for ( const auto& v : lv->Vals() ) diff --git a/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac b/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac index de06b8e29b..7dfff77119 100644 --- a/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac +++ b/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac @@ -42,7 +42,7 @@ refine connection DCE_RPC_Conn += { ${header.is_orig}, fid, ${header.PTYPE}, - BifType::Enum::DCE_RPC::PType->GetVal(${header.PTYPE})); + zeek::BifType::Enum::DCE_RPC::PType->GetVal(${header.PTYPE})); } return true; %} diff --git a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac index eb0e5ac7a7..e8994436f8 100644 --- a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac +++ b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac @@ -19,7 +19,7 @@ refine flow DHCP_Flow += { %{ if ( ! options ) { - options = make_intrusive(BifType::Record::DHCP::Options); + options = make_intrusive(zeek::BifType::Record::DHCP::Options); all_options = make_intrusive(zeek::id::index_vec); options->Assign(0, all_options); } @@ -53,7 +53,7 @@ refine flow DHCP_Flow += { std::string mac_str = fmt_mac(${msg.chaddr}.data(), ${msg.chaddr}.length()); double secs = static_cast(${msg.secs}); - auto dhcp_msg_val = make_intrusive(BifType::Record::DHCP::Msg); + auto dhcp_msg_val = make_intrusive(zeek::BifType::Record::DHCP::Msg); dhcp_msg_val->Assign(0, val_mgr->Count(${msg.op})); dhcp_msg_val->Assign(1, val_mgr->Count(${msg.type})); dhcp_msg_val->Assign(2, val_mgr->Count(${msg.xid})); diff --git a/src/analyzer/protocol/dhcp/dhcp-options.pac b/src/analyzer/protocol/dhcp/dhcp-options.pac index eb0be08e4c..2ebb439575 100644 --- a/src/analyzer/protocol/dhcp/dhcp-options.pac +++ b/src/analyzer/protocol/dhcp/dhcp-options.pac @@ -57,7 +57,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_router_option(v: OptionValue): bool %{ - auto router_list = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs}); + auto router_list = make_intrusive(zeek::BifType::Vector::DHCP::Addrs); int num_routers = ${v.router_list}->size(); vector* rlist = ${v.router_list}; @@ -91,7 +91,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_timeserver_option(v: OptionValue): bool %{ - auto timeserver_list = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs}); + auto timeserver_list = make_intrusive(zeek::BifType::Vector::DHCP::Addrs); int num_servers = ${v.timeserver_list}->size(); vector* rlist = ${v.timeserver_list}; @@ -125,7 +125,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_nameserver_option(v: OptionValue): bool %{ - auto nameserver_list = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs}); + auto nameserver_list = make_intrusive(zeek::BifType::Vector::DHCP::Addrs); int num_servers = ${v.nameserver_list}->size(); vector* rlist = ${v.nameserver_list}; @@ -159,7 +159,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_dns_server_option(v: OptionValue): bool %{ - auto server_list = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs}); + auto server_list = make_intrusive(zeek::BifType::Vector::DHCP::Addrs); int num_servers = ${v.dns_server_list}->size(); vector* rlist = ${v.dns_server_list}; @@ -298,7 +298,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_ntpserver_option(v: OptionValue): bool %{ - auto ntpserver_list = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs}); + auto ntpserver_list = make_intrusive(zeek::BifType::Vector::DHCP::Addrs); int num_servers = ${v.ntpserver_list}->size(); vector* rlist = ${v.ntpserver_list}; @@ -356,7 +356,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_nbns_option(v: OptionValue): bool %{ - auto server_list = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs}); + auto server_list = make_intrusive(zeek::BifType::Vector::DHCP::Addrs); int num_servers = ${v.nbns}->size(); vector* rlist = ${v.nbns}; @@ -625,7 +625,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_client_id_option(v: OptionValue): bool %{ - RecordVal* client_id = new RecordVal(BifType::Record::DHCP::ClientID); + RecordVal* client_id = new RecordVal(zeek::BifType::Record::DHCP::ClientID); client_id->Assign(0, val_mgr->Count(${v.client_id.hwtype})); client_id->Assign(1, make_intrusive(fmt_mac(${v.client_id.hwaddr}.begin(), ${v.client_id.hwaddr}.length()))); @@ -685,7 +685,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_client_fqdn_option(v: OptionValue): bool %{ - RecordVal* client_fqdn = new RecordVal(BifType::Record::DHCP::ClientFQDN); + RecordVal* client_fqdn = new RecordVal(zeek::BifType::Record::DHCP::ClientFQDN); client_fqdn->Assign(0, val_mgr->Count(${v.client_fqdn.flags})); client_fqdn->Assign(1, val_mgr->Count(${v.client_fqdn.rcode1})); client_fqdn->Assign(2, val_mgr->Count(${v.client_fqdn.rcode2})); @@ -743,14 +743,14 @@ refine flow DHCP_Flow += { function process_relay_agent_inf_option(v: OptionValue): bool %{ - auto relay_agent_sub_opt = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::SubOpts}); + auto relay_agent_sub_opt = make_intrusive(zeek::BifType::Vector::DHCP::SubOpts); uint16 i = 0; for ( auto ptrsubopt = ${v.relay_agent_inf}->begin(); ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt ) { - auto r = new RecordVal(BifType::Record::DHCP::SubOpt); + auto r = new RecordVal(zeek::BifType::Record::DHCP::SubOpt); r->Assign(0, val_mgr->Count((*ptrsubopt)->code())); r->Assign(1, to_stringval((*ptrsubopt)->value())); diff --git a/src/analyzer/protocol/ftp/functions.bif b/src/analyzer/protocol/ftp/functions.bif index 6dff964042..204481b575 100644 --- a/src/analyzer/protocol/ftp/functions.bif +++ b/src/analyzer/protocol/ftp/functions.bif @@ -6,7 +6,7 @@ type ftp_port: record; static IntrusivePtr parse_port(const char* line) { - auto r = make_intrusive(BifType::Record::ftp_port); + auto r = make_intrusive(zeek::BifType::Record::ftp_port); int bytes[6]; if ( line && sscanf(line, "%d,%d,%d,%d,%d,%d", @@ -49,7 +49,7 @@ static IntrusivePtr parse_port(const char* line) static IntrusivePtr parse_eftp(const char* line) { - auto r = make_intrusive(BifType::Record::ftp_port); + auto r = make_intrusive(zeek::BifType::Record::ftp_port); int net_proto = 0; // currently not used IPAddr addr; // unspecified IPv6 address (all 128 bits zero) diff --git a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac index d7e9ca9010..6b06e0383a 100644 --- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac +++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac @@ -6,7 +6,7 @@ %code{ IntrusivePtr BuildGTPv1Hdr(const GTPv1_Header* pdu) { - auto rv = make_intrusive(BifType::Record::gtpv1_hdr); + auto rv = make_intrusive(zeek::BifType::Record::gtpv1_hdr); rv->Assign(0, val_mgr->Count(pdu->version())); rv->Assign(1, val_mgr->Bool(pdu->pt_flag())); @@ -35,7 +35,7 @@ static IntrusivePtr BuildIMSI(const InformationElement* ie) static IntrusivePtr BuildRAI(const InformationElement* ie) { - auto ev = make_intrusive(BifType::Record::gtp_rai); + auto ev = make_intrusive(zeek::BifType::Record::gtp_rai); ev->Assign(0, val_mgr->Count(ie->rai()->mcc())); ev->Assign(1, val_mgr->Count(ie->rai()->mnc())); ev->Assign(2, val_mgr->Count(ie->rai()->lac())); @@ -85,7 +85,7 @@ static IntrusivePtr BuildTraceType(const InformationElement* ie) Val* BuildEndUserAddr(const InformationElement* ie) { - RecordVal* ev = new RecordVal(BifType::Record::gtp_end_user_addr); + RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_end_user_addr); ev->Assign(0, val_mgr->Count(ie->end_user_addr()->pdp_type_org())); ev->Assign(1, val_mgr->Count(ie->end_user_addr()->pdp_type_num())); @@ -130,7 +130,7 @@ Val* BuildProtoConfigOptions(const InformationElement* ie) Val* BuildGSN_Addr(const InformationElement* ie) { - RecordVal* ev = new RecordVal(BifType::Record::gtp_gsn_addr); + RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_gsn_addr); int len = ie->gsn_addr()->value().length(); const uint8* d = ie->gsn_addr()->value().data(); @@ -156,7 +156,7 @@ Val* BuildMSISDN(const InformationElement* ie) Val* BuildQoS_Profile(const InformationElement* ie) { - RecordVal* ev = new RecordVal(BifType::Record::gtp_qos_profile); + RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_qos_profile); const u_char* d = (const u_char*) ie->qos_profile()->data().data(); int len = ie->qos_profile()->data().length(); @@ -190,7 +190,7 @@ Val* BuildOMC_ID(const InformationElement* ie) Val* BuildPrivateExt(const InformationElement* ie) { - RecordVal* ev = new RecordVal(BifType::Record::gtp_private_extension); + RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_private_extension); const uint8* d = ie->private_ext()->value().data(); int len = ie->private_ext()->value().length(); @@ -238,7 +238,7 @@ void CreatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu) if ( ! ::gtpv1_create_pdp_ctx_request ) return; auto rv = make_intrusive( - BifType::Record::gtp_create_pdp_ctx_request_elements); + zeek::BifType::Record::gtp_create_pdp_ctx_request_elements); const vector * v = pdu->create_pdp_ctx_request(); @@ -338,7 +338,7 @@ void CreatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu) return; auto rv = make_intrusive( - BifType::Record::gtp_create_pdp_ctx_response_elements); + zeek::BifType::Record::gtp_create_pdp_ctx_response_elements); const vector * v = pdu->create_pdp_ctx_response(); @@ -407,7 +407,7 @@ void UpdatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu) return; auto rv = make_intrusive( - BifType::Record::gtp_update_pdp_ctx_request_elements); + zeek::BifType::Record::gtp_update_pdp_ctx_request_elements); const vector * v = pdu->update_pdp_ctx_request(); @@ -485,7 +485,7 @@ void UpdatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu) return; auto rv = make_intrusive( - BifType::Record::gtp_update_pdp_ctx_response_elements); + zeek::BifType::Record::gtp_update_pdp_ctx_response_elements); const vector * v = pdu->update_pdp_ctx_response(); @@ -545,7 +545,7 @@ void DeletePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu) return; auto rv = make_intrusive( - BifType::Record::gtp_delete_pdp_ctx_request_elements); + zeek::BifType::Record::gtp_delete_pdp_ctx_request_elements); const vector * v = pdu->delete_pdp_ctx_request(); @@ -579,7 +579,7 @@ void DeletePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu) return; auto rv = make_intrusive( - BifType::Record::gtp_delete_pdp_ctx_response_elements); + zeek::BifType::Record::gtp_delete_pdp_ctx_response_elements); const vector * v = pdu->delete_pdp_ctx_response(); diff --git a/src/analyzer/protocol/krb/krb-analyzer.pac b/src/analyzer/protocol/krb/krb-analyzer.pac index b45dea41b4..d36f721b44 100644 --- a/src/analyzer/protocol/krb/krb-analyzer.pac +++ b/src/analyzer/protocol/krb/krb-analyzer.pac @@ -8,7 +8,7 @@ bool proc_error_arguments(RecordVal* rv, const std::vector* args %code{ RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts) { - RecordVal* rv = new RecordVal(BifType::Record::KRB::KDC_Options); + RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::KDC_Options); rv->Assign(0, val_mgr->Bool(opts->forwardable())); rv->Assign(1, val_mgr->Bool(opts->forwarded())); @@ -29,7 +29,7 @@ RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts) RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer) { - RecordVal* rv = new RecordVal(BifType::Record::KRB::KDC_Request); + RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::KDC_Request); rv->Assign(0, asn1_integer_to_val(msg->pvno()->data(), TYPE_COUNT)); rv->Assign(1, asn1_integer_to_val(msg->msg_type()->data(), TYPE_COUNT)); @@ -203,7 +203,7 @@ refine connection KRB_Conn += { auto msg_type = binary_to_int64(${msg.msg_type.data.content}); auto make_arg = [this, msg]() -> IntrusivePtr { - auto rv = make_intrusive(BifType::Record::KRB::KDC_Response); + auto rv = make_intrusive(zeek::BifType::Record::KRB::KDC_Response); rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT)); rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT)); @@ -244,7 +244,7 @@ refine connection KRB_Conn += { bro_analyzer()->ProtocolConfirmation(); if ( krb_error ) { - auto rv = make_intrusive(BifType::Record::KRB::Error_Msg); + auto rv = make_intrusive(zeek::BifType::Record::KRB::Error_Msg); proc_error_arguments(rv.get(), ${msg.args1}, 0); rv->Assign(4, asn1_integer_to_val(${msg.error_code}, TYPE_COUNT)); proc_error_arguments(rv.get(), ${msg.args2}, binary_to_int64(${msg.error_code.encoding.content})); @@ -258,7 +258,7 @@ refine connection KRB_Conn += { bro_analyzer()->ProtocolConfirmation(); if ( krb_ap_request ) { - auto rv = make_intrusive(BifType::Record::KRB::AP_Options); + auto rv = make_intrusive(zeek::BifType::Record::KRB::AP_Options); rv->Assign(0, val_mgr->Bool(${msg.ap_options.use_session_key})); rv->Assign(1, val_mgr->Bool(${msg.ap_options.mutual_required})); @@ -289,7 +289,7 @@ refine connection KRB_Conn += { bro_analyzer()->ProtocolConfirmation(); if ( krb_safe ) { - auto rv = make_intrusive(BifType::Record::KRB::SAFE_Msg); + auto rv = make_intrusive(zeek::BifType::Record::KRB::SAFE_Msg); rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT)); rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT)); diff --git a/src/analyzer/protocol/krb/krb-padata.pac b/src/analyzer/protocol/krb/krb-padata.pac index c5bc3f1b8c..7f77d5db0d 100644 --- a/src/analyzer/protocol/krb/krb-padata.pac +++ b/src/analyzer/protocol/krb/krb-padata.pac @@ -36,7 +36,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a break; case PA_PW_SALT: { - RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); + RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value); type_val->Assign(0, val_mgr->Count(element->data_type())); type_val->Assign(1, to_stringval(element->pa_data_element()->pa_pw_salt()->encoding()->content())); vv->Assign(vv->Size(), type_val); @@ -44,7 +44,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a } case PA_ENCTYPE_INFO: { - RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); + RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value); type_val->Assign(0, val_mgr->Count(element->data_type())); type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info()->salt())); vv->Assign(vv->Size(), type_val); @@ -52,7 +52,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a } case PA_ENCTYPE_INFO2: { - RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); + RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value); type_val->Assign(0, val_mgr->Count(element->data_type())); type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info2()->salt())); vv->Assign(vv->Size(), type_val); @@ -110,7 +110,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a { if ( ! is_error && element->pa_data_element()->unknown()->meta()->length() > 0 ) { - RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); + RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value); type_val->Assign(0, val_mgr->Count(element->data_type())); type_val->Assign(1, to_stringval(element->pa_data_element()->unknown()->content())); vv->Assign(vv->Size(), type_val); diff --git a/src/analyzer/protocol/krb/krb-types.pac b/src/analyzer/protocol/krb/krb-types.pac index 0802b98f1e..e7163596b2 100644 --- a/src/analyzer/protocol/krb/krb-types.pac +++ b/src/analyzer/protocol/krb/krb-types.pac @@ -47,7 +47,7 @@ VectorVal* proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses* RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr) { - RecordVal* rv = new RecordVal(BifType::Record::KRB::Host_Address); + RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::Host_Address); const auto& addr_bytes = addr->address()->data()->content(); switch ( binary_to_int64(addr->addr_type()->encoding()->content()) ) @@ -85,7 +85,7 @@ RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr) break; } - RecordVal* unk = new RecordVal(BifType::Record::KRB::Type_Value); + RecordVal* unk = new RecordVal(zeek::BifType::Record::KRB::Type_Value); unk->Assign(0, asn1_integer_to_val(addr->addr_type(), TYPE_COUNT)); unk->Assign(1, to_stringval(addr_bytes)); rv->Assign(2, unk); @@ -107,7 +107,7 @@ IntrusivePtr proc_tickets(const KRB_Ticket_Sequence* list) IntrusivePtr proc_ticket(const KRB_Ticket* ticket) { - auto rv = make_intrusive(BifType::Record::KRB::Ticket); + auto rv = make_intrusive(zeek::BifType::Record::KRB::Ticket); rv->Assign(0, asn1_integer_to_val(ticket->tkt_vno()->data(), TYPE_COUNT)); rv->Assign(1, to_stringval(ticket->realm()->data()->content())); diff --git a/src/analyzer/protocol/modbus/modbus-analyzer.pac b/src/analyzer/protocol/modbus/modbus-analyzer.pac index ac0c027d8f..52e9d41838 100644 --- a/src/analyzer/protocol/modbus/modbus-analyzer.pac +++ b/src/analyzer/protocol/modbus/modbus-analyzer.pac @@ -16,7 +16,7 @@ %code{ IntrusivePtr bytestring_to_coils(const bytestring& coils, uint quantity) { - auto modbus_coils = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::ModbusCoils}); + auto modbus_coils = make_intrusive(zeek::BifType::Vector::ModbusCoils); for ( uint i = 0; i < quantity; i++ ) { @@ -29,7 +29,7 @@ IntrusivePtr HeaderToVal(ModbusTCP_TransportHeader* header) { - auto modbus_header = make_intrusive(BifType::Record::ModbusHeaders); + auto modbus_header = make_intrusive(zeek::BifType::Record::ModbusHeaders); modbus_header->Assign(0, val_mgr->Count(header->tid())); modbus_header->Assign(1, val_mgr->Count(header->pid())); modbus_header->Assign(2, val_mgr->Count(header->uid())); @@ -209,7 +209,7 @@ refine flow ModbusTCP_Flow += { if ( ::modbus_read_holding_registers_response ) { - auto t = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters}); + auto t = make_intrusive(zeek::BifType::Vector::ModbusRegisters); for ( unsigned int i=0; i < ${message.registers}->size(); ++i ) { @@ -253,7 +253,7 @@ refine flow ModbusTCP_Flow += { if ( ::modbus_read_input_registers_response ) { - auto t = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters}); + auto t = make_intrusive(zeek::BifType::Vector::ModbusRegisters); for ( unsigned int i=0; i < (${message.registers})->size(); ++i ) { @@ -397,7 +397,7 @@ refine flow ModbusTCP_Flow += { if ( ::modbus_write_multiple_registers_request ) { - auto t = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters}); + auto t = make_intrusive(zeek::BifType::Vector::ModbusRegisters); for ( unsigned int i = 0; i < (${message.registers}->size()); ++i ) { @@ -582,7 +582,7 @@ refine flow ModbusTCP_Flow += { if ( ::modbus_read_write_multiple_registers_request ) { - auto t = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters}); + auto t = make_intrusive(zeek::BifType::Vector::ModbusRegisters); for ( unsigned int i = 0; i < ${message.write_register_values}->size(); ++i ) { @@ -614,7 +614,7 @@ refine flow ModbusTCP_Flow += { if ( ::modbus_read_write_multiple_registers_response ) { - auto t = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters}); + auto t = make_intrusive(zeek::BifType::Vector::ModbusRegisters); for ( unsigned int i = 0; i < ${message.registers}->size(); ++i ) { diff --git a/src/analyzer/protocol/mqtt/commands/connack.pac b/src/analyzer/protocol/mqtt/commands/connack.pac index a1d139f93e..98ac7c4122 100644 --- a/src/analyzer/protocol/mqtt/commands/connack.pac +++ b/src/analyzer/protocol/mqtt/commands/connack.pac @@ -15,7 +15,7 @@ refine flow MQTT_Flow += { %{ if ( mqtt_connack ) { - auto m = make_intrusive(BifType::Record::MQTT::ConnectAckMsg); + auto m = make_intrusive(zeek::BifType::Record::MQTT::ConnectAckMsg); m->Assign(0, val_mgr->Count(${msg.return_code})); m->Assign(1, val_mgr->Bool(${msg.session_present})); BifEvent::enqueue_mqtt_connack(connection()->bro_analyzer(), diff --git a/src/analyzer/protocol/mqtt/commands/connect.pac b/src/analyzer/protocol/mqtt/commands/connect.pac index a355097a63..4c4f5374a3 100644 --- a/src/analyzer/protocol/mqtt/commands/connect.pac +++ b/src/analyzer/protocol/mqtt/commands/connect.pac @@ -44,7 +44,7 @@ refine flow MQTT_Flow += { %{ if ( mqtt_connect ) { - auto m = make_intrusive(BifType::Record::MQTT::ConnectMsg); + auto m = make_intrusive(zeek::BifType::Record::MQTT::ConnectMsg); m->Assign(0, make_intrusive(${msg.protocol_name.str}.length(), reinterpret_cast(${msg.protocol_name.str}.begin()))); m->Assign(1, val_mgr->Count(${msg.protocol_version})); diff --git a/src/analyzer/protocol/mqtt/commands/publish.pac b/src/analyzer/protocol/mqtt/commands/publish.pac index 72bce23c65..ecb1d3e380 100644 --- a/src/analyzer/protocol/mqtt/commands/publish.pac +++ b/src/analyzer/protocol/mqtt/commands/publish.pac @@ -23,7 +23,7 @@ refine flow MQTT_Flow += { %{ if ( mqtt_publish ) { - auto m = make_intrusive(BifType::Record::MQTT::PublishMsg); + auto m = make_intrusive(zeek::BifType::Record::MQTT::PublishMsg); m->Assign(0, val_mgr->Bool(${msg.dup})); m->Assign(1, val_mgr->Count(${msg.qos})); m->Assign(2, val_mgr->Bool(${msg.retain})); diff --git a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac index 97c012814c..50d52c5a7d 100644 --- a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac +++ b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac @@ -15,7 +15,7 @@ refine connection NTLM_Conn += { function build_version_record(val: NTLM_Version): BroVal %{ - RecordVal* result = new RecordVal(BifType::Record::NTLM::Version); + RecordVal* result = new RecordVal(zeek::BifType::Record::NTLM::Version); result->Assign(0, val_mgr->Count(${val.major_version})); result->Assign(1, val_mgr->Count(${val.minor_version})); result->Assign(2, val_mgr->Count(${val.build_number})); @@ -26,7 +26,7 @@ refine connection NTLM_Conn += { function build_av_record(val: NTLM_AV_Pair_Sequence, len: uint16): BroVal %{ - RecordVal* result = new RecordVal(BifType::Record::NTLM::AVs); + RecordVal* result = new RecordVal(zeek::BifType::Record::NTLM::AVs); for ( uint i = 0; ; i++ ) { if ( i >= ${val.pairs}->size() ) @@ -78,7 +78,7 @@ refine connection NTLM_Conn += { function build_negotiate_flag_record(val: NTLM_Negotiate_Flags): BroVal %{ - RecordVal* flags = new RecordVal(BifType::Record::NTLM::NegotiateFlags); + RecordVal* flags = new RecordVal(zeek::BifType::Record::NTLM::NegotiateFlags); flags->Assign(0, val_mgr->Bool(${val.negotiate_56})); flags->Assign(1, val_mgr->Bool(${val.negotiate_key_exch})); flags->Assign(2, val_mgr->Bool(${val.negotiate_128})); @@ -110,7 +110,7 @@ refine connection NTLM_Conn += { if ( ! ntlm_negotiate ) return true; - auto result = make_intrusive(BifType::Record::NTLM::Negotiate); + auto result = make_intrusive(zeek::BifType::Record::NTLM::Negotiate); result->Assign(0, build_negotiate_flag_record(${val.flags})); if ( ${val}->has_domain_name() ) @@ -134,7 +134,7 @@ refine connection NTLM_Conn += { if ( ! ntlm_challenge ) return true; - auto result = make_intrusive(BifType::Record::NTLM::Challenge); + auto result = make_intrusive(zeek::BifType::Record::NTLM::Challenge); result->Assign(0, build_negotiate_flag_record(${val.flags})); if ( ${val}->has_target_name() ) @@ -158,7 +158,7 @@ refine connection NTLM_Conn += { if ( ! ntlm_authenticate ) return true; - auto result = make_intrusive(BifType::Record::NTLM::Authenticate); + auto result = make_intrusive(zeek::BifType::Record::NTLM::Authenticate); result->Assign(0, build_negotiate_flag_record(${val.flags})); if ( ${val}->has_domain_name() > 0 ) diff --git a/src/analyzer/protocol/ntp/ntp-analyzer.pac b/src/analyzer/protocol/ntp/ntp-analyzer.pac index afac5ce304..10e92a33a1 100644 --- a/src/analyzer/protocol/ntp/ntp-analyzer.pac +++ b/src/analyzer/protocol/ntp/ntp-analyzer.pac @@ -35,7 +35,7 @@ refine flow NTP_Flow += { # This builds the standard msg record function BuildNTPStdMsg(nsm: NTP_std_msg): BroVal %{ - RecordVal* rv = new RecordVal(BifType::Record::NTP::StandardMessage); + RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::StandardMessage); rv->Assign(0, val_mgr->Count(${nsm.stratum})); rv->Assign(1, make_intrusive(pow(2, ${nsm.poll}), TYPE_INTERVAL)); @@ -88,7 +88,7 @@ refine flow NTP_Flow += { # This builds the control msg record function BuildNTPControlMsg(ncm: NTP_control_msg): BroVal %{ - RecordVal* rv = new RecordVal(BifType::Record::NTP::ControlMessage); + RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::ControlMessage); rv->Assign(0, val_mgr->Count(${ncm.OpCode})); rv->Assign(1, val_mgr->Bool(${ncm.R})); @@ -113,7 +113,7 @@ refine flow NTP_Flow += { # This builds the mode7 msg record function BuildNTPMode7Msg(m7: NTP_mode7_msg): BroVal %{ - RecordVal* rv = new RecordVal(BifType::Record::NTP::Mode7Message); + RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::Mode7Message); rv->Assign(0, val_mgr->Count(${m7.request_code})); rv->Assign(1, val_mgr->Bool(${m7.auth_bit})); @@ -135,7 +135,7 @@ refine flow NTP_Flow += { if ( ! ntp_message ) return false; - auto rv = make_intrusive(BifType::Record::NTP::Message); + auto rv = make_intrusive(zeek::BifType::Record::NTP::Message); rv->Assign(0, val_mgr->Count(${msg.version})); rv->Assign(1, val_mgr->Count(${msg.mode})); diff --git a/src/analyzer/protocol/radius/radius-analyzer.pac b/src/analyzer/protocol/radius/radius-analyzer.pac index 059a61f58a..337b7a6364 100644 --- a/src/analyzer/protocol/radius/radius-analyzer.pac +++ b/src/analyzer/protocol/radius/radius-analyzer.pac @@ -7,14 +7,14 @@ refine flow RADIUS_Flow += { if ( ! radius_message ) return false; - auto result = make_intrusive(BifType::Record::RADIUS::Message); + auto result = make_intrusive(zeek::BifType::Record::RADIUS::Message); result->Assign(0, val_mgr->Count(${msg.code})); result->Assign(1, val_mgr->Count(${msg.trans_id})); result->Assign(2, to_stringval(${msg.authenticator})); if ( ${msg.attributes}->size() ) { - TableVal* attributes = new TableVal({NewRef{}, BifType::Table::RADIUS::Attributes}); + TableVal* attributes = new TableVal(zeek::BifType::Table::RADIUS::Attributes); for ( uint i = 0; i < ${msg.attributes}->size(); ++i ) { @@ -32,7 +32,7 @@ refine flow RADIUS_Flow += { else { - auto attribute_list = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::RADIUS::AttributeList}); + auto attribute_list = make_intrusive(zeek::BifType::Vector::RADIUS::AttributeList); attribute_list->Assign((unsigned int)0, std::move(val)); attributes->Assign(index.get(), std::move(attribute_list)); } diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac index 4caa48393e..2e2de63afc 100644 --- a/src/analyzer/protocol/rdp/rdp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -61,7 +61,7 @@ refine flow RDP_Flow += { if ( rdp_client_core_data ) { - auto ec_flags = make_intrusive(BifType::Record::RDP::EarlyCapabilityFlags); + auto ec_flags = make_intrusive(zeek::BifType::Record::RDP::EarlyCapabilityFlags); ec_flags->Assign(0, val_mgr->Bool(${ccore.SUPPORT_ERRINFO_PDU})); ec_flags->Assign(1, val_mgr->Bool(${ccore.WANT_32BPP_SESSION})); ec_flags->Assign(2, val_mgr->Bool(${ccore.SUPPORT_STATUSINFO_PDU})); @@ -72,7 +72,7 @@ refine flow RDP_Flow += { ec_flags->Assign(7, val_mgr->Bool(${ccore.SUPPORT_DYNAMIC_TIME_ZONE})); ec_flags->Assign(8, val_mgr->Bool(${ccore.SUPPORT_HEARTBEAT_PDU})); - auto ccd = make_intrusive(BifType::Record::RDP::ClientCoreData); + auto ccd = make_intrusive(zeek::BifType::Record::RDP::ClientCoreData); ccd->Assign(0, val_mgr->Count(${ccore.version_major})); ccd->Assign(1, val_mgr->Count(${ccore.version_minor})); ccd->Assign(2, val_mgr->Count(${ccore.desktop_width})); @@ -107,7 +107,7 @@ refine flow RDP_Flow += { if ( ! rdp_client_security_data ) return false; - auto csd = make_intrusive(BifType::Record::RDP::ClientSecurityData); + auto csd = make_intrusive(zeek::BifType::Record::RDP::ClientSecurityData); csd->Assign(0, val_mgr->Count(${csec.encryption_methods})); csd->Assign(1, val_mgr->Count(${csec.ext_encryption_methods})); @@ -124,11 +124,11 @@ refine flow RDP_Flow += { if ( ${cnetwork.channel_def_array}->size() ) { - auto channels = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::RDP::ClientChannelList}); + auto channels = make_intrusive(zeek::BifType::Vector::RDP::ClientChannelList); for ( uint i = 0; i < ${cnetwork.channel_def_array}->size(); ++i ) { - auto channel_def = make_intrusive(BifType::Record::RDP::ClientChannelDef); + auto channel_def = make_intrusive(zeek::BifType::Record::RDP::ClientChannelDef); channel_def->Assign(0, to_stringval(${cnetwork.channel_def_array[i].name})); channel_def->Assign(1, val_mgr->Count(${cnetwork.channel_def_array[i].options})); @@ -161,7 +161,7 @@ refine flow RDP_Flow += { if ( ! rdp_client_cluster_data ) return false; - auto ccld = make_intrusive(BifType::Record::RDP::ClientClusterData); + auto ccld = make_intrusive(zeek::BifType::Record::RDP::ClientClusterData); ccld->Assign(0, val_mgr->Count(${ccluster.flags})); ccld->Assign(1, val_mgr->Count(${ccluster.redir_session_id})); ccld->Assign(2, val_mgr->Bool(${ccluster.REDIRECTION_SUPPORTED})); diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index b8060730d4..501f5a8563 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -139,7 +139,7 @@ bool MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_statu // Otherwise DeliverRPC would complain about // excess_RPC. n = 0; - reply = BifType::Enum::MOUNT3::proc_t->GetVal(c->Proc()).release(); + reply = zeek::BifType::Enum::MOUNT3::proc_t->GetVal(c->Proc()).release(); event = mount_proc_not_implemented; } else @@ -199,9 +199,9 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c, auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i])); } - auto info = make_intrusive(BifType::Record::MOUNT3::info_t); - info->Assign(0, BifType::Enum::rpc_status->GetVal(rpc_status)); - info->Assign(1, BifType::Enum::MOUNT3::status_t->GetVal(mount_status)); + auto info = make_intrusive(zeek::BifType::Record::MOUNT3::info_t); + info->Assign(0, zeek::BifType::Enum::rpc_status->GetVal(rpc_status)); + info->Assign(1, zeek::BifType::Enum::MOUNT3::status_t->GetVal(mount_status)); info->Assign(2, make_intrusive(c->StartTime(), TYPE_TIME)); info->Assign(3, make_intrusive(c->LastTime() - c->StartTime(), TYPE_INTERVAL)); info->Assign(4, val_mgr->Count(c->RPCLen())); @@ -221,7 +221,7 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c, EnumVal* MOUNT_Interp::mount3_auth_flavor(const u_char*& buf, int& n) { BifEnum::MOUNT3::auth_flavor_t t = (BifEnum::MOUNT3::auth_flavor_t)extract_XDR_uint32(buf, n); - return BifType::Enum::MOUNT3::auth_flavor_t->GetVal(t).release(); + return zeek::BifType::Enum::MOUNT3::auth_flavor_t->GetVal(t).release(); } StringVal* MOUNT_Interp::mount3_fh(const u_char*& buf, int& n) @@ -248,7 +248,7 @@ StringVal* MOUNT_Interp::mount3_filename(const u_char*& buf, int& n) RecordVal* MOUNT_Interp::mount3_dirmntargs(const u_char*& buf, int& n) { - RecordVal* dirmntargs = new RecordVal(BifType::Record::MOUNT3::dirmntargs_t); + RecordVal* dirmntargs = new RecordVal(zeek::BifType::Record::MOUNT3::dirmntargs_t); dirmntargs->Assign(0, mount3_filename(buf, n)); return dirmntargs; } @@ -256,7 +256,7 @@ RecordVal* MOUNT_Interp::mount3_dirmntargs(const u_char*& buf, int& n) RecordVal* MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n, BifEnum::MOUNT3::status_t status) { - RecordVal* rep = new RecordVal(BifType::Record::MOUNT3::mnt_reply_t); + RecordVal* rep = new RecordVal(zeek::BifType::Record::MOUNT3::mnt_reply_t); if ( status == BifEnum::MOUNT3::MNT3_OK ) { diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index 2a60851e56..c57e1eba38 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -251,7 +251,7 @@ bool NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, // Otherwise DeliverRPC would complain about // excess_RPC. n = 0; - reply = BifType::Enum::NFS3::proc_t->GetVal(c->Proc()).release(); + reply = zeek::BifType::Enum::NFS3::proc_t->GetVal(c->Proc()).release(); event = nfs_proc_not_implemented; } else @@ -333,9 +333,9 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_ for ( size_t i = 0; i < c->AuxGIDs().size(); ++i ) auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i])); - auto info = make_intrusive(BifType::Record::NFS3::info_t); - info->Assign(0, BifType::Enum::rpc_status->GetVal(rpc_status)); - info->Assign(1, BifType::Enum::NFS3::status_t->GetVal(nfs_status)); + auto info = make_intrusive(zeek::BifType::Record::NFS3::info_t); + info->Assign(0, zeek::BifType::Enum::rpc_status->GetVal(rpc_status)); + info->Assign(1, zeek::BifType::Enum::NFS3::status_t->GetVal(nfs_status)); info->Assign(2, make_intrusive(c->StartTime(), TYPE_TIME)); info->Assign(3, make_intrusive(c->LastTime()-c->StartTime(), TYPE_INTERVAL)); info->Assign(4, val_mgr->Count(c->RPCLen())); @@ -366,7 +366,7 @@ StringVal* NFS_Interp::nfs3_fh(const u_char*& buf, int& n) RecordVal* NFS_Interp::nfs3_sattr(const u_char*& buf, int& n) { - RecordVal* attrs = new RecordVal(BifType::Record::NFS3::sattr_t); + RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::sattr_t); attrs->Assign(0, nullptr); // mode int mode_set_it = extract_XDR_uint32(buf, n); @@ -397,7 +397,7 @@ RecordVal* NFS_Interp::nfs3_sattr(const u_char*& buf, int& n) RecordVal* NFS_Interp::nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status) { - RecordVal* rep = new RecordVal(BifType::Record::NFS3::sattr_reply_t); + RecordVal* rep = new RecordVal(zeek::BifType::Record::NFS3::sattr_reply_t); if ( status == BifEnum::NFS3::NFS3ERR_OK ) { @@ -415,7 +415,7 @@ RecordVal* NFS_Interp::nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::NFS RecordVal* NFS_Interp::nfs3_fattr(const u_char*& buf, int& n) { - RecordVal* attrs = new RecordVal(BifType::Record::NFS3::fattr_t); + RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::fattr_t); attrs->Assign(0, nfs3_ftype(buf, n)); // file type attrs->Assign(1, ExtractUint32(buf, n)); // mode @@ -438,18 +438,18 @@ RecordVal* NFS_Interp::nfs3_fattr(const u_char*& buf, int& n) EnumVal* NFS_Interp::nfs3_time_how(const u_char*& buf, int& n) { BifEnum::NFS3::time_how_t t = (BifEnum::NFS3::time_how_t)extract_XDR_uint32(buf, n); - return BifType::Enum::NFS3::time_how_t->GetVal(t).release(); + return zeek::BifType::Enum::NFS3::time_how_t->GetVal(t).release(); } EnumVal* NFS_Interp::nfs3_ftype(const u_char*& buf, int& n) { BifEnum::NFS3::file_type_t t = (BifEnum::NFS3::file_type_t)extract_XDR_uint32(buf, n); - return BifType::Enum::NFS3::file_type_t->GetVal(t).release(); + return zeek::BifType::Enum::NFS3::file_type_t->GetVal(t).release(); } RecordVal* NFS_Interp::nfs3_wcc_attr(const u_char*& buf, int& n) { - RecordVal* attrs = new RecordVal(BifType::Record::NFS3::wcc_attr_t); + RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::wcc_attr_t); attrs->Assign(0, ExtractUint64(buf, n)); // size attrs->Assign(1, ExtractTime(buf, n)); // mtime @@ -471,7 +471,7 @@ StringVal *NFS_Interp::nfs3_filename(const u_char*& buf, int& n) RecordVal *NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n) { - RecordVal *diropargs = new RecordVal(BifType::Record::NFS3::diropargs_t); + RecordVal *diropargs = new RecordVal(zeek::BifType::Record::NFS3::diropargs_t); diropargs->Assign(0, nfs3_fh(buf, n)); diropargs->Assign(1, nfs3_filename(buf, n)); @@ -481,7 +481,7 @@ RecordVal *NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n) RecordVal* NFS_Interp::nfs3_symlinkdata(const u_char*& buf, int& n) { - RecordVal* symlinkdata = new RecordVal(BifType::Record::NFS3::symlinkdata_t); + RecordVal* symlinkdata = new RecordVal(zeek::BifType::Record::NFS3::symlinkdata_t); symlinkdata->Assign(0, nfs3_sattr(buf, n)); symlinkdata->Assign(1, nfs3_nfspath(buf, n)); @@ -491,7 +491,7 @@ RecordVal* NFS_Interp::nfs3_symlinkdata(const u_char*& buf, int& n) RecordVal *NFS_Interp::nfs3_renameopargs(const u_char*& buf, int& n) { - RecordVal *renameopargs = new RecordVal(BifType::Record::NFS3::renameopargs_t); + RecordVal *renameopargs = new RecordVal(zeek::BifType::Record::NFS3::renameopargs_t); renameopargs->Assign(0, nfs3_fh(buf, n)); renameopargs->Assign(1, nfs3_filename(buf, n)); @@ -533,12 +533,12 @@ RecordVal* NFS_Interp::nfs3_pre_op_attr(const u_char*& buf, int& n) EnumVal *NFS_Interp::nfs3_stable_how(const u_char*& buf, int& n) { BifEnum::NFS3::stable_how_t stable = (BifEnum::NFS3::stable_how_t)extract_XDR_uint32(buf, n); - return BifType::Enum::NFS3::stable_how_t->GetVal(stable).release(); + return zeek::BifType::Enum::NFS3::stable_how_t->GetVal(stable).release(); } RecordVal* NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status) { - RecordVal *rep = new RecordVal(BifType::Record::NFS3::lookup_reply_t); + RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::lookup_reply_t); if ( status == BifEnum::NFS3::NFS3ERR_OK ) { @@ -557,7 +557,7 @@ RecordVal* NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NF RecordVal *NFS_Interp::nfs3_readargs(const u_char*& buf, int& n) { - RecordVal *readargs = new RecordVal(BifType::Record::NFS3::readargs_t); + RecordVal *readargs = new RecordVal(zeek::BifType::Record::NFS3::readargs_t); readargs->Assign(0, nfs3_fh(buf, n)); readargs->Assign(1, ExtractUint64(buf, n)); // offset @@ -569,7 +569,7 @@ RecordVal *NFS_Interp::nfs3_readargs(const u_char*& buf, int& n) RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status, bro_uint_t offset) { - RecordVal *rep = new RecordVal(BifType::Record::NFS3::read_reply_t); + RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::read_reply_t); if (status == BifEnum::NFS3::NFS3ERR_OK) { @@ -591,7 +591,7 @@ RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3 RecordVal* NFS_Interp::nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status) { - RecordVal *rep = new RecordVal(BifType::Record::NFS3::readlink_reply_t); + RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::readlink_reply_t); if (status == BifEnum::NFS3::NFS3ERR_OK) { @@ -608,7 +608,7 @@ RecordVal* NFS_Interp::nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum:: RecordVal* NFS_Interp::nfs3_link_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status) { - RecordVal* rep = new RecordVal(BifType::Record::NFS3::link_reply_t); + RecordVal* rep = new RecordVal(zeek::BifType::Record::NFS3::link_reply_t); if ( status == BifEnum::NFS3::NFS3ERR_OK ) { @@ -624,7 +624,7 @@ RecordVal* NFS_Interp::nfs3_link_reply(const u_char*& buf, int& n, BifEnum::NFS3 RecordVal* NFS_Interp::nfs3_symlinkargs(const u_char*& buf, int& n) { - RecordVal* symlinkargs = new RecordVal(BifType::Record::NFS3::symlinkargs_t); + RecordVal* symlinkargs = new RecordVal(zeek::BifType::Record::NFS3::symlinkargs_t); symlinkargs->Assign(0, nfs3_diropargs(buf, n)); symlinkargs->Assign(1, nfs3_symlinkdata(buf, n)); @@ -634,7 +634,7 @@ RecordVal* NFS_Interp::nfs3_symlinkargs(const u_char*& buf, int& n) RecordVal* NFS_Interp::nfs3_sattrargs(const u_char*& buf, int& n) { - RecordVal* sattrargs = new RecordVal(BifType::Record::NFS3::sattrargs_t); + RecordVal* sattrargs = new RecordVal(zeek::BifType::Record::NFS3::sattrargs_t); sattrargs->Assign(0, nfs3_fh(buf, n)); sattrargs->Assign(1, nfs3_sattr(buf, n)); @@ -644,7 +644,7 @@ RecordVal* NFS_Interp::nfs3_sattrargs(const u_char*& buf, int& n) RecordVal* NFS_Interp::nfs3_linkargs(const u_char*& buf, int& n) { - RecordVal* linkargs = new RecordVal(BifType::Record::NFS3::linkargs_t); + RecordVal* linkargs = new RecordVal(zeek::BifType::Record::NFS3::linkargs_t); linkargs->Assign(0, nfs3_fh(buf, n)); linkargs->Assign(1, nfs3_diropargs(buf, n)); @@ -656,7 +656,7 @@ RecordVal *NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n) { uint32_t bytes; uint64_t offset; - RecordVal *writeargs = new RecordVal(BifType::Record::NFS3::writeargs_t); + RecordVal *writeargs = new RecordVal(zeek::BifType::Record::NFS3::writeargs_t); writeargs->Assign(0, nfs3_fh(buf, n)); offset = extract_XDR_uint64(buf, n); @@ -672,7 +672,7 @@ RecordVal *NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n) RecordVal *NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status) { - RecordVal *rep = new RecordVal(BifType::Record::NFS3::write_reply_t); + RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::write_reply_t); if ( status == BifEnum::NFS3::NFS3ERR_OK ) { @@ -697,7 +697,7 @@ RecordVal *NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS RecordVal* NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status) { - RecordVal *rep = new RecordVal(BifType::Record::NFS3::newobj_reply_t); + RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::newobj_reply_t); if (status == BifEnum::NFS3::NFS3ERR_OK) { @@ -721,7 +721,7 @@ RecordVal* NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::NF RecordVal* NFS_Interp::nfs3_delobj_reply(const u_char*& buf, int& n) { - RecordVal *rep = new RecordVal(BifType::Record::NFS3::delobj_reply_t); + RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::delobj_reply_t); // wcc_data rep->Assign(0, nfs3_pre_op_attr(buf, n)); @@ -732,7 +732,7 @@ RecordVal* NFS_Interp::nfs3_delobj_reply(const u_char*& buf, int& n) RecordVal* NFS_Interp::nfs3_renameobj_reply(const u_char*& buf, int& n) { - RecordVal *rep = new RecordVal(BifType::Record::NFS3::renameobj_reply_t); + RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::renameobj_reply_t); // wcc_data rep->Assign(0, nfs3_pre_op_attr(buf, n)); @@ -745,7 +745,7 @@ RecordVal* NFS_Interp::nfs3_renameobj_reply(const u_char*& buf, int& n) RecordVal* NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n) { - RecordVal *args = new RecordVal(BifType::Record::NFS3::readdirargs_t); + RecordVal *args = new RecordVal(zeek::BifType::Record::NFS3::readdirargs_t); args->Assign(0, val_mgr->Bool(isplus)); args->Assign(1, nfs3_fh(buf, n)); @@ -762,14 +762,14 @@ RecordVal* NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n) RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf, int&n, BifEnum::NFS3::status_t status) { - RecordVal *rep = new RecordVal(BifType::Record::NFS3::readdir_reply_t); + RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::readdir_reply_t); rep->Assign(0, val_mgr->Bool(isplus)); if ( status == BifEnum::NFS3::NFS3ERR_OK ) { unsigned pos; - auto entries = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::NFS3::direntry_vec_t}); + auto entries = make_intrusive(zeek::BifType::Vector::NFS3::direntry_vec_t); rep->Assign(1, nfs3_post_op_attr(buf,n)); // dir_attr rep->Assign(2, ExtractUint64(buf,n)); // cookieverf @@ -778,7 +778,7 @@ RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf, while ( extract_XDR_uint32(buf,n) ) { - RecordVal *entry = new RecordVal(BifType::Record::NFS3::direntry_t); + RecordVal *entry = new RecordVal(zeek::BifType::Record::NFS3::direntry_t); entry->Assign(0, ExtractUint64(buf,n)); // fileid entry->Assign(1, nfs3_filename(buf,n)); // fname entry->Assign(2, ExtractUint64(buf,n)); // cookie diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 9d6a938587..f185e4f67e 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -296,7 +296,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu } else { - vl.emplace_back(BifType::Enum::rpc_status->GetVal(status)); + vl.emplace_back(zeek::BifType::Enum::rpc_status->GetVal(status)); if ( request ) vl.emplace_back(AdoptRef{}, request); diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 46240f8773..176bc33d5a 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -343,7 +343,7 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st val_mgr->Count(c->Program()), val_mgr->Count(c->Version()), val_mgr->Count(c->Proc()), - BifType::Enum::rpc_status->GetVal(status), + zeek::BifType::Enum::rpc_status->GetVal(status), make_intrusive(c->StartTime(), TYPE_TIME), val_mgr->Count(c->CallLen()), val_mgr->Count(reply_len) @@ -369,7 +369,7 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status, analyzer->EnqueueConnEvent(rpc_reply, analyzer->ConnVal(), val_mgr->Count(xid), - BifType::Enum::rpc_status->GetVal(status), + zeek::BifType::Enum::rpc_status->GetVal(status), val_mgr->Count(reply_len) ); } diff --git a/src/analyzer/protocol/smb/smb-time.pac b/src/analyzer/protocol/smb/smb-time.pac index a7ec9508eb..2fcc58f32e 100644 --- a/src/analyzer/protocol/smb/smb-time.pac +++ b/src/analyzer/protocol/smb/smb-time.pac @@ -32,7 +32,7 @@ IntrusivePtr time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz) IntrusivePtr SMB_BuildMACTimes(uint64_t modify, uint64_t access, uint64_t create, uint64_t change) { - auto r = make_intrusive(BifType::Record::SMB::MACTimes); + auto r = make_intrusive(zeek::BifType::Record::SMB::MACTimes); r->Assign(0, filetime2brotime(modify)); r->Assign(1, filetime2brotime(access)); r->Assign(2, filetime2brotime(create)); diff --git a/src/analyzer/protocol/smb/smb1-com-negotiate.pac b/src/analyzer/protocol/smb/smb1-com-negotiate.pac index 837dcf4ef7..8240848111 100644 --- a/src/analyzer/protocol/smb/smb1-com-negotiate.pac +++ b/src/analyzer/protocol/smb/smb1-com-negotiate.pac @@ -35,13 +35,13 @@ refine connection SMB_Conn += { %{ if ( smb1_negotiate_response ) { - auto response = make_intrusive(BifType::Record::SMB1::NegotiateResponse); + auto response = make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponse); switch ( ${val.word_count} ) { case 0x01: { - auto core = make_intrusive(BifType::Record::SMB1::NegotiateResponseCore); + auto core = make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseCore); core->Assign(0, val_mgr->Count(${val.dialect_index})); response->Assign(0, std::move(core)); @@ -50,15 +50,15 @@ refine connection SMB_Conn += { case 0x0d: { - auto security = make_intrusive(BifType::Record::SMB1::NegotiateResponseSecurity); + auto security = make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseSecurity); security->Assign(0, val_mgr->Bool(${val.lanman.security_user_level})); security->Assign(1, val_mgr->Bool(${val.lanman.security_challenge_response})); - auto raw = make_intrusive(BifType::Record::SMB1::NegotiateRawMode); + auto raw = make_intrusive(zeek::BifType::Record::SMB1::NegotiateRawMode); raw->Assign(0, val_mgr->Bool(${val.lanman.raw_read_supported})); raw->Assign(1, val_mgr->Bool(${val.lanman.raw_write_supported})); - auto lanman = make_intrusive(BifType::Record::SMB1::NegotiateResponseLANMAN); + auto lanman = make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseLANMAN); lanman->Assign(0, val_mgr->Count(${val.word_count})); lanman->Assign(1, val_mgr->Count(${val.dialect_index})); lanman->Assign(2, std::move(security)); @@ -79,13 +79,13 @@ refine connection SMB_Conn += { case 0x11: { - auto security = make_intrusive(BifType::Record::SMB1::NegotiateResponseSecurity); + auto security = make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseSecurity); security->Assign(0, val_mgr->Bool(${val.ntlm.security_user_level})); security->Assign(1, val_mgr->Bool(${val.ntlm.security_challenge_response})); security->Assign(2, val_mgr->Bool(${val.ntlm.security_signatures_enabled})); security->Assign(3, val_mgr->Bool(${val.ntlm.security_signatures_required})); - auto capabilities = make_intrusive(BifType::Record::SMB1::NegotiateCapabilities); + auto capabilities = make_intrusive(zeek::BifType::Record::SMB1::NegotiateCapabilities); capabilities->Assign(0, val_mgr->Bool(${val.ntlm.capabilities_raw_mode})); capabilities->Assign(1, val_mgr->Bool(${val.ntlm.capabilities_mpx_mode})); capabilities->Assign(2, val_mgr->Bool(${val.ntlm.capabilities_unicode})); @@ -108,7 +108,7 @@ refine connection SMB_Conn += { capabilities->Assign(16, val_mgr->Bool(${val.ntlm.capabilities_compressed_data})); capabilities->Assign(17, val_mgr->Bool(${val.ntlm.capabilities_extended_security})); - auto ntlm = make_intrusive(BifType::Record::SMB1::NegotiateResponseNTLM); + auto ntlm = make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseNTLM); ntlm->Assign(0, val_mgr->Count(${val.word_count})); ntlm->Assign(1, val_mgr->Count(${val.dialect_index})); ntlm->Assign(2, std::move(security)); diff --git a/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac b/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac index f6dddc345e..f5d2628e26 100644 --- a/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac +++ b/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac @@ -12,7 +12,7 @@ refine connection SMB_Conn += { %{ if ( smb1_session_setup_andx_request ) { - auto request = make_intrusive(BifType::Record::SMB1::SessionSetupAndXRequest); + auto request = make_intrusive(zeek::BifType::Record::SMB1::SessionSetupAndXRequest); request->Assign(0, val_mgr->Count(${val.word_count})); switch ( ${val.word_count} ) { @@ -31,7 +31,7 @@ refine connection SMB_Conn += { break; case 12: // NT LM 0.12 with extended security { - auto capabilities = make_intrusive(BifType::Record::SMB1::SessionSetupAndXCapabilities); + auto capabilities = make_intrusive(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities); capabilities->Assign(0, val_mgr->Bool(${val.ntlm_extended_security.capabilities.unicode})); capabilities->Assign(1, val_mgr->Bool(${val.ntlm_extended_security.capabilities.large_files})); capabilities->Assign(2, val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_smbs})); @@ -53,7 +53,7 @@ refine connection SMB_Conn += { case 13: // NT LM 0.12 without extended security { - auto capabilities = make_intrusive(BifType::Record::SMB1::SessionSetupAndXCapabilities); + auto capabilities = make_intrusive(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities); capabilities->Assign(0, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.unicode})); capabilities->Assign(1, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.large_files})); capabilities->Assign(2, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_smbs})); @@ -90,7 +90,7 @@ refine connection SMB_Conn += { %{ if ( smb1_session_setup_andx_response ) { - auto response = make_intrusive(BifType::Record::SMB1::SessionSetupAndXResponse); + auto response = make_intrusive(zeek::BifType::Record::SMB1::SessionSetupAndXResponse); response->Assign(0, val_mgr->Count(${val.word_count})); switch ( ${val.word_count} ) diff --git a/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac b/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac index 80af3dfe6b..a065d6ac9d 100644 --- a/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac +++ b/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac @@ -5,7 +5,7 @@ refine connection SMB_Conn += { if ( ! smb1_transaction_secondary_request ) return false; - auto args = make_intrusive(BifType::Record::SMB1::Trans_Sec_Args); + auto args = make_intrusive(zeek::BifType::Record::SMB1::Trans_Sec_Args); args->Assign(0, val_mgr->Count(${val.total_param_count})); args->Assign(1, val_mgr->Count(${val.total_data_count})); args->Assign(2, val_mgr->Count(${val.param_count})); diff --git a/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac b/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac index 3c41139935..3ecd1f65c8 100644 --- a/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac +++ b/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac @@ -5,7 +5,7 @@ refine connection SMB_Conn += { if ( ! smb1_transaction2_secondary_request ) return false; - auto args = make_intrusive(BifType::Record::SMB1::Trans2_Sec_Args); + auto args = make_intrusive(zeek::BifType::Record::SMB1::Trans2_Sec_Args); args->Assign(0, val_mgr->Count(${val.total_param_count})); args->Assign(1, val_mgr->Count(${val.total_data_count})); args->Assign(2, val_mgr->Count(${val.param_count})); diff --git a/src/analyzer/protocol/smb/smb1-com-transaction2.pac b/src/analyzer/protocol/smb/smb1-com-transaction2.pac index b360c25798..491d06d06c 100644 --- a/src/analyzer/protocol/smb/smb1-com-transaction2.pac +++ b/src/analyzer/protocol/smb/smb1-com-transaction2.pac @@ -24,7 +24,7 @@ refine connection SMB_Conn += { %{ if ( smb1_transaction2_request ) { - auto args = make_intrusive(BifType::Record::SMB1::Trans2_Args); + auto args = make_intrusive(zeek::BifType::Record::SMB1::Trans2_Args); args->Assign(0, val_mgr->Count(${val.total_param_count})); args->Assign(1, val_mgr->Count(${val.total_data_count})); args->Assign(2, val_mgr->Count(${val.max_param_count})); @@ -131,7 +131,7 @@ refine connection SMB_Conn += { %{ if ( smb1_trans2_find_first2_request ) { - auto result = make_intrusive(BifType::Record::SMB1::Find_First2_Request_Args); + auto result = make_intrusive(zeek::BifType::Record::SMB1::Find_First2_Request_Args); result->Assign(0, val_mgr->Count(${val.search_attrs})); result->Assign(1, val_mgr->Count(${val.search_count})); result->Assign(2, val_mgr->Count(${val.flags})); diff --git a/src/analyzer/protocol/smb/smb1-protocol.pac b/src/analyzer/protocol/smb/smb1-protocol.pac index 8e19fcbe57..bafb427f5f 100644 --- a/src/analyzer/protocol/smb/smb1-protocol.pac +++ b/src/analyzer/protocol/smb/smb1-protocol.pac @@ -9,7 +9,7 @@ %code{ IntrusivePtr SMBHeaderVal(SMB_Header* hdr) { - auto r = make_intrusive(BifType::Record::SMB1::Header); + auto r = make_intrusive(zeek::BifType::Record::SMB1::Header); //unsigned int status = 0; // diff --git a/src/analyzer/protocol/smb/smb2-com-close.pac b/src/analyzer/protocol/smb/smb2-com-close.pac index 2a4c7baa41..be049dd5d2 100644 --- a/src/analyzer/protocol/smb/smb2-com-close.pac +++ b/src/analyzer/protocol/smb/smb2-com-close.pac @@ -20,7 +20,7 @@ refine connection SMB_Conn += { %{ if ( smb2_close_response ) { - auto resp = make_intrusive(BifType::Record::SMB2::CloseResponse); + auto resp = make_intrusive(zeek::BifType::Record::SMB2::CloseResponse); resp->Assign(0, val_mgr->Count(${val.alloc_size})); resp->Assign(1, val_mgr->Count(${val.eof})); diff --git a/src/analyzer/protocol/smb/smb2-com-create.pac b/src/analyzer/protocol/smb/smb2-com-create.pac index ce4178ad95..c8f8682b33 100644 --- a/src/analyzer/protocol/smb/smb2-com-create.pac +++ b/src/analyzer/protocol/smb/smb2-com-create.pac @@ -16,7 +16,7 @@ refine connection SMB_Conn += { if ( smb2_create_request ) { - auto requestinfo = make_intrusive(BifType::Record::SMB2::CreateRequest); + auto requestinfo = make_intrusive(zeek::BifType::Record::SMB2::CreateRequest); requestinfo->Assign(0, std::move(filename)); requestinfo->Assign(1, val_mgr->Count(${val.disposition})); requestinfo->Assign(2, val_mgr->Count(${val.create_options})); @@ -33,7 +33,7 @@ refine connection SMB_Conn += { %{ if ( smb2_create_response ) { - auto responseinfo = make_intrusive(BifType::Record::SMB2::CreateResponse); + auto responseinfo = make_intrusive(zeek::BifType::Record::SMB2::CreateResponse); responseinfo->Assign(0, BuildSMB2GUID(${val.file_id})); responseinfo->Assign(1, val_mgr->Count(${val.eof})); responseinfo->Assign(2, SMB_BuildMACTimes(${val.last_write_time}, diff --git a/src/analyzer/protocol/smb/smb2-com-negotiate.pac b/src/analyzer/protocol/smb/smb2-com-negotiate.pac index 7f6e42c60f..024f25b76f 100644 --- a/src/analyzer/protocol/smb/smb2-com-negotiate.pac +++ b/src/analyzer/protocol/smb/smb2-com-negotiate.pac @@ -39,7 +39,7 @@ refine connection SMB_Conn += { %{ if ( smb2_negotiate_response ) { - auto nr = make_intrusive(BifType::Record::SMB2::NegotiateResponse); + auto nr = make_intrusive(zeek::BifType::Record::SMB2::NegotiateResponse); nr->Assign(0, val_mgr->Count(${val.dialect_revision})); nr->Assign(1, val_mgr->Count(${val.security_mode})); @@ -48,7 +48,7 @@ refine connection SMB_Conn += { nr->Assign(4, filetime2brotime(${val.server_start_time})); nr->Assign(5, val_mgr->Count(${val.negotiate_context_count})); - auto cv = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::SMB2::NegotiateContextValues}); + auto cv = make_intrusive(zeek::BifType::Vector::SMB2::NegotiateContextValues); if ( ${val.dialect_revision} == 0x0311 && ${val.negotiate_context_count} > 0 ) { diff --git a/src/analyzer/protocol/smb/smb2-com-session-setup.pac b/src/analyzer/protocol/smb/smb2-com-session-setup.pac index 1f38fe1fb2..edd380790e 100644 --- a/src/analyzer/protocol/smb/smb2-com-session-setup.pac +++ b/src/analyzer/protocol/smb/smb2-com-session-setup.pac @@ -4,7 +4,7 @@ refine connection SMB_Conn += { %{ if ( smb2_session_setup_request ) { - auto req = make_intrusive(BifType::Record::SMB2::SessionSetupRequest); + auto req = make_intrusive(zeek::BifType::Record::SMB2::SessionSetupRequest); req->Assign(0, val_mgr->Count(${val.security_mode})); BifEvent::enqueue_smb2_session_setup_request(bro_analyzer(), @@ -20,12 +20,12 @@ refine connection SMB_Conn += { %{ if ( smb2_session_setup_response ) { - auto flags = make_intrusive(BifType::Record::SMB2::SessionSetupFlags); + auto flags = make_intrusive(zeek::BifType::Record::SMB2::SessionSetupFlags); flags->Assign(0, val_mgr->Bool(${val.flag_guest})); flags->Assign(1, val_mgr->Bool(${val.flag_anonymous})); flags->Assign(2, val_mgr->Bool(${val.flag_encrypt})); - auto resp = make_intrusive(BifType::Record::SMB2::SessionSetupResponse); + auto resp = make_intrusive(zeek::BifType::Record::SMB2::SessionSetupResponse); resp->Assign(0, std::move(flags)); BifEvent::enqueue_smb2_session_setup_response(bro_analyzer(), diff --git a/src/analyzer/protocol/smb/smb2-com-set-info.pac b/src/analyzer/protocol/smb/smb2-com-set-info.pac index 9f13d9b91a..daee89cb70 100644 --- a/src/analyzer/protocol/smb/smb2-com-set-info.pac +++ b/src/analyzer/protocol/smb/smb2-com-set-info.pac @@ -93,11 +93,11 @@ refine connection SMB_Conn += { %{ if ( smb2_file_fullea ) { - auto eas = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::SMB2::FileEAs}); + auto eas = make_intrusive(zeek::BifType::Vector::SMB2::FileEAs); for ( auto i = 0u; i < ${val.ea_vector}->size(); ++i ) { - auto r = make_intrusive(BifType::Record::SMB2::FileEA); + auto r = make_intrusive(zeek::BifType::Record::SMB2::FileEA); r->Assign(0, smb2_string2stringval(${val.ea_vector[i].ea_name})); r->Assign(1, smb2_string2stringval(${val.ea_vector[i].ea_value})); @@ -192,7 +192,7 @@ refine connection SMB_Conn += { %{ if ( smb2_file_fscontrol ) { - auto r = make_intrusive(BifType::Record::SMB2::Fscontrol); + auto r = make_intrusive(zeek::BifType::Record::SMB2::Fscontrol); r->Assign(0, val_mgr->Int(${val.free_space_start_filtering})); r->Assign(1, val_mgr->Int(${val.free_space_start_threshold})); r->Assign(2, val_mgr->Int(${val.free_space_stop_filtering})); diff --git a/src/analyzer/protocol/smb/smb2-com-transform-header.pac b/src/analyzer/protocol/smb/smb2-com-transform-header.pac index c9629fa842..fb546afe1d 100644 --- a/src/analyzer/protocol/smb/smb2-com-transform-header.pac +++ b/src/analyzer/protocol/smb/smb2-com-transform-header.pac @@ -4,7 +4,7 @@ refine connection SMB_Conn += { %{ if ( smb2_transform_header ) { - auto r = make_intrusive(BifType::Record::SMB2::Transform_header); + auto r = make_intrusive(zeek::BifType::Record::SMB2::Transform_header); r->Assign(0, to_stringval(${hdr.signature})); r->Assign(1, to_stringval(${hdr.nonce})); r->Assign(2, val_mgr->Count(${hdr.orig_msg_size})); diff --git a/src/analyzer/protocol/smb/smb2-com-tree-connect.pac b/src/analyzer/protocol/smb/smb2-com-tree-connect.pac index 68449d999f..7ad9516a7f 100644 --- a/src/analyzer/protocol/smb/smb2-com-tree-connect.pac +++ b/src/analyzer/protocol/smb/smb2-com-tree-connect.pac @@ -18,7 +18,7 @@ refine connection SMB_Conn += { if ( smb2_tree_connect_response ) { - auto resp = make_intrusive(BifType::Record::SMB2::TreeConnectResponse); + auto resp = make_intrusive(zeek::BifType::Record::SMB2::TreeConnectResponse); resp->Assign(0, val_mgr->Count(${val.share_type})); BifEvent::enqueue_smb2_tree_connect_response(bro_analyzer(), diff --git a/src/analyzer/protocol/smb/smb2-protocol.pac b/src/analyzer/protocol/smb/smb2-protocol.pac index 7c774d2f31..13ec2c4062 100644 --- a/src/analyzer/protocol/smb/smb2-protocol.pac +++ b/src/analyzer/protocol/smb/smb2-protocol.pac @@ -11,7 +11,7 @@ IntrusivePtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv); %code{ IntrusivePtr BuildSMB2HeaderVal(SMB2_Header* hdr) { - auto r = make_intrusive(BifType::Record::SMB2::Header); + auto r = make_intrusive(zeek::BifType::Record::SMB2::Header); r->Assign(0, val_mgr->Count(${hdr.credit_charge})); r->Assign(1, val_mgr->Count(${hdr.status})); r->Assign(2, val_mgr->Count(${hdr.command})); @@ -27,7 +27,7 @@ IntrusivePtr BuildSMB2HeaderVal(SMB2_Header* hdr) IntrusivePtr BuildSMB2GUID(SMB2_guid* file_id) { - auto r = make_intrusive(BifType::Record::SMB2::GUID); + auto r = make_intrusive(zeek::BifType::Record::SMB2::GUID); r->Assign(0, val_mgr->Count(${file_id.persistent})); r->Assign(1, val_mgr->Count(${file_id._volatile})); return r; @@ -35,7 +35,7 @@ IntrusivePtr BuildSMB2GUID(SMB2_guid* file_id) IntrusivePtr smb2_file_attrs_to_bro(SMB2_file_attributes* val) { - auto r = make_intrusive(BifType::Record::SMB2::FileAttrs); + auto r = make_intrusive(zeek::BifType::Record::SMB2::FileAttrs); r->Assign(0, val_mgr->Bool(${val.read_only})); r->Assign(1, val_mgr->Bool(${val.hidden})); r->Assign(2, val_mgr->Bool(${val.system})); @@ -56,7 +56,7 @@ IntrusivePtr smb2_file_attrs_to_bro(SMB2_file_attributes* val) IntrusivePtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv) { - auto r = make_intrusive(BifType::Record::SMB2::NegotiateContextValue); + auto r = make_intrusive(zeek::BifType::Record::SMB2::NegotiateContextValue); r->Assign(0, val_mgr->Count(${ncv.context_type})); r->Assign(1, val_mgr->Count(${ncv.data_length})); @@ -64,7 +64,7 @@ IntrusivePtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv) switch ( ${ncv.context_type} ) { case SMB2_PREAUTH_INTEGRITY_CAPABILITIES: { - auto rpreauth = make_intrusive(BifType::Record::SMB2::PreAuthIntegrityCapabilities); + auto rpreauth = make_intrusive(zeek::BifType::Record::SMB2::PreAuthIntegrityCapabilities); rpreauth->Assign(0, val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg_count})); rpreauth->Assign(1, val_mgr->Count(${ncv.preauth_integrity_capabilities.salt_length})); @@ -84,7 +84,7 @@ IntrusivePtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv) case SMB2_ENCRYPTION_CAPABILITIES: { - auto rencr = make_intrusive(BifType::Record::SMB2::EncryptionCapabilities); + auto rencr = make_intrusive(zeek::BifType::Record::SMB2::EncryptionCapabilities); rencr->Assign(0, val_mgr->Count(${ncv.encryption_capabilities.cipher_count})); auto c = make_intrusive(zeek::id::index_vec); @@ -102,7 +102,7 @@ IntrusivePtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv) case SMB2_COMPRESSION_CAPABILITIES: { - auto rcomp = make_intrusive(BifType::Record::SMB2::CompressionCapabilities); + auto rcomp = make_intrusive(zeek::BifType::Record::SMB2::CompressionCapabilities); rcomp->Assign(0, val_mgr->Count(${ncv.compression_capabilities.alg_count})); auto c = make_intrusive(zeek::id::index_vec); diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac index 0fa56d3c2f..a8c5b07b52 100644 --- a/src/analyzer/protocol/snmp/snmp-analyzer.pac +++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac @@ -44,7 +44,7 @@ AddrVal* network_address_to_val(const ASN1Encoding* na) Val* asn1_obj_to_val(const ASN1Encoding* obj) { - RecordVal* rval = new RecordVal(BifType::Record::SNMP::ObjectValue); + RecordVal* rval = new RecordVal(zeek::BifType::Record::SNMP::ObjectValue); uint8 tag = obj->meta()->tag(); rval->Assign(0, val_mgr->Count(tag)); @@ -92,13 +92,13 @@ Val* time_ticks_to_val(const TimeTicks* tt) IntrusivePtr build_hdr(const Header* header) { - auto rv = make_intrusive(BifType::Record::SNMP::Header); + auto rv = make_intrusive(zeek::BifType::Record::SNMP::Header); rv->Assign(0, val_mgr->Count(header->version())); switch ( header->version() ) { case SNMPV1_TAG: { - RecordVal* v1 = new RecordVal(BifType::Record::SNMP::HeaderV1); + RecordVal* v1 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV1); v1->Assign(0, asn1_octet_string_to_val(header->v1()->community())); rv->Assign(1, v1); } @@ -106,7 +106,7 @@ IntrusivePtr build_hdr(const Header* header) case SNMPV2_TAG: { - RecordVal* v2 = new RecordVal(BifType::Record::SNMP::HeaderV2); + RecordVal* v2 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV2); v2->Assign(0, asn1_octet_string_to_val(header->v2()->community())); rv->Assign(2, v2); } @@ -124,7 +124,7 @@ IntrusivePtr build_hdr(const Header* header) RecordVal* build_hdrV3(const Header* header) { - RecordVal* v3 = new RecordVal(BifType::Record::SNMP::HeaderV3); + RecordVal* v3 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV3); const v3Header* v3hdr = header->v3(); const v3HeaderData* global_data = v3hdr->global_data(); bytestring const& flags = global_data->flags()->encoding()->content(); @@ -144,7 +144,7 @@ RecordVal* build_hdrV3(const Header* header) if ( v3hdr->next()->tag() == ASN1_SEQUENCE_TAG ) { const v3ScopedPDU* spdu = v3hdr->plaintext_pdu(); - RecordVal* rv = new RecordVal(BifType::Record::SNMP::ScopedPDU_Context); + RecordVal* rv = new RecordVal(zeek::BifType::Record::SNMP::ScopedPDU_Context); rv->Assign(0, asn1_octet_string_to_val(spdu->context_engine_id())); rv->Assign(1, asn1_octet_string_to_val(spdu->context_name())); v3->Assign(8, rv); @@ -155,12 +155,12 @@ RecordVal* build_hdrV3(const Header* header) VectorVal* build_bindings(const VarBindList* vbl) { - auto vv = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::SNMP::Bindings}); + auto vv = make_intrusive(zeek::BifType::Vector::SNMP::Bindings); for ( size_t i = 0; i < vbl->bindings()->size(); ++i ) { VarBind* vb = (*vbl->bindings())[i]; - RecordVal* binding = new RecordVal(BifType::Record::SNMP::Binding); + RecordVal* binding = new RecordVal(zeek::BifType::Record::SNMP::Binding); binding->Assign(0, asn1_oid_to_val(vb->name()->oid())); binding->Assign(1, asn1_obj_to_val(vb->value()->encoding())); vv->Assign(i, binding); @@ -171,7 +171,7 @@ VectorVal* build_bindings(const VarBindList* vbl) IntrusivePtr build_pdu(const CommonPDU* pdu) { - auto rv = make_intrusive(BifType::Record::SNMP::PDU); + auto rv = make_intrusive(zeek::BifType::Record::SNMP::PDU); rv->Assign(0, asn1_integer_to_val(pdu->request_id(), TYPE_INT)); rv->Assign(1, asn1_integer_to_val(pdu->error_status(), TYPE_INT)); rv->Assign(2, asn1_integer_to_val(pdu->error_index(), TYPE_INT)); @@ -181,7 +181,7 @@ IntrusivePtr build_pdu(const CommonPDU* pdu) IntrusivePtr build_trap_pdu(const TrapPDU* pdu) { - auto rv = make_intrusive(BifType::Record::SNMP::TrapPDU); + auto rv = make_intrusive(zeek::BifType::Record::SNMP::TrapPDU); rv->Assign(0, asn1_oid_to_val(pdu->enterprise())); rv->Assign(1, network_address_to_val(pdu->agent_addr())); rv->Assign(2, asn1_integer_to_val(pdu->generic_trap(), TYPE_INT)); @@ -193,7 +193,7 @@ IntrusivePtr build_trap_pdu(const TrapPDU* pdu) IntrusivePtr build_bulk_pdu(const GetBulkRequestPDU* pdu) { - auto rv = make_intrusive(BifType::Record::SNMP::BulkPDU); + auto rv = make_intrusive(zeek::BifType::Record::SNMP::BulkPDU); rv->Assign(0, asn1_integer_to_val(pdu->request_id(), TYPE_INT)); rv->Assign(1, asn1_integer_to_val(pdu->non_repeaters(), TYPE_COUNT)); rv->Assign(2, asn1_integer_to_val(pdu->max_repititions(), TYPE_COUNT)); diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index