diff --git a/NEWS b/NEWS index af3d71bdc2..5adb4009db 100644 --- a/NEWS +++ b/NEWS @@ -191,6 +191,9 @@ Deprecated Functionality - ``FuncType::ArgTypes()`` is deprecated, use ``FuncType::ParamList()``. +- ``RecordVal::Assign(int, Val*)`` is deprecated, use the overload taking + ``IntrusivePtr``. + Zeek 3.1.0 ========== diff --git a/src/CompHash.cc b/src/CompHash.cc index ed3b7788a0..2d3e674348 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -900,7 +900,7 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0, RecordType* rt = t->AsRecordType(); int num_fields = rt->NumFields(); - std::vector values; + std::vector> values; int i; for ( i = 0; i < num_fields; ++i ) { @@ -922,7 +922,7 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0, break; } - values.push_back(v.release()); + values.emplace_back(std::move(v)); } ASSERT(int(values.size()) == num_fields); @@ -930,7 +930,7 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0, auto rv = make_intrusive(IntrusivePtr{NewRef{}, rt}); for ( int i = 0; i < num_fields; ++i ) - rv->Assign(i, values[i]); + rv->Assign(i, std::move(values[i])); *pval = std::move(rv); kp1 = kp; diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 021df5d191..44dd2cb5c5 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -724,7 +724,7 @@ IntrusivePtr DNS_Mgr::BuildMappingVal(DNS_Mapping* dm) r->Assign(3, val_mgr->Bool(dm->Valid())); auto h = dm->Host(); - r->Assign(4, h ? h.release() : new StringVal("")); + r->Assign(4, h ? std::move(h) : make_intrusive("")); r->Assign(5, dm->AddrsSet()); return r; diff --git a/src/Type.cc b/src/Type.cc index 671a98d8e6..bfa2fb6af9 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -809,9 +809,6 @@ IntrusivePtr RecordType::GetRecordFieldsVal(const RecordVal* rv) const if ( rv ) fv = rv->Lookup(i); - if ( fv ) - ::Ref(fv); - bool logged = (fd->attrs && fd->FindAttr(ATTR_LOG) != nullptr); auto nr = make_intrusive(record_field); @@ -819,7 +816,7 @@ IntrusivePtr RecordType::GetRecordFieldsVal(const RecordVal* rv) const string s = container_type_name(ft.get()); nr->Assign(0, make_intrusive(s)); nr->Assign(1, val_mgr->Bool(logged)); - nr->Assign(2, fv); + nr->Assign(2, {NewRef{}, fv}); nr->Assign(3, FieldDefault(i)); Val* field_name = new StringVal(FieldName(i)); rval->Assign(field_name, std::move(nr)); diff --git a/src/Val.h b/src/Val.h index 37323c9a2f..61d8eab0f3 100644 --- a/src/Val.h +++ b/src/Val.h @@ -945,8 +945,30 @@ public: IntrusivePtr SizeVal() const override; + /** + * Assign a value to a record field. + * @param field The field index to assign. + * @param new_val The value to assign. + */ void Assign(int field, IntrusivePtr new_val); + + /** + * Assign a value of type @c T to a record field, as constructed from + * the provided arguments. + * @param field The field index to assign. + * @param args A variable number of arguments to pass to constructor of + * type @c T. + */ + template + void Assign(int field, Ts&&... args) + { Assign(field, make_intrusive(std::forward(args)...)); } + + [[deprecated("Remove in v4.1. Assign an IntrusivePtr instead.")]] void Assign(int field, Val* new_val); + // Note: the following nullptr method can also go upon removing the above. + void Assign(int field, std::nullptr_t) + { Assign(field, IntrusivePtr{}); } + Val* Lookup(int field) const; // Does not Ref() value. IntrusivePtr LookupWithDefault(int field) const; diff --git a/src/analyzer/protocol/dhcp/dhcp-options.pac b/src/analyzer/protocol/dhcp/dhcp-options.pac index 2ebb439575..a53398eabc 100644 --- a/src/analyzer/protocol/dhcp/dhcp-options.pac +++ b/src/analyzer/protocol/dhcp/dhcp-options.pac @@ -625,11 +625,11 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_client_id_option(v: OptionValue): bool %{ - RecordVal* client_id = new RecordVal(zeek::BifType::Record::DHCP::ClientID); + auto client_id = make_intrusive(zeek::BifType::Record::DHCP::ClientID); client_id->Assign(0, val_mgr->Count(${v.client_id.hwtype})); client_id->Assign(1, make_intrusive(fmt_mac(${v.client_id.hwaddr}.begin(), ${v.client_id.hwaddr}.length()))); - ${context.flow}->options->Assign(19, client_id); + ${context.flow}->options->Assign(19, std::move(client_id)); return true; %} @@ -685,14 +685,14 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_client_fqdn_option(v: OptionValue): bool %{ - RecordVal* client_fqdn = new RecordVal(zeek::BifType::Record::DHCP::ClientFQDN); + auto client_fqdn = make_intrusive(zeek::BifType::Record::DHCP::ClientFQDN); client_fqdn->Assign(0, val_mgr->Count(${v.client_fqdn.flags})); client_fqdn->Assign(1, val_mgr->Count(${v.client_fqdn.rcode1})); client_fqdn->Assign(2, val_mgr->Count(${v.client_fqdn.rcode2})); const char* domain_name = reinterpret_cast(${v.client_fqdn.domain_name}.begin()); client_fqdn->Assign(3, make_intrusive(${v.client_fqdn.domain_name}.length(), domain_name)); - ${context.flow}->options->Assign(21, client_fqdn); + ${context.flow}->options->Assign(21, std::move(client_fqdn)); return true; %} diff --git a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac index f4daeb8c0c..00eae1b5f1 100644 --- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac +++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac @@ -83,9 +83,9 @@ static IntrusivePtr BuildTraceType(const InformationElement* ie) return val_mgr->Count(ie->trace_type()->value()); } -Val* BuildEndUserAddr(const InformationElement* ie) +IntrusivePtr BuildEndUserAddr(const InformationElement* ie) { - RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_end_user_addr); + auto ev = make_intrusive(zeek::BifType::Record::gtp_end_user_addr); ev->Assign(0, val_mgr->Count(ie->end_user_addr()->pdp_type_org())); ev->Assign(1, val_mgr->Count(ie->end_user_addr()->pdp_type_num())); @@ -114,23 +114,23 @@ Val* BuildEndUserAddr(const InformationElement* ie) return ev; } -Val* BuildAccessPointName(const InformationElement* ie) +IntrusivePtr BuildAccessPointName(const InformationElement* ie) { BroString* bs = new BroString((const u_char*) ie->ap_name()->value().data(), ie->ap_name()->value().length(), false); - return new StringVal(bs); + return make_intrusive(bs); } -Val* BuildProtoConfigOptions(const InformationElement* ie) +IntrusivePtr BuildProtoConfigOptions(const InformationElement* ie) { const u_char* d = (const u_char*) ie->proto_config_opts()->value().data(); int len = ie->proto_config_opts()->value().length(); - return new StringVal(new BroString(d, len, false)); + return make_intrusive(new BroString(d, len, false)); } -Val* BuildGSN_Addr(const InformationElement* ie) +IntrusivePtr BuildGSN_Addr(const InformationElement* ie) { - RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_gsn_addr); + auto ev = make_intrusive(zeek::BifType::Record::gtp_gsn_addr); int len = ie->gsn_addr()->value().length(); const uint8* d = ie->gsn_addr()->value().data(); @@ -147,16 +147,16 @@ Val* BuildGSN_Addr(const InformationElement* ie) return ev; } -Val* BuildMSISDN(const InformationElement* ie) +IntrusivePtr BuildMSISDN(const InformationElement* ie) { const u_char* d = (const u_char*) ie->msisdn()->value().data(); int len = ie->msisdn()->value().length(); - return new StringVal(new BroString(d, len, false)); + return make_intrusive(new BroString(d, len, false)); } -Val* BuildQoS_Profile(const InformationElement* ie) +IntrusivePtr BuildQoS_Profile(const InformationElement* ie) { - RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_qos_profile); + auto ev = make_intrusive(zeek::BifType::Record::gtp_qos_profile); const u_char* d = (const u_char*) ie->qos_profile()->data().data(); int len = ie->qos_profile()->data().length(); @@ -167,30 +167,30 @@ Val* BuildQoS_Profile(const InformationElement* ie) return ev; } -Val* BuildTrafficFlowTemplate(const InformationElement* ie) +IntrusivePtr BuildTrafficFlowTemplate(const InformationElement* ie) { const uint8* d = ie->traffic_flow_template()->value().data(); int len = ie->traffic_flow_template()->value().length(); - return new StringVal(new BroString((const u_char*) d, len, false)); + return make_intrusive(new BroString((const