mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 16:18:19 +00:00
Deprecate RecordVal::Assign(int, Val*)
And adapt all usages to the existing overload taking IntrusivePtr.
This commit is contained in:
Jon Siwek
parent
d7ca63c1be
commit
f3d160d034
38 changed files with 366 additions and 332 deletions
3
NEWS
3
NEWS
|
|
@ -191,6 +191,9 @@ Deprecated Functionality
|
|||
|
||||
- ``FuncType::ArgTypes()`` is deprecated, use ``FuncType::ParamList()``.
|
||||
|
||||
- ``RecordVal::Assign(int, Val*)`` is deprecated, use the overload taking
|
||||
``IntrusivePtr``.
|
||||
|
||||
Zeek 3.1.0
|
||||
==========
|
||||
|
||||
|
|
|
|||
|
|
@ -900,7 +900,7 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0,
|
|||
RecordType* rt = t->AsRecordType();
|
||||
int num_fields = rt->NumFields();
|
||||
|
||||
std::vector<Val*> values;
|
||||
std::vector<IntrusivePtr<Val>> values;
|
||||
int i;
|
||||
for ( i = 0; i < num_fields; ++i )
|
||||
{
|
||||
|
|
@ -922,7 +922,7 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0,
|
|||
break;
|
||||
}
|
||||
|
||||
values.push_back(v.release());
|
||||
values.emplace_back(std::move(v));
|
||||
}
|
||||
|
||||
ASSERT(int(values.size()) == num_fields);
|
||||
|
|
@ -930,7 +930,7 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0,
|
|||
auto rv = make_intrusive<RecordVal>(IntrusivePtr{NewRef{}, rt});
|
||||
|
||||
for ( int i = 0; i < num_fields; ++i )
|
||||
rv->Assign(i, values[i]);
|
||||
rv->Assign(i, std::move(values[i]));
|
||||
|
||||
*pval = std::move(rv);
|
||||
kp1 = kp;
|
||||
|
|
|
|||
|
|
@ -724,7 +724,7 @@ IntrusivePtr<Val> DNS_Mgr::BuildMappingVal(DNS_Mapping* dm)
|
|||
r->Assign(3, val_mgr->Bool(dm->Valid()));
|
||||
|
||||
auto h = dm->Host();
|
||||
r->Assign(4, h ? h.release() : new StringVal("<none>"));
|
||||
r->Assign(4, h ? std::move(h) : make_intrusive<StringVal>("<none>"));
|
||||
r->Assign(5, dm->AddrsSet());
|
||||
|
||||
return r;
|
||||
|
|
|
|||
|
|
@ -809,9 +809,6 @@ IntrusivePtr<TableVal> RecordType::GetRecordFieldsVal(const RecordVal* rv) const
|
|||
if ( rv )
|
||||
fv = rv->Lookup(i);
|
||||
|
||||
if ( fv )
|
||||
::Ref(fv);
|
||||
|
||||
bool logged = (fd->attrs && fd->FindAttr(ATTR_LOG) != nullptr);
|
||||
|
||||
auto nr = make_intrusive<RecordVal>(record_field);
|
||||
|
|
@ -819,7 +816,7 @@ IntrusivePtr<TableVal> RecordType::GetRecordFieldsVal(const RecordVal* rv) const
|
|||
string s = container_type_name(ft.get());
|
||||
nr->Assign(0, make_intrusive<StringVal>(s));
|
||||
nr->Assign(1, val_mgr->Bool(logged));
|
||||
nr->Assign(2, fv);
|
||||
nr->Assign(2, {NewRef{}, fv});
|
||||
nr->Assign(3, FieldDefault(i));
|
||||
Val* field_name = new StringVal(FieldName(i));
|
||||
rval->Assign(field_name, std::move(nr));
|
||||
|
|
|
|||
22
src/Val.h
22
src/Val.h
|
|
@ -945,8 +945,30 @@ public:
|
|||
|
||||
IntrusivePtr<Val> SizeVal() const override;
|
||||
|
||||
/**
|
||||
* Assign a value to a record field.
|
||||
* @param field The field index to assign.
|
||||
* @param new_val The value to assign.
|
||||
*/
|
||||
void Assign(int field, IntrusivePtr<Val> new_val);
|
||||
|
||||
/**
|
||||
* Assign a value of type @c T to a record field, as constructed from
|
||||
* the provided arguments.
|
||||
* @param field The field index to assign.
|
||||
* @param args A variable number of arguments to pass to constructor of
|
||||
* type @c T.
|
||||
*/
|
||||
template <class T, class... Ts>
|
||||
void Assign(int field, Ts&&... args)
|
||||
{ Assign(field, make_intrusive<T>(std::forward<Ts>(args)...)); }
|
||||
|
||||
[[deprecated("Remove in v4.1. Assign an IntrusivePtr instead.")]]
|
||||
void Assign(int field, Val* new_val);
|
||||
// Note: the following nullptr method can also go upon removing the above.
|
||||
void Assign(int field, std::nullptr_t)
|
||||
{ Assign(field, IntrusivePtr<Val>{}); }
|
||||
|
||||
Val* Lookup(int field) const; // Does not Ref() value.
|
||||
IntrusivePtr<Val> LookupWithDefault(int field) const;
|
||||
|
||||
|
|
|
|||
|
|
@ -625,11 +625,11 @@ refine casetype OptionValue += {
|
|||
refine flow DHCP_Flow += {
|
||||
function process_client_id_option(v: OptionValue): bool
|
||||
%{
|
||||
RecordVal* client_id = new RecordVal(zeek::BifType::Record::DHCP::ClientID);
|
||||
auto client_id = make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::ClientID);
|
||||
client_id->Assign(0, val_mgr->Count(${v.client_id.hwtype}));
|
||||
client_id->Assign(1, make_intrusive<StringVal>(fmt_mac(${v.client_id.hwaddr}.begin(), ${v.client_id.hwaddr}.length())));
|
||||
|
||||
${context.flow}->options->Assign(19, client_id);
|
||||
${context.flow}->options->Assign(19, std::move(client_id));
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
|
@ -685,14 +685,14 @@ refine casetype OptionValue += {
|
|||
refine flow DHCP_Flow += {
|
||||
function process_client_fqdn_option(v: OptionValue): bool
|
||||
%{
|
||||
RecordVal* client_fqdn = new RecordVal(zeek::BifType::Record::DHCP::ClientFQDN);
|
||||
auto client_fqdn = make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::ClientFQDN);
|
||||
client_fqdn->Assign(0, val_mgr->Count(${v.client_fqdn.flags}));
|
||||
client_fqdn->Assign(1, val_mgr->Count(${v.client_fqdn.rcode1}));
|
||||
client_fqdn->Assign(2, val_mgr->Count(${v.client_fqdn.rcode2}));
|
||||
const char* domain_name = reinterpret_cast<const char*>(${v.client_fqdn.domain_name}.begin());
|
||||
client_fqdn->Assign(3, make_intrusive<StringVal>(${v.client_fqdn.domain_name}.length(), domain_name));
|
||||
|
||||
${context.flow}->options->Assign(21, client_fqdn);
|
||||
${context.flow}->options->Assign(21, std::move(client_fqdn));
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
|
|
|||
|
|
@ -83,9 +83,9 @@ static IntrusivePtr<Val> BuildTraceType(const InformationElement* ie)
|
|||
return val_mgr->Count(ie->trace_type()->value());
|
||||
}
|
||||
|
||||
Val* BuildEndUserAddr(const InformationElement* ie)
|
||||
IntrusivePtr<Val> BuildEndUserAddr(const InformationElement* ie)
|
||||
{
|
||||
RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_end_user_addr);
|
||||
auto ev = make_intrusive<RecordVal>(zeek::BifType::Record::gtp_end_user_addr);
|
||||
ev->Assign(0, val_mgr->Count(ie->end_user_addr()->pdp_type_org()));
|
||||
ev->Assign(1, val_mgr->Count(ie->end_user_addr()->pdp_type_num()));
|
||||
|
||||
|
|
@ -114,23 +114,23 @@ Val* BuildEndUserAddr(const InformationElement* ie)
|
|||
return ev;
|
||||
}
|
||||
|
||||
Val* BuildAccessPointName(const InformationElement* ie)
|
||||
IntrusivePtr<Val> BuildAccessPointName(const InformationElement* ie)
|
||||
{
|
||||
BroString* bs = new BroString((const u_char*) ie->ap_name()->value().data(),
|
||||
ie->ap_name()->value().length(), false);
|
||||
return new StringVal(bs);
|
||||
return make_intrusive<StringVal>(bs);
|
||||
}
|
||||
|
||||
Val* BuildProtoConfigOptions(const InformationElement* ie)
|
||||
IntrusivePtr<Val> BuildProtoConfigOptions(const InformationElement* ie)
|
||||
{
|
||||
const u_char* d = (const u_char*) ie->proto_config_opts()->value().data();
|
||||
int len = ie->proto_config_opts()->value().length();
|
||||
return new StringVal(new BroString(d, len, false));
|
||||
return make_intrusive<StringVal>(new BroString(d, len, false));
|
||||
}
|
||||
|
||||
Val* BuildGSN_Addr(const InformationElement* ie)
|
||||
IntrusivePtr<Val> BuildGSN_Addr(const InformationElement* ie)
|
||||
{
|
||||
RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_gsn_addr);
|
||||
auto ev = make_intrusive<RecordVal>(zeek::BifType::Record::gtp_gsn_addr);
|
||||
|
||||
int len = ie->gsn_addr()->value().length();
|
||||
const uint8* d = ie->gsn_addr()->value().data();
|
||||
|
|
@ -147,16 +147,16 @@ Val* BuildGSN_Addr(const InformationElement* ie)
|
|||
return ev;
|
||||
}
|
||||
|
||||
Val* BuildMSISDN(const InformationElement* ie)
|
||||
IntrusivePtr<Val> BuildMSISDN(const InformationElement* ie)
|
||||
{
|
||||
const u_char* d = (const u_char*) ie->msisdn()->value().data();
|
||||
int len = ie->msisdn()->value().length();
|
||||
return new StringVal(new BroString(d, len, false));
|
||||
return make_intrusive<StringVal>(new BroString(d, len, false));
|
||||
}
|
||||
|
||||
Val* BuildQoS_Profile(const InformationElement* ie)
|
||||
IntrusivePtr<Val> BuildQoS_Profile(const InformationElement* ie)
|
||||
{
|
||||
RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_qos_profile);
|
||||
auto ev = make_intrusive<RecordVal>(zeek::BifType::Record::gtp_qos_profile);
|
||||
|
||||
const u_char* d = (const u_char*) ie->qos_profile()->data().data();
|
||||
int len = ie->qos_profile()->data().length();
|
||||
|
|
@ -167,30 +167,30 @@ Val* BuildQoS_Profile(const InformationElement* ie)
|
|||
return ev;
|
||||
}
|
||||
|
||||
Val* BuildTrafficFlowTemplate(const InformationElement* ie)
|
||||
IntrusivePtr<Val> BuildTrafficFlowTemplate(const InformationElement* ie)
|
||||
{
|
||||
const uint8* d = ie->traffic_flow_template()->value().data();
|
||||
int len = ie->traffic_flow_template()->value().length();
|
||||
return new StringVal(new BroString((const u_char*) d, len, false));
|
||||
return make_intrusive<StringVal>(new BroString((const u_char*) d, len, false));
|
||||