da8c875882..0845e41efa 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -70,28 +70,28 @@ refine flow SSH_Flow += { if ( ! ssh_capabilities ) return false; - auto result = make_intrusive(BifType::Record::SSH::Capabilities); + auto result = make_intrusive(zeek::BifType::Record::SSH::Capabilities); result->Assign(0, name_list_to_vector(${msg.kex_algorithms.val})); result->Assign(1, name_list_to_vector(${msg.server_host_key_algorithms.val})); - RecordVal* encryption_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs); + RecordVal* encryption_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs); encryption_algs->Assign(0, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val})); encryption_algs->Assign(1, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val})); result->Assign(2, encryption_algs); - RecordVal* mac_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs); + RecordVal* mac_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs); mac_algs->Assign(0, name_list_to_vector(${msg.mac_algorithms_client_to_server.val})); mac_algs->Assign(1, name_list_to_vector(${msg.mac_algorithms_server_to_client.val})); result->Assign(3, mac_algs); - RecordVal* compression_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs); + RecordVal* compression_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs); compression_algs->Assign(0, name_list_to_vector(${msg.compression_algorithms_client_to_server.val})); compression_algs->Assign(1, name_list_to_vector(${msg.compression_algorithms_server_to_client.val})); result->Assign(4, compression_algs); if ( ${msg.languages_client_to_server.len} || ${msg.languages_server_to_client.len} ) { - RecordVal* languages = new RecordVal(BifType::Record::SSH::Algorithm_Prefs); + RecordVal* languages = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs); if ( ${msg.languages_client_to_server.len} ) languages->Assign(0, name_list_to_vector(${msg.languages_client_to_server.val})); if ( ${msg.languages_server_to_client.len} ) diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index 2dc919bbaf..a08d94203b 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -161,7 +161,7 @@ refine connection Handshake_Conn += { { for ( unsigned int i = 0; i < supported_signature_algorithms->size(); ++i ) { - RecordVal* el = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); + RecordVal* el = new RecordVal(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm); el->Assign(0, val_mgr->Count((*supported_signature_algorithms)[i]->HashAlgorithm())); el->Assign(1, val_mgr->Count((*supported_signature_algorithms)[i]->SignatureAlgorithm())); slist->Assign(i, el); @@ -342,7 +342,7 @@ refine connection Handshake_Conn += { if ( ssl_server_signature ) { - auto ha = make_intrusive(BifType::Record::SSL::SignatureAndHashAlgorithm); + auto ha = make_intrusive(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm); if ( ${kex.signed_params.uses_signature_and_hashalgorithm} ) { @@ -414,7 +414,7 @@ refine connection Handshake_Conn += { if ( ! ssl_extension_signed_certificate_timestamp ) return true; - auto ha = make_intrusive(BifType::Record::SSL::SignatureAndHashAlgorithm); + auto ha = make_intrusive(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm); ha->Assign(0, val_mgr->Count(digitally_signed_algorithms->HashAlgorithm())); ha->Assign(1, val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm())); @@ -442,7 +442,7 @@ refine connection Handshake_Conn += { if ( ssl_server_signature ) { - auto ha = make_intrusive(BifType::Record::SSL::SignatureAndHashAlgorithm); + auto ha = make_intrusive(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm); if ( ${signed_params.uses_signature_and_hashalgorithm} ) { @@ -498,7 +498,7 @@ refine connection Handshake_Conn += { { for ( auto&& identity : *(identities->identities()) ) { - RecordVal* el = new RecordVal(BifType::Record::SSL::PSKIdentity); + RecordVal* el = new RecordVal(zeek::BifType::Record::SSL::PSKIdentity); el->Assign(0, make_intrusive(identity->identity().length(), (const char*) identity->identity().data())); el->Assign(1, val_mgr->Count(identity->obfuscated_ticket_age())); slist->Assign(slist->Size(), el); diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index fc13e50848..3522439cce 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -1356,7 +1356,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) if ( tcp_options ) { - auto option_list = make_intrusive(IntrusivePtr{NewRef{}, BifType::Vector::TCP::OptionList}); + auto option_list = make_intrusive(zeek::BifType::Vector::TCP::OptionList); auto add_option_data = [](RecordVal* rv, const u_char* odata, int olen) { @@ -1372,7 +1372,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) { auto kind = o[0]; auto length = kind < 2 ? 1 : o[1]; - auto option_record = new RecordVal(BifType::Record::TCP::Option); + auto option_record = new RecordVal(zeek::BifType::Record::TCP::Option); option_list->Assign(option_list->Size(), option_record); option_record->Assign(0, val_mgr->Count(kind)); option_record->Assign(1, val_mgr->Count(length)); diff --git a/src/broker/Data.cc b/src/broker/Data.cc index 24f6d55822..b2fa59152d 100644 --- a/src/broker/Data.cc +++ b/src/broker/Data.cc @@ -1016,7 +1016,7 @@ broker::expected bro_broker::val_to_data(const Val* v) IntrusivePtr bro_broker::make_data_val(Val* v) { - auto rval = make_intrusive(BifType::Record::Broker::Data); + auto rval = make_intrusive(zeek::BifType::Record::Broker::Data); auto data = val_to_data(v); if ( data ) @@ -1029,7 +1029,7 @@ IntrusivePtr bro_broker::make_data_val(Val* v) IntrusivePtr bro_broker::make_data_val(broker::data d) { - auto rval = make_intrusive(BifType::Record::Broker::Data); + auto rval = make_intrusive(zeek::BifType::Record::Broker::Data); rval->Assign(0, make_intrusive(move(d))); return rval; } @@ -1039,72 +1039,72 @@ struct data_type_getter { result_type operator()(broker::none) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::NONE); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::NONE); } result_type operator()(bool) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::BOOL); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::BOOL); } result_type operator()(uint64_t) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::COUNT); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::COUNT); } result_type operator()(int64_t) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INT); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INT); } result_type operator()(double) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::DOUBLE); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::DOUBLE); } result_type operator()(const std::string&) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::STRING); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::STRING); } result_type operator()(const broker::address&) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ADDR); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ADDR); } result_type operator()(const broker::subnet&) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SUBNET); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SUBNET); } result_type operator()(const broker::port&) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::PORT); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::PORT); } result_type operator()(const broker::timestamp&) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TIME); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TIME); } result_type operator()(const broker::timespan&) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INTERVAL); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INTERVAL); } result_type operator()(const broker::enum_value&) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ENUM); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ENUM); } result_type operator()(const broker::set&) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SET); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SET); } result_type operator()(const broker::table&) { - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TABLE); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TABLE); } result_type operator()(const broker::vector&) @@ -1112,7 +1112,7 @@ struct data_type_getter { // Note that Broker uses vectors to store record data, so there's // no actual way to tell if this data was originally associated // with a Bro record. - return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::VECTOR); + return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::VECTOR); } }; diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 9d7cc5f324..ac90d2a342 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -699,7 +699,7 @@ bool Manager::AutoUnpublishEvent(const string& topic, Val* event) RecordVal* Manager::MakeEvent(val_list* args, Frame* frame) { - auto rval = new RecordVal(BifType::Record::Broker::Event); + auto rval = new RecordVal(zeek::BifType::Record::Broker::Event); auto arg_vec = make_intrusive(vector_of_data_type); rval->Assign(1, arg_vec); Func* func = nullptr; @@ -1351,7 +1351,7 @@ void Manager::ProcessError(broker::error err) } mgr.Enqueue(Broker::error, - BifType::Enum::Broker::ErrorCode->GetVal(ec), + zeek::BifType::Enum::Broker::ErrorCode->GetVal(ec), make_intrusive(msg) ); } diff --git a/src/broker/Store.h b/src/broker/Store.h index 09799c8c68..b439d39e0f 100644 --- a/src/broker/Store.h +++ b/src/broker/Store.h @@ -26,9 +26,9 @@ EnumVal* query_status(bool success); */ inline IntrusivePtr query_result() { - auto rval = make_intrusive(BifType::Record::Broker::QueryResult); + auto rval = make_intrusive(zeek::BifType::Record::Broker::QueryResult); rval->Assign(0, query_status(false)); - rval->Assign(1, make_intrusive(BifType::Record::Broker::Data)); + rval->Assign(1, make_intrusive(zeek::BifType::Record::Broker::Data)); return rval; } @@ -39,7 +39,7 @@ inline IntrusivePtr query_result() */ inline IntrusivePtr query_result(IntrusivePtr data) { - auto rval = make_intrusive(BifType::Record::Broker::QueryResult); + auto rval = make_intrusive(zeek::BifType::Record::Broker::QueryResult); rval->Assign(0, query_status(true)); rval->Assign(1, std::move(data)); return rval; diff --git a/src/broker/comm.bif b/src/broker/comm.bif index 71a36b44b3..77f29830af 100644 --- a/src/broker/comm.bif +++ b/src/broker/comm.bif @@ -123,7 +123,7 @@ function Broker::__peers%(%): PeerInfos auto ps = (BifEnum::Broker::PeerStatus)p.status; peer_info->Assign(0, endpoint_info); - peer_info->Assign(1, BifType::Enum::Broker::PeerStatus->GetVal(ps)); + peer_info->Assign(1, zeek::BifType::Enum::Broker::PeerStatus->GetVal(ps)); rval->Assign(i, peer_info); ++i; diff --git a/src/broker/data.bif b/src/broker/data.bif index c7a7840d30..167cc9ab48 100644 --- a/src/broker/data.bif +++ b/src/broker/data.bif @@ -146,7 +146,7 @@ function Broker::__set_iterator_next%(it: opaque of Broker::SetIterator%): bool function Broker::__set_iterator_value%(it: opaque of Broker::SetIterator%): Broker::Data %{ auto set_it = static_cast(it); - auto rval = make_intrusive(BifType::Record::Broker::Data); + auto rval = make_intrusive(zeek::BifType::Record::Broker::Data); if ( set_it->it == set_it->dat.end() ) { @@ -204,7 +204,7 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker:: if ( ! k ) { builtin_error("invalid Broker data conversion for key argument"); - return make_intrusive(BifType::Record::Broker::Data); + return make_intrusive(zeek::BifType::Record::Broker::Data); } auto v = bro_broker::val_to_data(val); @@ -212,7 +212,7 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker:: if ( ! v ) { builtin_error("invalid Broker data conversion for value argument"); - return make_intrusive(BifType::Record::Broker::Data); + return make_intrusive(zeek::BifType::Record::Broker::Data); } try @@ -225,7 +225,7 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker:: catch (const std::out_of_range&) { table[std::move(*k)] = std::move(*v); - return make_intrusive(BifType::Record::Broker::Data); + return make_intrusive(zeek::BifType::Record::Broker::Data); } %} @@ -239,13 +239,13 @@ function Broker::__table_remove%(t: Broker::Data, key: any%): Broker::Data if ( ! k ) { builtin_error("invalid Broker data conversion for key argument"); - return make_intrusive(BifType::Record::Broker::Data); + return make_intrusive(zeek::BifType::Record::Broker::Data); } auto it = table.find(*k); if ( it == table.end() ) - return make_intrusive(BifType::Record::Broker::Data); + return make_intrusive(zeek::BifType::Record::Broker::Data); else { auto rval = bro_broker::make_data_val(move(it->second)); @@ -264,13 +264,13 @@ function Broker::__table_lookup%(t: Broker::Data, key: any%): Broker::Data if ( ! k ) { builtin_error("invalid Broker data conversion for key argument"); - return make_intrusive(BifType::Record::Broker::Data); + return make_intrusive(zeek::BifType::Record::Broker::Data); } auto it = table.find(*k); if ( it == table.end() ) - return make_intrusive(BifType::Record::Broker::Data); + return make_intrusive(zeek::BifType::Record::Broker::Data); else return bro_broker::make_data_val(it->second); %} @@ -300,9 +300,9 @@ function Broker::__table_iterator_next%(it: opaque of