u_char*) d, len, false)); } -Val* BuildTriggerID(const InformationElement* ie) +IntrusivePtr BuildTriggerID(const InformationElement* ie) { const uint8* d = ie->trigger_id()->value().data(); int len = ie->trigger_id()->value().length(); - return new StringVal(new BroString((const u_char*) d, len, false)); + return make_intrusive(new BroString((const u_char*) d, len, false)); } -Val* BuildOMC_ID(const InformationElement* ie) +IntrusivePtr BuildOMC_ID(const InformationElement* ie) { const uint8* d = ie->omc_id()->value().data(); int len = ie->omc_id()->value().length(); - return new StringVal(new BroString((const u_char*) d, len, false)); + return make_intrusive(new BroString((const u_char*) d, len, false)); } -Val* BuildPrivateExt(const InformationElement* ie) +IntrusivePtr BuildPrivateExt(const InformationElement* ie) { - RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_private_extension); + auto ev = make_intrusive(zeek::BifType::Record::gtp_private_extension); const uint8* d = ie->private_ext()->value().data(); int len = ie->private_ext()->value().length(); @@ -216,16 +216,16 @@ static IntrusivePtr BuildChargingID(const InformationElement* ie) return val_mgr->Count(ie->charging_id()->value());; } -Val* BuildChargingGatewayAddr(const InformationElement* ie) +IntrusivePtr BuildChargingGatewayAddr(const InformationElement* ie) { const uint8* d = ie->charging_gateway_addr()->value().data(); int len = ie->charging_gateway_addr()->value().length(); if ( len == 4 ) - return new AddrVal(IPAddr(IPv4, (const uint32*) d, IPAddr::Network)); + return make_intrusive(IPAddr(IPv4, (const uint32*) d, IPAddr::Network)); else if ( len == 16 ) - return new AddrVal(IPAddr(IPv6, (const uint32*) d, IPAddr::Network)); + return make_intrusive(IPAddr(IPv6, (const uint32*) d, IPAddr::Network)); else - return 0; + return nullptr; } static IntrusivePtr BuildTeardownInd(const InformationElement* ie) diff --git a/src/analyzer/protocol/krb/krb-analyzer.pac b/src/analyzer/protocol/krb/krb-analyzer.pac index ebc07a0f3a..f3c6782361 100644 --- a/src/analyzer/protocol/krb/krb-analyzer.pac +++ b/src/analyzer/protocol/krb/krb-analyzer.pac @@ -1,14 +1,14 @@ %header{ -RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts); -RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer); +IntrusivePtr proc_krb_kdc_options(const KRB_KDC_Options* opts); +IntrusivePtr proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer); bool proc_error_arguments(RecordVal* rv, const std::vector* args, int64 error_code); %} %code{ -RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts) +IntrusivePtr proc_krb_kdc_options(const KRB_KDC_Options* opts) { - RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::KDC_Options); + auto rv = make_intrusive(zeek::BifType::Record::KRB::KDC_Options); rv->Assign(0, val_mgr->Bool(opts->forwardable())); rv->Assign(1, val_mgr->Bool(opts->forwarded())); @@ -27,12 +27,12 @@ RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts) return rv; } -RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer) +IntrusivePtr proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer) { - RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::KDC_Request); + auto rv = make_intrusive(zeek::BifType::Record::KRB::KDC_Request); - rv->Assign(0, asn1_integer_to_val(msg->pvno()->data(), TYPE_COUNT)); - rv->Assign(1, asn1_integer_to_val(msg->msg_type()->data(), TYPE_COUNT)); + rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(msg->pvno()->data(), TYPE_COUNT)}); + rv->Assign(1, {AdoptRef{}, asn1_integer_to_val(msg->msg_type()->data(), TYPE_COUNT)}); if ( msg->padata()->has_padata() ) rv->Assign(2, proc_padata(msg->padata()->padata()->padata(), bro_analyzer, false)); @@ -64,7 +64,7 @@ RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_an rv->Assign(9, GetTimeFromAsn1(element->data()->rtime(), 0)); break; case 7: - rv->Assign(10, asn1_integer_to_val(element->data()->nonce(), TYPE_COUNT)); + rv->Assign(10, {AdoptRef{}, asn1_integer_to_val(element->data()->nonce(), TYPE_COUNT)}); break; case 8: if ( element->data()->etype()->data()->size() ) @@ -132,10 +132,10 @@ bool proc_error_arguments(RecordVal* rv, const std::vector* args switch ( (*args)[i]->seq_meta()->index() ) { case 0: - rv->Assign(0, asn1_integer_to_val((*args)[i]->args()->pvno(), TYPE_COUNT)); + rv->Assign(0, {AdoptRef{}, asn1_integer_to_val((*args)[i]->args()->pvno(), TYPE_COUNT)}); break; case 1: - rv->Assign(1, asn1_integer_to_val((*args)[i]->args()->msg_type(), TYPE_COUNT)); + rv->Assign(1, {AdoptRef{}, asn1_integer_to_val((*args)[i]->args()->msg_type(), TYPE_COUNT)}); break; // ctime/stime handled above case 7: @@ -179,8 +179,8 @@ refine connection KRB_Conn += { if ( ! krb_as_request ) return false; - RecordVal* rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer()); - zeek::BifEvent::enqueue_krb_as_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv}); + auto rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer()); + zeek::BifEvent::enqueue_krb_as_request(bro_analyzer(), bro_analyzer()->Conn(), std::move(rv)); return true; } @@ -189,8 +189,8 @@ refine connection KRB_Conn += { if ( ! krb_tgs_request ) return false; - RecordVal* rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer()); - zeek::BifEvent::enqueue_krb_tgs_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv}); + auto rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer()); + zeek::BifEvent::enqueue_krb_tgs_request(bro_analyzer(), bro_analyzer()->Conn(), std::move(rv)); return true; } @@ -205,8 +205,8 @@ refine connection KRB_Conn += { { auto rv = make_intrusive(zeek::BifType::Record::KRB::KDC_Response); - rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT)); - rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT)); + rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT)}); + rv->Assign(1, {AdoptRef{}, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT)}); if ( ${msg.padata.has_padata} ) rv->Assign(2, proc_padata(${msg.padata.padata.padata}, bro_analyzer(), false)); @@ -246,7 +246,7 @@ refine connection KRB_Conn += { { auto rv = make_intrusive(zeek::BifType::Record::KRB::Error_Msg); proc_error_arguments(rv.get(), ${msg.args1}, 0); - rv->Assign(4, asn1_integer_to_val(${msg.error_code}, TYPE_COUNT)); + rv->Assign(4, {AdoptRef{}, asn1_integer_to_val(${msg.error_code}, TYPE_COUNT)}); proc_error_arguments(rv.get(), ${msg.args2}, binary_to_int64(${msg.error_code.encoding.content})); zeek::BifEvent::enqueue_krb_error(bro_analyzer(), bro_analyzer()->Conn(), std::move(rv)); } @@ -291,8 +291,8 @@ refine connection KRB_Conn += { { auto rv = make_intrusive(zeek::BifType::Record::KRB::SAFE_Msg); - rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT)); - rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT)); + rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT)}); + rv->Assign(1, {AdoptRef{}, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT)}); uint timestamp_i = 0; int64 timestamp_usecs = 0; @@ -325,7 +325,7 @@ refine connection KRB_Conn += { rv->Assign(3, to_stringval(${msg.safe_body.args[i].args.user_data.encoding.content})); break; case 3: - rv->Assign(5, asn1_integer_to_val(${msg.safe_body.args[i].args.seq_number}, TYPE_COUNT)); + rv->Assign(5, {AdoptRef{}, asn1_integer_to_val(${msg.safe_body.args[i].args.seq_number}, TYPE_COUNT)}); break; case 4: rv->Assign(6, proc_host_address(bro_analyzer(), ${msg.safe_body.args[i].args.sender_addr})); diff --git a/src/analyzer/protocol/krb/krb-padata.pac b/src/analyzer/protocol/krb/krb-padata.pac index a3c5d55741..5617e48fb6 100644 --- a/src/analyzer/protocol/krb/krb-padata.pac +++ b/src/analyzer/protocol/krb/krb-padata.pac @@ -7,16 +7,16 @@ %} %header{ -VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_analyzer, bool is_error); +IntrusivePtr proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_analyzer, bool is_error); %} %code{ -VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_analyzer, bool is_error) +IntrusivePtr proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_analyzer, bool is_error) { auto