}
|
||||
|
||||
Val* BuildTriggerID(const InformationElement* ie)
|
||||
IntrusivePtr<Val> BuildTriggerID(const InformationElement* ie)
|
||||
{
|
||||
const uint8* d = ie->trigger_id()->value().data();
|
||||
int len = ie->trigger_id()->value().length();
|
||||
return new StringVal(new BroString((const u_char*) d, len, false));
|
||||
return make_intrusive<StringVal>(new BroString((const u_char*) d, len, false));
|
||||
}
|
||||
|
||||
Val* BuildOMC_ID(const InformationElement* ie)
|
||||
IntrusivePtr<Val> BuildOMC_ID(const InformationElement* ie)
|
||||
{
|
||||
const uint8* d = ie->omc_id()->value().data();
|
||||
int len = ie->omc_id()->value().length();
|
||||
return new StringVal(new BroString((const u_char*) d, len, false));
|
||||
return make_intrusive<StringVal>(new BroString((const u_char*) d, len, false));
|
||||
}
|
||||
|
||||
Val* BuildPrivateExt(const InformationElement* ie)
|
||||
IntrusivePtr<Val> BuildPrivateExt(const InformationElement* ie)
|
||||
{
|
||||
RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_private_extension);
|
||||
auto ev = make_intrusive<RecordVal>(zeek::BifType::Record::gtp_private_extension);
|
||||
|
||||
const uint8* d = ie->private_ext()->value().data();
|
||||
int len = ie->private_ext()->value().length();
|
||||
|
|
@ -216,16 +216,16 @@ static IntrusivePtr<Val> BuildChargingID(const InformationElement* ie)
|
|||
return val_mgr->Count(ie->charging_id()->value());;
|
||||
}
|
||||
|
||||
Val* BuildChargingGatewayAddr(const InformationElement* ie)
|
||||
IntrusivePtr<Val> BuildChargingGatewayAddr(const InformationElement* ie)
|
||||
{
|
||||
const uint8* d = ie->charging_gateway_addr()->value().data();
|
||||
int len = ie->charging_gateway_addr()->value().length();
|
||||
if ( len == 4 )
|
||||
return new AddrVal(IPAddr(IPv4, (const uint32*) d, IPAddr::Network));
|
||||
return make_intrusive<AddrVal>(IPAddr(IPv4, (const uint32*) d, IPAddr::Network));
|
||||
else if ( len == 16 )
|
||||
return new AddrVal(IPAddr(IPv6, (const uint32*) d, IPAddr::Network));
|
||||
return make_intrusive<AddrVal>(IPAddr(IPv6, (const uint32*) d, IPAddr::Network));
|
||||
else
|
||||
return 0;
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
static IntrusivePtr<Val> BuildTeardownInd(const InformationElement* ie)
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
%header{
|
||||
RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts);
|
||||
RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer);
|
||||
IntrusivePtr<RecordVal> proc_krb_kdc_options(const KRB_KDC_Options* opts);
|
||||
IntrusivePtr<RecordVal> proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer);
|
||||
|
||||
bool proc_error_arguments(RecordVal* rv, const std::vector<KRB_ERROR_Arg*>* args, int64 error_code);
|
||||
%}
|
||||
|
||||
%code{
|
||||
RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts)
|
||||
IntrusivePtr<RecordVal> proc_krb_kdc_options(const KRB_KDC_Options* opts)
|
||||
{
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::KDC_Options);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::KDC_Options);
|
||||
|
||||
rv->Assign(0, val_mgr->Bool(opts->forwardable()));
|
||||
rv->Assign(1, val_mgr->Bool(opts->forwarded()));
|
||||
|
|
@ -27,12 +27,12 @@ RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts)
|
|||
return rv;
|
||||
}
|
||||
|
||||
RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer)
|
||||
IntrusivePtr<RecordVal> proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer)
|
||||
{
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::KDC_Request);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::KDC_Request);
|
||||
|
||||
rv->Assign(0, asn1_integer_to_val(msg->pvno()->data(), TYPE_COUNT));
|
||||
rv->Assign(1, asn1_integer_to_val(msg->msg_type()->data(), TYPE_COUNT));
|
||||
rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(msg->pvno()->data(), TYPE_COUNT)});
|
||||
rv->Assign(1, {AdoptRef{}, asn1_integer_to_val(msg->msg_type()->data(), TYPE_COUNT)});
|
||||
|
||||
if ( msg->padata()->has_padata() )
|
||||
rv->Assign(2, proc_padata(msg->padata()->padata()->padata(), bro_analyzer, false));
|
||||
|
|
@ -64,7 +64,7 @@ RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_an
|
|||
rv->Assign(9, GetTimeFromAsn1(element->data()->rtime(), 0));
|
||||
break;
|
||||
case 7:
|
||||
rv->Assign(10, asn1_integer_to_val(element->data()->nonce(), TYPE_COUNT));
|
||||
rv->Assign(10, {AdoptRef{}, asn1_integer_to_val(element->data()->nonce(), TYPE_COUNT)});
|
||||
break;
|
||||
case 8:
|
||||
if ( element->data()->etype()->data()->size() )
|
||||
|
|
@ -132,10 +132,10 @@ bool proc_error_arguments(RecordVal* rv, const std::vector<KRB_ERROR_Arg*>* args
|
|||
switch ( (*args)[i]->seq_meta()->index() )
|
||||
{
|
||||
case 0:
|
||||
rv->Assign(0, asn1_integer_to_val((*args)[i]->args()->pvno(), TYPE_COUNT));
|
||||
rv->Assign(0, {AdoptRef{}, asn1_integer_to_val((*args)[i]->args()->pvno(), TYPE_COUNT)});
|
||||
break;
|
||||
case 1:
|
||||
rv->Assign(1, asn1_integer_to_val((*args)[i]->args()->msg_type(), TYPE_COUNT));
|
||||
rv->Assign(1, {AdoptRef{}, asn1_integer_to_val((*args)[i]->args()->msg_type(), TYPE_COUNT)});
|
||||
break;
|
||||
// ctime/stime handled above
|
||||
case 7:
|
||||
|
|
@ -179,8 +179,8 @@ refine connection KRB_Conn += {
|
|||
if ( ! krb_as_request )
|
||||
return false;
|
||||
|
||||
RecordVal* rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer());
|
||||
zeek::BifEvent::enqueue_krb_as_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv});
|
||||
auto rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer());
|
||||
zeek::BifEvent::enqueue_krb_as_request(bro_analyzer(), bro_analyzer()->Conn(), std::move(rv));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -189,8 +189,8 @@ refine connection KRB_Conn += {
|
|||
if ( ! krb_tgs_request )
|
||||
return false;
|
||||
|
||||
RecordVal* rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer());
|
||||
zeek::BifEvent::enqueue_krb_tgs_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv});
|
||||
auto rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer());
|
||||
zeek::BifEvent::enqueue_krb_tgs_request(bro_analyzer(), bro_analyzer()->Conn(), std::move(rv));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -205,8 +205,8 @@ refine connection KRB_Conn += {
|
|||
{
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::KDC_Response);
|
||||
|
||||
rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT));
|
||||
rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT));
|
||||
rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT)});
|
||||
rv->Assign(1, {AdoptRef{}, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT)});
|
||||
|
||||
if ( ${msg.padata.has_padata} )
|
||||
rv->Assign(2, proc_padata(${msg.padata.padata.padata}, bro_analyzer(), false));
|
||||
|
|
@ -246,7 +246,7 @@ refine connection KRB_Conn += {
|
|||
{
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::Error_Msg);
|
||||
proc_error_arguments(rv.get(), ${msg.args1}, 0);
|
||||
rv->Assign(4, asn1_integer_to_val(${msg.error_code}, TYPE_COUNT));
|
||||
rv->Assign(4, {AdoptRef{}, asn1_integer_to_val(${msg.error_code}, TYPE_COUNT)});
|
||||
proc_error_arguments(rv.get(), ${msg.args2}, binary_to_int64(${msg.error_code.encoding.content}));
|
||||
zeek::BifEvent::enqueue_krb_error(bro_analyzer(), bro_analyzer()->Conn(), std::move(rv));
|
||||
}
|
||||
|
|
@ -291,8 +291,8 @@ refine connection KRB_Conn += {
|
|||
{
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::SAFE_Msg);
|
||||
|
||||
rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT));
|
||||
rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT));
|
||||
rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT)});
|
||||
rv->Assign(1, {AdoptRef{}, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT)});
|
||||
|
||||
uint timestamp_i = 0;
|
||||
int64 timestamp_usecs = 0;
|
||||
|
|
@ -325,7 +325,7 @@ refine connection KRB_Conn += {
|
|||
rv->Assign(3, to_stringval(${msg.safe_body.args[i].args.user_data.encoding.content}));
|
||||
break;
|
||||
case 3:
|
||||
rv->Assign(5, asn1_integer_to_val(${msg.safe_body.args[i].args.seq_number}, TYPE_COUNT));
|
||||
rv->Assign(5, {AdoptRef{}, asn1_integer_to_val(${msg.safe_body.args[i].args.seq_number}, TYPE_COUNT)});
|
||||
break;
|
||||
case 4:
|
||||
rv->Assign(6, proc_host_address(bro_analyzer(), ${msg.safe_body.args[i].args.sender_addr}));
|
||||
|
|
|
|||
|
|
@ -7,16 +7,16 @@
|
|||
%}
|
||||
|
||||
%header{
|
||||
VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_analyzer, bool is_error);
|
||||
IntrusivePtr<VectorVal> proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_analyzer, bool is_error);
|
||||
%}
|
||||
|
||||
%code{
|
||||
VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_analyzer, bool is_error)
|
||||
IntrusivePtr<VectorVal> proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_analyzer, bool is_error)
|
||||
{
|
||||
auto vv = make_intrusive<VectorVal>(zeek::id::find_type<VectorType>("KRB::Type_Value_Vector"));
|
||||
|
||||
if ( ! data->data()->has_padata() )
|
||||
return vv.release();
|
||||
return vv;
|
||||
|
||||