Broker::TableIterator%): b function Broker::__table_iterator_value%(it: opaque of Broker::TableIterator%): Broker::TableItem %{ auto ti = static_cast(it); - auto rval = make_intrusive(BifType::Record::Broker::TableItem); - auto key_val = new RecordVal(BifType::Record::Broker::Data); - auto val_val = new RecordVal(BifType::Record::Broker::Data); + auto rval = make_intrusive(zeek::BifType::Record::Broker::TableItem); + auto key_val = new RecordVal(zeek::BifType::Record::Broker::Data); + auto val_val = new RecordVal(zeek::BifType::Record::Broker::Data); rval->Assign(0, key_val); rval->Assign(1, val_val); @@ -367,7 +367,7 @@ function Broker::__vector_replace%(v: Broker::Data, idx: count, d: any%): Broker } if ( idx >= vec.size() ) - return make_intrusive(BifType::Record::Broker::Data); + return make_intrusive(zeek::BifType::Record::Broker::Data); auto rval = bro_broker::make_data_val(move(vec[idx])); vec[idx] = std::move(*item); @@ -380,7 +380,7 @@ function Broker::__vector_remove%(v: Broker::Data, idx: count%): Broker::Data TYPE_VECTOR, frame); if ( idx >= vec.size() ) - return make_intrusive(BifType::Record::Broker::Data); + return make_intrusive(zeek::BifType::Record::Broker::Data); auto rval = bro_broker::make_data_val(move(vec[idx])); vec.erase(vec.begin() + idx); @@ -393,7 +393,7 @@ function Broker::__vector_lookup%(v: Broker::Data, idx: count%): Broker::Data TYPE_VECTOR, frame); if ( idx >= vec.size() ) - return make_intrusive(BifType::Record::Broker::Data); + return make_intrusive(zeek::BifType::Record::Broker::Data); return bro_broker::make_data_val(vec[idx]); %} @@ -423,7 +423,7 @@ function Broker::__vector_iterator_next%(it: opaque of Broker::VectorIterator%): function Broker::__vector_iterator_value%(it: opaque of Broker::VectorIterator%): Broker::Data %{ auto vi = static_cast(it); - auto rval = make_intrusive(BifType::Record::Broker::Data); + auto rval = make_intrusive(zeek::BifType::Record::Broker::Data); if ( vi->it == vi->dat.end() ) { @@ -472,7 +472,7 @@ function Broker::__record_lookup%(r: Broker::Data, idx: count%): Broker::Data TYPE_RECORD, frame); if ( idx >= v.size() || caf::get_if(&v[idx]) ) - return make_intrusive(BifType::Record::Broker::Data); + return make_intrusive(zeek::BifType::Record::Broker::Data); return bro_broker::make_data_val(v[idx]); %} @@ -502,7 +502,7 @@ function Broker::__record_iterator_next%(it: opaque of Broker::RecordIterator%): function Broker::__record_iterator_value%(it: opaque of Broker::RecordIterator%): Broker::Data %{ auto ri = static_cast(it); - auto rval = make_intrusive(BifType::Record::Broker::Data); + auto rval = make_intrusive(zeek::BifType::Record::Broker::Data); if ( ri->it == ri->dat.end() ) { diff --git a/src/file_analysis/AnalyzerSet.cc b/src/file_analysis/AnalyzerSet.cc index 8c5c5eecc2..b2ca39f954 100644 --- a/src/file_analysis/AnalyzerSet.cc +++ b/src/file_analysis/AnalyzerSet.cc @@ -22,7 +22,7 @@ AnalyzerSet::AnalyzerSet(File* arg_file) : file(arg_file) { auto t = make_intrusive(); t->Append(file_mgr->GetTagType()); - t->Append({NewRef{}, BifType::Record::Files::AnalyzerArgs}); + t->Append(zeek::BifType::Record::Files::AnalyzerArgs); analyzer_hash = new CompositeHash(std::move(t)); analyzer_map.SetDeleteFunc(analyzer_del_func); } diff --git a/src/file_analysis/analyzer/extract/functions.bif b/src/file_analysis/analyzer/extract/functions.bif index 9b80700755..6d0ac3435d 100644 --- a/src/file_analysis/analyzer/extract/functions.bif +++ b/src/file_analysis/analyzer/extract/functions.bif @@ -10,8 +10,8 @@ module FileExtract; ## :zeek:see:`FileExtract::set_limit`. function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool %{ - using BifType::Record::Files::AnalyzerArgs; - auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs); + using zeek::BifType::Record::Files::AnalyzerArgs; + auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs.get()); bool result = file_mgr->SetExtractionLimit(file_id->CheckString(), rv.get(), n); return val_mgr->Bool(result); %} diff --git a/src/file_analysis/analyzer/pe/pe-analyzer.pac b/src/file_analysis/analyzer/pe/pe-analyzer.pac index 773dcb47c0..f0967dc5ba 100644 --- a/src/file_analysis/analyzer/pe/pe-analyzer.pac +++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac @@ -42,7 +42,7 @@ refine flow File += { %{ if ( pe_dos_header ) { - auto dh = make_intrusive(BifType::Record::PE::DOSHeader); + auto dh = make_intrusive(zeek::BifType::Record::PE::DOSHeader); dh->Assign(0, make_intrusive(${h.signature}.length(), (const char*) ${h.signature}.data())); dh->Assign(1, val_mgr->Count(${h.UsedBytesInTheLastPage})); dh->Assign(2, val_mgr->Count(${h.FileSizeInPages})); @@ -92,7 +92,7 @@ refine flow File += { %{ if ( pe_file_header ) { - auto fh = make_intrusive(BifType::Record::PE::FileHeader); + auto fh = make_intrusive(zeek::BifType::Record::PE::FileHeader); fh->Assign(0, val_mgr->Count(${h.Machine})); fh->Assign(1, make_intrusive(static_cast(${h.TimeDateStamp}), TYPE_TIME)); fh->Assign(2, val_mgr->Count(${h.PointerToSymbolTable})); @@ -120,7 +120,7 @@ refine flow File += { if ( pe_optional_header ) { - auto oh = make_intrusive(BifType::Record::PE::OptionalHeader); + auto oh = make_intrusive(zeek::BifType::Record::PE::OptionalHeader); oh->Assign(0, val_mgr->Count(${h.magic})); oh->Assign(1, val_mgr->Count(${h.major_linker_version})); @@ -162,7 +162,7 @@ refine flow File += { %{ if ( pe_section_header ) { - auto section_header = make_intrusive(BifType::Record::PE::SectionHeader); + auto section_header = make_intrusive(zeek::BifType::Record::PE::SectionHeader); // Strip null characters from the end of the section name. u_char* first_null = (u_char*) memchr(${h.name}.data(), 0, ${h.name}.length()); diff --git a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac index b2d46c89ed..58077f1635 100644 --- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac +++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac @@ -66,7 +66,7 @@ refine flow Flow += { %{ if ( ::unified2_event ) { - auto ids_event = make_intrusive(BifType::Record::Unified2::IDSEvent); + auto ids_event = make_intrusive(zeek::BifType::Record::Unified2::IDSEvent); ids_event->Assign(0, val_mgr->Count(${ev.sensor_id})); ids_event->Assign(1, val_mgr->Count(${ev.event_id})); ids_event->Assign(2, make_intrusive(ts_to_double(${ev.ts}), TYPE_TIME)); @@ -92,7 +92,7 @@ refine flow Flow += { %{ if ( ::unified2_event ) { - auto ids_event = make_intrusive(BifType::Record::Unified2::IDSEvent); + auto ids_event = make_intrusive(zeek::BifType::Record::Unified2::IDSEvent); ids_event->Assign(0, val_mgr->Count(${ev.sensor_id})); ids_event->Assign(1, val_mgr->Count(${ev.event_id})); ids_event->Assign(2, make_intrusive(ts_to_double(${ev.ts}), TYPE_TIME)); @@ -123,7 +123,7 @@ refine flow Flow += { %{ if ( ::unified2_packet ) { - auto packet = make_intrusive(BifType::Record::Unified2::Packet); + auto packet = make_intrusive(zeek::BifType::Record::Unified2::Packet); packet->Assign(0, val_mgr->Count(${pkt.sensor_id})); packet->Assign(1, val_mgr->Count(${pkt.event_id})); packet->Assign(2, val_mgr->Count(${pkt.event_second})); diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index b7ddbecad1..a3c3e00136 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -117,7 +117,7 @@ IntrusivePtr file_analysis::X509::ParseCertificate(X509Val* cert_val, char buf[2048]; // we need a buffer for some of the openssl functions memset(buf, 0, sizeof(buf)); - auto pX509Cert = make_intrusive(BifType::Record::X509::Certificate); + auto pX509Cert = make_intrusive(zeek::BifType::Record::X509::Certificate); BIO *bio = BIO_new(BIO_s_mem()); pX509Cert->Assign(0, val_mgr->Count((uint64_t) X509_get_version(ssl_cert) + 1)); @@ -286,7 +286,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) { if ( x509_ext_basic_constraints ) { - auto pBasicConstraint = make_intrusive(BifType::Record::X509::BasicConstraints); + auto pBasicConstraint = make_intrusive(zeek::BifType::Record::X509::BasicConstraints); pBasicConstraint->Assign(0, val_mgr->Bool(constr->ca)); if ( constr->pathlen ) @@ -417,7 +417,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) } } - auto sanExt = make_intrusive(BifType::Record::X509::SubjectAlternativeName); + auto sanExt = make_intrusive(zeek::BifType::Record::X509::SubjectAlternativeName); if ( names != nullptr ) sanExt->Assign(0, names); diff --git a/src/file_analysis/analyzer/x509/X509Common.cc b/src/file_analysis/analyzer/x509/X509Common.cc index 12abb5ecb0..19680f6404 100644 --- a/src/file_analysis/analyzer/x509/X509Common.cc +++ b/src/file_analysis/analyzer/x509/X509Common.cc @@ -269,7 +269,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const EventHa if ( ! ext_val ) ext_val = make_intrusive(0, ""); - auto pX509Ext = make_intrusive(BifType::Record::X509::Extension); + auto pX509Ext = make_intrusive(zeek::BifType::Record::X509::Extension); pX509Ext->Assign(0, make_intrusive(name)); if ( short_name and strlen(short_name) > 0 ) diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif index 003e19d1ac..5cf3fe0e1b 100644 --- a/src/file_analysis/analyzer/x509/functions.bif +++ b/src/file_analysis/analyzer/x509/functions.bif @@ -13,7 +13,7 @@ // construct an error record IntrusivePtr x509_result_record(uint64_t num, const char* reason, Val* chainVector = nullptr) { - auto rrecord = make_intrusive(BifType::Record::X509::Result); + auto rrecord = make_intrusive(zeek::BifType::Record::X509::Result); rrecord->Assign(0, val_mgr->Int(num)); rrecord->Assign(1, make_intrusive(reason)); diff --git a/src/file_analysis/file_analysis.bif b/src/file_analysis/file_analysis.bif index 91bc6929aa..e15163dd83 100644 --- a/src/file_analysis/file_analysis.bif +++ b/src/file_analysis/file_analysis.bif @@ -41,8 +41,8 @@ function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool ## :zeek:see:`Files::add_analyzer`. function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool %{ - using BifType::Record::Files::AnalyzerArgs; - auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs); + using zeek::BifType::Record::Files::AnalyzerArgs; + auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs.get()); bool result = file_mgr->AddAnalyzer(file_id->CheckString(), file_mgr->GetComponentTag(tag), rv.get()); return val_mgr->Bool(result); @@ -51,8 +51,8 @@ function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): b ## :zeek:see:`Files::remove_analyzer`. function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool %{ - using BifType::Record::Files::AnalyzerArgs; - auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs); + using zeek::BifType::Record::Files::AnalyzerArgs; + auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs.get()); bool result = file_mgr->RemoveAnalyzer(file_id->CheckString(), file_mgr->GetComponentTag(tag) , rv.get()); return val_mgr->Bool(result); diff --git a/src/input/Manager.cc b/src/input/Manager.cc index d31838ba2b..ed4701e127 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -225,9 +225,9 @@ ReaderBackend* Manager::CreateBackend(ReaderFrontend* frontend, EnumVal* tag) bool Manager::CreateStream(Stream* info, RecordVal* description) { RecordType* rtype = description->GetType()->AsRecordType(); - if ( ! ( same_type(rtype, BifType::Record::Input::TableDescription, false) - || same_type(rtype, BifType::Record::Input::EventDescription, false) - || same_type(rtype, BifType::Record::Input::AnalysisDescription, false) ) ) + if ( ! ( same_type(rtype, zeek::BifType::Record::Input::TableDescription.get(), false) + || same_type(rtype, zeek::BifType::Record::Input::EventDescription.get(), false) + || same_type(rtype, zeek::BifType::Record::Input::AnalysisDescription.get(), false) ) ) { reporter->Error("Stream description argument not of right type for new input stream"); return false; @@ -311,7 +311,7 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) bool Manager::CreateEventStream(RecordVal* fval) { RecordType* rtype = fval->GetType()->AsRecordType(); - if ( ! same_type(rtype, BifType::Record::Input::EventDescription, false) ) + if ( ! same_type(rtype, zeek::BifType::Record::Input::EventDescription.get(), false) ) { reporter->Error("EventDescription argument not of right type"); return false; @@ -344,13 +344,13 @@ bool Manager::CreateEventStream(RecordVal* fval) return false; } - if ( ! same_type(args[1].get(), BifType::Enum::Input::Event, false) ) + if ( ! same_type(args[1].get(), zeek::BifType::Enum::Input::Event.get(), false) ) { reporter->Error("Input stream %s: Event's second attribute must be of type Input::Event", stream_name.c_str()); return false; } - if ( ! same_type(args[0].get(), BifType::Record::Input::EventDescription, false) ) + if ( ! same_type(args[0].get(), zeek::BifType::Record::Input::EventDescription.get(), false) ) { reporter->Error("Input stream %s: Event's first attribute must be of type Input::EventDescription", stream_name.c_str()); return false; @@ -464,7 +464,7 @@ bool Manager::CreateEventStream(RecordVal* fval) bool Manager::CreateTableStream(RecordVal* fval) { RecordType* rtype = fval->GetType()->AsRecordType(); - if ( ! same_type(rtype, BifType::Record::Input::TableDescription, false) ) + if ( ! same_type(rtype, zeek::BifType::Record::Input::TableDescription.get(), false) ) { reporter->Error("TableDescription argument not of right type"); return false; @@ -572,13 +572,13 @@ bool Manager::CreateTableStream(RecordVal* fval) return false; } - if ( ! same_type(args[0].get(), BifType::Record::Input::TableDescription, false) ) + if ( ! same_type(args[0].get(), zeek::BifType::Record::Input::TableDescription.get(), false) ) { reporter->Error("Input stream %s: Table event's first attribute must be of type Input::TableDescription", stream_name.c_str()); return false; } - if ( ! same_type(args[1].get(), BifType::Enum::Input::Event, false) ) + if ( ! same_type(args[1].get(), zeek::BifType::Enum::Input::Event.get(), false) ) { reporter->Error("Input stream %s: Table event's second attribute must be of type Input::Event", stream_name.c_str()); return false; @@ -719,13 +719,13 @@ bool Manager::CheckErrorEventTypes(const std::string& stream_name, const Func* e return false; } - if ( table && ! same_type(args[0].get(), BifType::Record::Input::TableDescription, false) ) + if ( table && ! same_type(args[0].get(), zeek::BifType::Record::Input::TableDescription.get(), false) ) { reporter->Error("Input stream %s: Error event's first attribute must be of type Input::TableDescription", stream_name.c_str()); return false; } - if ( ! table && ! same_type(args[0].get(), BifType::Record::Input::EventDescription, false) ) + if ( ! table && ! same_type(args[0].get(), zeek::BifType::Record::Input::EventDescription.get(), false) ) { reporter->Error("Input stream %s: Error event's first attribute must be of type Input::EventDescription", stream_name.c_str()); return false; @@ -737,7 +737,7 @@ bool Manager::CheckErrorEventTypes(const std::string& stream_name, const Func* e return false; } - if ( ! same_type(args[2].get(), BifType::Enum::Reporter::Level, false) ) + if ( ! same_type(args[2].get(), zeek::BifType::Enum::Reporter::Level.get(), false) ) { reporter->Error("Input stream %s: Error event's third attribute must be of type Reporter::Level", stream_name.c_str()); return false; @@ -750,7 +750,7 @@ bool Manager::CreateAnalysisStream(RecordVal* fval) { RecordType* rtype = fval->GetType()->AsRecordType(); - if ( ! same_type(rtype, BifType::Record::Input::AnalysisDescription, false) ) + if ( ! same_type(rtype, zeek::BifType::Record::Input::AnalysisDescription.get(), false) ) { reporter->Error("AnalysisDescription argument not of right type"); return false; @@ -1072,7 +1072,7 @@ void Manager::SendEntry(ReaderFrontend* reader, Value* *vals) else if ( i->stream_type == EVENT_STREAM ) { - EnumVal* type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); + EnumVal* type = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); readFields = SendEventStreamEvent(i, type, vals); } @@ -1177,9 +1177,9 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) if ( ! pred_convert_error ) { if ( updated ) - ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release(); + ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release(); else - ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); + ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); bool result; if ( stream->num_val_fields > 0 ) // we have values @@ -1278,13 +1278,13 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) else if ( updated ) { // in case of update send back the old value. assert ( stream->num_val_fields > 0 ); - ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release(); + ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release(); assert ( oldval != nullptr ); SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx, oldval.release()); } else { - ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); + ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); if ( stream->num_val_fields == 0 ) { Ref(stream->description); @@ -1347,7 +1347,7 @@ void Manager::EndCurrentSend(ReaderFrontend* reader) val = stream->tab->Lookup(idx.get()); assert(val != nullptr); predidx = ListValToRecordVal(idx.get(), stream->itype, &startpos); - ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release(); + ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release(); } if ( stream->pred ) @@ -1454,7 +1454,7 @@ void Manager::Put(ReaderFrontend* reader, Value* *vals) else if ( i->stream_type == EVENT_STREAM ) { - EnumVal* type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); + EnumVal* type = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); readFields = SendEventStreamEvent(i, type, vals); } @@ -1591,9 +1591,9 @@ int Manager::PutTable(Stream* i, const Value* const *vals) else { if ( updated ) - ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release(); + ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release(); else - ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); + ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); bool result; if ( stream->num_val_fields > 0 ) // we have values @@ -1632,14 +1632,14 @@ int Manager::PutTable(Stream* i, const Value* const *vals) { // in case of update send back the old value. assert ( stream->num_val_fields > 0 ); - ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release(); + ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release(); assert ( oldval != nullptr ); SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx, oldval.release()); } else { - ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); + ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release(); if ( stream->num_val_fields == 0 ) SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx); @@ -1724,7 +1724,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals) Unref(predidx); else { - EnumVal* ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release(); + EnumVal* ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release(); streamresult = CallPred(stream->pred, 3, ev, predidx, IntrusivePtr{val}.release()); @@ -1743,7 +1743,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals) { Ref(idxval); assert(val != nullptr); - EnumVal* ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release(); + EnumVal* ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release(); SendEvent(stream->event, 4, stream->description->Ref(), ev, idxval, IntrusivePtr{val}.release()); } } @@ -1758,7 +1758,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals) else if ( i->stream_type == EVENT_STREAM ) { - EnumVal* type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release(); + EnumVal* type = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release(); readVals = SendEventStreamEvent(i, type, vals); success = true; } @@ -2715,15 +2715,15 @@ void Manager::ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, co switch (et) { case ErrorType::INFO: - ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::INFO).release(); + ev = zeek::BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::INFO).release(); break; case ErrorType::WARNING: - ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::WARNING).release(); + ev = zeek::BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::WARNING).release(); break; case ErrorType::ERROR: - ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::ERROR).release(); + ev = zeek::BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::ERROR).release(); break; default: diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index fdbf824042..616de91fcc 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -627,7 +627,7 @@ IntrusivePtr Packet::ToRawPktHdrVal() const { // Ethernet header layout is: // dst[6bytes] src[6bytes] ethertype[2bytes]... - l2_hdr->Assign(0, BifType::Enum::link_encap->GetVal(BifEnum::LINK_ETHERNET)); + l2_hdr->Assign(0, zeek::BifType::Enum::link_encap->GetVal(BifEnum::LINK_ETHERNET)); l2_hdr->Assign(3, FmtEUI48(data + 6)); // src l2_hdr->Assign(4, FmtEUI48(data)); // dst @@ -644,12 +644,12 @@ IntrusivePtr Packet::ToRawPktHdrVal() const l3 = BifEnum::L3_ARP; } else - l2_hdr->Assign(0, BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN)); + l2_hdr->Assign(0, zeek::BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN)); l2_hdr->Assign(1, val_mgr->Count(len)); l2_hdr->Assign(2, val_mgr->Count(cap_len)); - l2_hdr->Assign(8, BifType::Enum::layer3_proto->GetVal(l3)); + l2_hdr->Assign(8, zeek::BifType::Enum::layer3_proto->GetVal(l3)); pkt_hdr->Assign(0, l2_hdr); diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 1c4ff43653..fae52407df 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -231,7 +231,7 @@ bool Manager::CreateStream(EnumVal* id, RecordVal* sval) { RecordType* rtype = sval->GetType()->AsRecordType(); - if ( ! same_type(rtype, BifType::Record::Log::Stream, false) ) + if ( ! same_type(rtype, zeek::BifType::Record::Log::Stream.get(), false) ) { reporter->Error("sval argument not of right type"); return false; @@ -534,7 +534,7 @@ bool Manager::AddFilter(EnumVal* id, RecordVal* fval) { RecordType* rtype = fval->GetType()->AsRecordType(); - if ( ! same_type(rtype, BifType::Record::Log::Filter, false) ) + if ( ! same_type(rtype, zeek::BifType::Record::Log::Filter.get(), false) ) { reporter->Error("filter argument not of right type"); return false; @@ -1514,7 +1514,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con return true; // Create the RotationInfo record. - auto info = make_intrusive(BifType::Record::Log::RotationInfo); + auto info = make_intrusive(zeek::BifType::Record::Log::RotationInfo); info->Assign(0, winfo->type->Ref()); info->Assign(1, make_intrusive(new_name)); info->Assign(2, make_intrusive(winfo->writer->Info().path)); diff --git a/src/supervisor/Supervisor.cc b/src/supervisor/Supervisor.cc index bd52f241b0..2856f188b2 100644 --- a/src/supervisor/Supervisor.cc +++ b/src/supervisor/Supervisor.cc @@ -1104,7 +1104,7 @@ std::string Supervisor::NodeConfig::ToJSON() const IntrusivePtr Supervisor::NodeConfig::ToRecord() const { - auto rt = BifType::Record::Supervisor::NodeConfig; + const auto& rt = zeek::BifType::Record::Supervisor::NodeConfig; auto rval = make_intrusive(rt); rval->Assign(rt->FieldOffset("name"), make_intrusive(name)); @@ -1140,10 +1140,10 @@ IntrusivePtr Supervisor::NodeConfig::ToRecord() const auto& name = e.first; auto& ep = e.second; auto key = make_intrusive(name); - auto ept = BifType::Record::Supervisor::ClusterEndpoint; + const auto& ept = zeek::BifType::Record::Supervisor::ClusterEndpoint; auto val = make_intrusive(ept); - val->Assign(ept->FieldOffset("role"), BifType::Enum::Supervisor::ClusterRole->GetVal(ep.role)); + val->Assign(ept->FieldOffset("role"), zeek::BifType::Enum::Supervisor::ClusterRole->GetVal(ep.role)); val->Assign(ept->FieldOffset("host"), make_intrusive(ep.host)); val->Assign(ept->FieldOffset("p"), val_mgr->Port(ep.port, TRANSPORT_TCP)); @@ -1158,7 +1158,7 @@ IntrusivePtr Supervisor::NodeConfig::ToRecord() const IntrusivePtr Supervisor::Node::ToRecord() const { - auto rt = BifType::Record::Supervisor::NodeStatus; + const auto& rt = zeek::BifType::Record::Supervisor::NodeStatus; auto rval = make_intrusive(rt); rval->Assign(rt->FieldOffset("node"), config.ToRecord()); @@ -1314,8 +1314,8 @@ void Supervisor::SupervisedNode::Init(zeek::Options* options) const IntrusivePtr Supervisor::Status(std::string_view node_name) { - auto rval = make_intrusive(BifType::Record::Supervisor::Status); - const auto& tt = BifType::Record::Supervisor::Status->GetFieldType("nodes"); + auto rval = make_intrusive(zeek::BifType::Record::Supervisor::Status); + const auto& tt = zeek::BifType::Record::Supervisor::Status->GetFieldType("nodes"); auto node_table_val = new TableVal(cast_intrusive(tt)); rval->Assign(0, node_table_val); diff --git a/src/supervisor/supervisor.bif b/src/supervisor/supervisor.bif index 096fa8d957..a6ee28ae1b 100644 --- a/src/supervisor/supervisor.bif +++ b/src/supervisor/supervisor.bif @@ -24,7 +24,7 @@ function Supervisor::__status%(node: string%): Supervisor::Status if ( ! zeek::supervisor_mgr ) { builtin_error("supervisor mode not enabled"); - return make_intrusive(BifType::Record::Supervisor::Status); + return make_intrusive(zeek::BifType::Record::Supervisor::Status); } return zeek::supervisor_mgr->Status(node->CheckString()); @@ -84,7 +84,7 @@ function Supervisor::__node%(%): Supervisor::NodeConfig if ( ! zeek::Supervisor::ThisNode() ) { builtin_error("not a supervised process"); - auto rt = BifType::Record::Supervisor::NodeConfig; + const auto& rt = zeek::BifType::Record::Supervisor::NodeConfig; auto rval = make_intrusive(rt); rval->Assign(rt->FieldOffset("name"), new StringVal("")); return rval; diff --git a/src/zeek.bif b/src/zeek.bif index cd202df1d7..a61ffd55a4 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -3397,7 +3397,7 @@ function get_current_packet%(%) : pcap_packet pkt->Assign(2, val_mgr->Count(0)); pkt->Assign(3, val_mgr->Count(0)); pkt->Assign(4, val_mgr->EmptyString()); - pkt->Assign(5, BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN)); + pkt->Assign(5, zeek::BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN)); return pkt; } @@ -3406,7 +3406,7 @@ function get_current_packet%(%) : pcap_packet pkt->Assign(2, val_mgr->Count(p->cap_len)); pkt->Assign(3, val_mgr->Count(p->len)); pkt->Assign(4, make_intrusive(p->cap_len, (const char*)p->data)); - pkt->Assign(5, BifType::Enum::link_encap->GetVal(p->link_type)); + pkt->Assign(5, zeek::BifType::Enum::link_encap->GetVal(p->link_type)); return pkt; %}