vv = make_intrusive(zeek::id::find_type("KRB::Type_Value_Vector")); if ( ! data->data()->has_padata() ) - return vv.release(); + return vv; for ( uint i = 0; i < data->data()->padata_elems()->size(); ++i) { @@ -119,7 +119,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a } } } - return vv.release(); + return vv; } %} diff --git a/src/analyzer/protocol/krb/krb-types.pac b/src/analyzer/protocol/krb/krb-types.pac index 4a53fca79e..4f1942854d 100644 --- a/src/analyzer/protocol/krb/krb-types.pac +++ b/src/analyzer/protocol/krb/krb-types.pac @@ -3,10 +3,10 @@ %header{ IntrusivePtr GetStringFromPrincipalName(const KRB_Principal_Name* pname); -VectorVal* proc_cipher_list(const Array* list); +IntrusivePtr proc_cipher_list(const Array* list); -VectorVal* proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses* list); -RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr); +IntrusivePtr proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses* list); +IntrusivePtr proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr); IntrusivePtr proc_tickets(const KRB_Ticket_Sequence* list); IntrusivePtr proc_ticket(const KRB_Ticket* ticket); @@ -25,15 +25,15 @@ IntrusivePtr GetStringFromPrincipalName(const KRB_Principal_Name* pname) return make_intrusive("unknown"); } -VectorVal* proc_cipher_list(const Array* list) +IntrusivePtr proc_cipher_list(const Array* list) { auto ciphers = make_intrusive(zeek::id::index_vec); for ( uint i = 0; i < list->data()->size(); ++i ) - ciphers->Assign(ciphers->Size(), asn1_integer_to_val((*list->data())[i], TYPE_COUNT)); - return ciphers.release(); + ciphers->Assign(ciphers->Size(), {AdoptRef{}, asn1_integer_to_val((*list->data())[i], TYPE_COUNT)}); + return ciphers; } -VectorVal* proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses* list) +IntrusivePtr proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses* list) { auto addrs = make_intrusive(zeek::id::find_type("KRB::Host_Address_Vector")); @@ -42,12 +42,12 @@ VectorVal* proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses* addrs->Assign(addrs->Size(), proc_host_address(a, (*list->addresses())[i])); } - return addrs.release(); + return addrs; } -RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr) +IntrusivePtr proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr) { - RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::Host_Address); + auto rv = make_intrusive(zeek::BifType::Record::KRB::Host_Address); const auto& addr_bytes = addr->address()->data()->content(); switch ( binary_to_int64(addr->addr_type()->encoding()->content()) ) @@ -85,10 +85,10 @@ RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr) break; } - RecordVal* unk = new RecordVal(zeek::BifType::Record::KRB::Type_Value); - unk->Assign(0, asn1_integer_to_val(addr->addr_type(), TYPE_COUNT)); + auto unk = make_intrusive(zeek::BifType::Record::KRB::Type_Value); + unk->Assign(0, {AdoptRef{}, asn1_integer_to_val(addr->addr_type(), TYPE_COUNT)}); unk->Assign(1, to_stringval(addr_bytes)); - rv->Assign(2, unk); + rv->Assign(2, std::move(unk)); return rv; } @@ -109,10 +109,10 @@ IntrusivePtr proc_ticket(const KRB_Ticket* ticket) { auto rv = make_intrusive(zeek::BifType::Record::KRB::Ticket); - rv->Assign(0, asn1_integer_to_val(ticket->tkt_vno()->data(), TYPE_COUNT)); + rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(ticket->tkt_vno()->data(), TYPE_COUNT)}); rv->Assign(1, to_stringval(ticket->realm()->data()->content())); rv->Assign(2, GetStringFromPrincipalName(ticket->sname())); - rv->Assign(3, asn1_integer_to_val(ticket->enc_part()->data()->etype()->data(), TYPE_COUNT)); + rv->Assign(3, {AdoptRef{}, asn1_integer_to_val(ticket->enc_part()->data()->etype()->data(), TYPE_COUNT)}); rv->Assign(4, to_stringval(ticket->enc_part()->data()->ciphertext()->encoding()->content())); return rv; diff --git a/src/analyzer/protocol/mqtt/commands/publish.pac b/src/analyzer/protocol/mqtt/commands/publish.pac index d8211be638..cd7ceef2b3 100644 --- a/src/analyzer/protocol/mqtt/commands/publish.pac +++ b/src/analyzer/protocol/mqtt/commands/publish.pac @@ -27,8 +27,8 @@ refine flow MQTT_Flow += { m->Assign(0, val_mgr->Bool(${msg.dup})); m->Assign(1, val_mgr->Count(${msg.qos})); m->Assign(2, val_mgr->Bool(${msg.retain})); - m->Assign(3, new StringVal(${msg.topic.str}.length(), - reinterpret_cast(${msg.topic.str}.begin()))); + m->Assign(3, ${msg.topic.str}.length(), + reinterpret_cast(${msg.topic.str}.begin())); auto len = ${msg.payload}.length(); static auto max_payload_size = zeek::id::find("MQTT::max_payload_size"); @@ -37,8 +37,8 @@ refine flow MQTT_Flow += { if ( len > static_cast(max) ) len = max; - m->Assign(4, new StringVal(len, - reinterpret_cast(${msg.payload}.begin()))); + m->Assign(4, len, + reinterpret_cast(${msg.payload}.begin())); m->Assign(5, val_mgr->Count(${msg.payload}.length())); diff --git a/src/analyzer/protocol/mqtt/commands/subscribe.pac b/src/analyzer/protocol/mqtt/commands/subscribe.pac index 75015bffc7..755101b41f 100644 --- a/src/analyzer/protocol/mqtt/commands/subscribe.pac +++ b/src/analyzer/protocol/mqtt/commands/subscribe.pac @@ -24,11 +24,11 @@ refine flow MQTT_Flow += { for ( auto topic: *${msg.topics} ) { - auto subscribe_topic = new StringVal(${topic.name.str}.length(), + auto subscribe_topic = make_intrusive(${topic.name.str}.length(), reinterpret_cast(${topic.name.str}.begin())); auto qos = val_mgr->Count(${topic.requested_QoS}); - topics->Assign(topics->Size(), subscribe_topic); - qos_levels->Assign(qos_levels->Size(), qos); + topics->Assign(topics->Size(), std::move(subscribe_topic)); + qos_levels->Assign(qos_levels->Size(), std::move(qos)); } zeek::BifEvent::enqueue_mqtt_subscribe(connection()->bro_analyzer(), diff --git a/src/analyzer/protocol/mqtt/commands/unsubscribe.pac b/src/analyzer/protocol/mqtt/commands/unsubscribe.pac index 45f68f8d8b..944e005c7b 100644 --- a/src/analyzer/protocol/mqtt/commands/unsubscribe.pac +++ b/src/analyzer/protocol/mqtt/commands/unsubscribe.pac @@ -18,9 +18,9 @@ refine flow MQTT_Flow += { for ( auto topic: *${msg.topics} ) { - auto unsubscribe_topic = new StringVal(${topic.str}.length(), + auto unsubscribe_topic = make_intrusive(${topic.str}.length(), reinterpret_cast(${topic.str}.begin())); - topics->Assign(topics->Size(), unsubscribe_topic); + topics->Assign(topics->Size(), std::move(unsubscribe_topic)); } zeek::BifEvent::enqueue_mqtt_unsubscribe(connection()->bro_analyzer(), diff --git a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac index c95e90982d..46a7396e45 100644 --- a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac +++ b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac @@ -1,28 +1,64 @@ +%header{ + IntrusivePtr filetime2brotime(uint64_t ts); + IntrusivePtr build_version_record(NTLM_Version* val); + IntrusivePtr build_negotiate_flag_record(NTLM_Negotiate_Flags* val); +%} -refine connection NTLM_Conn += { - - # This is replicated from the SMB analyzer. :( - function filetime2brotime(ts: uint64): Val - %{ +%code{ + // This is replicated from the SMB analyzer. :( + IntrusivePtr filetime2brotime(uint64_t ts) + { double secs = (ts / 10000000.0); // Bro can't support times back to the 1600's // so we subtract a lot of seconds. - Val* bro_ts = new Val(secs - 11644473600.0, TYPE_TIME); + auto bro_ts = make_intrusive(secs - 11644473600.0, TYPE_TIME); return bro_ts; - %} + } - function build_version_record(val: NTLM_Version): BroVal - %{ - RecordVal* result = new RecordVal(zeek::BifType::Record::NTLM::Version); + IntrusivePtr build_version_record(NTLM_Version* val) + { + auto result = make_intrusive(zeek::BifType::Record::NTLM::Version); result->Assign(0, val_mgr->Count(${val.major_version})); result->Assign(1, val_mgr->Count(${val.minor_version})); result->Assign(2, val_mgr->Count(${val.build_number})); result->Assign(3, val_mgr->Count(${val.ntlm_revision})); return result; - %} + } + + IntrusivePtr build_negotiate_flag_record(NTLM_Negotiate_Flags* val) + { + auto flags = make_intrusive(zeek::BifType::Record::NTLM::NegotiateFlags); + flags->Assign(0, val_mgr->Bool(${val.negotiate_56})); + flags->Assign(1, val_mgr->Bool(${val.negotiate_key_exch})); + flags->Assign(2, val_mgr->Bool(${val.negotiate_128})); + flags->Assign(3, val_mgr->Bool(${val.negotiate_version})); + flags->Assign(4, val_mgr->Bool(${val.negotiate_target_info})); + flags->Assign(5, val_mgr->Bool(${val.request_non_nt_session_key})); + flags->Assign(6, val_mgr->Bool(${val.negotiate_identify})); + flags->Assign(7, val_mgr->Bool(${val.negotiate_extended_sessionsecurity})); + flags->Assign(8, val_mgr->Bool(${val.target_type_server})); + flags->Assign(9, val_mgr->Bool(${val.target_type_domain})); + flags->Assign(10, val_mgr->Bool(${val.negotiate_always_sign})); + flags->Assign(11, val_mgr->Bool(${val.negotiate_oem_workstation_supplied})); + flags->Assign(12, val_mgr->Bool(${val.negotiate_oem_domain_supplied})); + flags->Assign(13, val_mgr->Bool(${val.negotiate_anonymous_connection})); + flags->Assign(14, val_mgr->Bool(${val.negotiate_ntlm})); + flags->Assign(15, val_mgr->Bool(${val.negotiate_lm_key})); + flags->Assign(16, val_mgr->Bool(${val.negotiate_datagram})); + flags->Assign(17, val_mgr->Bool(${val.negotiate_seal})); + flags->Assign(18, val_mgr->Bool(${val.negotiate_sign})); + flags->Assign(19, val_mgr->Bool(${val.request_target})); + flags->Assign(20, val_mgr->Bool(${val.negotiate_oem})); + flags->Assign(21, val_mgr->Bool(${val.negotiate_unicode})); + + return flags; + } +%} + +refine connection NTLM_Conn += { function build_av_record(val: NTLM_AV_Pair_Sequence, len: uint16): BroVal %{ @@ -76,35 +112,6 @@ refine connection NTLM_Conn += { return result; %} - function build_negotiate_flag_record(val: NTLM_Negotiate_Flags): BroVal - %{ - RecordVal* flags = new RecordVal(zeek::BifType::Record::NTLM::NegotiateFlags); - flags->Assign(0, val_mgr->Bool(${val.negotiate_56})); - flags->Assign(1, val_mgr->Bool(${val.negotiate_key_exch})); - flags->Assign(2, val_mgr->Bool(${val.negotiate_128})); - flags->Assign(3, val_mgr->Bool(${val.negotiate_version})); - flags->Assign(4, val_mgr->Bool(${val.negotiate_target_info})); - flags->Assign(5, val_mgr->Bool(${val.request_non_nt_session_key})); - flags->Assign(6, val_mgr->Bool(${val.negotiate_identify})); - flags->Assign(7, val_mgr->Bool(${val.negotiate_extended_sessionsecurity})); - flags->Assign(8, val_mgr->Bool(${val.target_type_server})); - flags->Assign(9, val_mgr->Bool(${val.target_type_domain})); - flags->Assign(10, val_mgr->Bool(${val.negotiate_always_sign})); - flags->Assign(11, val_mgr->Bool(${val.negotiate_oem_workstation_supplied})); - flags->Assign(12, val_mgr->Bool(${val.negotiate_oem_domain_supplied})); - flags->Assign(13, val_mgr->Bool(${val.negotiate_anonymous_connection})); - flags->Assign(14, val_mgr->Bool(${val.negotiate_ntlm})); - flags->Assign(15, val_mgr->Bool(${val.negotiate_lm_key})); - flags->Assign(16, val_mgr->Bool(${val.negotiate_datagram})); - flags->Assign(17, val_mgr->Bool(${val.negotiate_seal})); - flags->Assign(18, val_mgr->Bool(${val.negotiate_sign})); - flags->Assign(19, val_mgr->Bool(${val.request_target})); - flags->Assign(20, val_mgr->Bool(${val.negotiate_oem})); - flags->Assign(21, val_mgr->Bool(${val.negotiate_unicode})); - - return flags; - %} - function proc_ntlm_negotiate(val: NTLM_Negotiate): bool %{ if ( ! ntlm_negotiate ) @@ -144,7 +151,7 @@ refine connection NTLM_Conn += { result->Assign(2, build_version_record(${val.version})); if ( ${val}->has_target_info() ) - result->Assign(3, build_av_record(${val.target_info}, ${val.target_info_fields.length})); + result->Assign(3, {AdoptRef{}, build_av_record(${val.target_info}, ${val.target_info_fields.length})}); zeek::BifEvent::enqueue_ntlm_challenge(bro_analyzer(), bro_analyzer()->Conn(), diff --git a/src/analyzer/protocol/ntp/ntp-analyzer.pac b/src/analyzer/protocol/ntp/ntp-analyzer.pac index 35e776c3a9..bd9af501d1 100644 --- a/src/analyzer/protocol/ntp/ntp-analyzer.pac +++ b/src/analyzer/protocol/ntp/ntp-analyzer.pac @@ -8,34 +8,33 @@ %} %header{ - Val* proc_ntp_short(const NTP_Short_Time* t); - Val* proc_ntp_timestamp(const NTP_Time* t); + IntrusivePtr proc_ntp_short(const NTP_Short_Time* t); + IntrusivePtr proc_ntp_timestamp(const NTP_Time* t); + IntrusivePtr BuildNTPStdMsg(NTP_std_msg* nsm); + IntrusivePtr BuildNTPControlMsg(NTP_control_msg* ncm); + IntrusivePtr BuildNTPMode7Msg(NTP_mode7_msg* m7); %} %code{ - Val* proc_ntp_short(const NTP_Short_Time* t) + IntrusivePtr proc_ntp_short(const NTP_Short_Time* t) { if ( t->seconds() == 0 && t->fractions() == 0 ) - return new Val(0.0, TYPE_INTERVAL); - return new Val(t->seconds() + t->fractions()*FRAC_16, TYPE_INTERVAL); + return make_intrusive(0.0, TYPE_INTERVAL); + return make_intrusive(t->seconds() + t->fractions()*FRAC_16, TYPE_INTERVAL); } - Val* proc_ntp_timestamp(const NTP_Time* t) + IntrusivePtr proc_ntp_timestamp(const NTP_Time* t) { if ( t->seconds() == 0 && t->fractions() == 0) - return new Val(0.0, TYPE_TIME); - return new Val(EPOCH_OFFSET + t->seconds() + t->fractions()*FRAC_32, TYPE_TIME); + return make_intrusive(0.0, TYPE_TIME); + return make_intrusive(EPOCH_OFFSET + t->seconds() + t->fractions()*FRAC_32, TYPE_TIME); } -%} - -refine flow NTP_Flow += { - - # This builds the standard msg record - function BuildNTPStdMsg(nsm: NTP_std_msg): BroVal - %{ - RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::StandardMessage); + // This builds the standard msg record + IntrusivePtr BuildNTPStdMsg(NTP_std_msg* nsm) + { + auto rv = make_intrusive(zeek::BifType::Record::NTP::StandardMessage); rv->Assign(0, val_mgr->Count(${nsm.stratum})); rv->Assign(1, make_intrusive(pow(2, ${nsm.poll}), TYPE_INTERVAL)); @@ -83,12 +82,12 @@ refine flow NTP_Flow += { } return rv; - %} + } - # This builds the control msg record - function BuildNTPControlMsg(ncm: NTP_control_msg): BroVal - %{ - RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::ControlMessage); + // This builds the control msg record + IntrusivePtr BuildNTPControlMsg(NTP_control_msg* ncm) + { + auto rv = make_intrusive(zeek::BifType::Record::NTP::ControlMessage); rv->Assign(0, val_mgr->Count(${ncm.OpCode})); rv->Assign(1, val_mgr->Bool(${ncm.R})); @@ -108,12 +107,12 @@ refine flow NTP_Flow += { } return rv; - %} + } - # This builds the mode7 msg record - function BuildNTPMode7Msg(m7: NTP_mode7_msg): BroVal - %{ - RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::Mode7Message); + // This builds the mode7 msg record + IntrusivePtr BuildNTPMode7Msg(NTP_mode7_msg* m7) + { + auto rv = make_intrusive(zeek::BifType::Record::NTP::Mode7Message); rv->Assign(0, val_mgr->Count(${m7.request_code})); rv->Assign(1, val_mgr->Bool(${m7.auth_bit})); @@ -125,7 +124,11 @@ refine flow NTP_Flow += { rv->Assign(5, to_stringval(${m7.data})); return rv; - %} + } +%} + + +refine flow NTP_Flow += { function proc_ntp_message(msg: NTP_PDU): bool diff --git a/src/analyzer/protocol/radius/radius-analyzer.pac b/src/analyzer/protocol/radius/radius-analyzer.pac index 4bb6d006b4..cf1548bd2f 100644 --- a/src/analyzer/protocol/radius/radius-analyzer.pac +++ b/src/analyzer/protocol/radius/radius-analyzer.pac @@ -14,7 +14,7 @@ refine flow RADIUS_Flow += { if ( ${msg.attributes}->size() ) { - TableVal* attributes = new TableVal(zeek::BifType::Table::RADIUS::Attributes); + auto attributes = make_intrusive(zeek::BifType::Table::RADIUS::Attributes); for ( uint i = 0; i < ${msg.attributes}->size(); ++i ) { @@ -38,8 +38,8 @@ refine flow RADIUS_Flow += { } } - result->Assign(3, attributes); - } + result->Assign(3, std::move(attributes)); + } zeek::BifEvent::enqueue_radius_message(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), std::move(result)); return true; diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac index 504a525440..ad31e0ef8a 100644 --- a/src/analyzer/protocol/snmp/snmp-analyzer.pac +++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac @@ -8,13 +8,13 @@ %} %header{ -AddrVal* network_address_to_val(const ASN1Encoding* na); -AddrVal* network_address_to_val(const NetworkAddress* na); -Val* asn1_obj_to_val(const ASN1Encoding* obj); +IntrusivePtr