for ( uint i = 0; i < data->data()->padata_elems()->size(); ++i)
|
||||
{
|
||||
|
|
@ -119,7 +119,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
|
|||
}
|
||||
}
|
||||
}
|
||||
return vv.release();
|
||||
return vv;
|
||||
}
|
||||
%}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
%header{
|
||||
IntrusivePtr<Val> GetStringFromPrincipalName(const KRB_Principal_Name* pname);
|
||||
|
||||
VectorVal* proc_cipher_list(const Array* list);
|
||||
IntrusivePtr<VectorVal> proc_cipher_list(const Array* list);
|
||||
|
||||
VectorVal* proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses* list);
|
||||
RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr);
|
||||
IntrusivePtr<VectorVal> proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses* list);
|
||||
IntrusivePtr<RecordVal> proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr);
|
||||
|
||||
IntrusivePtr<VectorVal> proc_tickets(const KRB_Ticket_Sequence* list);
|
||||
IntrusivePtr<RecordVal> proc_ticket(const KRB_Ticket* ticket);
|
||||
|
|
@ -25,15 +25,15 @@ IntrusivePtr<Val> GetStringFromPrincipalName(const KRB_Principal_Name* pname)
|
|||
return make_intrusive<StringVal>("unknown");
|
||||
}
|
||||
|
||||
VectorVal* proc_cipher_list(const Array* list)
|
||||
IntrusivePtr<VectorVal> proc_cipher_list(const Array* list)
|
||||
{
|
||||
auto ciphers = make_intrusive<VectorVal>(zeek::id::index_vec);
|
||||
for ( uint i = 0; i < list->data()->size(); ++i )
|
||||
ciphers->Assign(ciphers->Size(), asn1_integer_to_val((*list->data())[i], TYPE_COUNT));
|
||||
return ciphers.release();
|
||||
ciphers->Assign(ciphers->Size(), {AdoptRef{}, asn1_integer_to_val((*list->data())[i], TYPE_COUNT)});
|
||||
return ciphers;
|
||||
}
|
||||
|
||||
VectorVal* proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses* list)
|
||||
IntrusivePtr<VectorVal> proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses* list)
|
||||
{
|
||||
auto addrs = make_intrusive<VectorVal>(zeek::id::find_type<VectorType>("KRB::Host_Address_Vector"));
|
||||
|
||||
|
|
@ -42,12 +42,12 @@ VectorVal* proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses*
|
|||
addrs->Assign(addrs->Size(), proc_host_address(a, (*list->addresses())[i]));
|
||||
}
|
||||
|
||||
return addrs.release();
|
||||
return addrs;
|
||||
}
|
||||
|
||||
RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr)
|
||||
IntrusivePtr<RecordVal> proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr)
|
||||
{
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::Host_Address);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::Host_Address);
|
||||
const auto& addr_bytes = addr->address()->data()->content();
|
||||
|
||||
switch ( binary_to_int64(addr->addr_type()->encoding()->content()) )
|
||||
|
|
@ -85,10 +85,10 @@ RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr)
|
|||
break;
|
||||
}
|
||||
|
||||
RecordVal* unk = new RecordVal(zeek::BifType::Record::KRB::Type_Value);
|
||||
unk->Assign(0, asn1_integer_to_val(addr->addr_type(), TYPE_COUNT));
|
||||
auto unk = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::Type_Value);
|
||||
unk->Assign(0, {AdoptRef{}, asn1_integer_to_val(addr->addr_type(), TYPE_COUNT)});
|
||||
unk->Assign(1, to_stringval(addr_bytes));
|
||||
rv->Assign(2, unk);
|
||||
rv->Assign(2, std::move(unk));
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
|
@ -109,10 +109,10 @@ IntrusivePtr<RecordVal> proc_ticket(const KRB_Ticket* ticket)
|
|||
{
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::Ticket);
|
||||
|
||||
rv->Assign(0, asn1_integer_to_val(ticket->tkt_vno()->data(), TYPE_COUNT));
|
||||
rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(ticket->tkt_vno()->data(), TYPE_COUNT)});
|
||||
rv->Assign(1, to_stringval(ticket->realm()->data()->content()));
|
||||
rv->Assign(2, GetStringFromPrincipalName(ticket->sname()));
|
||||
rv->Assign(3, asn1_integer_to_val(ticket->enc_part()->data()->etype()->data(), TYPE_COUNT));
|
||||
rv->Assign(3, {AdoptRef{}, asn1_integer_to_val(ticket->enc_part()->data()->etype()->data(), TYPE_COUNT)});
|
||||
rv->Assign(4, to_stringval(ticket->enc_part()->data()->ciphertext()->encoding()->content()));
|
||||
|
||||
return rv;
|
||||
|
|
|
|||
|
|
@ -27,8 +27,8 @@ refine flow MQTT_Flow += {
|
|||
m->Assign(0, val_mgr->Bool(${msg.dup}));
|
||||
m->Assign(1, val_mgr->Count(${msg.qos}));
|
||||
m->Assign(2, val_mgr->Bool(${msg.retain}));
|
||||
m->Assign(3, new StringVal(${msg.topic.str}.length(),
|
||||
reinterpret_cast<const char*>(${msg.topic.str}.begin())));
|
||||
m->Assign<StringVal>(3, ${msg.topic.str}.length(),
|
||||
reinterpret_cast<const char*>(${msg.topic.str}.begin()));
|
||||
|
||||
auto len = ${msg.payload}.length();
|
||||
static auto max_payload_size = zeek::id::find("MQTT::max_payload_size");
|
||||
|
|
@ -37,8 +37,8 @@ refine flow MQTT_Flow += {
|
|||
if ( len > static_cast<int>(max) )
|
||||
len = max;
|
||||
|
||||
m->Assign(4, new StringVal(len,
|
||||
reinterpret_cast<const char*>(${msg.payload}.begin())));
|
||||
m->Assign<StringVal>(4, len,
|
||||
reinterpret_cast<const char*>(${msg.payload}.begin()));
|
||||
|
||||
m->Assign(5, val_mgr->Count(${msg.payload}.length()));
|
||||
|
||||
|
|
|
|||
|
|
@ -24,11 +24,11 @@ refine flow MQTT_Flow += {
|
|||
|
||||
for ( auto topic: *${msg.topics} )
|
||||
{
|
||||
auto subscribe_topic = new StringVal(${topic.name.str}.length(),
|
||||
auto subscribe_topic = make_intrusive<StringVal>(${topic.name.str}.length(),
|
||||
reinterpret_cast<const char*>(${topic.name.str}.begin()));
|
||||
auto qos = val_mgr->Count(${topic.requested_QoS});
|
||||
topics->Assign(topics->Size(), subscribe_topic);
|
||||
qos_levels->Assign(qos_levels->Size(), qos);
|
||||
topics->Assign(topics->Size(), std::move(subscribe_topic));
|
||||
qos_levels->Assign(qos_levels->Size(), std::move(qos));
|
||||
}
|
||||
|
||||
zeek::BifEvent::enqueue_mqtt_subscribe(connection()->bro_analyzer(),
|
||||
|
|
|
|||
|
|
@ -18,9 +18,9 @@ refine flow MQTT_Flow += {
|
|||
|
||||
for ( auto topic: *${msg.topics} )
|
||||
{
|
||||
auto unsubscribe_topic = new StringVal(${topic.str}.length(),
|
||||
auto unsubscribe_topic = make_intrusive<StringVal>(${topic.str}.length(),
|
||||
reinterpret_cast<const char*>(${topic.str}.begin()));
|
||||
topics->Assign(topics->Size(), unsubscribe_topic);
|
||||
topics->Assign(topics->Size(), std::move(unsubscribe_topic));
|
||||
}
|
||||
|
||||
zeek::BifEvent::enqueue_mqtt_unsubscribe(connection()->bro_analyzer(),
|
||||
|
|
|
|||
|
|
@ -1,28 +1,64 @@
|
|||
%header{
|
||||
IntrusivePtr<Val> filetime2brotime(uint64_t ts);
|
||||
IntrusivePtr<RecordVal> build_version_record(NTLM_Version* val);
|
||||
IntrusivePtr<RecordVal> build_negotiate_flag_record(NTLM_Negotiate_Flags* val);
|
||||
%}
|
||||
|
||||
refine connection NTLM_Conn += {
|
||||
|
||||
# This is replicated from the SMB analyzer. :(
|
||||
function filetime2brotime(ts: uint64): Val
|
||||
%{
|
||||
%code{
|
||||
// This is replicated from the SMB analyzer. :(
|
||||
IntrusivePtr<Val> filetime2brotime(uint64_t ts)
|
||||
{
|
||||
double secs = (ts / 10000000.0);
|
||||
|
||||
// Bro can't support times back to the 1600's
|
||||
// so we subtract a lot of seconds.
|
||||
Val* bro_ts = new Val(secs - 11644473600.0, TYPE_TIME);
|
||||
auto bro_ts = make_intrusive<Val>(secs - 11644473600.0, TYPE_TIME);
|
||||
|
||||
return bro_ts;
|
||||
%}
|
||||
}
|
||||
|
||||
function build_version_record(val: NTLM_Version): BroVal
|
||||
%{
|
||||
RecordVal* result = new RecordVal(zeek::BifType::Record::NTLM::Version);
|
||||
IntrusivePtr<RecordVal> build_version_record(NTLM_Version* val)
|
||||
{
|
||||
auto result = make_intrusive<RecordVal>(zeek::BifType::Record::NTLM::Version);
|
||||
result->Assign(0, val_mgr->Count(${val.major_version}));
|
||||
result->Assign(1, val_mgr->Count(${val.minor_version}));
|
||||
result->Assign(2, val_mgr->Count(${val.build_number}));
|
||||
result->Assign(3, val_mgr->Count(${val.ntlm_revision}));
|
||||
|
||||
return result;
|
||||
%}
|
||||
}
|
||||
|
||||
IntrusivePtr<RecordVal> build_negotiate_flag_record(NTLM_Negotiate_Flags* val)
|
||||
{
|
||||
auto flags = make_intrusive<RecordVal>(zeek::BifType::Record::NTLM::NegotiateFlags);
|
||||
flags->Assign(0, val_mgr->Bool(${val.negotiate_56}));
|
||||
flags->Assign(1, val_mgr->Bool(${val.negotiate_key_exch}));
|
||||
flags->Assign(2, val_mgr->Bool(${val.negotiate_128}));
|
||||
flags->Assign(3, val_mgr->Bool(${val.negotiate_version}));
|
||||
flags->Assign(4, val_mgr->Bool(${val.negotiate_target_info}));
|
||||
flags->Assign(5, val_mgr->Bool(${val.request_non_nt_session_key}));
|
||||
flags->Assign(6, val_mgr->Bool(${val.negotiate_identify}));
|
||||
flags->Assign(7, val_mgr->Bool(${val.negotiate_extended_sessionsecurity}));
|
||||
flags->Assign(8, val_mgr->Bool(${val.target_type_server}));
|
||||
flags->Assign(9, val_mgr->Bool(${val.target_type_domain}));
|
||||
flags->Assign(10, val_mgr->Bool(${val.negotiate_always_sign}));
|
||||
flags->Assign(11, val_mgr->Bool(${val.negotiate_oem_workstation_supplied}));
|
||||
flags->Assign(12, val_mgr->Bool(${val.negotiate_oem_domain_supplied}));
|
||||
flags->Assign(13, val_mgr->Bool(${val.negotiate_anonymous_connection}));