network_address_to_val(const ASN1Encoding* na); +IntrusivePtr network_address_to_val(const NetworkAddress* na); +IntrusivePtr asn1_obj_to_val(const ASN1Encoding* obj); IntrusivePtr build_hdr(const Header* header); -RecordVal* build_hdrV3(const Header* header); -VectorVal* build_bindings(const VarBindList* vbl); +IntrusivePtr build_hdrV3(const Header* header); +IntrusivePtr build_bindings(const VarBindList* vbl); IntrusivePtr build_pdu(const CommonPDU* pdu); IntrusivePtr build_trap_pdu(const TrapPDU* pdu); IntrusivePtr build_bulk_pdu(const GetBulkRequestPDU* pdu); @@ -22,12 +22,12 @@ IntrusivePtr build_bulk_pdu(const GetBulkRequestPDU* pdu); %code{ -AddrVal* network_address_to_val(const NetworkAddress* na) +IntrusivePtr network_address_to_val(const NetworkAddress* na) { return network_address_to_val(na->encoding()); } -AddrVal* network_address_to_val(const ASN1Encoding* na) +IntrusivePtr network_address_to_val(const ASN1Encoding* na) { bytestring const& bs = na->content(); @@ -35,16 +35,16 @@ AddrVal* network_address_to_val(const ASN1Encoding* na) // but standards don't seem to currently make any provisions for IPv6, // so ignore anything that can't be IPv4. if ( bs.length() != 4 ) - return new AddrVal(IPAddr()); + return make_intrusive(IPAddr()); const u_char* data = reinterpret_cast(bs.data()); uint32 network_order = extract_uint32(data); - return new AddrVal(ntohl(network_order)); + return make_intrusive(ntohl(network_order)); } -Val* asn1_obj_to_val(const ASN1Encoding* obj) +IntrusivePtr asn1_obj_to_val(const ASN1Encoding* obj) { - RecordVal* rval = new RecordVal(zeek::BifType::Record::SNMP::ObjectValue); + IntrusivePtr rval = make_intrusive(zeek::BifType::Record::SNMP::ObjectValue); uint8 tag = obj->meta()->tag(); rval->Assign(0, val_mgr->Count(tag)); @@ -57,18 +57,18 @@ Val* asn1_obj_to_val(const ASN1Encoding* obj) break; case ASN1_OBJECT_IDENTIFIER_TAG: - rval->Assign(1, asn1_oid_to_val(obj)); + rval->Assign(1, {AdoptRef{}, asn1_oid_to_val(obj)}); break; case ASN1_INTEGER_TAG: - rval->Assign(2, asn1_integer_to_val(obj, TYPE_INT)); + rval->Assign(2, {AdoptRef{}, asn1_integer_to_val(obj, TYPE_INT)}); break; case APP_COUNTER32_TAG: case APP_UNSIGNED32_TAG: case APP_TIMETICKS_TAG: case APP_COUNTER64_TAG: - rval->Assign(3, asn1_integer_to_val(obj, TYPE_COUNT)); + rval->Assign(3, {AdoptRef{}, asn1_integer_to_val(obj, TYPE_COUNT)}); break; case APP_IPADDRESS_TAG: @@ -78,16 +78,16 @@ Val* asn1_obj_to_val(const ASN1Encoding* obj) case ASN1_OCTET_STRING_TAG: case APP_OPAQUE_TAG: default: - rval->Assign(5, asn1_octet_string_to_val(obj)); + rval->Assign(5, {AdoptRef{}, asn1_octet_string_to_val(obj)}); break; } return rval; } -Val* time_ticks_to_val(const TimeTicks* tt) +IntrusivePtr time_ticks_to_val(const TimeTicks* tt) { - return asn1_integer_to_val(tt->asn1_integer(), TYPE_COUNT); + return {AdoptRef{}, asn1_integer_to_val(tt->asn1_integer(), TYPE_COUNT)}; } IntrusivePtr build_hdr(const Header* header) @@ -98,17 +98,17 @@ IntrusivePtr build_hdr(const Header* header) switch ( header->version() ) { case SNMPV1_TAG: { - RecordVal* v1 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV1); - v1->Assign(0, asn1_octet_string_to_val(header->v1()->community())); - rv->Assign(1, v1); + auto v1 = make_intrusive(zeek::BifType::Record::SNMP::HeaderV1); + v1->Assign(0, {AdoptRef{}, asn1_octet_string_to_val(header->v1()->community())}); + rv->Assign(1, std::move(v1)); } break; case SNMPV2_TAG: { - RecordVal* v2 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV2); - v2->Assign(0, asn1_octet_string_to_val(header->v2()->community())); - rv->Assign(2, v2); + auto v2 = make_intrusive(zeek::BifType::Record::SNMP::HeaderV2); + v2->Assign(0, {AdoptRef{}, asn1_octet_string_to_val(header->v2()->community())}); + rv->Assign(2, std::move(v2)); } break; @@ -122,59 +122,57 @@ IntrusivePtr build_hdr(const Header* header) return rv; } -RecordVal* build_hdrV3(const Header* header) +IntrusivePtr build_hdrV3(const Header* header) { - RecordVal* v3 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV3); + auto v3 = make_intrusive(zeek::BifType::Record::SNMP::HeaderV3); const v3Header* v3hdr = header->v3(); const v3HeaderData* global_data = v3hdr->global_data(); bytestring const& flags = global_data->flags()->encoding()->content(); uint8 flags_byte = flags.length() > 0 ? flags[0] : 0; - v3->Assign(0, asn1_integer_to_val(global_data->id(), TYPE_COUNT)); - v3->Assign(1, asn1_integer_to_val(global_data->max_size(), - TYPE_COUNT)); + v3->Assign(0, {AdoptRef{}, asn1_integer_to_val(global_data->id(), TYPE_COUNT)}); + v3->Assign(1, {AdoptRef{}, asn1_integer_to_val(global_data->max_size(), TYPE_COUNT)}); v3->Assign(2, val_mgr->Count(flags_byte)); v3->Assign(3, val_mgr->Bool(flags_byte & 0x01)); v3->Assign(4, val_mgr->Bool(flags_byte & 0x02)); v3->Assign(5, val_mgr->Bool(flags_byte & 0x04)); - v3->Assign(6, asn1_integer_to_val(global_data->security_model(), - TYPE_COUNT)); - v3->Assign(7, asn1_octet_string_to_val(v3hdr->security_parameters())); + v3->Assign(6, {AdoptRef{}, asn1_integer_to_val(global_data->security_model(), TYPE_COUNT)}); + v3->Assign(7, {AdoptRef{}, asn1_octet_string_to_val(v3hdr->security_parameters())}); if ( v3hdr->next()->tag() == ASN1_SEQUENCE_TAG ) { const v3ScopedPDU* spdu = v3hdr->plaintext_pdu(); - RecordVal* rv = new RecordVal(zeek::BifType::Record::SNMP::ScopedPDU_Context); - rv->Assign(0, asn1_octet_string_to_val(spdu->context_engine_id())); - rv->Assign(1, asn1_octet_string_to_val(spdu->context_name())); - v3->Assign(8, rv); + auto rv = make_intrusive(zeek::BifType::Record::SNMP::ScopedPDU_Context); + rv->Assign(0, {AdoptRef{}, asn1_octet_string_to_val(spdu->context_engine_id())}); + rv->Assign(1, {AdoptRef{}, asn1_octet_string_to_val(spdu->context_name())}); + v3->Assign(8, std::move(rv)); } return v3; } -VectorVal* build_bindings(const VarBindList* vbl) +IntrusivePtr build_bindings(const VarBindList* vbl) { auto vv = make_intrusive(zeek::BifType::Vector::SNMP::Bindings); for ( size_t i = 0; i < vbl->bindings()->size(); ++i ) { VarBind* vb = (*vbl->bindings())[i]; - RecordVal* binding = new RecordVal(zeek::BifType::Record::SNMP::Binding); - binding->Assign(0, asn1_oid_to_val(vb->name()->oid())); + auto binding = make_intrusive(zeek::BifType::Record::SNMP::Binding); + binding->Assign(0, {AdoptRef{}, asn1_oid_to_val(vb->name()->oid())}); binding->Assign(1, asn1_obj_to_val(vb->value()->encoding())); - vv->Assign(i, binding); + vv->Assign(i, std::move(binding)); } - return vv.release(); + return vv; } IntrusivePtr build_pdu(const CommonPDU* pdu) { auto rv = make_intrusive(zeek::BifType::Record::SNMP::PDU); - rv->Assign(0, asn1_integer_to_val(pdu->request_id(), TYPE_INT)); - rv->Assign(1, asn1_integer_to_val(pdu->error_status(), TYPE_INT)); - rv->Assign(2, asn1_integer_to_val(pdu->error_index(), TYPE_INT)); + rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(pdu->request_id(), TYPE_INT)}); + rv->Assign(1, {AdoptRef{}, asn1_integer_to_val(pdu->error_status(), TYPE_INT)}); + rv->Assign(2, {AdoptRef{}, asn1_integer_to_val(pdu->error_index(), TYPE_INT)}); rv->Assign(3, build_bindings(pdu->var_bindings())); return rv; } @@ -182,10 +180,10 @@ IntrusivePtr build_pdu(const CommonPDU* pdu) IntrusivePtr build_trap_pdu(const TrapPDU* pdu) { auto rv = make_intrusive(zeek::BifType::Record::SNMP::TrapPDU); - rv->Assign(0, asn1_oid_to_val(pdu->enterprise())); + rv->Assign(0, {AdoptRef{}, asn1_oid_to_val(pdu->enterprise())}); rv->Assign(1, network_address_to_val(pdu->agent_addr())); - rv->Assign(2, asn1_integer_to_val(pdu->generic_trap(), TYPE_INT)); - rv->Assign(3, asn1_integer_to_val(pdu->specific_trap(), TYPE_INT)); + rv->Assign(2, {AdoptRef{}, asn1_integer_to_val(pdu->generic_trap(), TYPE_INT)}); + rv->Assign(3, {AdoptRef{}, asn1_integer_to_val(pdu->specific_trap(), TYPE_INT)}); rv->Assign(4, time_ticks_to_val(pdu->time_stamp())); rv->Assign(5, build_bindings(pdu->var_bindings())); return rv; @@ -194,9 +192,9 @@ IntrusivePtr build_trap_pdu(const TrapPDU* pdu) IntrusivePtr build_bulk_pdu(const GetBulkRequestPDU* pdu) { auto rv = make_intrusive(zeek::BifType::Record::SNMP::BulkPDU); - rv->Assign(0, asn1_integer_to_val(pdu->request_id(), TYPE_INT)); - rv->Assign(1, asn1_integer_to_val(pdu->non_repeaters(), TYPE_COUNT)); - rv->Assign(2, asn1_integer_to_val(pdu->max_repititions(), TYPE_COUNT)); + rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(pdu->request_id(), TYPE_INT)}); + rv->Assign(1, {AdoptRef{}, asn1_integer_to_val(pdu->non_repeaters(), TYPE_COUNT)}); + rv->Assign(2, {AdoptRef{}, asn1_integer_to_val(pdu->max_repititions(), TYPE_COUNT)}); rv->Assign(3, build_bindings(pdu->var_bindings())); return rv; } diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index 12fa79634c..e3064e08a0 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -5,14 +5,14 @@ %} %header{ -VectorVal* name_list_to_vector(const bytestring& nl); +IntrusivePtr name_list_to_vector(const bytestring& nl); %} %code{ // Copied from IRC_Analyzer::SplitWords -VectorVal* name_list_to_vector(const bytestring& nl) +IntrusivePtr name_list_to_vector(const bytestring& nl) { - VectorVal* vv = new VectorVal(zeek::id::string_vec); + auto vv = make_intrusive(zeek::id::string_vec); string name_list = std_str(nl); if ( name_list.size() < 1 ) @@ -74,30 +74,30 @@ refine flow SSH_Flow += { result->Assign(0, name_list_to_vector(${msg.kex_algorithms.val})); result->Assign(1, name_list_to_vector(${msg.server_host_key_algorithms.val})); - RecordVal* encryption_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs); + auto encryption_algs = make_intrusive(zeek::BifType::Record::SSH::Algorithm_Prefs); encryption_algs->Assign(0, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val})); encryption_algs->Assign(1, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val})); - result->Assign(2, encryption_algs); + result->Assign(2, std::move(encryption_algs)); - RecordVal* mac_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs); + auto mac_algs = make_intrusive(zeek::BifType::Record::SSH::Algorithm_Prefs); mac_algs->Assign(0, name_list_to_vector(${msg.mac_algorithms_client_to_server.val})); mac_algs->Assign(1, name_list_to_vector(${msg.mac_algorithms_server_to_client.val})); - result->Assign(3, mac_algs); + result->Assign(3, std::move(mac_algs)); - RecordVal* compression_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs); + auto compression_algs = make_intrusive(zeek::BifType::Record::SSH::Algorithm_Prefs); compression_algs->Assign(0, name_list_to_vector(${msg.compression_algorithms_client_to_server.val})); compression_algs->Assign(1, name_list_to_vector(${msg.compression_algorithms_server_to_client.val})); - result->Assign(4, compression_algs); + result->Assign(4, std::move(compression_algs)); if ( ${msg.languages_client_to_server.len} || ${msg.languages_server_to_client.len} ) { - RecordVal* languages = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs); + auto languages = make_intrusive(zeek::BifType::Record::SSH::Algorithm_Prefs); if ( ${msg.languages_client_to_server.len} ) languages->Assign(0, name_list_to_vector(${msg.languages_client_to_server.val})); if ( ${msg.languages_server_to_client.len} ) languages->Assign(1, name_list_to_vector(${msg.languages_server_to_client.val})); - result->Assign(5, languages); + result->Assign(5, std::move(languages)); } diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index 1b42a841b7..427507a8f6 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -393,8 +393,8 @@ refine connection SSH_Conn += { else if ( kex_orig_ == orig ) return false; - VectorVal* client_list = name_list_to_vector(orig ? algs : kex_algs_cache_); - VectorVal* server_list = name_list_to_vector(orig ? kex_algs_cache_ : algs); + auto client_list = name_list_to_vector(orig ? algs : kex_algs_cache_); + auto server_list = name_list_to_vector(orig ? kex_algs_cache_ : algs); for ( unsigned int i = 0; i < client_list->Size(); ++i ) { @@ -406,9 +406,6 @@ refine connection SSH_Conn += { kex_algorithm_.init((const uint8 *) client_list->Lookup(i)->AsStringVal()->Bytes(), client_list->Lookup(i)->AsStringVal()->Len()); - Unref(client_list); - Unref(server_list); - // UNTESTED if ( update_kex_state_if_equal("rsa1024-sha1", KEX_RSA) ) return true; @@ -452,9 +449,6 @@ refine connection SSH_Conn += { } } - Unref(client_list); - Unref(server_list); - return true; %} diff --git a/src/analyzer/protocol/teredo/Teredo.cc b/src/analyzer/protocol/teredo/Teredo.cc index 33df0e10e1..e37ef7d18f 100644 --- a/src/analyzer/protocol/teredo/Teredo.cc +++ b/src/analyzer/protocol/teredo/Teredo.cc @@ -106,7 +106,7 @@ IntrusivePtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const if ( auth ) { - RecordVal* teredo_auth = new RecordVal(teredo_auth_type); + auto teredo_auth = make_intrusive(teredo_auth_type); uint8_t id_len = *((uint8_t*)(auth + 2)); uint8_t au_len = *((uint8_t*)(auth + 3)); uint64_t nonce = ntohll(*((uint64_t*)(auth + 4 + id_len + au_len))); @@ -117,17 +117,17 @@ IntrusivePtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const new BroString(auth + 4 + id_len, au_len, true))); teredo_auth->Assign(2, val_mgr->Count(nonce)); teredo_auth->Assign(3, val_mgr->Count(conf)); - teredo_hdr->Assign(0, teredo_auth); + teredo_hdr->Assign(0, std::move(teredo_auth)); } if ( origin_indication ) { - RecordVal* teredo_origin = new RecordVal(teredo_origin_type); + auto teredo_origin = make_intrusive(teredo_origin_type); uint16_t port = ntohs(*((uint16_t*)(origin_indication + 2))) ^ 0xFFFF; uint32_t addr = ntohl(*((uint32_t*)(origin_indication + 4))) ^ 0xFFFFFFFF; teredo_origin->Assign(0, val_mgr->Port(port, TRANSPORT_UDP)); teredo_origin->Assign(1, make_intrusive(htonl(addr))); - teredo_hdr->Assign(1, teredo_origin); + teredo_hdr->Assign(1, std::move(teredo_origin)); } teredo_hdr->Assign(2, inner->ToPktHdrVal()); diff --git a/src/broker/Store.cc b/src/broker/Store.cc index e763e468ba..fa76c14616 100644 --- a/src/broker/Store.cc +++ b/src/broker/Store.cc @@ -7,7 +7,7 @@ namespace bro_broker { IntrusivePtr opaque_of_store_handle; -EnumVal* query_status(bool success) +IntrusivePtr query_status(bool success) { static EnumType* store_query_status = nullptr; static int success_val; @@ -21,7 +21,7 @@ EnumVal* query_status(bool success) } auto rval = store_query_status->GetVal(success ? success_val : failure_val); - return rval.release(); + return rval; } void StoreHandleVal::ValDescribe(ODesc* d) const diff --git a/src/broker/Store.h b/src/broker/Store.h index be35c78254..7f329126bb 100644 --- a/src/broker/Store.h +++ b/src/broker/Store.h @@ -18,7 +18,7 @@ extern IntrusivePtr opaque_of_store_handle; * @param success whether the query status should be set to success or failure. * @return a Broker::QueryStatus value. */ -EnumVal* query_status(bool success); +IntrusivePtr query_status(bool success); /** * @return a Broker::QueryResult value that has a Broker::QueryStatus indicating diff --git a/src/broker/comm.bif b/src/broker/comm.bif index a8d3ca5389..c49e90801e 100644 --- a/src/broker/comm.bif +++ b/src/broker/comm.bif @@ -103,8 +103,8 @@ function Broker::__peers%(%): PeerInfos const auto& ei = zeek::id::find_type("Broker::EndpointInfo"); const auto& ni = zeek::id::find_type("Broker::NetworkInfo"); auto peer_info = new RecordVal(pi); - auto endpoint_info = new RecordVal(ei); - auto network_info = new RecordVal(ni); + auto endpoint_info = make_intrusive(ei); + auto network_info = make_intrusive(ni); auto n = p.peer.network; if ( n ) @@ -119,10 +119,10 @@ function Broker::__peers%(%): PeerInfos } endpoint_info->Assign(0, make_intrusive(to_string(p.peer.node))); - endpoint_info->Assign(1, network_info); + endpoint_info->Assign(1, std::move(network_info)); auto ps = (BifEnum::Broker::PeerStatus)p.status; - peer_info->Assign(0, endpoint_info); + peer_info->Assign(0, std::move(endpoint_info)); peer_info->Assign(1, zeek::BifType::Enum::Broker::PeerStatus->GetVal(ps)); rval->Assign(i, peer_info); diff --git a/src/broker/data.bif b/src/broker/data.bif index 167cc9ab48..0cdceff2e9 100644 --- a/src/broker/data.bif +++ b/src/broker/data.bif @@ -301,8 +301,8 @@ function