|
||||
flags->Assign(14, val_mgr->Bool(${val.negotiate_ntlm}));
|
||||
flags->Assign(15, val_mgr->Bool(${val.negotiate_lm_key}));
|
||||
flags->Assign(16, val_mgr->Bool(${val.negotiate_datagram}));
|
||||
flags->Assign(17, val_mgr->Bool(${val.negotiate_seal}));
|
||||
flags->Assign(18, val_mgr->Bool(${val.negotiate_sign}));
|
||||
flags->Assign(19, val_mgr->Bool(${val.request_target}));
|
||||
flags->Assign(20, val_mgr->Bool(${val.negotiate_oem}));
|
||||
flags->Assign(21, val_mgr->Bool(${val.negotiate_unicode}));
|
||||
|
||||
return flags;
|
||||
}
|
||||
%}
|
||||
|
||||
refine connection NTLM_Conn += {
|
||||
|
||||
function build_av_record(val: NTLM_AV_Pair_Sequence, len: uint16): BroVal
|
||||
%{
|
||||
|
|
@ -76,35 +112,6 @@ refine connection NTLM_Conn += {
|
|||
return result;
|
||||
%}
|
||||
|
||||
function build_negotiate_flag_record(val: NTLM_Negotiate_Flags): BroVal
|
||||
%{
|
||||
RecordVal* flags = new RecordVal(zeek::BifType::Record::NTLM::NegotiateFlags);
|
||||
flags->Assign(0, val_mgr->Bool(${val.negotiate_56}));
|
||||
flags->Assign(1, val_mgr->Bool(${val.negotiate_key_exch}));
|
||||
flags->Assign(2, val_mgr->Bool(${val.negotiate_128}));
|
||||
flags->Assign(3, val_mgr->Bool(${val.negotiate_version}));
|
||||
flags->Assign(4, val_mgr->Bool(${val.negotiate_target_info}));
|
||||
flags->Assign(5, val_mgr->Bool(${val.request_non_nt_session_key}));
|
||||
flags->Assign(6, val_mgr->Bool(${val.negotiate_identify}));
|
||||
flags->Assign(7, val_mgr->Bool(${val.negotiate_extended_sessionsecurity}));
|
||||
flags->Assign(8, val_mgr->Bool(${val.target_type_server}));
|
||||
flags->Assign(9, val_mgr->Bool(${val.target_type_domain}));
|
||||
flags->Assign(10, val_mgr->Bool(${val.negotiate_always_sign}));
|
||||
flags->Assign(11, val_mgr->Bool(${val.negotiate_oem_workstation_supplied}));
|
||||
flags->Assign(12, val_mgr->Bool(${val.negotiate_oem_domain_supplied}));
|
||||
flags->Assign(13, val_mgr->Bool(${val.negotiate_anonymous_connection}));
|
||||
flags->Assign(14, val_mgr->Bool(${val.negotiate_ntlm}));
|
||||
flags->Assign(15, val_mgr->Bool(${val.negotiate_lm_key}));
|
||||
flags->Assign(16, val_mgr->Bool(${val.negotiate_datagram}));
|
||||
flags->Assign(17, val_mgr->Bool(${val.negotiate_seal}));
|
||||
flags->Assign(18, val_mgr->Bool(${val.negotiate_sign}));
|
||||
flags->Assign(19, val_mgr->Bool(${val.request_target}));
|
||||
flags->Assign(20, val_mgr->Bool(${val.negotiate_oem}));
|
||||
flags->Assign(21, val_mgr->Bool(${val.negotiate_unicode}));
|
||||
|
||||
return flags;
|
||||
%}
|
||||
|
||||
function proc_ntlm_negotiate(val: NTLM_Negotiate): bool
|
||||
%{
|
||||
if ( ! ntlm_negotiate )
|
||||
|
|
@ -144,7 +151,7 @@ refine connection NTLM_Conn += {
|
|||
result->Assign(2, build_version_record(${val.version}));
|
||||
|
||||
if ( ${val}->has_target_info() )
|
||||
result->Assign(3, build_av_record(${val.target_info}, ${val.target_info_fields.length}));
|
||||
result->Assign(3, {AdoptRef{}, build_av_record(${val.target_info}, ${val.target_info_fields.length})});
|
||||
|
||||
zeek::BifEvent::enqueue_ntlm_challenge(bro_analyzer(),
|
||||
bro_analyzer()->Conn(),
|
||||
|
|
|
|||
|
|
@ -8,34 +8,33 @@
|
|||
%}
|
||||
|
||||
%header{
|
||||
Val* proc_ntp_short(const NTP_Short_Time* t);
|
||||
Val* proc_ntp_timestamp(const NTP_Time* t);
|
||||
IntrusivePtr<Val> proc_ntp_short(const NTP_Short_Time* t);
|
||||
IntrusivePtr<Val> proc_ntp_timestamp(const NTP_Time* t);
|
||||
IntrusivePtr<RecordVal> BuildNTPStdMsg(NTP_std_msg* nsm);
|
||||
IntrusivePtr<RecordVal> BuildNTPControlMsg(NTP_control_msg* ncm);
|
||||
IntrusivePtr<RecordVal> BuildNTPMode7Msg(NTP_mode7_msg* m7);
|
||||
%}
|
||||
|
||||
|
||||
%code{
|
||||
Val* proc_ntp_short(const NTP_Short_Time* t)
|
||||
IntrusivePtr<Val> proc_ntp_short(const NTP_Short_Time* t)
|
||||
{
|
||||
if ( t->seconds() == 0 && t->fractions() == 0 )
|
||||
return new Val(0.0, TYPE_INTERVAL);
|
||||
return new Val(t->seconds() + t->fractions()*FRAC_16, TYPE_INTERVAL);
|
||||
return make_intrusive<Val>(0.0, TYPE_INTERVAL);
|
||||
return make_intrusive<Val>(t->seconds() + t->fractions()*FRAC_16, TYPE_INTERVAL);
|
||||
}
|
||||
|
||||
Val* proc_ntp_timestamp(const NTP_Time* t)
|
||||
IntrusivePtr<Val> proc_ntp_timestamp(const NTP_Time* t)
|
||||
{
|
||||
if ( t->seconds() == 0 && t->fractions() == 0)
|
||||
return new Val(0.0, TYPE_TIME);
|
||||
return new Val(EPOCH_OFFSET + t->seconds() + t->fractions()*FRAC_32, TYPE_TIME);
|
||||
return make_intrusive<Val>(0.0, TYPE_TIME);
|
||||
return make_intrusive<Val>(EPOCH_OFFSET + t->seconds() + t->fractions()*FRAC_32, TYPE_TIME);
|
||||
}
|
||||
%}
|
||||
|
||||
|
||||
refine flow NTP_Flow += {
|
||||
|
||||
# This builds the standard msg record
|
||||
function BuildNTPStdMsg(nsm: NTP_std_msg): BroVal
|
||||
%{
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::StandardMessage);
|
||||
// This builds the standard msg record
|
||||
IntrusivePtr<RecordVal> BuildNTPStdMsg(NTP_std_msg* nsm)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::NTP::StandardMessage);
|
||||
|
||||
rv->Assign(0, val_mgr->Count(${nsm.stratum}));
|
||||
rv->Assign(1, make_intrusive<Val>(pow(2, ${nsm.poll}), TYPE_INTERVAL));
|
||||
|
|
@ -83,12 +82,12 @@ refine flow NTP_Flow += {
|
|||
}
|
||||
|
||||
return rv;
|
||||
%}
|
||||
}
|
||||
|
||||
# This builds the control msg record
|
||||
function BuildNTPControlMsg(ncm: NTP_control_msg): BroVal
|
||||
%{
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::ControlMessage);
|
||||
// This builds the control msg record
|
||||
IntrusivePtr<RecordVal> BuildNTPControlMsg(NTP_control_msg* ncm)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::NTP::ControlMessage);
|
||||
|
||||
rv->Assign(0, val_mgr->Count(${ncm.OpCode}));
|
||||
rv->Assign(1, val_mgr->Bool(${ncm.R}));
|
||||
|
|
@ -108,12 +107,12 @@ refine flow NTP_Flow += {
|
|||
}
|
||||
|
||||
return rv;
|
||||
%}
|
||||
}
|
||||
|
||||
# This builds the mode7 msg record
|
||||
function BuildNTPMode7Msg(m7: NTP_mode7_msg): BroVal
|
||||
%{
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::Mode7Message);
|
||||
// This builds the mode7 msg record
|
||||
IntrusivePtr<RecordVal> BuildNTPMode7Msg(NTP_mode7_msg* m7)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::NTP::Mode7Message);
|
||||
|
||||
rv->Assign(0, val_mgr->Count(${m7.request_code}));
|
||||
rv->Assign(1, val_mgr->Bool(${m7.auth_bit}));
|
||||
|
|
@ -125,7 +124,11 @@ refine flow NTP_Flow += {
|
|||
rv->Assign(5, to_stringval(${m7.data}));
|
||||
|
||||
return rv;
|
||||
%}
|
||||
}
|
||||
%}
|
||||
|
||||
|
||||
refine flow NTP_Flow += {
|
||||
|
||||
|
||||
function proc_ntp_message(msg: NTP_PDU): bool
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ refine flow RADIUS_Flow += {
|
|||
|
||||
if ( ${msg.attributes}->size() )
|
||||
{
|
||||
TableVal* attributes = new TableVal(zeek::BifType::Table::RADIUS::Attributes);
|
||||
auto attributes = make_intrusive<TableVal>(zeek::BifType::Table::RADIUS::Attributes);
|
||||
|
||||
for ( uint i = 0; i < ${msg.attributes}->size(); ++i )
|
||||
{
|
||||
|
|
@ -38,7 +38,7 @@ refine flow RADIUS_Flow += {
|
|||
}
|
||||
}
|
||||
|
||||
result->Assign(3, attributes);
|
||||
result->Assign(3, std::move(attributes));
|
||||
}
|
||||
|
||||
zeek::BifEvent::enqueue_radius_message(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), std::move(result));
|
||||
|
|
|
|||
|
|
@ -8,13 +8,13 @@
|
|||
%}
|
||||
|
||||
%header{
|
||||
AddrVal* network_address_to_val(const ASN1Encoding* na);
|
||||
AddrVal* network_address_to_val(const NetworkAddress* na);
|
||||
Val* asn1_obj_to_val(const ASN1Encoding* obj);
|
||||
IntrusivePtr<AddrVal> network_address_to_val(const ASN1Encoding* na);
|
||||
IntrusivePtr<AddrVal> network_address_to_val(const NetworkAddress* na);
|
||||
IntrusivePtr<Val> asn1_obj_to_val(const ASN1Encoding* obj);
|
||||
|
||||
IntrusivePtr<RecordVal> build_hdr(const Header* header);
|
||||
RecordVal* build_hdrV3(const Header* header);
|
||||
VectorVal* build_bindings(const VarBindList* vbl);
|
||||
IntrusivePtr<RecordVal> build_hdrV3(const Header* header);
|
||||
IntrusivePtr<VectorVal> build_bindings(const VarBindList* vbl);
|
||||
IntrusivePtr<RecordVal> build_pdu(const CommonPDU* pdu);
|
||||
IntrusivePtr<RecordVal> build_trap_pdu(const TrapPDU* pdu);
|
||||
IntrusivePtr<RecordVal> build_bulk_pdu(const GetBulkRequestPDU* pdu);
|
||||
|
|
@ -22,12 +22,12 @@ IntrusivePtr<RecordVal> build_bulk_pdu(const GetBulkRequestPDU* pdu);
|
|||
|
||||
%code{
|
||||
|
||||
AddrVal* network_address_to_val(const NetworkAddress* na)
|
||||
IntrusivePtr<AddrVal> network_address_to_val(const NetworkAddress* na)
|
||||
{
|
||||
return network_address_to_val(na->encoding());
|
||||
}
|
||||
|
||||
AddrVal* network_address_to_val(const ASN1Encoding* na)
|
||||
IntrusivePtr<AddrVal> network_address_to_val(const ASN1Encoding* na)
|
||||
{
|
||||
bytestring const& bs = na->content();
|
||||
|
||||
|
|
@ -35,16 +35,16 @@ AddrVal* network_address_to_val(const ASN1Encoding* na)
|
|||
// but standards don't seem to currently make any provisions for IPv6,
|
||||
// so ignore anything that can't be IPv4.
|
||||
if ( bs.length() != 4 )
|
||||
return new AddrVal(IPAddr());
|
||||
return make_intrusive<AddrVal>(IPAddr());
|
||||
|
||||
const u_char* data = reinterpret_cast<const u_char*>(bs.data());
|
||||
uint32 network_order = extract_uint32(data);
|
||||
return new AddrVal(ntohl(network_order));
|
||||
return make_intrusive<AddrVal>(ntohl(network_order));
|
||||
}
|
||||
|
||||
Val* asn1_obj_to_val(const ASN1Encoding* obj)
|
||||
IntrusivePtr<Val> asn1_obj_to_val(const ASN1Encoding* obj)
|
||||
{
|
||||
RecordVal* rval = new RecordVal(zeek::BifType::Record::SNMP::ObjectValue);
|
||||
IntrusivePtr<RecordVal> rval = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::ObjectValue);
|
||||
uint8 tag = obj->meta()->tag();
|
||||
|
||||
rval->Assign(0, val_mgr->Count(tag));
|
||||
|
|
@ -57,18 +57,18 @@ Val* asn1_obj_to_val(const ASN1Encoding* obj)
|
|||
break;
|
||||
|
||||
case ASN1_OBJECT_IDENTIFIER_TAG:
|
||||
rval->Assign(1, asn1_oid_to_val(obj));
|
||||
rval->Assign(1, {AdoptRef{}, asn1_oid_to_val(obj)});
|
||||
break;
|
||||
|
||||
case ASN1_INTEGER_TAG:
|
||||
rval->Assign(2, asn1_integer_to_val(obj, TYPE_INT));
|
||||
rval->Assign(2, {AdoptRef{}, asn1_integer_to_val(obj, TYPE_INT)});
|
||||
break;
|
||||
|
||||
case APP_COUNTER32_TAG:
|
||||
case APP_UNSIGNED32_TAG:
|
||||
case APP_TIMETICKS_TAG:
|
||||
case APP_COUNTER64_TAG:
|
||||
rval->Assign(3, asn1_integer_to_val(obj, TYPE_COUNT));
|
||||
rval->Assign(3, {AdoptRef{}, asn1_integer_to_val(obj, TYPE_COUNT)});
|
||||
break;
|
||||
|
||||
case APP_IPADDRESS_TAG:
|
||||
|
|
@ -78,16 +78,16 @@ Val* asn1_obj_to_val(const ASN1Encoding* obj)
|
|||
case ASN1_OCTET_STRING_TAG:
|
||||
case APP_OPAQUE_TAG:
|
||||
default:
|
||||
rval->Assign(5, asn1_octet_string_to_val(obj));
|
||||
rval->Assign(5, {AdoptRef{}, asn1_octet_string_to_val(obj)});
|
||||
break;
|
||||
}
|
||||
|
||||
return rval;
|
||||
}
|
||||
|
||||
Val* time_ticks_to_val(const TimeTicks* tt)
|
||||
IntrusivePtr<Val> time_ticks_to_val(const TimeTicks* tt)
|
||||
{
|
||||
return asn1_integer_to_val(tt->asn1_integer(), TYPE_COUNT);
|
||||
return {AdoptRef{}, asn1_integer_to_val(tt->asn1_integer(), TYPE_COUNT)};
|
||||
}
|
||||
|
||||
IntrusivePtr<RecordVal> build_hdr(const Header* header)
|
||||
|
|
@ -98,17 +98,17 @@ IntrusivePtr<RecordVal> build_hdr(const Header* header)
|
|||
switch ( header->version() ) {
|
||||
case SNMPV1_TAG:
|
||||
{
|
||||
RecordVal* v1 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV1);
|
||||
v1->Assign(0, asn1_octet_string_to_val(header->v1()->community()));
|
||||
rv->Assign(1, v1);
|
||||
auto v1 = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::HeaderV1);
|
||||
v1->Assign(0, {AdoptRef{}, asn1_octet_string_to_val(header->v1()->community())});
|
||||
rv->Assign(1, std::move(v1));
|
||||
}
|
||||
break;
|
||||
|
||||
case SNMPV2_TAG:
|
||||
{
|
||||
RecordVal* v2 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV2);
|
||||
v2->Assign(0, asn1_octet_string_to_val(header->v2()->community()));
|
||||
rv->Assign(2, v2);
|
||||
auto v2 = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::HeaderV2);
|
||||
v2->Assign(0, {AdoptRef{}, asn1_octet_string_to_val(header->v2()->community())});
|
||||
rv->Assign(2, std::move(v2));
|
||||
}
|
||||
break;
|
||||
|
||||
|
|
@ -122,59 +122,57 @@ IntrusivePtr<RecordVal> build_hdr(const Header* header)
|
|||
return rv;
|
||||
}
|
||||
|
||||
RecordVal* build_hdrV3(const Header* header)
|
||||
IntrusivePtr<RecordVal> build_hdrV3(const Header* header)
|
||||
{
|
||||
RecordVal* v3 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV3);
|
||||
auto v3 = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::HeaderV3);
|
||||
const v3Header* v3hdr = header->v3();
|
||||
const v3HeaderData* global_data = v3hdr->global_data();
|
||||
bytestring const& flags = global_data->flags()->encoding()->content();
|
||||
uint8 flags_byte = flags.length() > 0 ? flags[0] : 0;
|
||||
|
||||
v3->Assign(0, asn1_integer_to_val(global_data->id(), TYPE_COUNT));
|
||||
v3->Assign(1, asn1_integer_to_val(global_data->max_size(),
|
||||
TYPE_COUNT));
|
||||
v3->Assign(0, {AdoptRef{}, asn1_integer_to_val(global_data->id(), TYPE_COUNT)});
|
||||
v3->Assign(1, {AdoptRef{}, asn1_integer_to_val(global_data->max_size(), TYPE_COUNT)});
|
||||
v3->Assign(2, val_mgr->Count(flags_byte));
|
||||
v3->Assign(3, val_mgr->Bool(flags_byte & 0x01));
|
||||
v3->Assign(4, val_mgr->Bool(flags_byte & 0x02));
|
||||
v3->Assign(5, val_mgr->Bool(flags_byte & 0x04));
|
||||
v3->Assign(6, asn1_integer_to_val(global_data->security_model(),
|
||||
TYPE_COUNT));
|
||||
v3->Assign(7, asn1_octet_string_to_val(v3hdr->security_parameters()));
|
||||
v3->Assign(6, {AdoptRef{}, asn1_integer_to_val(global_data->security_model(), TYPE_COUNT)});
|
||||
v3->Assign(7, {AdoptRef{}, asn1_octet_string_to_val(v3hdr->security_parameters())});
|
||||
|
||||
if ( v3hdr->next()->tag() == ASN1_SEQUENCE_TAG )
|
||||
{
|
||||
const v3ScopedPDU* spdu = v3hdr->plaintext_pdu();
|
||||
RecordVal* rv = new RecordVal(zeek::BifType::Record::SNMP::ScopedPDU_Context);
|
||||
rv->Assign(0, asn1_octet_string_to_val(spdu->context_engine_id()));
|
||||
rv->Assign(1, asn1_octet_string_to_val(spdu->context_name()));
|
||||
v3->Assign(8, rv);
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::ScopedPDU_Context);
|
||||
rv->Assign(0, {AdoptRef{}, asn1_octet_string_to_val(spdu->context_engine_id())});
|
||||
rv->Assign(1, {AdoptRef{}, asn1_octet_string_to_val(spdu->context_name())});
|
||||
v3->Assign(8, std::move(rv));
|
||||
}
|
||||
|
||||
return v3;
|
||||
}
|
||||
|
||||
VectorVal* build_bindings(const VarBindList* vbl)
|
||||
IntrusivePtr<VectorVal> build_bindings(const VarBindList* vbl)
|
||||
{
|
||||
auto vv = make_intrusive<VectorVal>(zeek::BifType::Vector::SNMP::Bindings);
|
||||
|
||||
for ( size_t i = 0; i < vbl->bindings()->size(); ++i )
|
||||
{
|
||||
VarBind* vb = (*vbl->bindings())[i];
|
||||
RecordVal* binding = new RecordVal(zeek::BifType::Record::SNMP::Binding);
|
||||
binding->Assign(0, asn1_oid_to_val(vb->name()->oid()));
|
||||
auto binding = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::Binding);
|
||||
binding->Assign(0, {AdoptRef{}, asn1_oid_to_val(vb->name()->oid())});
|
||||
binding->Assign(1, asn1_obj_to_val(vb->value()->encoding()));
|
||||
vv->Assign(i, binding);
|
||||
vv->Assign(i, std::move(binding));
|
||||
}
|
||||
|
||||
return vv.release();
|
||||
return vv;
|
||||
}
|
||||
|
||||
IntrusivePtr<RecordVal> build_pdu(const CommonPDU* pdu)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::PDU);
|
||||
rv->Assign(0, asn1_integer_to_val(pdu->request_id(), TYPE_INT));
|
||||
rv->Assign(1, asn1_integer_to_val(pdu->error_status(), TYPE_INT));
|
||||
rv->Assign(2, asn1_integer_to_val(pdu->error_index(), TYPE_INT));
|
||||
rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(pdu->request_id(), TYPE_INT)});
|
||||
rv->Assign(1, {AdoptRef{}, asn1_integer_to_val(pdu->error_status(), TYPE_INT)});
|
||||
rv->Assign(2, {AdoptRef{}, asn1_integer_to_val(pdu->error_index(), TYPE_INT)});
|
||||
rv->Assign(3, build_bindings(pdu->var_bindings()));
|
||||
return rv;
|
||||
}
|
||||
|
|
@ -182,10 +180,10 @@ IntrusivePtr<RecordVal> build_pdu(const CommonPDU* pdu)
|
|||
IntrusivePtr<RecordVal> build_trap_pdu(const TrapPDU* pdu)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::TrapPDU);
|
||||
rv->Assign(0, asn1_oid_to_val(pdu->enterprise()));
|
||||
rv->Assign(0, {AdoptRef{}, asn1_oid_to_val(pdu->enterprise())});
|
||||
rv->Assign(1, network_address_to_val(pdu->agent_addr()));
|
||||
rv->Assign(2, asn1_integer_to_val(pdu->generic_trap(), TYPE_INT));
|