Broker::__table_iterator_value%(it: opaque of Broker::TableIterator%): %{ auto ti = static_cast(it); auto rval = make_intrusive(zeek::BifType::Record::Broker::TableItem); - auto key_val = new RecordVal(zeek::BifType::Record::Broker::Data); - auto val_val = new RecordVal(zeek::BifType::Record::Broker::Data); + auto key_val = make_intrusive(zeek::BifType::Record::Broker::Data); + auto val_val = make_intrusive(zeek::BifType::Record::Broker::Data); rval->Assign(0, key_val); rval->Assign(1, val_val); diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 6f931e5d2e..81605e3936 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -21,13 +21,13 @@ using namespace file_analysis; -static Val* empty_connection_table() +static IntrusivePtr empty_connection_table() { auto tbl_index = make_intrusive(zeek::id::conn_id); tbl_index->Append(zeek::id::conn_id); auto tbl_type = make_intrusive(std::move(tbl_index), zeek::id::connection); - return new TableVal(std::move(tbl_type)); + return make_intrusive(std::move(tbl_type)); } static IntrusivePtr get_conn_id_val(const Connection* conn) @@ -133,8 +133,9 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig) if ( ! conns ) { - conns = empty_connection_table(); - val->Assign(conns_idx, conns); + auto ect = empty_connection_table(); + conns = ect.get(); + val->Assign(conns_idx, std::move(ect)); } auto idx = get_conn_id_val(conn); @@ -315,8 +316,8 @@ void File::InferMetadata() return; BroString* bs = concatenate(bof_buffer.chunks); - bof_buffer_val = new StringVal(bs); - val->Assign(bof_buffer_idx, bof_buffer_val); + val->Assign(bof_buffer_idx, bs); + bof_buffer_val = val->Lookup(bof_buffer_idx); } if ( ! FileEventAvailable(file_sniff) ) @@ -332,8 +333,8 @@ void File::InferMetadata() if ( ! matches.empty() ) { - meta->Assign(meta_mime_type_idx, - new StringVal(*(matches.begin()->second.begin()))); + meta->Assign(meta_mime_type_idx, + *(matches.begin()->second.begin())); meta->Assign(meta_mime_types_idx, file_analysis::GenMIMEMatchesVal(matches)); } diff --git a/src/file_analysis/analyzer/pe/pe-analyzer.pac b/src/file_analysis/analyzer/pe/pe-analyzer.pac index f0967dc5ba..cfab9f4c94 100644 --- a/src/file_analysis/analyzer/pe/pe-analyzer.pac +++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac @@ -5,38 +5,42 @@ %} %header{ -VectorVal* process_rvas(const RVAS* rvas); +IntrusivePtr process_rvas(const RVAS* rvas); +IntrusivePtr characteristics_to_bro(uint32_t c, uint8_t len); %} %code{ -VectorVal* process_rvas(const RVAS* rva_table) +IntrusivePtr process_rvas(const RVAS* rva_table) { auto rvas = make_intrusive(zeek::id::index_vec); for ( uint16 i=0; i < rva_table->rvas()->size(); ++i ) rvas->Assign(i, val_mgr->Count((*rva_table->rvas())[i]->size())); - return rvas.release(); + return rvas; + } + +IntrusivePtr characteristics_to_bro(uint32_t c, uint8_t len) + { + uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF; + auto char_set = make_intrusive(zeek::id::count_set); + + for ( uint16 i=0; i < len; ++i ) + { + if ( ((c >> i) & 0x1) == 1 ) + { + auto ch = val_mgr->Count((1<Assign(ch.get(), 0); + } + } + + return char_set; } %} refine flow File += { - function characteristics_to_bro(c: uint32, len: uint8): TableVal - %{ - uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF; - TableVal* char_set = new TableVal(zeek::id::count_set); - for ( uint16 i=0; i < len; ++i ) - { - if ( ((c >> i) & 0x1) == 1 ) - { - auto ch = val_mgr->Count((1<Assign(ch.get(), 0); - } - } - return char_set; - %} function proc_dos_header(h: DOS_Header): bool %{ diff --git a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac index 58077f1635..f395e919d9 100644 --- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac +++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac @@ -7,9 +7,43 @@ #include "IPAddr.h" %} +%code{ +IntrusivePtr binpac::Unified2::Flow::unified2_addr_to_bro_addr(std::vector* a) + { + if ( a->size() == 1 ) + { + return make_intrusive(IPAddr(IPv4, &(a->at(0)), IPAddr::Host)); + } + else if ( a->size() == 4 ) + { + uint32 tmp[4] = { a->at(0), a->at(1), a->at(2), a->at(3) }; + return make_intrusive(IPAddr(IPv6, tmp, IPAddr::Host)); + } + else + { + // Should never reach here. + return make_intrusive(1); + } + } + +IntrusivePtr binpac::Unified2::Flow::to_port(uint16_t n, uint8_t p) + { + TransportProto proto = TRANSPORT_UNKNOWN; + switch ( p ) { + case 1: proto = TRANSPORT_ICMP; break; + case 6: proto = TRANSPORT_TCP; break; + case 17: proto = TRANSPORT_UDP; break; + } + + return val_mgr->Port(n, proto); + } +%} + refine flow Flow += { %member{ + IntrusivePtr unified2_addr_to_bro_addr(std::vector* a); + IntrusivePtr to_port(uint16_t n, uint8_t p); %} %init{ @@ -27,35 +61,6 @@ refine flow Flow += { return t; %} - function unified2_addr_to_bro_addr(a: uint32[]): AddrVal - %{ - if ( a->size() == 1 ) - { - return new AddrVal(IPAddr(IPv4, &(a->at(0)), IPAddr::Host)); - } - else if ( a->size() == 4 ) - { - uint32 tmp[4] = { a->at(0), a->at(1), a->at(2), a->at(3) }; - return new AddrVal(IPAddr(IPv6, tmp, IPAddr::Host)); - } - else - { - // Should never reach here. - return new AddrVal(1); - } - %} - - function to_port(n: uint16, p: uint8): Val - %{ - TransportProto proto = TRANSPORT_UNKNOWN; - switch ( p ) { - case 1: proto = TRANSPORT_ICMP; break; - case 6: proto = TRANSPORT_TCP; break; - case 17: proto = TRANSPORT_UDP; break; - } - - return val_mgr->Port(n, proto)->Ref(); - %} #function proc_record(rec: Record) : bool # %{ diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index 9c5fe8a6d9..5c5cfaaab5 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -336,10 +336,10 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) return; } - VectorVal* names = nullptr; - VectorVal* emails = nullptr; - VectorVal* uris = nullptr; - VectorVal* ips = nullptr; + IntrusivePtr names; + IntrusivePtr emails; + IntrusivePtr uris; + IntrusivePtr ips; bool otherfields = false; @@ -367,21 +367,21 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) { case GEN_DNS: if ( names == nullptr ) - names = new VectorVal(zeek::id::string_vec); + names = make_intrusive(zeek::id::string_vec); names->Assign(names->Size(), bs); break; case GEN_URI: if ( uris == nullptr ) - uris = new VectorVal(zeek::id::string_vec); + uris = make_intrusive(zeek::id::string_vec); uris->Assign(uris->Size(), bs); break; case GEN_EMAIL: if ( emails == nullptr ) - emails = new VectorVal(zeek::id::string_vec); + emails = make_intrusive(zeek::id::string_vec); emails->Assign(emails->Size(), bs); break; @@ -391,7 +391,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) else if ( gen->type == GEN_IPADD ) { if ( ips == nullptr ) - ips = new VectorVal(zeek::id::find_type("addr_vec")); + ips = make_intrusive(zeek::id::find_type("addr_vec")); uint32_t* addr = (uint32_t*) gen->d.ip->data; @@ -439,13 +439,13 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) GENERAL_NAMES_free(altname); } -StringVal* file_analysis::X509::KeyCurve(EVP_PKEY *key) +IntrusivePtr file_analysis::X509::KeyCurve(EVP_PKEY* key) { - assert(key != NULL); + assert(key != nullptr); #ifdef OPENSSL_NO_EC // well, we do not have EC-Support... - return NULL; + return nullptr; #else if ( EVP_PKEY_base_id(key) != EVP_PKEY_EC ) { @@ -468,7 +468,7 @@ StringVal* file_analysis::X509::KeyCurve(EVP_PKEY *key) if ( curve_name == nullptr ) return nullptr; - return new StringVal(curve_name); + return make_intrusive(curve_name); #endif } diff --git a/src/file_analysis/analyzer/x509/X509.h b/src/file_analysis/analyzer/x509/X509.h index c299d55270..98370977c4 100644 --- a/src/file_analysis/analyzer/x509/X509.h +++ b/src/file_analysis/analyzer/x509/X509.h @@ -136,7 +136,7 @@ private: std::string cert_data; // Helpers for ParseCertificate. - static StringVal* KeyCurve(EVP_PKEY *key); + static IntrusivePtr KeyCurve(EVP_PKEY* key); static unsigned int KeyLength(EVP_PKEY *key); /** X509 stores associated with global script-layer values */ inline static std::map x509_stores = std::map(); diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif index aba1042da7..8b90370358 