||||
rv->Assign(3, asn1_integer_to_val(pdu->specific_trap(), TYPE_INT));
|
||||
rv->Assign(2, {AdoptRef{}, asn1_integer_to_val(pdu->generic_trap(), TYPE_INT)});
|
||||
rv->Assign(3, {AdoptRef{}, asn1_integer_to_val(pdu->specific_trap(), TYPE_INT)});
|
||||
rv->Assign(4, time_ticks_to_val(pdu->time_stamp()));
|
||||
rv->Assign(5, build_bindings(pdu->var_bindings()));
|
||||
return rv;
|
||||
|
|
@ -194,9 +192,9 @@ IntrusivePtr<RecordVal> build_trap_pdu(const TrapPDU* pdu)
|
|||
IntrusivePtr<RecordVal> build_bulk_pdu(const GetBulkRequestPDU* pdu)
|
||||
{
|
||||
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::BulkPDU);
|
||||
rv->Assign(0, asn1_integer_to_val(pdu->request_id(), TYPE_INT));
|
||||
rv->Assign(1, asn1_integer_to_val(pdu->non_repeaters(), TYPE_COUNT));
|
||||
rv->Assign(2, asn1_integer_to_val(pdu->max_repititions(), TYPE_COUNT));
|
||||
rv->Assign(0, {AdoptRef{}, asn1_integer_to_val(pdu->request_id(), TYPE_INT)});
|
||||
rv->Assign(1, {AdoptRef{}, asn1_integer_to_val(pdu->non_repeaters(), TYPE_COUNT)});
|
||||
rv->Assign(2, {AdoptRef{}, asn1_integer_to_val(pdu->max_repititions(), TYPE_COUNT)});
|
||||
rv->Assign(3, build_bindings(pdu->var_bindings()));
|
||||
return rv;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,14 +5,14 @@
|
|||
%}
|
||||
|
||||
%header{
|
||||
VectorVal* name_list_to_vector(const bytestring& nl);
|
||||
IntrusivePtr<VectorVal> name_list_to_vector(const bytestring& nl);
|
||||
%}
|
||||
|
||||
%code{
|
||||
// Copied from IRC_Analyzer::SplitWords
|
||||
VectorVal* name_list_to_vector(const bytestring& nl)
|
||||
IntrusivePtr<VectorVal> name_list_to_vector(const bytestring& nl)
|
||||
{
|
||||
VectorVal* vv = new VectorVal(zeek::id::string_vec);
|
||||
auto vv = make_intrusive<VectorVal>(zeek::id::string_vec);
|
||||
|
||||
string name_list = std_str(nl);
|
||||
if ( name_list.size() < 1 )
|
||||
|
|
@ -74,30 +74,30 @@ refine flow SSH_Flow += {
|
|||
result->Assign(0, name_list_to_vector(${msg.kex_algorithms.val}));
|
||||
result->Assign(1, name_list_to_vector(${msg.server_host_key_algorithms.val}));
|
||||
|
||||
RecordVal* encryption_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
auto encryption_algs = make_intrusive<RecordVal>(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
encryption_algs->Assign(0, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val}));
|
||||
encryption_algs->Assign(1, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val}));
|
||||
result->Assign(2, encryption_algs);
|
||||
result->Assign(2, std::move(encryption_algs));
|
||||
|
||||
RecordVal* mac_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
auto mac_algs = make_intrusive<RecordVal>(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
mac_algs->Assign(0, name_list_to_vector(${msg.mac_algorithms_client_to_server.val}));
|
||||
mac_algs->Assign(1, name_list_to_vector(${msg.mac_algorithms_server_to_client.val}));
|
||||
result->Assign(3, mac_algs);
|
||||
result->Assign(3, std::move(mac_algs));
|
||||
|
||||
RecordVal* compression_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
auto compression_algs = make_intrusive<RecordVal>(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
compression_algs->Assign(0, name_list_to_vector(${msg.compression_algorithms_client_to_server.val}));
|
||||
compression_algs->Assign(1, name_list_to_vector(${msg.compression_algorithms_server_to_client.val}));
|
||||
result->Assign(4, compression_algs);
|
||||
result->Assign(4, std::move(compression_algs));
|
||||
|
||||
if ( ${msg.languages_client_to_server.len} || ${msg.languages_server_to_client.len} )
|
||||
{
|
||||
RecordVal* languages = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
auto languages = make_intrusive<RecordVal>(zeek::BifType::Record::SSH::Algorithm_Prefs);
|
||||
if ( ${msg.languages_client_to_server.len} )
|
||||
languages->Assign(0, name_list_to_vector(${msg.languages_client_to_server.val}));
|
||||
if ( ${msg.languages_server_to_client.len} )
|
||||
languages->Assign(1, name_list_to_vector(${msg.languages_server_to_client.val}));
|
||||
|
||||
result->Assign(5, languages);
|
||||
result->Assign(5, std::move(languages));
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -393,8 +393,8 @@ refine connection SSH_Conn += {
|
|||
else if ( kex_orig_ == orig )
|
||||
return false;
|
||||
|
||||
VectorVal* client_list = name_list_to_vector(orig ? algs : kex_algs_cache_);
|
||||
VectorVal* server_list = name_list_to_vector(orig ? kex_algs_cache_ : algs);
|
||||
auto client_list = name_list_to_vector(orig ? algs : kex_algs_cache_);
|
||||
auto server_list = name_list_to_vector(orig ? kex_algs_cache_ : algs);
|
||||
|
||||
for ( unsigned int i = 0; i < client_list->Size(); ++i )
|
||||
{
|
||||
|
|
@ -406,9 +406,6 @@ refine connection SSH_Conn += {
|
|||
kex_algorithm_.init((const uint8 *) client_list->Lookup(i)->AsStringVal()->Bytes(),
|
||||
client_list->Lookup(i)->AsStringVal()->Len());
|
||||
|
||||
Unref(client_list);
|
||||
Unref(server_list);
|
||||
|
||||
// UNTESTED
|
||||
if ( update_kex_state_if_equal("rsa1024-sha1", KEX_RSA) )
|
||||
return true;
|
||||
|
|
@ -452,9 +449,6 @@ refine connection SSH_Conn += {
|
|||
}
|
||||
}
|
||||
|
||||
Unref(client_list);
|
||||
Unref(server_list);
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ IntrusivePtr<RecordVal> TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
|
|||
|
||||
if ( auth )
|
||||
{
|
||||
RecordVal* teredo_auth = new RecordVal(teredo_auth_type);
|
||||
auto teredo_auth = make_intrusive<RecordVal>(teredo_auth_type);
|
||||
uint8_t id_len = *((uint8_t*)(auth + 2));
|
||||
uint8_t au_len = *((uint8_t*)(auth + 3));
|
||||
uint64_t nonce = ntohll(*((uint64_t*)(auth + 4 + id_len + au_len)));
|
||||
|
|
@ -117,17 +117,17 @@ IntrusivePtr<RecordVal> TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
|
|||
new BroString(auth + 4 + id_len, au_len, true)));
|
||||
teredo_auth->Assign(2, val_mgr->Count(nonce));
|
||||
teredo_auth->Assign(3, val_mgr->Count(conf));
|
||||
teredo_hdr->Assign(0, teredo_auth);
|
||||
teredo_hdr->Assign(0, std::move(teredo_auth));
|
||||
}
|
||||
|
||||
if ( origin_indication )
|
||||
{
|
||||
RecordVal* teredo_origin = new RecordVal(teredo_origin_type);
|
||||
auto teredo_origin = make_intrusive<RecordVal>(teredo_origin_type);
|
||||
uint16_t port = ntohs(*((uint16_t*)(origin_indication + 2))) ^ 0xFFFF;
|
||||
uint32_t addr = ntohl(*((uint32_t*)(origin_indication + 4))) ^ 0xFFFFFFFF;
|
||||
teredo_origin->Assign(0, val_mgr->Port(port, TRANSPORT_UDP));
|
||||
teredo_origin->Assign(1, make_intrusive<AddrVal>(htonl(addr)));
|
||||
teredo_hdr->Assign(1, teredo_origin);
|
||||
teredo_hdr->Assign(1, std::move(teredo_origin));
|
||||
}
|
||||
|
||||
teredo_hdr->Assign(2, inner->ToPktHdrVal());
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ namespace bro_broker {
|
|||
|
||||
IntrusivePtr<OpaqueType> opaque_of_store_handle;
|
||||
|
||||
EnumVal* query_status(bool success)
|
||||
IntrusivePtr<EnumVal> query_status(bool success)
|
||||
{
|
||||
static EnumType* store_query_status = nullptr;
|
||||
static int success_val;
|
||||
|
|
@ -21,7 +21,7 @@ EnumVal* query_status(bool success)
|
|||
}
|
||||
|
||||
auto rval = store_query_status->GetVal(success ? success_val : failure_val);
|
||||
return rval.release();
|
||||
return rval;
|
||||
}
|
||||
|
||||
void StoreHandleVal::ValDescribe(ODesc* d) const
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ extern IntrusivePtr<OpaqueType> opaque_of_store_handle;
|
|||
* @param success whether the query status should be set to success or failure.
|
||||
* @return a Broker::QueryStatus value.
|
||||
*/
|
||||
EnumVal* query_status(bool success);
|
||||
IntrusivePtr<EnumVal> query_status(bool success);
|
||||
|
||||
/**
|
||||
* @return a Broker::QueryResult value that has a Broker::QueryStatus indicating
|
||||
|
|
|
|||
|
|
@ -103,8 +103,8 @@ function Broker::__peers%(%): PeerInfos
|
|||
const auto& ei = zeek::id::find_type<RecordType>("Broker::EndpointInfo");
|
||||
const auto& ni = zeek::id::find_type<RecordType>("Broker::NetworkInfo");
|
||||
auto peer_info = new RecordVal(pi);
|
||||
auto endpoint_info = new RecordVal(ei);
|
||||
auto network_info = new RecordVal(ni);
|
||||
auto endpoint_info = make_intrusive<RecordVal>(ei);
|
||||
auto network_info = make_intrusive<RecordVal>(ni);
|
||||
auto n = p.peer.network;
|
||||
|
||||
if ( n )
|
||||
|
|
@ -119,10 +119,10 @@ function Broker::__peers%(%): PeerInfos
|
|||
}
|
||||
|
||||
endpoint_info->Assign(0, make_intrusive<StringVal>(to_string(p.peer.node)));
|
||||
endpoint_info->Assign(1, network_info);
|
||||
endpoint_info->Assign(1, std::move(network_info));
|
||||
|
||||
auto ps = (BifEnum::Broker::PeerStatus)p.status;
|
||||
peer_info->Assign(0, endpoint_info);
|
||||
peer_info->Assign(0, std::move(endpoint_info));
|
||||
peer_info->Assign(1, zeek::BifType::Enum::Broker::PeerStatus->GetVal(ps));
|
||||
|
||||
rval->Assign(i, peer_info);
|
||||
|
|
|
|||
|
|
@ -301,8 +301,8 @@ function Broker::__table_iterator_value%(it: opaque of Broker::TableIterator%):
|
|||
%{
|
||||
auto ti = static_cast<bro_broker::TableIterator*>(it);
|
||||
auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::TableItem);
|
||||
auto key_val = new RecordVal(zeek::BifType::Record::Broker::Data);
|
||||
auto val_val = new RecordVal(zeek::BifType::Record::Broker::Data);
|
||||
auto key_val = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
auto val_val = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
|
||||
rval->Assign(0, key_val);
|
||||
rval->Assign(1, val_val);
|
||||
|
||||
|
|
|
|||
|
|
@ -21,13 +21,13 @@
|
|||
|
||||
using namespace file_analysis;
|
||||
|
||||
static Val* empty_connection_table()
|
||||
static IntrusivePtr<Val> empty_connection_table()
|
||||
{
|
||||
auto tbl_index = make_intrusive<TypeList>(zeek::id::conn_id);
|
||||
tbl_index->Append(zeek::id::conn_id);
|
||||
auto tbl_type = make_intrusive<TableType>(std::move(tbl_index),
|
||||
zeek::id::connection);
|
||||
return new TableVal(std::move(tbl_type));
|
||||
return make_intrusive<TableVal>(std::move(tbl_type));
|
||||
}
|
||||
|
||||
static IntrusivePtr<RecordVal> get_conn_id_val(const Connection* conn)
|
||||
|
|
@ -133,8 +133,9 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig)
|
|||
|
||||
if ( ! conns )
|
||||
{
|
||||
conns = empty_connection_table();
|
||||
val->Assign(conns_idx, conns);
|
||||
auto ect = empty_connection_table();
|
||||
conns = ect.get();
|
||||
val->Assign(conns_idx, std::move(ect));
|
||||
}
|
||||
|
||||
auto idx = get_conn_id_val(conn);
|
||||
|
|
@ -315,8 +316,8 @@ void File::InferMetadata()
|
|||
return;
|
||||
|
||||
BroString* bs = concatenate(bof_buffer.chunks);
|
||||
bof_buffer_val = new StringVal(bs);
|
||||
val->Assign(bof_buffer_idx, bof_buffer_val);
|
||||
val->Assign<StringVal>(bof_buffer_idx, bs);
|
||||
bof_buffer_val = val->Lookup(bof_buffer_idx);
|
||||
}
|
||||
|
||||
if ( ! FileEventAvailable(file_sniff) )
|
||||
|
|
@ -332,8 +333,8 @@ void File::InferMetadata()
|
|||
|
||||
if ( ! matches.empty() )
|
||||
{
|
||||
meta->Assign(meta_mime_type_idx,
|
||||
new StringVal(*(matches.begin()->second.begin())));
|
||||
meta->Assign<StringVal>(meta_mime_type_idx,
|
||||
*(matches.begin()->second.begin()));
|
||||
meta->Assign(meta_mime_types_idx,
|
||||
file_analysis::GenMIMEMatchesVal(matches));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,28 +5,26 @@
|
|||
%}
|
||||
|
||||
%header{
|
||||
VectorVal* process_rvas(const RVAS* rvas);
|
||||
IntrusivePtr<VectorVal> process_rvas(const RVAS* rvas);
|
||||
IntrusivePtr<TableVal> characteristics_to_bro(uint32_t c, uint8_t len);
|
||||
%}
|
||||
|
||||
%code{
|
||||
VectorVal* process_rvas(const RVAS* rva_table)
|
||||
IntrusivePtr<VectorVal> process_rvas(const RVAS* rva_table)
|
||||
{
|
||||
auto rvas = make_intrusive<VectorVal>(zeek::id::index_vec);
|
||||
|
||||
for ( uint16 i=0; i < rva_table->rvas()->size(); ++i )
|
||||
rvas->Assign(i, val_mgr->Count((*rva_table->rvas())[i]->size()));
|
||||
|
||||
return rvas.release();
|
||||
return rvas;
|
||||
}
|
||||
%}
|
||||
|
||||
|
||||
refine flow File += {
|
||||
|
||||
function characteristics_to_bro(c: uint32, len: uint8): TableVal
|
||||
%{
|
||||
IntrusivePtr<TableVal> characteristics_to_bro(uint32_t c, uint8_t len)
|
||||
{
|
||||
uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF;
|
||||
TableVal* char_set = new TableVal(zeek::id::count_set);
|
||||
auto char_set = make_intrusive<TableVal>(zeek::id::count_set);
|
||||
|
||||
for ( uint16 i=0; i < len; ++i )
|
||||
{
|
||||
if ( ((c >> i) & 0x1) == 1 )
|
||||
|
|
@ -35,8 +33,14 @@ refine flow File += {
|
|||
char_set->Assign(ch.get(), 0);
|
||||
}
|
||||
}
|
||||
|
||||
return char_set;
|
||||
%}
|
||||
}
|
||||
%}
|
||||
|
||||
|
||||
refine flow File += {
|
||||
|
||||
|
||||
function proc_dos_header(h: DOS_Header): bool
|
||||
%{
|
||||
|
|
|
|||
|
|
@ -7,9 +7,43 @@
|
|||
#include "IPAddr.h"
|
||||
%}
|
||||
|
||||
%code{
|
||||
IntrusivePtr<AddrVal> binpac::Unified2::Flow::unified2_addr_to_bro_addr(std::vector<uint32_t>* a)
|
||||
{
|
||||
if ( a->size() == 1 )
|
||||
{
|
||||
return make_intrusive<AddrVal>(IPAddr(IPv4, &(a->at(0)), IPAddr::Host));
|
||||
}
|
||||
else if ( a->size() == 4 )
|
||||
{
|
||||
uint32 tmp[4] = { a->at(0), a->at(1), a->at(2), a->at(3) };
|
||||
return make_intrusive<AddrVal>(IPAddr(IPv6, tmp, IPAddr::Host));
|
||||
}
|
||||
else
|
||||
{
|
||||
// Should never reach here.
|
||||
return make_intrusive<AddrVal>(1);
|
||||
}
|
||||
}
|
||||
|
||||
IntrusivePtr<Val> binpac::Unified2::Flow::to_port(uint16_t n, uint8_t p)
|
||||
{
|
||||
TransportProto proto = TRANSPORT_UNKNOWN;
|
||||
switch ( p ) {
|
||||
case 1: proto = TRANSPORT_ICMP; break;
|
||||
case 6: proto = TRANSPORT_TCP; break;
|
||||
case 17: proto = TRANSPORT_UDP; break;
|
||||
}
|
||||
|
||||
return val_mgr->Port(n, proto);
|
||||
}
|
||||
%}
|
||||
|
||||
refine flow Flow += {
|
||||
|
||||
%member{
|
||||
IntrusivePtr<AddrVal> unified2_addr_to_bro_addr(std::vector<uint32_t>* a);
|
||||
IntrusivePtr<Val> to_port(uint16_t n, uint8_t p);
|
||||
%}
|
||||
|
||||
%init{
|
||||
|
|
@ -27,35 +61,6 @@ refine flow Flow += {
|
|||
return t;
|
||||
%}
|
||||
|
||||
function unified2_addr_to_bro_addr(a: uint32[]): AddrVal
|
||||
%{
|
||||
if ( a->size() == 1 )
|
||||
{
|
||||
return new AddrVal(IPAddr(IPv4, &(a->at(0)), IPAddr::Host));
|
||||
}
|
||||
else if ( a->size() == 4 )
|
||||
{
|
||||
uint32 tmp[4] = { a->at(0), a->at(1), a->at(2), a->at(3) };
|
||||
return new AddrVal(IPAddr(IPv6, tmp, IPAddr::Host));
|
||||
}
|
||||
else
|
||||
{
|
||||
// Should never reach here.
|
||||
return new AddrVal(1);
|
||||
}
|
||||
%}
|
||||
|
||||
function to_port(n: uint16, p: uint8): Val
|
||||
%{
|
||||
TransportProto proto = TRANSPORT_UNKNOWN;
|
||||
switch ( p ) {
|
||||
case 1: proto = TRANSPORT_ICMP; break;
|
||||
case 6: proto = TRANSPORT_TCP; break;
|
||||
case 17: proto = TRANSPORT_UDP; break;
|
||||
}
|
||||
|
||||
return val_mgr->Port(n, proto)->Ref();
|
||||
%}
|
||||
|
||||
#function proc_record(rec: Record) : bool
|
||||
# %{
|
||||
|
|
|
|||
|
|
@ -336,10 +336,10 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
|
|||
return;
|
||||
}
|
||||
|
||||
VectorVal* names = nullptr;
|
||||
VectorVal* emails = nullptr;
|
||||
VectorVal* uris = nullptr;
|
||||
VectorVal* ips = nullptr;
|
||||
IntrusivePtr<VectorVal> names;
|
||||
IntrusivePtr<VectorVal> emails;
|
||||
IntrusivePtr<VectorVal> uris;
|
||||
IntrusivePtr<VectorVal> ips;
|
||||
|
||||
bool otherfields = false;
|
||||
|
||||
|
|
@ -367,21 +367,21 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
|
|||
{
|
||||
case GEN_DNS:
|
||||
if ( names == nullptr )
|
||||
names = new VectorVal(zeek::id::string_vec);
|
||||
names = make_intrusive<VectorVal>(zeek::id::string_vec);
|
||||
|
||||
names->Assign(names->Size(), bs);
|
||||
break;
|
||||
|
||||
case GEN_URI:
|
||||
if ( uris == nullptr )
|
||||
uris = new VectorVal(zeek::id::string_vec);
|
||||
uris = make_intrusive<VectorVal>(zeek::id::string_vec);
|
||||
|
||||
uris->Assign(uris->Size(), bs);
|
||||
break;
|
||||
|
||||
case GEN_EMAIL:
|
||||
if ( emails == nullptr )
|
||||
emails = new VectorVal(zeek::id::string_vec);
|
||||
emails = make_intrusive<VectorVal>(zeek::id::string_vec);
|
||||
|
||||
emails->Assign(emails->Size(), bs);
|
||||
break;
|
||||
|
|
@ -391,7 +391,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
|
|||
else if ( gen->type == GEN_IPADD )
|
||||
{
|
||||
if ( ips == nullptr )
|
||||
ips = new VectorVal(zeek::id::find_type<VectorType>("addr_vec"));
|
||||
ips = make_intrusive<VectorVal>(zeek::id::find_type<VectorType>("addr_vec"));
|
||||
|
||||
uint32_t* addr = (uint32_t*) gen->d.ip->data;
|
||||
|
||||
|
|
@ -439,13 +439,13 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
|
|||
GENERAL_NAMES_free(altname);
|
||||
}
|
||||
|
||||
StringVal* file_analysis::X509::KeyCurve(EVP_PKEY *key)
|
||||
IntrusivePtr<StringVal> file_analysis::X509::KeyCurve(EVP_PKEY* key)
|
||||
{
|
||||
assert(key != NULL);
|
||||
assert(key != nullptr);
|
||||
|
||||
#ifdef OPENSSL_NO_EC
|
||||
// well, we do not have EC-Support...
|
||||
return NULL;
|
||||
return nullptr;
|
||||
#else
|
||||
if ( EVP_PKEY_base_id(key) != EVP_PKEY_EC )
|
||||
{
|
||||
|
|
@ -468,7 +468,7 @@ StringVal* file_analysis::X509::KeyCurve(EVP_PKEY *key)
|
|||
if ( curve_name == nullptr )
|
||||
return nullptr;
|
||||
|
||||
return new StringVal(curve_name);
|
||||
return make_intrusive<StringVal>(curve_name);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@ private:
|
|||
std::string cert_data;
|
||||
|
||||
// Helpers for ParseCertificate.