100644 --- a/src/file_analysis/analyzer/x509/functions.bif +++ b/src/file_analysis/analyzer/x509/functions.bif @@ -11,14 +11,14 @@ #include // construct an error record -IntrusivePtr x509_result_record(uint64_t num, const char* reason, Val* chainVector = nullptr) +static IntrusivePtr x509_result_record(uint64_t num, const char* reason, IntrusivePtr chainVector = nullptr) { auto rrecord = make_intrusive(zeek::BifType::Record::X509::Result); rrecord->Assign(0, val_mgr->Int(num)); rrecord->Assign(1, make_intrusive(reason)); if ( chainVector ) - rrecord->Assign(2, chainVector); + rrecord->Assign(2, std::move(chainVector)); return rrecord; } @@ -542,7 +542,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str int result = X509_verify_cert(csc); - VectorVal* chainVector = nullptr; + IntrusivePtr chainVector; if ( result == 1 ) // we have a valid chain. try to get it... { @@ -556,7 +556,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str } int num_certs = sk_X509_num(chain); - chainVector = new VectorVal(zeek::id::find_type("x509_opaque_vector")); + chainVector = make_intrusive(zeek::id::find_type("x509_opaque_vector")); for ( int i = 0; i < num_certs; i++ ) { @@ -578,7 +578,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str x509_verify_chainerror: - auto rrecord = x509_result_record(X509_STORE_CTX_get_error(csc), X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)), chainVector); + auto rrecord = x509_result_record(X509_STORE_CTX_get_error(csc), X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)), std::move(chainVector)); X509_STORE_CTX_cleanup(csc); X509_STORE_CTX_free(csc); diff --git a/src/input/Manager.cc b/src/input/Manager.cc index 993c8804a9..af80e6cbdb 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -1908,7 +1908,7 @@ RecordVal* Manager::ListValToRecordVal(ListVal* list, RecordType *request_type, (*position)++; } - rec->Assign(i, fieldVal->Ref()); + rec->Assign(i, {NewRef{}, fieldVal}); } return rec; @@ -1945,7 +1945,7 @@ RecordVal* Manager::ValueToRecordVal(const Stream* stream, const Value* const *v } if ( fieldVal ) - rec->Assign(i, fieldVal); + rec->Assign(i, {AdoptRef{}, fieldVal}); } return rec; diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index 45aaf02072..75554662cf 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -597,7 +597,7 @@ IntrusivePtr Packet::ToRawPktHdrVal() const static auto raw_pkt_hdr_type = zeek::id::find_type("raw_pkt_hdr"); static auto l2_hdr_type = zeek::id::find_type("l2_hdr"); auto pkt_hdr = make_intrusive(raw_pkt_hdr_type); - RecordVal* l2_hdr = new RecordVal(l2_hdr_type); + auto l2_hdr = make_intrusive(l2_hdr_type); bool is_ethernet = link_type == DLT_EN10MB; @@ -651,7 +651,7 @@ IntrusivePtr Packet::ToRawPktHdrVal() const l2_hdr->Assign(8, zeek::BifType::Enum::layer3_proto->GetVal(l3)); - pkt_hdr->Assign(0, l2_hdr); + pkt_hdr->Assign(0, std::move(l2_hdr)); if ( l3_proto == L3_IPV4 ) { @@ -674,12 +674,12 @@ RecordVal* Packet::BuildPktHdrVal() const return ToRawPktHdrVal().release(); } -Val *Packet::FmtEUI48(const u_char *mac) const +IntrusivePtr Packet::FmtEUI48(const u_char* mac) const { char buf[20]; snprintf(buf, sizeof buf, "%02x:%02x:%02x:%02x:%02x:%02x", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); - return new StringVal(buf); + return make_intrusive(buf); } void Packet::Describe(ODesc* d) const diff --git a/src/iosource/Packet.h b/src/iosource/Packet.h index ce2e3b928a..83b0fddb59 100644 --- a/src/iosource/Packet.h +++ b/src/iosource/Packet.h @@ -225,7 +225,7 @@ private: void Weird(const char* name); // Renders an MAC address into its ASCII representation. - Val* FmtEUI48(const u_char *mac) const; + IntrusivePtr FmtEUI48(const u_char* mac) const; // True if we need to delete associated packet memory upon // destruction. diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index a2773c7c22..811346b766 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -1515,7 +1515,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con // Create the RotationInfo record. auto info = make_intrusive(zeek::BifType::Record::Log::RotationInfo); - info->Assign(0, winfo->type->Ref()); + info->Assign(0, {NewRef{}, winfo->type}); info->Assign(1, make_intrusive(new_name)); info->Assign(2, make_intrusive(winfo->writer->Info().path)); info->Assign(3, make_intrusive(open, TYPE_TIME)); diff --git a/src/supervisor/Supervisor.cc b/src/supervisor/Supervisor.cc index 3004a798c7..ea76fd0a94 100644 --- a/src/supervisor/Supervisor.cc +++ b/src/supervisor/Supervisor.cc @@ -1131,8 +1131,8 @@ IntrusivePtr Supervisor::NodeConfig::ToRecord() const rval->Assign(rt->FieldOffset("scripts"), std::move(scripts_val)); - const auto& tt = rt->GetFieldType("cluster"); - auto cluster_val = new TableVal({NewRef{}, tt->AsTableType()}); + auto tt = rt->GetFieldType("cluster"); + auto cluster_val = make_intrusive(std::move(tt)); rval->Assign(rt->FieldOffset("cluster"), cluster_val); for ( const auto& e : cluster ) @@ -1316,7 +1316,7 @@ IntrusivePtr Supervisor::Status(std::string_view node_name) { auto rval = make_intrusive(zeek::BifType::Record::Supervisor::Status); const auto& tt = zeek::BifType::Record::Supervisor::Status->GetFieldType("nodes"); - auto node_table_val = new TableVal(cast_intrusive(tt)); + auto node_table_val = make_intrusive(cast_intrusive(tt)); rval->Assign(0, node_table_val); if ( node_name.empty() ) diff --git a/src/supervisor/supervisor.bif b/src/supervisor/supervisor.bif index a6ee28ae1b..e0dd3dce3b 100644 --- a/src/supervisor/supervisor.bif +++ b/src/supervisor/supervisor.bif @@ -86,7 +86,7 @@ function Supervisor::__node%(%): Supervisor::NodeConfig builtin_error("not a supervised process"); const auto& rt = zeek::BifType::Record::Supervisor::NodeConfig; auto rval = make_intrusive(rt); - rval->Assign(rt->FieldOffset("name"), new StringVal("")); + rval->Assign(rt->FieldOffset("name"), ""); return rval; } diff --git a/src/util.cc b/src/util.cc index 7b3394e8d7..8fdeee9e12 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1857,10 +1857,10 @@ FILE* rotate_file(const char* name, RecordVal* rotate_info) // Init rotate_info. if ( rotate_info ) { - rotate_info->Assign(0, new StringVal(name)); - rotate_info->Assign(1, new StringVal(newname)); - rotate_info->Assign(2, new Val(network_time, TYPE_TIME)); - rotate_info->Assign(3, new Val(network_time, TYPE_TIME)); + rotate_info->Assign(0, name); + rotate_info->Assign(1, newname); + rotate_info->Assign(2, network_time, TYPE_TIME); + rotate_info->Assign(3, network_time, TYPE_TIME); } return newf; diff --git a/src/zeek.bif b/src/zeek.bif index 685e3e4fdf..6fd13e5139 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -3864,7 +3864,7 @@ static bool mmdb_lookup_asn(const IPAddr& addr, MMDB_lookup_result_s& result) return mmdb_lookup(addr, result, true); } -static Val* mmdb_getvalue(MMDB_entry_data_s* entry_data, int status, +static IntrusivePtr mmdb_getvalue(MMDB_entry_data_s* entry_data, int status, int data_type ) { switch (status) @@ -3875,16 +3875,16 @@ static Val* mmdb_getvalue(MMDB_entry_data_s* entry_data, int status, switch (data_type) { case MMDB_DATA_TYPE_UTF8_STRING: - return new StringVal(entry_data->data_size, - entry_data->utf8_string); + return make_intrusive(entry_data->data_size, + entry_data->utf8_string); break; case MMDB_DATA_TYPE_DOUBLE: - return new Val(entry_data->double_value, TYPE_DOUBLE); + return make_intrusive(entry_data->double_value, TYPE_DOUBLE); break; case MMDB_DATA_TYPE_UINT32: - return val_mgr->Count(entry_data->uint32).release(); + return val_mgr->Count(entry_data->uint32); default: break; @@ -4111,8 +4111,8 @@ function lookup_asn%(a: addr%) : count // Get Autonomous System Number status = MMDB_get_value(&result.entry, &entry_data, "autonomous_system_number", nullptr); - Val* asn = mmdb_getvalue(&entry_data, status, MMDB_DATA_TYPE_UINT32); - return asn == nullptr ? val_mgr->Count(0) : IntrusivePtr{AdoptRef{}, asn}; + auto asn = mmdb_getvalue(&entry_data, status, MMDB_DATA_TYPE_UINT32); + return asn == nullptr ? val_mgr->Count(0) : asn; } #else // not USE_GEOIP