|
||||
static StringVal* KeyCurve(EVP_PKEY *key);
|
||||
static IntrusivePtr<StringVal> KeyCurve(EVP_PKEY* key);
|
||||
static unsigned int KeyLength(EVP_PKEY *key);
|
||||
/** X509 stores associated with global script-layer values */
|
||||
inline static std::map<Val*, X509_STORE*> x509_stores = std::map<Val*, X509_STORE*>();
|
||||
|
|
|
|||
|
|
@ -11,14 +11,14 @@
|
|||
#include <openssl/err.h>
|
||||
|
||||
// construct an error record
|
||||
IntrusivePtr<RecordVal> x509_result_record(uint64_t num, const char* reason, Val* chainVector = nullptr)
|
||||
static IntrusivePtr<RecordVal> x509_result_record(uint64_t num, const char* reason, IntrusivePtr<Val> chainVector = nullptr)
|
||||
{
|
||||
auto rrecord = make_intrusive<RecordVal>(zeek::BifType::Record::X509::Result);
|
||||
|
||||
rrecord->Assign(0, val_mgr->Int(num));
|
||||
rrecord->Assign(1, make_intrusive<StringVal>(reason));
|
||||
if ( chainVector )
|
||||
rrecord->Assign(2, chainVector);
|
||||
rrecord->Assign(2, std::move(chainVector));
|
||||
|
||||
return rrecord;
|
||||
}
|
||||
|
|
@ -542,7 +542,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
|
|||
|
||||
int result = X509_verify_cert(csc);
|
||||
|
||||
VectorVal* chainVector = nullptr;
|
||||
IntrusivePtr<VectorVal> chainVector;
|
||||
|
||||
if ( result == 1 ) // we have a valid chain. try to get it...
|
||||
{
|
||||
|
|
@ -556,7 +556,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
|
|||
}
|
||||
|
||||
int num_certs = sk_X509_num(chain);
|
||||
chainVector = new VectorVal(zeek::id::find_type<VectorType>("x509_opaque_vector"));
|
||||
chainVector = make_intrusive<VectorVal>(zeek::id::find_type<VectorType>("x509_opaque_vector"));
|
||||
|
||||
for ( int i = 0; i < num_certs; i++ )
|
||||
{
|
||||
|
|
@ -578,7 +578,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
|
|||
|
||||
x509_verify_chainerror:
|
||||
|
||||
auto rrecord = x509_result_record(X509_STORE_CTX_get_error(csc), X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)), chainVector);
|
||||
auto rrecord = x509_result_record(X509_STORE_CTX_get_error(csc), X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)), std::move(chainVector));
|
||||
|
||||
X509_STORE_CTX_cleanup(csc);
|
||||
X509_STORE_CTX_free(csc);
|
||||
|
|
|
|||
|
|
@ -1908,7 +1908,7 @@ RecordVal* Manager::ListValToRecordVal(ListVal* list, RecordType *request_type,
|
|||
(*position)++;
|
||||
}
|
||||
|
||||
rec->Assign(i, fieldVal->Ref());
|
||||
rec->Assign(i, {NewRef{}, fieldVal});
|
||||
}
|
||||
|
||||
return rec;
|
||||
|
|
@ -1945,7 +1945,7 @@ RecordVal* Manager::ValueToRecordVal(const Stream* stream, const Value* const *v
|
|||
}
|
||||
|
||||
if ( fieldVal )
|
||||
rec->Assign(i, fieldVal);
|
||||
rec->Assign(i, {AdoptRef{}, fieldVal});
|
||||
}
|
||||
|
||||
return rec;
|
||||
|
|
|
|||
|
|
@ -597,7 +597,7 @@ IntrusivePtr<RecordVal> Packet::ToRawPktHdrVal() const
|
|||
static auto raw_pkt_hdr_type = zeek::id::find_type<RecordType>("raw_pkt_hdr");
|
||||
static auto l2_hdr_type = zeek::id::find_type<RecordType>("l2_hdr");
|
||||
auto pkt_hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);
|
||||
RecordVal* l2_hdr = new RecordVal(l2_hdr_type);
|
||||
auto l2_hdr = make_intrusive<RecordVal>(l2_hdr_type);
|
||||
|
||||
bool is_ethernet = link_type == DLT_EN10MB;
|
||||
|
||||
|
|
@ -651,7 +651,7 @@ IntrusivePtr<RecordVal> Packet::ToRawPktHdrVal() const
|
|||
|
||||
l2_hdr->Assign(8, zeek::BifType::Enum::layer3_proto->GetVal(l3));
|
||||
|
||||
pkt_hdr->Assign(0, l2_hdr);
|
||||
pkt_hdr->Assign(0, std::move(l2_hdr));
|
||||
|
||||
if ( l3_proto == L3_IPV4 )
|
||||
{
|
||||
|
|
@ -674,12 +674,12 @@ RecordVal* Packet::BuildPktHdrVal() const
|
|||
return ToRawPktHdrVal().release();
|
||||
}
|
||||
|
||||
Val *Packet::FmtEUI48(const u_char *mac) const
|
||||
IntrusivePtr<Val> Packet::FmtEUI48(const u_char* mac) const
|
||||
{
|
||||
char buf[20];
|
||||
snprintf(buf, sizeof buf, "%02x:%02x:%02x:%02x:%02x:%02x",
|
||||
mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
|
||||
return new StringVal(buf);
|
||||
return make_intrusive<StringVal>(buf);
|
||||
}
|
||||
|
||||
void Packet::Describe(ODesc* d) const
|
||||
|
|
|
|||
|
|
@ -225,7 +225,7 @@ private:
|
|||
void Weird(const char* name);
|
||||
|
||||
// Renders an MAC address into its ASCII representation.
|
||||
Val* FmtEUI48(const u_char *mac) const;
|
||||
IntrusivePtr<Val> FmtEUI48(const u_char* mac) const;
|
||||
|
||||
// True if we need to delete associated packet memory upon
|
||||
// destruction.
|
||||
|
|
|
|||
|
|
@ -1515,7 +1515,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con
|
|||
|
||||
// Create the RotationInfo record.
|
||||
auto info = make_intrusive<RecordVal>(zeek::BifType::Record::Log::RotationInfo);
|
||||
info->Assign(0, winfo->type->Ref());
|
||||
info->Assign(0, {NewRef{}, winfo->type});
|
||||
info->Assign(1, make_intrusive<StringVal>(new_name));
|
||||
info->Assign(2, make_intrusive<StringVal>(winfo->writer->Info().path));
|
||||
info->Assign(3, make_intrusive<Val>(open, TYPE_TIME));
|
||||
|
|
|
|||
|
|
@ -1131,8 +1131,8 @@ IntrusivePtr<RecordVal> Supervisor::NodeConfig::ToRecord() const
|
|||
|
||||
rval->Assign(rt->FieldOffset("scripts"), std::move(scripts_val));
|
||||
|
||||
const auto& tt = rt->GetFieldType("cluster");
|
||||
auto cluster_val = new TableVal({NewRef{}, tt->AsTableType()});
|
||||
auto tt = rt->GetFieldType<TableType>("cluster");
|
||||
auto cluster_val = make_intrusive<TableVal>(std::move(tt));
|
||||
rval->Assign(rt->FieldOffset("cluster"), cluster_val);
|
||||
|
||||
for ( const auto& e : cluster )
|
||||
|
|
@ -1316,7 +1316,7 @@ IntrusivePtr<RecordVal> Supervisor::Status(std::string_view node_name)
|
|||
{
|
||||
auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Supervisor::Status);
|
||||
const auto& tt = zeek::BifType::Record::Supervisor::Status->GetFieldType("nodes");
|
||||
auto node_table_val = new TableVal(cast_intrusive<TableType>(tt));
|
||||
auto node_table_val = make_intrusive<TableVal>(cast_intrusive<TableType>(tt));
|
||||
rval->Assign(0, node_table_val);
|
||||
|
||||
if ( node_name.empty() )
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ function Supervisor::__node%(%): Supervisor::NodeConfig
|
|||
builtin_error("not a supervised process");
|
||||
const auto& rt = zeek::BifType::Record::Supervisor::NodeConfig;
|
||||
auto rval = make_intrusive<RecordVal>(rt);
|
||||
rval->Assign(rt->FieldOffset("name"), new StringVal("<invalid>"));
|
||||
rval->Assign<StringVal>(rt->FieldOffset("name"), "<invalid>");
|
||||
return rval;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1857,10 +1857,10 @@ FILE* rotate_file(const char* name, RecordVal* rotate_info)
|
|||
// Init rotate_info.
|
||||
if ( rotate_info )
|
||||
{
|
||||
rotate_info->Assign(0, new StringVal(name));
|
||||
rotate_info->Assign(1, new StringVal(newname));
|
||||
rotate_info->Assign(2, new Val(network_time, TYPE_TIME));
|
||||
rotate_info->Assign(3, new Val(network_time, TYPE_TIME));
|
||||
rotate_info->Assign<StringVal>(0, name);
|
||||
rotate_info->Assign<StringVal>(1, newname);
|
||||
rotate_info->Assign<Val>(2, network_time, TYPE_TIME);
|
||||
rotate_info->Assign<Val>(3, network_time, TYPE_TIME);
|
||||
}
|
||||
|
||||
return newf;
|
||||
|
|
|
|||
12
src/zeek.bif
12
src/zeek.bif
|
|
@ -3864,7 +3864,7 @@ static bool mmdb_lookup_asn(const IPAddr& addr, MMDB_lookup_result_s& result)
|
|||
return mmdb_lookup(addr, result, true);
|
||||
}
|
||||
|
||||
static Val* mmdb_getvalue(MMDB_entry_data_s* entry_data, int status,
|
||||
static IntrusivePtr<Val> mmdb_getvalue(MMDB_entry_data_s* entry_data, int status,
|
||||
int data_type )
|
||||
{
|
||||
switch (status)
|
||||
|
|
@ -3875,16 +3875,16 @@ static Val* mmdb_getvalue(MMDB_entry_data_s* entry_data, int status,
|
|||
switch (data_type)
|
||||
{
|
||||
case MMDB_DATA_TYPE_UTF8_STRING:
|
||||
return new StringVal(entry_data->data_size,
|
||||
return make_intrusive<StringVal>(entry_data->data_size,
|
||||
entry_data->utf8_string);
|
||||
break;
|
||||
|
||||
case MMDB_DATA_TYPE_DOUBLE:
|
||||
return new Val(entry_data->double_value, TYPE_DOUBLE);
|
||||
return make_intrusive<Val>(entry_data->double_value, TYPE_DOUBLE);
|
||||
break;
|
||||
|
||||
case MMDB_DATA_TYPE_UINT32:
|
||||
return val_mgr->Count(entry_data->uint32).release();
|
||||
return val_mgr->Count(entry_data->uint32);
|
||||
|
||||
default:
|
||||
break;
|
||||
|
|
@ -4111,8 +4111,8 @@ function lookup_asn%(a: addr%) : count
|
|||
// Get Autonomous System Number
|
||||
status = MMDB_get_value(&result.entry, &entry_data,
|
||||
"autonomous_system_number", nullptr);
|
||||
Val* asn = mmdb_getvalue(&entry_data, status, MMDB_DATA_TYPE_UINT32);
|
||||
return asn == nullptr ? val_mgr->Count(0) : IntrusivePtr<Val>{AdoptRef{}, asn};
|
||||
auto asn = mmdb_getvalue(&entry_data, status, MMDB_DATA_TYPE_UINT32);
|
||||
return asn == nullptr ? val_mgr->Count(0) : asn;
|
||||
}
|
||||
|
||||
#else // not USE_GEOIP
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue