From e64805430b3aebdb48c2f68135cc54c67b26f105 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Wed, 24 Feb 2021 16:11:27 -0800 Subject: [PATCH 01/42] fix off-by-one assumption regarding vector indexing dating to 2011 --- src/SmithWaterman.cc | 7 ++- src/ZeekString.cc | 5 +-- .../language.smith-waterman-test/output | 44 +++++++++---------- .../btest/language/smith-waterman-test.zeek | 4 +- 4 files changed, 29 insertions(+), 31 deletions(-) diff --git a/src/SmithWaterman.cc b/src/SmithWaterman.cc index d23f3bac30..1b2fad0628 100644 --- a/src/SmithWaterman.cc +++ b/src/SmithWaterman.cc @@ -86,12 +86,12 @@ VectorVal* Substring::VecToPolicy(Vec* vec) align_val->Assign(0, make_intrusive(new String(*align.string))); align_val->Assign(1, val_mgr->Count(align.index)); - aligns->Assign(j + 1, std::move(align_val)); + aligns->Assign(j, std::move(align_val)); } st_val->Assign(1, std::move(aligns)); st_val->Assign(2, val_mgr->Bool(bst->IsNewAlignment())); - result->Assign(i + 1, std::move(st_val)); + result->Assign(i, std::move(st_val)); } } @@ -102,8 +102,7 @@ Substring::Vec* Substring::VecFromPolicy(VectorVal* vec) { Vec* result = new Vec(); - // VectorVals start at index 1! - for ( unsigned int i = 1; i <= vec->Size(); ++i ) + for ( unsigned int i = 0; i < vec->Size(); ++i ) { const auto& v = vec->At(i); // get the RecordVal if ( ! v ) diff --git a/src/ZeekString.cc b/src/ZeekString.cc index 8e08315ae8..f2537eb34a 100644 --- a/src/ZeekString.cc +++ b/src/ZeekString.cc @@ -352,7 +352,7 @@ VectorVal* String:: VecToPolicy(Vec* vec) String* string = (*vec)[i]; auto val = make_intrusive(string->Len(), (const char*) string->Bytes()); - result->Assign(i+1, std::move(val)); + result->Assign(i, std::move(val)); } return result.release(); @@ -362,8 +362,7 @@ String::Vec* String::VecFromPolicy(VectorVal* vec) { Vec* result = new Vec(); - // VectorVals start at index 1! - for ( unsigned int i = 1; i <= vec->Size(); ++i ) + for ( unsigned int i = 0; i < vec->Size(); ++i ) { const auto& v = vec->At(i); // get the RecordVal if ( ! v ) diff --git a/testing/btest/Baseline/language.smith-waterman-test/output b/testing/btest/Baseline/language.smith-waterman-test/output index 381d13553f..e40358600e 100644 --- a/testing/btest/Baseline/language.smith-waterman-test/output +++ b/testing/btest/Baseline/language.smith-waterman-test/output @@ -1,33 +1,33 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. abcdefgh - ijklmnop: AAAabcefghij - lmnopAAAqrst: -tok 1: AAA (0/5, T) +tok 0: AAA (0/5, T) abcAAAefghij - lmnopAAAqrst: -tok 1: AAA (3/5, T) +tok 0: AAA (3/5, T) abcefghijAAA - lmnopAAAqrst: -tok 1: AAA (9/5, T) +tok 0: AAA (9/5, T) xxxAAAyyy - AAAaAAAbAAA: -tok 1: AAA (3/0, T) -tok 2: AAA (3/4, T) -tok 3: AAA (3/8, T) +tok 0: AAA (3/0, T) +tok 1: AAA (3/4, T) +tok 2: AAA (3/8, T) AAAaAAAbAAA - xxxAAAyyy: -tok 1: AAA (0/3, T) -tok 2: AAA (4/3, T) -tok 3: AAA (8/3, T) +tok 0: AAA (0/3, T) +tok 1: AAA (4/3, T) +tok 2: AAA (8/3, T) xxCDyABzCDyABzz - ABCD: -tok 1: CD (2/2, T) -tok 2: AB (5/0, T) -tok 3: CD (8/2, F) -tok 4: AB (11/0, T) +tok 0: CD (2/2, T) +tok 1: AB (5/0, T) +tok 2: CD (8/2, F) +tok 3: AB (11/0, T) ABCD - xxCDyABzCDyABzz: -tok 1: CD (2/2, T) -tok 2: AB (0/5, T) -tok 3: CD (2/8, F) -tok 4: AB (0/11, T) +tok 0: CD (2/2, T) +tok 1: AB (0/5, T) +tok 2: CD (2/8, F) +tok 3: AB (0/11, T) Cache-control: no-cache^M^JAccept: - Accept-: deflate^M^JAccept-: Accept-: -tok 1: Accept (27/0, T) -tok 2: e^M^JAccept (22/15, T) -tok 3: Accept (27/29, T) +tok 0: Accept (27/0, T) +tok 1: e^M^JAccept (22/15, T) +tok 2: Accept (27/29, T) xxAAxxAAxx - yyyyyAAyyyyy: -tok 1: AA (2/5, T) -tok 2: AA (6/5, T) +tok 0: AA (2/5, T) +tok 1: AA (6/5, T) diff --git a/testing/btest/language/smith-waterman-test.zeek b/testing/btest/language/smith-waterman-test.zeek index 1eff86ef83..2b13a1a5dc 100644 --- a/testing/btest/language/smith-waterman-test.zeek +++ b/testing/btest/language/smith-waterman-test.zeek @@ -83,6 +83,6 @@ for ( i in s1 ) for ( j in ss ) print fmt("tok %d: %s (%d/%d, %s)", - j, ss[j]$str, ss[j]$aligns[1]$index, - ss[j]$aligns[2]$index, ss[j]$new); + j, ss[j]$str, ss[j]$aligns[0]$index, + ss[j]$aligns[1]$index, ss[j]$new); } From b0655823192e2191ca2ca14ec49e94e416bebe5d Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Wed, 24 Feb 2021 16:33:17 -0800 Subject: [PATCH 02/42] fix mis-typed record fields that happened to work in original RecordVal impl. --- scripts/base/init-bare.zeek | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 0d80b9a81b..d57786c74a 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -3334,7 +3334,7 @@ export { ## The security mode field specifies whether SMB signing is enabled, required at the server, or both. security_mode : count; ## A globally unique identifier that is generate by the server to uniquely identify the server. - server_guid : string; + server_guid : SMB2::GUID; ## The system time of the SMB2 server when the SMB2 NEGOTIATE Request was processed. system_time : time; ## The SMB2 server start time. @@ -3710,7 +3710,7 @@ type dns_edns_ecs: record { family: string; ##< IP Family source_prefix_len: count; ##< Source Prefix Length. scope_prefix_len: count; ##< Scope Prefix Length. - address: string; ##< Client Subnet Address. + address: addr; ##< Client Subnet Address. }; ## An DNS EDNS TCP KEEPALIVE (TCP KEEPALIVE) record. @@ -4354,7 +4354,7 @@ export { keyboard_function_key: count; ime_file_name: string; post_beta2_color_depth: count &optional; - client_product_id: string &optional; + client_product_id: count &optional; serial_number: count &optional; high_color_depth: count &optional; supported_color_depths: count &optional; From 348e14c326fd9ed3122fe296c3158e6c92b6dded Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Wed, 24 Feb 2021 16:41:35 -0800 Subject: [PATCH 03/42] added ZVal for low-level representations of Zeek script values --- src/CMakeLists.txt | 1 + src/ZVal.cc | 222 +++++++++++++++++++++++++++++++++++++++++++++ src/ZVal.h | 140 ++++++++++++++++++++++++++++ 3 files changed, 363 insertions(+) create mode 100644 src/ZVal.cc create mode 100644 src/ZVal.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index d1c146f5fc..93d25c63ea 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -301,6 +301,7 @@ set(MAIN_SRCS WeirdState.cc ZeekArgs.cc ZeekString.cc + ZVal.cc bsd-getopt-long.c bro_inet_ntop.c in_cksum.cc diff --git a/src/ZVal.cc b/src/ZVal.cc new file mode 100644 index 0000000000..937dc27aae --- /dev/null +++ b/src/ZVal.cc @@ -0,0 +1,222 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#include "zeek/ZVal.h" +#include "zeek/ZeekString.h" +#include "zeek/File.h" +#include "zeek/Func.h" +#include "zeek/OpaqueVal.h" +#include "zeek/Reporter.h" +#include "zeek/Desc.h" + +using namespace zeek; + + +bool ZVal::zval_was_nil = false; + + +bool zeek::IsManagedType(const TypePtr& t) + { + switch ( t->Tag() ) { + case zeek::TYPE_ADDR: + case zeek::TYPE_ANY: + case zeek::TYPE_FILE: + case zeek::TYPE_FUNC: + case zeek::TYPE_LIST: + case zeek::TYPE_OPAQUE: + case zeek::TYPE_PATTERN: + case zeek::TYPE_RECORD: + case zeek::TYPE_STRING: + case zeek::TYPE_SUBNET: + case zeek::TYPE_TABLE: + case zeek::TYPE_TYPE: + case zeek::TYPE_VECTOR: + return true; + + default: + return false; + + } + } + + +ZVal::ZVal(ValPtr v, const TypePtr& t) + { + if ( ! v ) + { + // This can happen for some forms of error propagation. + // We can deal with it iff the type is managed, and thus + // we can employ a "nil" placeholder. + ASSERT(IsManagedType(t)); + managed_val = nullptr; + return; + } + + auto vt = v->GetType(); + + if ( vt->Tag() != t->Tag() && t->Tag() != TYPE_ANY ) + { + if ( t->InternalType() == TYPE_INTERNAL_OTHER || + t->InternalType() != vt->InternalType() ) + reporter->InternalError("type inconsistency in ZVal constructor"); + } + + switch ( t->Tag() ) { + case TYPE_BOOL: + case TYPE_INT: + case TYPE_ENUM: + int_val = v->AsInt(); + break; + + case TYPE_COUNT: + case TYPE_PORT: + uint_val = v->AsCount(); + break; + + case TYPE_DOUBLE: + case TYPE_INTERVAL: + case TYPE_TIME: + double_val = v->AsDouble(); + break; + + case TYPE_FUNC: + func_val = v->AsFunc(); + Ref(func_val); + break; + + case TYPE_FILE: + file_val = v->AsFile(); + Ref(file_val); + break; + + case TYPE_LIST: + list_val = v.release()->AsListVal(); + break; + + case TYPE_OPAQUE: + opaque_val = v.release()->AsOpaqueVal(); + break; + + case TYPE_PATTERN: + re_val = v.release()->AsPatternVal(); + break; + + case TYPE_TABLE: + table_val = v.release()->AsTableVal(); + break; + + case TYPE_VECTOR: + vector_val = v.release()->AsVectorVal(); + break; + + case TYPE_RECORD: + record_val = v.release()->AsRecordVal(); + break; + + case TYPE_STRING: + string_val = v.release()->AsStringVal(); + break; + + case TYPE_ADDR: + addr_val = v.release()->AsAddrVal(); + break; + + case TYPE_SUBNET: + subnet_val = v.release()->AsSubNetVal(); + break; + + case TYPE_ANY: + any_val = v.release(); + break; + + case TYPE_TYPE: + type_val = t->Ref(); + break; + + case TYPE_ERROR: + case TYPE_TIMER: + case TYPE_UNION: + case TYPE_VOID: + reporter->InternalError("bad type in ZVal constructor"); + } + } + +ValPtr ZVal::ToVal(const TypePtr& t) const + { + Val* v; + + switch ( t->Tag() ) { + case TYPE_INT: + return val_mgr->Int(int_val); + + case TYPE_BOOL: + return val_mgr->Bool(int_val ? true : false); + + case TYPE_PORT: + return val_mgr->Port(uint_val); + + case TYPE_COUNT: + return val_mgr->Count(uint_val); + + case TYPE_DOUBLE: + return make_intrusive(double_val); + + case TYPE_INTERVAL: + return make_intrusive(double_val, Seconds); + + case TYPE_TIME: + return make_intrusive(double_val); + + case TYPE_ENUM: + return t->AsEnumType()->GetEnumVal(int_val); + + case TYPE_ANY: + return {NewRef{}, any_val}; + + case TYPE_TYPE: + { + TypePtr tp = {NewRef{}, type_val}; + return make_intrusive(tp); + } + + case TYPE_FUNC: + if ( func_val ) + { + FuncPtr fv_ptr = {NewRef{}, func_val}; + return make_intrusive(fv_ptr); + } + + return nullptr; + + case TYPE_FILE: + if ( file_val ) + { + FilePtr fv_ptr = {NewRef{}, file_val}; + return make_intrusive(fv_ptr); + } + + return nullptr; + + case TYPE_ADDR: v = addr_val; break; + case TYPE_SUBNET: v = subnet_val; break; + case TYPE_STRING: v = string_val; break; + case TYPE_LIST: v = list_val; break; + case TYPE_OPAQUE: v = opaque_val; break; + case TYPE_TABLE: v = table_val; break; + case TYPE_RECORD: v = record_val; break; + case TYPE_VECTOR: v = vector_val; break; + case TYPE_PATTERN: v = re_val; break; + + case TYPE_ERROR: + case TYPE_TIMER: + case TYPE_UNION: + case TYPE_VOID: + reporter->InternalError("bad ret type return tag"); + } + + if ( v ) + return {NewRef{}, v}; + + zval_was_nil = true; + + return nullptr; + } diff --git a/src/ZVal.h b/src/ZVal.h new file mode 100644 index 0000000000..b05eb48ce6 --- /dev/null +++ b/src/ZVal.h @@ -0,0 +1,140 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +// Low-level representation of Zeek scripting values. + +#pragma once + +#include + +#include "zeek/Dict.h" +#include "zeek/Expr.h" + +ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(AddrVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(SubNetVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(File, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(Func, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(ListVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(OpaqueVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(PatternVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(Type, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek); + +namespace zeek { + +// Note that a ZVal by itself is ambiguous: it doesn't track its type. +// This makes them consume less memory and cheaper to copy. It does +// however require a separate way to determine the type. Generally +// this is doable using surrounding context, or can be statically +// determined in the case of optimization/compilation. +// +// An alternative would be to use std::variant, but it will be larger +// due to needing to track the variant type, and it won't allow access +// to the managed_val member, which both simplifies memory management +// and is also required for sharing of ZAM frame slots. + +union ZVal { + // Constructor for hand-populating the values. + ZVal() { managed_val = nullptr; } + + // Construct from a given higher-level script value with a given type. + ZVal(ValPtr v, const TypePtr& t); + + // Convert to a higher-level script value. The caller needs to + // ensure that they're providing the correct type. + ValPtr ToVal(const TypePtr& t) const; + + // Whether a ZVal was accessed that was missing (a nil pointer). + // Used to generate run-time error messages. + static bool ZValNilStatus() { return zval_was_nil; } + + // Resets the notion of low-level-error-occurred. + static void ClearZValNilStatus() { zval_was_nil = false; } + + bro_int_t AsInt() const { return int_val; } + bro_uint_t AsCount() const { return uint_val; } + double AsDouble() const { return double_val; } + + StringVal* AsString() const { return string_val; } + AddrVal* AsAddr() const { return addr_val; } + SubNetVal* AsSubNet() const { return subnet_val; } + File* AsFile() const { return file_val; } + Func* AsFunc() const { return func_val; } + ListVal* AsList() const { return list_val; } + OpaqueVal* AsOpaque() const { return opaque_val; } + PatternVal* AsPattern() const { return re_val; } + TableVal* AsTable() const { return table_val; } + RecordVal* AsRecord() const { return record_val; } + VectorVal* AsVector() const { return vector_val; } + Type* AsType() const { return type_val; } + Val* AsAny() const { return any_val; } + + Obj* ManagedVal() const { return managed_val; } + +private: + friend class RecordVal; + friend class VectorVal; + + // Used for bool, int, enum. + bro_int_t int_val; + + // Used for count and port. + bro_uint_t uint_val; + + // Used for double, time, interval. + double double_val; + + // The types are all variants of Val, Type, or more fundamentally + // Obj. They are raw pointers rather than IntrusivePtr's because + // unions can't contain the latter. For memory management, we use + // Ref/Unref. + StringVal* string_val; + AddrVal* addr_val; + SubNetVal* subnet_val; + File* file_val; + Func* func_val; + ListVal* list_val; + OpaqueVal* opaque_val; + PatternVal* re_val; + TableVal* table_val; + RecordVal* record_val; + VectorVal* vector_val; + Type* type_val; + + // Used for "any" values. + Val* any_val; + + // Used for generic access to managed (derived-from-Obj) objects. + Obj* managed_val; + + // A class-wide status variable set to true when a missing + // value was accessed. Only germane for managed types, since + // we don't track the presence of non-managed types. Static + // because often the caller won't have direct access to the + // particular ZVal that produces the issue, and just wants to + // know whether it occurred at some point. + static bool zval_was_nil; +}; + +// True if a given type is one for which we manage the associated +// memory internally. +bool IsManagedType(const TypePtr& t); + +// Deletes a managed value. Caller needs to ensure that the ZVal +// indeed holds such. +inline void DeleteManagedType(ZVal& v) + { + Unref(v.ManagedVal()); + } + +// Deletes a possibly-managed value. +inline void DeleteIfManaged(ZVal& v, const TypePtr& t) + { + if ( IsManagedType(t) ) + DeleteManagedType(v); + } + +} // zeek From 6121e409d3dcf910b9ef7f54e973ffe3a3a1184f Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Wed, 24 Feb 2021 17:02:47 -0800 Subject: [PATCH 04/42] convert RecordVal's to use vector as internal representation --- src/Val.cc | 96 +++++++++++++------ src/Val.h | 63 ++++++++++-- src/ZVal.cc | 1 - src/file_analysis/analyzer/extract/Extract.cc | 2 +- 4 files changed, 122 insertions(+), 40 deletions(-) diff --git a/src/Val.cc b/src/Val.cc index e76a62d0f8..0fbbc20979 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2788,13 +2788,17 @@ RecordVal::RecordTypeValMap RecordVal::parse_time_records; RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t)) { origin = nullptr; - auto rt = GetType()->AsRecordType(); + rt = {NewRef{}, GetType()->AsRecordType()}; + int n = rt->NumFields(); - auto vl = record_val = new std::vector; - vl->reserve(n); + + record_val = new std::vector; + record_val->reserve(n); + + is_in_record = new std::vector(n, false); if ( run_state::is_parsing ) - parse_time_records[rt].emplace_back(NewRef{}, this); + parse_time_records[rt.get()].emplace_back(NewRef{}, this); if ( ! init_fields ) return; @@ -2815,9 +2819,10 @@ RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t)) catch ( InterpreterException& ) { if ( run_state::is_parsing ) - parse_time_records[rt].pop_back(); + parse_time_records[rt.get()].pop_back(); delete record_val; + delete is_in_record; throw; } @@ -2848,13 +2853,23 @@ RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t)) def = make_intrusive(cast_intrusive(type)); } - vl->emplace_back(std::move(def)); + if ( def ) + { + record_val->emplace_back(ZVal(def, def->GetType())); + (*is_in_record)[i] = true; + } + else + { + record_val->emplace_back(ZVal()); + (*is_in_record)[i] = false; + } } } RecordVal::~RecordVal() { delete record_val; + delete is_in_record; } ValPtr RecordVal::SizeVal() const @@ -2864,13 +2879,28 @@ ValPtr RecordVal::SizeVal() const void RecordVal::Assign(int field, ValPtr new_val) { - (*record_val)[field] = std::move(new_val); + auto t = rt->GetFieldType(field); + + if ( new_val ) + { + (*record_val)[field] = ZVal(new_val, t); + (*is_in_record)[field] = true; + } + else + { + if ( HasField(field) ) + DeleteIfManaged((*record_val)[field], t); + + (*record_val)[field] = ZVal(); + (*is_in_record)[field] = false; + } + Modified(); } ValPtr RecordVal::GetFieldOrDefault(int field) const { - const auto& val = (*record_val)[field]; + auto val = GetField(field); if ( val ) return val; @@ -2878,9 +2908,9 @@ ValPtr RecordVal::GetFieldOrDefault(int field) const return GetType()->AsRecordType()->FieldDefault(field); } -void RecordVal::ResizeParseTimeRecords(RecordType* rt) +void RecordVal::ResizeParseTimeRecords(RecordType* revised_rt) { - auto it = parse_time_records.find(rt); + auto it = parse_time_records.find(revised_rt); if ( it == parse_time_records.end() ) return; @@ -2890,14 +2920,14 @@ void RecordVal::ResizeParseTimeRecords(RecordType* rt) for ( auto& rv : rvs ) { int current_length = rv->NumFields(); - auto required_length = rt->NumFields(); + auto required_length = revised_rt->NumFields(); if ( required_length > current_length ) { rv->Reserve(required_length); for ( auto i = current_length; i < required_length; ++i ) - rv->AppendField(rt->FieldDefault(i)); + rv->AppendField(revised_rt->FieldDefault(i)); } } } @@ -2907,7 +2937,7 @@ void RecordVal::DoneParsing() parse_time_records.clear(); } -const ValPtr& RecordVal::GetField(const char* field) const +ValPtr RecordVal::GetField(const char* field) const { int idx = GetType()->AsRecordType()->FieldOffset(field); @@ -3007,11 +3037,10 @@ TableValPtr RecordVal::GetRecordFieldsVal() const void RecordVal::Describe(ODesc* d) const { auto n = record_val->size(); - auto record_type = GetType()->AsRecordType(); if ( d->IsBinary() || d->IsPortable() ) { - record_type->Describe(d); + rt->Describe(d); d->SP(); d->Add(static_cast(n)); d->SP(); @@ -3024,12 +3053,12 @@ void RecordVal::Describe(ODesc* d) const if ( ! d->IsBinary() && i > 0 ) d->Add(", "); - d->Add(record_type->FieldName(i)); + d->Add(rt->FieldName(i)); if ( ! d->IsBinary() ) d->Add("="); - const auto& v = (*record_val)[i]; + auto v = GetField(i); if ( v ) v->Describe(d); @@ -3044,7 +3073,7 @@ void RecordVal::Describe(ODesc* d) const void RecordVal::DescribeReST(ODesc* d) const { auto n = record_val->size(); - auto record_type = GetType()->AsRecordType(); + auto rt = GetType()->AsRecordType(); d->Add("{"); d->PushIndent(); @@ -3054,10 +3083,10 @@ void RecordVal::DescribeReST(ODesc* d) const if ( i > 0 ) d->NL(); - d->Add(record_type->FieldName(i)); + d->Add(rt->FieldName(i)); d->Add("="); - const auto& v = (*record_val)[i]; + auto v = GetField(i); if ( v ) v->Describe(d); @@ -3080,9 +3109,11 @@ ValPtr RecordVal::DoClone(CloneState* state) rv->origin = nullptr; state->NewClone(this, rv); - for ( const auto& vlv : *record_val) + int n = NumFields(); + for ( auto i = 0; i < n; ++i ) { - auto v = vlv ? vlv->Clone(state) : nullptr; + auto f_i = GetField(i); + auto v = f_i ? f_i->Clone(state) : nullptr; rv->AppendField(std::move(v)); } @@ -3092,16 +3123,25 @@ ValPtr RecordVal::DoClone(CloneState* state) unsigned int RecordVal::MemoryAllocation() const { unsigned int size = 0; - const auto& vl = *record_val; - for ( const auto& v : vl ) + int n = NumFields(); + for ( auto i = 0; i < n; ++i ) { - if ( v ) - size += v->MemoryAllocation(); + auto f_i = GetField(i); + if ( f_i ) + size += f_i->MemoryAllocation(); } - size += util::pad_size(vl.capacity() * sizeof(ValPtr)); - size += padded_sizeof(vl); + size += util::pad_size(record_val->capacity() * sizeof(ZVal)); + size += padded_sizeof(*record_val); + + // It's tricky sizing is_in_record since it's a std::vector + // specialization. We approximate this by not scaling capacity() + // by sizeof(bool) but just using its raw value. That's still + // presumably going to be an overestimate. + size += util::pad_size(is_in_record->capacity()); + size += padded_sizeof(*is_in_record); + return size + padded_sizeof(*this); } diff --git a/src/Val.h b/src/Val.h index 0efe90f3db..b242b5ba3a 100644 --- a/src/Val.h +++ b/src/Val.h @@ -15,6 +15,7 @@ #include "zeek/Reporter.h" #include "zeek/net_util.h" #include "zeek/Dict.h" +#include "zeek/ZVal.h" // We have four different port name spaces: TCP, UDP, ICMP, and UNKNOWN. // We distinguish between them based on the bits specified in the *_PORT_MASK @@ -1023,12 +1024,23 @@ public: /** * Appends a value to the record's fields. The caller is responsible - * for ensuring that fields are appended in the correct orer and + * for ensuring that fields are appended in the correct order and * with the correct type. * @param v The value to append. */ void AppendField(ValPtr v) - { record_val->emplace_back(std::move(v)); } + { + if ( v ) + { + (*is_in_record)[record_val->size()] = true; + record_val->emplace_back(ZVal(v, v->GetType())); + } + else + { + (*is_in_record)[record_val->size()] = false; + record_val->emplace_back(ZVal()); + } + } /** * Ensures that the record has enough internal storage for the @@ -1036,22 +1048,44 @@ public: * @param n The number of fields. */ void Reserve(unsigned int n) - { record_val->reserve(n); } + { + record_val->reserve(n); + is_in_record->reserve(n); + + for ( auto i = is_in_record->size(); i < n; ++i ) + is_in_record->emplace_back(false); + } /** * Returns the number of fields in the record. * @return The number of fields in the record. */ - unsigned int NumFields() + unsigned int NumFields() const { return record_val->size(); } + /** + * Returns true if the given field is in the record, false if + * it's missing. + * @param field The field index to retrieve. + * @return Whether there's a value for the given field index. + */ + bool HasField(int field) const + { + return (*is_in_record)[field]; + } + /** * Returns the value of a given field index. * @param field The field index to retrieve. * @return The value at the given field index. */ - const ValPtr& GetField(int field) const - { return (*record_val)[field]; } + ValPtr GetField(int field) const + { + if ( ! HasField(field) ) + return nullptr; + + return (*record_val)[field].ToVal(rt->GetFieldType(field)); + } /** * Returns the value of a given field index as cast to type @c T. @@ -1078,7 +1112,7 @@ public: * @return The value of the given field. If no such field name exists, * a fatal error occurs. */ - const ValPtr& GetField(const char* field) const; + ValPtr GetField(const char* field) const; /** * Returns the value of a given field name as cast to type @c T. @@ -1119,7 +1153,7 @@ public: template auto GetFieldAs(int field) const -> std::invoke_result_t { - auto& field_ptr = GetField(field); + auto field_ptr = GetField(field); auto field_val_ptr = static_cast(field_ptr.get()); return field_val_ptr->Get(); } @@ -1127,7 +1161,7 @@ public: template auto GetFieldAs(const char* field) const -> std::invoke_result_t { - auto& field_ptr = GetField(field); + auto field_ptr = GetField(field); auto field_val_ptr = static_cast(field_ptr.get()); return field_val_ptr->Get(); } @@ -1182,7 +1216,16 @@ protected: static RecordTypeValMap parse_time_records; private: - std::vector* record_val; + // Keep this handy for quick access during low-level operations. + RecordTypePtr rt; + + // Low-level values of each of the fields. + std::vector* record_val; + + // Whether a given field exists - for optional fields, and because + // Zeek does not enforce that non-optional fields are actually + // present. + std::vector* is_in_record; }; class EnumVal final : public detail::IntValImplementation { diff --git a/src/ZVal.cc b/src/ZVal.cc index 937dc27aae..17f94ef825 100644 --- a/src/ZVal.cc +++ b/src/ZVal.cc @@ -1,6 +1,5 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "zeek/ZVal.h" #include "zeek/ZeekString.h" #include "zeek/File.h" #include "zeek/Func.h" diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index 001c49ba01..6520a6dc13 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -34,7 +34,7 @@ Extract::~Extract() util::safe_close(fd); } -static const ValPtr& get_extract_field_val(const RecordValPtr& args, +static ValPtr get_extract_field_val(const RecordValPtr& args, const char* name) { const auto& rval = args->GetField(name); From 0299ea0894825f1cc1aaa11c6f6a7a9f335ee83b Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Wed, 24 Feb 2021 17:38:31 -0800 Subject: [PATCH 05/42] convert VectorVal's to use vector as internal representation --- src/Val.cc | 135 ++++++++++++++++++++++++++++++++++++++++++--------- src/Val.h | 26 +++++++++- src/zeek.bif | 3 +- 3 files changed, 138 insertions(+), 26 deletions(-) diff --git a/src/Val.cc b/src/Val.cc index 0fbbc20979..da287d66b4 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -3177,14 +3177,19 @@ ValPtr TypeVal::DoClone(CloneState* state) return {NewRef{}, this}; } -VectorVal::VectorVal(VectorTypePtr t) : Val(std::move(t)) +VectorVal::VectorVal(VectorTypePtr t) : Val(t) { - vector_val = new vector(); + vector_val = new vector(); + yield_type = t->Yield(); + + auto y_tag = yield_type->Tag(); + any_yield = (y_tag == TYPE_VOID || y_tag == TYPE_ANY); } VectorVal::~VectorVal() { delete vector_val; + delete yield_types; } ValPtr VectorVal::SizeVal() const @@ -3192,16 +3197,64 @@ ValPtr VectorVal::SizeVal() const return val_mgr->Count(uint32_t(vector_val->size())); } +bool VectorVal::CheckElementType(const ValPtr& element) + { + if ( ! element ) + // Insertion isn't actually going to happen. + return true; + + if ( yield_types ) + // We're already a heterogeneous vector-of-any. + return true; + + if ( any_yield ) + { + auto n = vector_val->size(); + + if ( n == 0 ) + // First addition to an empty vector-of-any, perhaps + // it will be homogeneous. + yield_type = element->GetType(); + + else + { + yield_types = new std::vector(); + + // Since we're only now switching to the heterogeneous + // representation, capture the types of the existing + // elements. + + for ( auto i = 0; i < n; ++i ) + yield_types->emplace_back(yield_type); + } + } + + else if ( ! same_type(element->GetType(), yield_type, false) ) + return false; + + return true; + } + bool VectorVal::Assign(unsigned int index, ValPtr element) { - if ( element && - ! same_type(element->GetType(), GetType()->AsVectorType()->Yield(), false) ) + if ( ! CheckElementType(element) ) return false; if ( index >= vector_val->size() ) + { vector_val->resize(index + 1); + if ( yield_types ) + yield_types->resize(index + 1); + } - (*vector_val)[index] = std::move(element); + if ( yield_types ) + { + const auto& t = element->GetType(); + (*yield_types)[index] = t; + (*vector_val)[index] = ZVal(std::move(element), t); + } + else + (*vector_val)[index] = ZVal(std::move(element), yield_type); Modified(); return true; @@ -3221,20 +3274,33 @@ bool VectorVal::AssignRepeat(unsigned int index, unsigned int how_many, bool VectorVal::Insert(unsigned int index, ValPtr element) { - if ( element && - ! same_type(element->GetType(), GetType()->AsVectorType()->Yield(), false) ) - { + if ( ! CheckElementType(element) ) return false; - } - vector::iterator it; + vector::iterator it; + vector::iterator types_it; if ( index < vector_val->size() ) + { it = std::next(vector_val->begin(), index); + if ( yield_types ) + types_it = std::next(yield_types->begin(), index); + } else + { it = vector_val->end(); + if ( yield_types ) + types_it = yield_types->end(); + } - vector_val->insert(it, std::move(element)); + if ( yield_types ) + { + const auto& t = element->GetType(); + yield_types->insert(types_it, element->GetType()); + vector_val->insert(it, ZVal(std::move(element), t)); + } + else + vector_val->insert(it, ZVal(std::move(element), yield_type)); Modified(); return true; @@ -3248,6 +3314,12 @@ bool VectorVal::Remove(unsigned int index) auto it = std::next(vector_val->begin(), index); vector_val->erase(it); + if ( yield_types ) + { + auto types_it = std::next(yield_types->begin(), index); + yield_types->erase(types_it); + } + Modified(); return true; } @@ -3276,17 +3348,19 @@ bool VectorVal::AddTo(Val* val, bool /* is_first_init */) const return true; } -const ValPtr& VectorVal::At(unsigned int index) const +ValPtr VectorVal::At(unsigned int index) const { if ( index >= vector_val->size() ) return Val::nil; - return (*vector_val)[index]; + const auto& t = yield_types ? (*yield_types)[index] : yield_type; + + return (*vector_val)[index].ToVal(t); } void VectorVal::Sort(bool cmp_func(const ValPtr& a, const ValPtr& b)) { - sort(vector_val->begin(), vector_val->end(), cmp_func); + // Placeholder - will be filled in by a later commit. } unsigned int VectorVal::Resize(unsigned int new_num_elements) @@ -3294,6 +3368,13 @@ unsigned int VectorVal::Resize(unsigned int new_num_elements) unsigned int oldsize = vector_val->size(); vector_val->reserve(new_num_elements); vector_val->resize(new_num_elements); + + if ( yield_types ) + { + yield_types->reserve(new_num_elements); + yield_types->resize(new_num_elements); + } + return oldsize; } @@ -3309,6 +3390,9 @@ unsigned int VectorVal::ResizeAtLeast(unsigned int new_num_elements) void VectorVal::Reserve(unsigned int num_elements) { vector_val->reserve(num_elements); + + if ( yield_types ) + yield_types->reserve(num_elements); } ValPtr VectorVal::DoClone(CloneState* state) @@ -3317,9 +3401,11 @@ ValPtr VectorVal::DoClone(CloneState* state) vv->Reserve(vector_val->size()); state->NewClone(this, vv); - for ( const auto& e : *vector_val ) + auto n = vector_val->size(); + + for ( auto i = 0; i < n; ++i ) { - auto vc = e->Clone(state); + auto vc = At(i)->Clone(state); vv->Append(std::move(vc)); } @@ -3332,18 +3418,21 @@ void VectorVal::ValDescribe(ODesc* d) const size_t vector_size = vector_val->size(); - if ( vector_size != 0) + if ( vector_size != 0 ) { - for ( unsigned int i = 0; i < (vector_size - 1); ++i ) + auto last_ind = vector_size - 1; + for ( unsigned int i = 0; i < last_ind; ++i ) { - if ( vector_val->at(i) ) - vector_val->at(i)->Describe(d); + auto v = At(i); + if ( v ) + v->Describe(d); d->Add(", "); } - } - if ( vector_size != 0 && vector_val->back() ) - vector_val->back()->Describe(d); + auto v = At(last_ind); + if ( v ) + v->Describe(d); + } d->Add("]"); } diff --git a/src/Val.h b/src/Val.h index b242b5ba3a..5380fec458 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1305,7 +1305,7 @@ public: * @return The element at the given index or nullptr if the index * does not exist (it's greater than or equal to vector's current size). */ - const ValPtr& At(unsigned int index) const; + ValPtr At(unsigned int index) const; /** * Returns the given element treated as a Count type, to efficiently @@ -1364,7 +1364,29 @@ protected: ValPtr DoClone(CloneState* state) override; private: - std::vector* vector_val; + // Check the type of the given element against our current + // yield type and adjust as necessary. Returns whether the + // element type-checked. + bool CheckElementType(const ValPtr& element); + + std::vector* vector_val; + + // For homogeneous vectors (the usual case), the type of the + // elements. Will be TYPE_VOID for empty vectors created using + // "vector()". + TypePtr yield_type; + + // True if this is a vector-of-any, or potentially one (which is + // the case for empty vectors created using "vector()"). + bool any_yield; + + // For heterogeneous vectors, the individual type of each element, + // parallel to vector_val. Heterogeneous vectors can arise for + // "vector of any" when disparate elements are stored in the vector. + // + // Thus, if yield_types is non-nil, then we know this is a + // vector-of-any. + std::vector* yield_types = nullptr; }; #define UNDERLYING_ACCESSOR_DEF(ztype, ctype, name) \ diff --git a/src/zeek.bif b/src/zeek.bif index eb936c8a08..845c8c7a14 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -1513,7 +1513,8 @@ function order%(v: any, ...%) : index_vec for ( i = 0; i < n; ++i ) { ind_vv[i] = i; - index_map.emplace_back(&vv->At(i)); + auto tmp_until_later_commit = vv->At(i); + index_map.emplace_back(&tmp_until_later_commit); } if ( comp ) From 13e7ba3a00f133323c12c3a50b4bfe884e32c9bf Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Wed, 24 Feb 2021 18:09:40 -0800 Subject: [PATCH 06/42] moving sort()/order() functionality into VectorVal --- src/Val.cc | 158 ++++++++++++++++++++++++++++++++++++++++++++++++++- src/Val.h | 12 +++- src/zeek.bif | 150 +++++++++--------------------------------------- 3 files changed, 194 insertions(+), 126 deletions(-) diff --git a/src/Val.cc b/src/Val.cc index da287d66b4..a992f273e7 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -3358,9 +3358,163 @@ ValPtr VectorVal::At(unsigned int index) const return (*vector_val)[index].ToVal(t); } -void VectorVal::Sort(bool cmp_func(const ValPtr& a, const ValPtr& b)) +static Func* sort_function_comp = nullptr; + +// Used for indirect sorting to support order(). +static std::vector index_map; + +// The yield type of the vector being sorted. +static TypePtr sort_type; +static bool sort_type_is_managed = false; + +static bool sort_function(const ZVal& a, const ZVal& b) { - // Placeholder - will be filled in by a later commit. + // Missing values are only applicable for managed types. + if ( sort_type_is_managed ) + { + if ( ! a.ManagedVal() ) + return 0; + if ( ! b.ManagedVal() ) + return 1; + } + + auto a_v = a.ToVal(sort_type); + auto b_v = b.ToVal(sort_type); + + auto result = sort_function_comp->Invoke(a_v, b_v); + int int_result = result->CoerceToInt(); + + return int_result < 0; + } + +static bool signed_sort_function (const ZVal& a, const ZVal& b) + { + return a.AsInt() < b.AsInt(); + } + +static bool unsigned_sort_function (const ZVal& a, const ZVal& b) + { + return a.AsCount() < b.AsCount(); + } + +static bool double_sort_function (const ZVal& a, const ZVal& b) + { + return a.AsDouble() < b.AsDouble(); + } + +static bool indirect_sort_function(size_t a, size_t b) + { + return sort_function(*index_map[a], *index_map[b]); + } + +static bool indirect_signed_sort_function(size_t a, size_t b) + { + return signed_sort_function(*index_map[a], *index_map[b]); + } + +static bool indirect_unsigned_sort_function(size_t a, size_t b) + { + return unsigned_sort_function(*index_map[a], *index_map[b]); + } + +static bool indirect_double_sort_function(size_t a, size_t b) + { + return double_sort_function(*index_map[a], *index_map[b]); + } + +void VectorVal::Sort(Func* cmp_func) + { + if ( yield_types ) + reporter->RuntimeError(GetLocationInfo(), "cannot sort a vector-of-any"); + + sort_type = yield_type; + sort_type_is_managed = IsManagedType(sort_type); + + bool (*sort_func)(const ZVal&, const ZVal&); + + if ( cmp_func ) + { + sort_function_comp = cmp_func; + sort_func = sort_function; + } + + else + { + auto eti = sort_type->InternalType(); + + if ( eti == TYPE_INTERNAL_INT ) + sort_func = signed_sort_function; + else if ( eti == TYPE_INTERNAL_UNSIGNED ) + sort_func = unsigned_sort_function; + else + { + ASSERT(eti == TYPE_INTERNAL_DOUBLE); + sort_func = double_sort_function; + } + } + + sort(vector_val->begin(), vector_val->end(), sort_func); + } + +VectorValPtr VectorVal::Order(Func* cmp_func) + { + if ( yield_types ) + { + reporter->RuntimeError(GetLocationInfo(), "cannot order a vector-of-any"); + return nullptr; + } + + sort_type = yield_type; + sort_type_is_managed = IsManagedType(sort_type); + + bool (*sort_func)(size_t, size_t); + + if ( cmp_func ) + { + sort_function_comp = cmp_func; + sort_func = indirect_sort_function; + } + + else + { + auto eti = sort_type->InternalType(); + + if ( eti == TYPE_INTERNAL_INT ) + sort_func = indirect_signed_sort_function; + else if ( eti == TYPE_INTERNAL_UNSIGNED ) + sort_func = indirect_unsigned_sort_function; + else + { + ASSERT(eti == TYPE_INTERNAL_DOUBLE); + sort_func = indirect_double_sort_function; + } + } + + int n = Size(); + + // Set up initial mapping of indices directly to corresponding + // elements. + vector ind_vv(n); + size_t i; + for ( i = 0; i < n; ++i ) + { + ind_vv[i] = i; + index_map.emplace_back(&(*vector_val)[i]); + } + + sort(ind_vv.begin(), ind_vv.end(), sort_func); + + index_map.clear(); + + // Now spin through ind_vv to read out the rearrangement. + auto result_v = make_intrusive(zeek::id::index_vec); + for ( i = 0; i < n; ++i ) + { + int ind = ind_vv[i]; + result_v->Assign(i, zeek::val_mgr->Count(ind)); + } + + return result_v; } unsigned int VectorVal::Resize(unsigned int new_num_elements) diff --git a/src/Val.h b/src/Val.h index 5380fec458..50c8b87e09 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1354,10 +1354,18 @@ public: bool Remove(unsigned int index); /** - * Sorts the vector in place, using the given comparison function. + * Sorts the vector in place, using the given optional + * comparison function. * @param cmp_func Comparison function for vector elements. */ - void Sort(bool cmp_func(const ValPtr& a, const ValPtr& b)); + void Sort(Func* cmp_func = nullptr); + + /** + * Returns a "vector of count" holding the indices of this + * vector when sorted using the given (optional) comparison function. + * @param cmp_func Comparison function for vector elements. + */ + VectorValPtr Order(Func* cmp_func = nullptr); protected: void ValDescribe(ODesc* d) const override; diff --git a/src/zeek.bif b/src/zeek.bif index 845c8c7a14..25c15d12dd 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -1328,72 +1328,12 @@ function all_set%(v: any%) : bool return zeek::val_mgr->True(); %} -%%{ -static zeek::Func* sort_function_comp = nullptr; -static std::vector index_map; // used for indirect sorting to support order() - -bool sort_function(const zeek::ValPtr& a, const zeek::ValPtr& b) - { - // Sort missing values as "high". - if ( ! a ) - return 0; - if ( ! b ) - return 1; - - auto result = sort_function_comp->Invoke(a, b); - int int_result = result->CoerceToInt(); - - return int_result < 0; - } - -bool indirect_sort_function(size_t a, size_t b) - { - return sort_function(*index_map[a], *index_map[b]); - } - -bool signed_sort_function (const zeek::ValPtr& a, const zeek::ValPtr& b) - { - if ( ! a ) - return 0; - if ( ! b ) - return 1; - - auto ia = a->CoerceToInt(); - auto ib = b->CoerceToInt(); - - return ia < ib; - } - -bool unsigned_sort_function (const zeek::ValPtr& a, const zeek::ValPtr& b) - { - if ( ! a ) - return 0; - if ( ! b ) - return 1; - - auto ia = a->CoerceToUnsigned(); - auto ib = b->CoerceToUnsigned(); - - return ia < ib; - } - -bool indirect_signed_sort_function(size_t a, size_t b) - { - return signed_sort_function(*index_map[a], *index_map[b]); - } - -bool indirect_unsigned_sort_function(size_t a, size_t b) - { - return unsigned_sort_function(*index_map[a], *index_map[b]); - } -%%} - ## Sorts a vector in place. The second argument is a comparison function that ## takes two arguments: if the vector type is ``vector of T``, then the ## comparison function must be ``function(a: T, b: T): int``, which returns ## a value less than zero if ``a < b`` for some type-specific notion of the ## less-than operator. The comparison function is optional if the type -## is an integral type (int, count, etc.). +## is a numeric type (int, count, double, time, etc.). ## ## v: The vector instance to sort. ## @@ -1415,7 +1355,10 @@ function sort%(v: any, ...%) : any zeek::Func* comp = nullptr; if ( @ARG@.size() > 2 ) + { zeek::emit_builtin_error("sort() called with extraneous argument"); + return rval; + } if ( @ARG@.size() == 2 ) { @@ -1427,36 +1370,27 @@ function sort%(v: any, ...%) : any } comp = comp_val->AsFunc(); - } - - if ( ! comp && ! IsIntegral(elt_type->Tag()) ) - zeek::emit_builtin_error("comparison function required for sort() with non-integral types"); - - auto vv = v->As(); - - if ( comp ) - { const auto& comp_type = comp->GetType(); if ( comp_type->Yield()->Tag() != zeek::TYPE_INT || - ! comp_type->ParamList()->AllMatch(elt_type, 0) ) + ! comp_type->ParamList()->AllMatch(elt_type, 0) || + comp_type->ParamList()->GetTypes().size() != 2 ) { zeek::emit_builtin_error("invalid comparison function in call to sort()"); return rval; } - - sort_function_comp = comp; - - vv->Sort(sort_function); } - else + + if ( ! comp && ! IsIntegral(elt_type->Tag()) && + elt_type->InternalType() != TYPE_INTERNAL_DOUBLE ) { - if ( elt_type->InternalType() == zeek::TYPE_INTERNAL_UNSIGNED ) - vv->Sort(unsigned_sort_function); - else - vv->Sort(signed_sort_function); + zeek::emit_builtin_error("comparison function required for sort() with non-numeric types"); + return rval; } + auto vv = v->As(); + vv->Sort(comp); + return rval; %} @@ -1473,19 +1407,22 @@ function sort%(v: any, ...%) : any ## .. zeek:see:: sort function order%(v: any, ...%) : index_vec %{ - auto result_v = zeek::make_intrusive(zeek::id::index_vec); + auto err_v = zeek::make_intrusive(zeek::id::index_vec); if ( v->GetType()->Tag() != zeek::TYPE_VECTOR ) { zeek::emit_builtin_error("order() requires vector"); - return result_v; + return err_v; } const auto& elt_type = v->GetType()->Yield(); zeek::Func* comp = nullptr; if ( @ARG@.size() > 2 ) + { zeek::emit_builtin_error("order() called with extraneous argument"); + return err_v; + } if ( @ARG@.size() == 2 ) { @@ -1497,58 +1434,27 @@ function order%(v: any, ...%) : index_vec } comp = comp_val->AsFunc(); - } - if ( ! comp && ! IsIntegral(elt_type->Tag()) ) - zeek::emit_builtin_error("comparison function required for order() with non-integral types"); - - auto vv = v->As(); - auto n = vv->Size(); - - // Set up initial mapping of indices directly to corresponding - // elements. - vector ind_vv(n); - index_map.reserve(n); - size_t i; - for ( i = 0; i < n; ++i ) - { - ind_vv[i] = i; - auto tmp_until_later_commit = vv->At(i); - index_map.emplace_back(&tmp_until_later_commit); - } - - if ( comp ) - { const auto& comp_type = comp->GetType(); if ( comp_type->Yield()->Tag() != zeek::TYPE_INT || - ! comp_type->ParamList()->AllMatch(elt_type, 0) ) + ! comp_type->ParamList()->AllMatch(elt_type, 0) || + comp_type->ParamList()->GetTypes().size() != 2 ) { zeek::emit_builtin_error("invalid comparison function in call to order()"); return zeek::ValPtr{zeek::NewRef{}, v}; } - - sort_function_comp = comp; - - sort(ind_vv.begin(), ind_vv.end(), indirect_sort_function); } - else + + if ( ! comp && ! IsIntegral(elt_type->Tag()) && + elt_type->InternalType() != TYPE_INTERNAL_DOUBLE ) { - if ( elt_type->InternalType() == zeek::TYPE_INTERNAL_UNSIGNED ) - sort(ind_vv.begin(), ind_vv.end(), indirect_unsigned_sort_function); - else - sort(ind_vv.begin(), ind_vv.end(), indirect_signed_sort_function); + zeek::emit_builtin_error("comparison function required for order() with non-numeric types"); + return err_v; } - index_map = {}; + auto vv = v->As(); - // Now spin through ind_vv to read out the rearrangement. - for ( i = 0; i < n; ++i ) - { - int ind = ind_vv[i]; - result_v->Assign(i, zeek::val_mgr->Count(ind)); - } - - return result_v; + return vv->Order(comp); %} # =========================================================================== From 3f6f8e07097a1d960c8ab0efacf78b74404adeec Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 12:38:46 -0800 Subject: [PATCH 07/42] use HasField() rather than GetField() where appropriate --- src/Expr.cc | 4 ++-- src/Val.cc | 2 +- src/broker/Manager.cc | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Expr.cc b/src/Expr.cc index 8b620df2f3..9206978ddd 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -3176,7 +3176,7 @@ HasFieldExpr::~HasFieldExpr() ValPtr HasFieldExpr::Fold(Val* v) const { auto rv = v->AsRecordVal(); - return val_mgr->Bool(rv->GetField(field) != nullptr); + return val_mgr->Bool(rv->HasField(field)); } void HasFieldExpr::ExprDescribe(ODesc* d) const @@ -5102,7 +5102,7 @@ ValPtr CastExpr::Eval(Frame* f) const d.Add("'"); if ( same_type(v->GetType(), Broker::detail::DataVal::ScriptDataType()) && - ! v->AsRecordVal()->GetField(0) ) + ! v->AsRecordVal()->HasField(0) ) d.Add(" (nil $data field)"); RuntimeError(d.Description()); diff --git a/src/Val.cc b/src/Val.cc index a992f273e7..6b0b5b6d20 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -3009,7 +3009,7 @@ RecordValPtr RecordVal::CoerceTo(RecordTypePtr t, } for ( i = 0; i < ar_t->NumFields(); ++i ) - if ( ! aggr->GetField(i) && + if ( ! aggr->HasField(i) && ! ar_t->FieldDecl(i)->GetAttr(detail::ATTR_OPTIONAL) ) { char buf[512]; diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 98abfbe56f..e24b11261b 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -433,7 +433,7 @@ bool Manager::PublishEvent(string topic, RecordVal* args) if ( peer_count == 0 ) return true; - if ( ! args->GetField(0) ) + if ( ! args->HasField(0) ) return false; auto event_name = args->GetFieldAs(0)->CheckString(); @@ -807,7 +807,7 @@ RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame) else data_val = detail::make_data_val((*args)[i]); - if ( ! data_val->GetField(0) ) + if ( ! data_val->HasField(0) ) { rval->Assign(0, nullptr); Error("failed to convert param #%d of type %s to broker data", From bc4a6c0d07b474c5a8d66424d595e3f18621eb18 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 12:45:34 -0800 Subject: [PATCH 08/42] fix for subtle bug due to GetField now potentially returning a new ValPtr --- src/logging/Manager.cc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 11efb7b802..77dd8205b9 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -1095,9 +1095,12 @@ threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, // potentially be nested inside other records. list& indices = filter->indices[i]; + ValPtr val_ptr; + for ( list::iterator j = indices.begin(); j != indices.end(); ++j ) { - val = val->AsRecordVal()->GetField(*j).get(); + val_ptr = val->AsRecordVal()->GetField(*j); + val = val_ptr.get(); if ( ! val ) { From 0118b6ee389c5d9023ca6b1f93ab7efefc3ac728 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 13:21:55 -0800 Subject: [PATCH 09/42] migrate to differentiated vector "At" accessors to support future efficiency --- src/CompHash.cc | 4 +- src/Expr.cc | 79 +++++++++---------- src/SmithWaterman.cc | 10 +-- src/Stmt.cc | 4 - src/Val.cc | 2 +- src/Val.h | 49 +++++++----- src/ZeekString.cc | 4 +- src/analyzer/protocol/ssh/ssh-protocol.pac | 6 +- src/broker/Data.cc | 2 +- src/broker/Manager.cc | 2 +- src/file_analysis/analyzer/x509/functions.bif | 6 +- src/logging/Manager.cc | 2 +- src/strings.bif | 2 +- src/supervisor/Supervisor.cc | 2 +- src/zeek.bif | 6 +- 15 files changed, 91 insertions(+), 89 deletions(-) diff --git a/src/CompHash.cc b/src/CompHash.cc index 5a874241b4..2f19771637 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -265,7 +265,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0, kp1 = reinterpret_cast(kp+1); for ( unsigned int i = 0; i < vv->Size(); ++i ) { - const auto& val = vv->At(i); + auto val = vv->ValAt(i); unsigned int* kp = AlignAndPadType(kp1); *kp = i; kp1 = reinterpret_cast(kp+1); @@ -566,7 +566,7 @@ int CompositeHash::SingleTypeKeySize(Type* bt, const Val* v, VectorVal* vv = const_cast(v->AsVectorVal()); for ( unsigned int i = 0; i < vv->Size(); ++i ) { - const auto& val = vv->At(i); + auto val = vv->ValAt(i); sz = SizeAlign(sz, sizeof(unsigned int)); sz = SizeAlign(sz, sizeof(unsigned int)); if ( val ) diff --git a/src/Expr.cc b/src/Expr.cc index 9206978ddd..2876369145 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -277,7 +277,7 @@ const char* assign_to_index(ValPtr v1, ValPtr v2, ValPtr v3, for ( auto idx = 0u; idx < v_vect->Size(); idx++, first++ ) - v1_vect->Insert(first, v_vect->At(idx)); + v1_vect->Insert(first, v_vect->ValAt(idx)); } else if ( ! v1_vect->Assign(lv->Idx(0)->CoerceToUnsigned(), std::move(v3)) ) @@ -619,8 +619,11 @@ ValPtr UnaryExpr::Eval(Frame* f) const for ( unsigned int i = 0; i < v_op->Size(); ++i ) { - const auto& v_i = v_op->At(i); - result->Assign(i, v_i ? Fold(v_i.get()) : nullptr); + auto vop = v_op->ValAt(i); + if ( vop ) + result->Assign(i, Fold(vop.get())); + else + result->Assign(i, nullptr); } return result; @@ -708,11 +711,12 @@ ValPtr BinaryExpr::Eval(Frame* f) const for ( unsigned int i = 0; i < v_op1->Size(); ++i ) { - if ( v_op1->At(i) && v_op2->At(i) ) - v_result->Assign(i, Fold(v_op1->At(i).get(), v_op2->At(i).get())); + auto v1_i = v_op1->ValAt(i); + auto v2_i = v_op2->ValAt(i); + if ( v1_i && v2_i ) + v_result->Assign(i, Fold(v_op1->ValAt(i).get(), v_op2->ValAt(i).get())); else v_result->Assign(i, nullptr); - // SetError("undefined element in vector operation"); } return v_result; @@ -725,13 +729,12 @@ ValPtr BinaryExpr::Eval(Frame* f) const for ( unsigned int i = 0; i < vv->Size(); ++i ) { - if ( const auto& vv_i = vv->At(i) ) + auto vv_i = vv->ValAt(i); + if ( vv_i ) v_result->Assign(i, is_vec1 ? Fold(vv_i.get(), v2.get()) - : Fold(v1.get(), vv_i.get())); + : Fold(v1.get(), vv_i.get())); else v_result->Assign(i, nullptr); - - // SetError("Undefined element in vector operation"); } return v_result; @@ -1235,12 +1238,8 @@ ValPtr IncrExpr::Eval(Frame* f) const for ( unsigned int i = 0; i < v_vec->Size(); ++i ) { - const auto& elt = v_vec->At(i); - - if ( elt ) - v_vec->Assign(i, DoSingleEval(f, elt.get())); - else - v_vec->Assign(i, nullptr); + auto elt = v_vec->ValAt(i); + v_vec->Assign(i, DoSingleEval(f, elt.get())); } op->Assign(f, std::move(v_vec)); @@ -1863,18 +1862,13 @@ ValPtr BoolExpr::Eval(Frame* f) const for ( unsigned int i = 0; i < vec_v1->Size(); ++i ) { - const auto& op1 = vec_v1->At(i); - const auto& op2 = vec_v2->At(i); - if ( op1 && op2 ) - { - bool local_result = (tag == EXPR_AND_AND) ? - (! op1->IsZero() && ! op2->IsZero()) : - (! op1->IsZero() || ! op2->IsZero()); + const auto op1 = vec_v1->BoolAt(i); + const auto op2 = vec_v2->BoolAt(i); - result->Assign(i, val_mgr->Bool(local_result)); - } - else - result->Assign(i, nullptr); + bool local_result = + (tag == EXPR_AND_AND) ? (op1 && op2) : (op1 || op2); + + result->Assign(i, val_mgr->Bool(local_result)); } return result; @@ -2225,15 +2219,9 @@ ValPtr CondExpr::Eval(Frame* f) const for ( unsigned int i = 0; i < cond->Size(); ++i ) { - const auto& local_cond = cond->At(i); - - if ( local_cond ) - { - const auto& v = local_cond->IsZero() ? b->At(i) : a->At(i); - result->Assign(i, v); - } - else - result->Assign(i, nullptr); + auto local_cond = cond->BoolAt(i); + auto v = local_cond ? a->ValAt(i) : b->ValAt(i); + result->Assign(i, v); } return result; @@ -2912,8 +2900,8 @@ ValPtr IndexExpr::Eval(Frame* f) const for ( unsigned int i = 0; i < v_v2->Size(); ++i ) { - if ( v_v2->At(i)->AsBool() ) - v_result->Assign(v_result->Size() + 1, v_v1->At(i)); + if ( v_v2->BoolAt(i) ) + v_result->Assign(v_result->Size() + 1, v_v1->ValAt(i)); } } else @@ -2923,7 +2911,7 @@ ValPtr IndexExpr::Eval(Frame* f) const // Probably only do this if *all* are negative. v_result->Resize(v_v2->Size()); for ( unsigned int i = 0; i < v_v2->Size(); ++i ) - v_result->Assign(i, v_v1->At(v_v2->At(i)->CoerceToInt())); + v_result->Assign(i, v_v1->ValAt(v_v2->ValAt(i)->CoerceToInt())); } return v_result; @@ -2946,7 +2934,7 @@ ValPtr IndexExpr::Fold(Val* v1, Val* v2) const const ListVal* lv = v2->AsListVal(); if ( lv->Length() == 1 ) - v = vect->At(lv->Idx(0)->CoerceToUnsigned()); + v = vect->ValAt(lv->Idx(0)->CoerceToUnsigned()); else { size_t len = vect->Size(); @@ -2961,7 +2949,7 @@ ValPtr IndexExpr::Fold(Val* v1, Val* v2) const result->Resize(sub_length); for ( bro_int_t idx = first; idx < last; idx++ ) - result->Assign(idx - first, vect->At(idx)); + result->Assign(idx - first, vect->ValAt(idx)); } return result; @@ -3764,7 +3752,8 @@ ValPtr ArithCoerceExpr::Fold(Val* v) const for ( unsigned int i = 0; i < vv->Size(); ++i ) { - if ( const auto& elt = vv->At(i) ) + auto elt = vv->ValAt(i); + if ( elt ) result->Assign(i, FoldSingleVal(elt.get(), t)); else result->Assign(i, nullptr); @@ -4222,7 +4211,11 @@ ValPtr InExpr::Fold(Val* v1, Val* v2) const bool res; if ( is_vector(v2) ) - res = (bool)v2->AsVectorVal()->At(v1->AsListVal()->Idx(0)->CoerceToUnsigned()); + { + auto vv2 = v2->AsVectorVal(); + auto ind = v1->AsListVal()->Idx(0)->CoerceToUnsigned(); + res = ind < vv2->Size() && vv2->ValAt(ind); + } else res = (bool)v2->AsTableVal()->Find({NewRef{}, v1}); diff --git a/src/SmithWaterman.cc b/src/SmithWaterman.cc index 1b2fad0628..1b2bebea09 100644 --- a/src/SmithWaterman.cc +++ b/src/SmithWaterman.cc @@ -104,23 +104,23 @@ Substring::Vec* Substring::VecFromPolicy(VectorVal* vec) for ( unsigned int i = 0; i < vec->Size(); ++i ) { - const auto& v = vec->At(i); // get the RecordVal + auto v = vec->RecordValAt(i); if ( ! v ) continue; - const String* str = v->AsRecordVal()->GetFieldAs(0); + const String* str = v->GetFieldAs(0); auto* substr = new Substring(*str); - const VectorVal* aligns = v->AsRecordVal()->GetField(1)->AsVectorVal(); + const VectorVal* aligns = v->GetField(1)->AsVectorVal(); for ( unsigned int j = 1; j <= aligns->Size(); ++j ) { - const RecordVal* align = aligns->AsVectorVal()->At(j)->AsRecordVal(); + const RecordVal* align = aligns->AsVectorVal()->RecordValAt(j); const String* str = align->GetFieldAs(0); int index = align->GetFieldAs(1); substr->AddAlignment(str, index); } - bool new_alignment = v->AsRecordVal()->GetFieldAs(2); + bool new_alignment = v->GetFieldAs(2); substr->MarkNewAlignment(new_alignment); result->push_back(substr); diff --git a/src/Stmt.cc b/src/Stmt.cc index 646cf06d45..11381ed733 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -1326,10 +1326,6 @@ ValPtr ForStmt::DoExec(Frame* f, Val* v, StmtFlowType& flow) const for ( auto i = 0u; i <= vv->Size(); ++i ) { - // Skip unassigned vector indices. - if ( ! vv->At(i) ) - continue; - // Set the loop variable to the current index, and make // another pass over the loop body. f->SetElement((*loop_vars)[0], val_mgr->Count(i)); diff --git a/src/Val.cc b/src/Val.cc index 6b0b5b6d20..2068092cbf 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -588,7 +588,7 @@ static void BuildJSON(threading::formatter::JSON::NullDoubleWriter& writer, Val* auto* vval = val->AsVectorVal(); size_t size = vval->SizeVal()->AsCount(); for (size_t i = 0; i < size; i++) - BuildJSON(writer, vval->At(i).get(), only_loggable, re); + BuildJSON(writer, vval->ValAt(i).get(), only_loggable, re); writer.EndArray(); break; diff --git a/src/Val.h b/src/Val.h index 50c8b87e09..9eb639f10d 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1299,24 +1299,6 @@ public: // Returns true if succcessful. bool AddTo(Val* v, bool is_first_init) const override; - /** - * Returns the element at a given index or nullptr if it does not exist. - * @param index The position in the vector of the element to return. - * @return The element at the given index or nullptr if the index - * does not exist (it's greater than or equal to vector's current size). - */ - ValPtr At(unsigned int index) const; - - /** - * Returns the given element treated as a Count type, to efficiently - * support a common type of vector access if we change the underlying - * vector representation. - * @param index The position in the vector of the element to return. - * @return The element's value, as a Count underlying representation. - */ - bro_uint_t CountAt(unsigned int index) const - { return At(index)->AsCount(); } - unsigned int Size() const { return vector_val->size(); } // Is there any way to reclaim previously-allocated memory when you @@ -1367,7 +1349,38 @@ public: */ VectorValPtr Order(Func* cmp_func = nullptr); + ValPtr ValAt(unsigned int index) const { return At(index); } + + /** + * Returns the given element in a given underlying representation. + * Enables efficient vector access. Caller must ensure that the + * index lies within the vector's range. + * @param index The position in the vector of the element to return. + * @return The element's underlying value. + */ + bro_uint_t CountAt(unsigned int index) const + { return (*vector_val)[index].uint_val; } + const RecordVal* RecordValAt(unsigned int index) const + { return (*vector_val)[index].record_val; } + bool BoolAt(unsigned int index) const + { return bool((*vector_val)[index].uint_val); } + const StringVal* StringValAt(unsigned int index) const + { return (*vector_val)[index].string_val; } + const String* StringAt(unsigned int index) const + { return StringValAt(index)->AsString(); } + protected: + /** + * Returns the element at a given index or nullptr if it does not exist. + * @param index The position in the vector of the element to return. + * @return The element at the given index or nullptr if the index + * does not exist (it's greater than or equal to vector's current size). + * + * Protected to ensure callers pick one of the differentiated accessors + * above, as appropriate, with ValAt() providing the original semantics. + */ + ValPtr At(unsigned int index) const; + void ValDescribe(ODesc* d) const override; ValPtr DoClone(CloneState* state) override; diff --git a/src/ZeekString.cc b/src/ZeekString.cc index f2537eb34a..f87714fab2 100644 --- a/src/ZeekString.cc +++ b/src/ZeekString.cc @@ -364,11 +364,11 @@ String::Vec* String::VecFromPolicy(VectorVal* vec) for ( unsigned int i = 0; i < vec->Size(); ++i ) { - const auto& v = vec->At(i); // get the RecordVal + auto v = vec->StringAt(i); if ( ! v ) continue; - String* string = new String(*(v->AsString())); + String* string = new String(*v); result->push_back(string); } diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index de38afde13..a8c8328ef0 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -456,11 +456,11 @@ refine connection SSH_Conn += { { for ( unsigned int j = 0; j < server_list->Size(); ++j ) { - if ( *(client_list->At(i)->AsStringVal()->AsString()) == *(server_list->At(j)->AsStringVal()->AsString()) ) + if ( *(client_list->StringAt(i)) == *(server_list->StringAt(j)) ) { kex_algorithm_.free(); - kex_algorithm_.init((const uint8 *) client_list->At(i)->AsStringVal()->Bytes(), - client_list->At(i)->AsStringVal()->Len()); + kex_algorithm_.init((const uint8 *) client_list->StringAt(i)->Bytes(), + client_list->StringAt(i)->Len()); // UNTESTED if ( update_kex_state_if_equal("rsa1024-sha1", KEX_RSA) ) diff --git a/src/broker/Data.cc b/src/broker/Data.cc index 6fdeb23cea..d8d03c709d 100644 --- a/src/broker/Data.cc +++ b/src/broker/Data.cc @@ -972,7 +972,7 @@ broker::expected val_to_data(const Val* v) for ( auto i = 0u; i < vec->Size(); ++i ) { - const auto& item_val = vec->At(i); + auto item_val = vec->ValAt(i); if ( ! item_val ) continue; diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index e24b11261b..c99ee1ba6d 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -443,7 +443,7 @@ bool Manager::PublishEvent(string topic, RecordVal* args) for ( auto i = 0u; i < vv->Size(); ++i ) { - const auto& val = vv->At(i)->AsRecordVal()->GetField(0); + const auto& val = vv->RecordValAt(i)->GetField(0); auto data_val = static_cast(val.get()); xs.emplace_back(data_val->data); } diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif index a754ec19b0..3f18ed163f 100644 --- a/src/file_analysis/analyzer/x509/functions.bif +++ b/src/file_analysis/analyzer/x509/functions.bif @@ -37,7 +37,7 @@ STACK_OF(X509)* x509_get_untrusted_stack(zeek::VectorVal* certs_vec) for ( int i = 1; i < (int) certs_vec->Size(); ++i ) // start at 1 - 0 is host cert { - const auto& sv = certs_vec->At(i); + auto sv = certs_vec->ValAt(i); if ( ! sv ) continue; @@ -232,7 +232,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c // host certificate unsigned int index = 0; // to prevent overloading to 0pointer - const auto& sv = certs_vec->At(index); + auto sv = certs_vec->ValAt(index); if ( ! sv ) { zeek::emit_builtin_error("undefined value in certificate vector"); @@ -518,7 +518,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str // host certificate unsigned int index = 0; // to prevent overloading to 0pointer - const auto& sv = certs_vec->At(index); + auto sv = certs_vec->ValAt(index); if ( !sv ) { zeek::emit_builtin_error("undefined value in certificate vector"); diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 77dd8205b9..27b2216262 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -1045,7 +1045,7 @@ threading::Value* Manager::ValToLogVal(Val* val, Type* ty) for ( bro_int_t i = 0; i < lval->val.vector_val.size; i++ ) { lval->val.vector_val.vals[i] = - ValToLogVal(vec->At(i).get(), + ValToLogVal(vec->ValAt(i).get(), vec->GetType()->Yield().get()); } diff --git a/src/strings.bif b/src/strings.bif index 6ef0918ec6..0d3812f267 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -104,7 +104,7 @@ function join_string_vec%(vec: string_vec, sep: string%): string if ( i > 0 ) d.Add(sep->CheckString(), 0); - const auto& e = v->At(i); + auto e = v->ValAt(i); // If the element is empty, skip it. if ( ! e ) diff --git a/src/supervisor/Supervisor.cc b/src/supervisor/Supervisor.cc index 76b760835b..f8d957c482 100644 --- a/src/supervisor/Supervisor.cc +++ b/src/supervisor/Supervisor.cc @@ -1255,7 +1255,7 @@ Supervisor::NodeConfig Supervisor::NodeConfig::FromRecord(const RecordVal* node) for ( auto i = 0u; i < scripts_val->Size(); ++i ) { - auto script = scripts_val->At(i)->AsStringVal()->ToStdString(); + auto script = scripts_val->StringValAt(i)->ToStdString(); rval.scripts.emplace_back(std::move(script)); } diff --git a/src/zeek.bif b/src/zeek.bif index 25c15d12dd..184c9280cb 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -815,7 +815,7 @@ function paraglob_init%(v: any%) : opaque of paraglob VectorVal* vv = v->AsVectorVal(); for ( unsigned int i = 0; i < vv->Size(); ++i ) { - const String* s = vv->At(i)->AsString(); + auto s = vv->StringAt(i); patterns.push_back(std::string(reinterpret_cast(s->Bytes()), s->Len())); } @@ -1293,7 +1293,7 @@ function any_set%(v: any%) : bool VectorVal* vv = v->AsVectorVal(); for ( unsigned int i = 0; i < vv->Size(); ++i ) - if ( vv->At(i) && vv->At(i)->AsBool() ) + if ( vv->BoolAt(i) ) return zeek::val_mgr->True(); return zeek::val_mgr->False(); @@ -1322,7 +1322,7 @@ function all_set%(v: any%) : bool VectorVal* vv = v->AsVectorVal(); for ( unsigned int i = 0; i < vv->Size(); ++i ) - if ( ! vv->At(i) || ! vv->At(i)->AsBool() ) + if ( ! vv->BoolAt(i) ) return zeek::val_mgr->False(); return zeek::val_mgr->True(); From e363bab55facd5748b34924cfa2ecdc436321438 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 13:51:06 -0800 Subject: [PATCH 10/42] base support for differentiated record field accessors --- src/Sessions.cc | 4 +- src/Val.h | 120 ++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 109 insertions(+), 15 deletions(-) diff --git a/src/Sessions.cc b/src/Sessions.cc index 62f0714aa8..35481f30aa 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -344,8 +344,8 @@ Connection* NetSessions::FindConnection(Val* v) const IPAddr& orig_addr = vl->GetFieldAs(orig_h); const IPAddr& resp_addr = vl->GetFieldAs(resp_h); - const PortVal* orig_portv = vl->GetFieldAs(orig_p); - const PortVal* resp_portv = vl->GetFieldAs(resp_p); + auto orig_portv = vl->GetFieldAs(orig_p); + auto resp_portv = vl->GetFieldAs(resp_p); ConnID id; diff --git a/src/Val.h b/src/Val.h index 9eb639f10d..e7998bded6 100644 --- a/src/Val.h +++ b/src/Val.h @@ -73,6 +73,7 @@ class EnumVal; class OpaqueVal; class VectorVal; class TableEntryVal; +class TypeVal; using AddrValPtr = IntrusivePtr; using EnumValPtr = IntrusivePtr; @@ -446,14 +447,19 @@ public: // Returns a masked port number static uint32_t Mask(uint32_t port_num, TransportProto port_type); - const PortVal* Get() const { return AsPortVal(); } - protected: friend class ValManager; PortVal(uint32_t p); void ValDescribe(ODesc* d) const override; ValPtr DoClone(CloneState* state) override; + +private: + // This method is just here to trick the interface in + // `RecordVal::GetFieldAs` into returning the right type. + // It shouldn't actually be used for anything. + friend class RecordVal; + PortValPtr Get() { return {NewRef{}, this}; } }; class AddrVal final : public Val { @@ -996,6 +1002,39 @@ private: PDict* table_val; }; +// This would be way easier with is_convertible_v, but sadly that won't +// work here because Obj has deleted copy constructors (and for good +// reason). Instead we make up our own type trait here that basically +// combines a bunch of is_same traits into a single trait to make life +// easier in the definitions of GetFieldAs(). +template +struct is_zeek_val + { + static const bool value = std::disjunction_v< + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same, + std::is_same>; + }; +template +inline constexpr bool is_zeek_val_v = is_zeek_val::value; + class RecordVal final : public Val, public notifier::detail::Modifiable { public: explicit RecordVal(RecordTypePtr t, bool init_fields = true); @@ -1148,22 +1187,77 @@ public: // The following return the given field converted to a particular // underlying value. We provide these to enable efficient - // access to record fields (without requiring an intermediary Val) - // if we change the underlying representation of records. - template - auto GetFieldAs(int field) const -> std::invoke_result_t + // access to record fields (without requiring an intermediary Val). + // It is up to the caller to ensure that the field exists in the + // record (using HasField(), if necessary). + template , bool> = true> + auto GetFieldAs(int field) const -> std::invoke_result_t { - auto field_ptr = GetField(field); - auto field_val_ptr = static_cast(field_ptr.get()); - return field_val_ptr->Get(); + if constexpr ( std::is_same_v || + std::is_same_v || + std::is_same_v ) + return record_val->at(field).int_val; + else if constexpr ( std::is_same_v ) + return record_val->at(field).uint_val; + else if constexpr ( std::is_same_v || + std::is_same_v || + std::is_same_v ) + return record_val->at(field).double_val; + else if constexpr ( std::is_same_v ) + return val_mgr->Port(record_val->at(field).uint_val); + else if constexpr ( std::is_same_v ) + return record_val->at(field).string_val->Get(); + else if constexpr ( std::is_same_v ) + return record_val->at(field).addr_val->Get(); + else if constexpr ( std::is_same_v ) + return record_val->at(field).subnet_val->Get(); + else if constexpr ( std::is_same_v ) + return *(record_val->at(field).file_val); + else if constexpr ( std::is_same_v ) + return *(record_val->at(field).func_val); + else if constexpr ( std::is_same_v ) + return record_val->at(field).re_val->Get(); + else if constexpr ( std::is_same_v ) + return record_val->at(field).record_val; + else if constexpr ( std::is_same_v ) + return record_val->at(field).vector_val; + else if constexpr ( std::is_same_v ) + return record_val->at(field).table_val->Get(); + else + { + // TODO: error here, although because of the + // type trait it really shouldn't ever get here. + } + } + + template , bool> = true> + T GetFieldAs(int field) const + { + if constexpr ( std::is_integral_v && std::is_signed_v ) + return record_val->at(field).int_val; + else if constexpr ( std::is_integral_v && + std::is_unsigned_v ) + return record_val->at(field).uint_val; + else if constexpr ( std::is_floating_point_v ) + return record_val->at(field).double_val; + + // Could add other types here using type traits, + // such as is_same_v, etc. + + return T{}; } template - auto GetFieldAs(const char* field) const -> std::invoke_result_t + auto GetFieldAs(const char* field) const { - auto field_ptr = GetField(field); - auto field_val_ptr = static_cast(field_ptr.get()); - return field_val_ptr->Get(); + int idx = GetType()->AsRecordType()->FieldOffset(field); + + if ( idx < 0 ) + reporter->InternalError("missing record field: %s", field); + + return GetFieldAs(idx); } void Describe(ODesc* d) const override; From 931cec4e067ce753c69741db1ca15d84b053a9ea Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 14:47:44 -0800 Subject: [PATCH 11/42] use differentiated record field accessors --- src/Conn.cc | 2 +- src/SmithWaterman.cc | 2 +- src/Val.h | 7 +++++++ src/analyzer/protocol/conn-size/ConnSize.cc | 4 ++-- src/analyzer/protocol/rpc/Portmap.cc | 4 ++-- src/analyzer/protocol/tcp/TCP.cc | 6 +++--- src/analyzer/protocol/udp/UDP.cc | 4 ++-- src/broker/Manager.cc | 2 +- src/broker/Store.cc | 2 +- src/zeek.bif | 3 +-- 10 files changed, 21 insertions(+), 15 deletions(-) diff --git a/src/Conn.cc b/src/Conn.cc index fd158b5476..591d80b7f2 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -631,7 +631,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label) { if ( conn_val ) { - RecordVal* endp = conn_val->GetField(is_orig ? 1 : 2)->AsRecordVal(); + RecordVal* endp = conn_val->GetFieldAs(is_orig ? 1 : 2); endp->Assign(4, val_mgr->Count(flow_label)); } diff --git a/src/SmithWaterman.cc b/src/SmithWaterman.cc index 1b2bebea09..1b567e0b05 100644 --- a/src/SmithWaterman.cc +++ b/src/SmithWaterman.cc @@ -111,7 +111,7 @@ Substring::Vec* Substring::VecFromPolicy(VectorVal* vec) const String* str = v->GetFieldAs(0); auto* substr = new Substring(*str); - const VectorVal* aligns = v->GetField(1)->AsVectorVal(); + const VectorVal* aligns = v->GetFieldAs(1); for ( unsigned int j = 1; j <= aligns->Size(); ++j ) { const RecordVal* align = aligns->AsVectorVal()->RecordValAt(j); diff --git a/src/Val.h b/src/Val.h index e7998bded6..7825869274 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1310,6 +1310,9 @@ protected: static RecordTypeValMap parse_time_records; private: + // Just for template inferencing. + RecordVal* Get() { return this; } + // Keep this handy for quick access during low-level operations. RecordTypePtr rt; @@ -1479,6 +1482,10 @@ protected: ValPtr DoClone(CloneState* state) override; private: + // Just for template inferencing. + friend class RecordVal; + VectorVal* Get() { return this; } + // Check the type of the given element against our current // yield type and adjust as necessary. Returns whether the // element type-checked. diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index 468d6fb17d..b5214749b0 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -171,8 +171,8 @@ void ConnSize_Analyzer::SetDurationThreshold(double duration) void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val) { // RecordType *connection_type is decleared in NetVar.h - RecordVal* orig_endp = conn_val->GetField("orig")->AsRecordVal(); - RecordVal* resp_endp = conn_val->GetField("resp")->AsRecordVal(); + RecordVal* orig_endp = conn_val->GetFieldAs("orig"); + RecordVal* resp_endp = conn_val->GetFieldAs("resp"); // endpoint is the RecordType from NetVar.h int pktidx = id::endpoint->FieldOffset("num_pkts"); diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 302428a56b..3d0893a363 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -126,8 +126,8 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu return false; RecordVal* rv = c->RequestVal()->AsRecordVal(); - const auto& is_tcp = rv->GetField(2); - reply = val_mgr->Port(CheckPort(port), is_tcp->IsOne() ? + auto is_tcp = rv->GetFieldAs(2); + reply = val_mgr->Port(CheckPort(port), is_tcp ? TRANSPORT_TCP : TRANSPORT_UDP); event = pm_request_getport; } diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index de60ddc60d..e6b29a000c 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -1099,7 +1099,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, { SynWeirds(flags, endpoint, len); RecordVal* SYN_vals = build_syn_packet_val(is_orig, ip, tp); - init_window(endpoint, peer, flags, SYN_vals->GetField(5)->CoerceToInt(), + init_window(endpoint, peer, flags, SYN_vals->GetFieldAs(5), base_seq, ack_seq); if ( connection_SYN_packet ) @@ -1282,8 +1282,8 @@ void TCP_Analyzer::FlipRoles() void TCP_Analyzer::UpdateConnVal(RecordVal *conn_val) { - RecordVal* orig_endp_val = conn_val->GetField("orig")->AsRecordVal(); - RecordVal* resp_endp_val = conn_val->GetField("resp")->AsRecordVal(); + auto orig_endp_val = conn_val->GetFieldAs("orig"); + auto resp_endp_val = conn_val->GetFieldAs("resp"); orig_endp_val->Assign(0, val_mgr->Count(orig->Size())); orig_endp_val->Assign(1, val_mgr->Count(int(orig->state))); diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 4ea5ccfbf3..b24e30fb1b 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -220,8 +220,8 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, void UDP_Analyzer::UpdateConnVal(RecordVal* conn_val) { - RecordVal* orig_endp = conn_val->GetField("orig")->AsRecordVal(); - RecordVal* resp_endp = conn_val->GetField("resp")->AsRecordVal(); + auto orig_endp = conn_val->GetFieldAs("orig"); + auto resp_endp = conn_val->GetFieldAs("resp"); UpdateEndpointVal(orig_endp, true); UpdateEndpointVal(resp_endp, false); diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index c99ee1ba6d..656da437af 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -437,7 +437,7 @@ bool Manager::PublishEvent(string topic, RecordVal* args) return false; auto event_name = args->GetFieldAs(0)->CheckString(); - auto vv = args->GetField(1)->AsVectorVal(); + auto vv = args->GetFieldAs(1); broker::vector xs; xs.reserve(vv->Size()); diff --git a/src/broker/Store.cc b/src/broker/Store.cc index ea151b08c6..fbce52160f 100644 --- a/src/broker/Store.cc +++ b/src/broker/Store.cc @@ -67,7 +67,7 @@ broker::backend_options to_backend_options(broker::backend backend, switch ( backend ) { case broker::backend::sqlite: { - auto path = options->GetField(0)->AsRecordVal() + auto path = options->GetFieldAs(0) ->GetFieldAs(0)->CheckString(); return {{"path", path}}; } diff --git a/src/zeek.bif b/src/zeek.bif index 184c9280cb..91e0120ba7 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -3435,8 +3435,7 @@ function lookup_connection%(cid: conn_id%): connection %%{ const char* conn_id_string(zeek::Val* c) { - auto id = c->As()->GetField(0); - auto id_r = id->As(); + auto id_r = c->As()->GetFieldAs(0); const zeek::IPAddr& orig_h = id_r->GetFieldAs(0); uint32_t orig_p = id_r->GetFieldAs(1)->Port(); From c757db2714b9cf7fb44e9a69097a5c7b2d2da5bc Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 15:04:46 -0800 Subject: [PATCH 12/42] new RecordVal Remove() method to clear a field --- src/Val.cc | 18 ++++++++++++------ src/Val.h | 7 +++++++ 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/src/Val.cc b/src/Val.cc index 2068092cbf..b08855f8ea 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2879,23 +2879,29 @@ ValPtr RecordVal::SizeVal() const void RecordVal::Assign(int field, ValPtr new_val) { - auto t = rt->GetFieldType(field); - if ( new_val ) { + auto t = rt->GetFieldType(field); (*record_val)[field] = ZVal(new_val, t); (*is_in_record)[field] = true; + Modified(); } else + Remove(field); + } + +void RecordVal::Remove(int field) + { + if ( HasField(field) ) { - if ( HasField(field) ) - DeleteIfManaged((*record_val)[field], t); + auto t = rt->GetFieldType(field); + DeleteIfManaged((*record_val)[field], t); (*record_val)[field] = ZVal(); (*is_in_record)[field] = false; - } - Modified(); + Modified(); + } } ValPtr RecordVal::GetFieldOrDefault(int field) const diff --git a/src/Val.h b/src/Val.h index 7825869274..65635d8d15 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1061,6 +1061,13 @@ public: void Assign(int field, Ts&&... args) { Assign(field, make_intrusive(std::forward(args)...)); } + /** + * Sets the given record field to not-in-record. Equivalent to + * Assign using a nil ValPtr. + * @param field The field index to remove. + */ + void Remove(int field); + /** * Appends a value to the record's fields. The caller is responsible * for ensuring that fields are appended in the correct order and From b6f4f897c6c9f291ff4d312d6fd22c9a4affb49f Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 15:28:37 -0800 Subject: [PATCH 13/42] migrate to using RecordVal's new Remove() method --- src/Expr.cc | 4 ++-- src/analyzer/protocol/rpc/MOUNT.cc | 5 ----- src/analyzer/protocol/rpc/NFS.cc | 13 ------------- src/broker/Data.cc | 2 +- src/broker/Manager.cc | 4 ++-- 5 files changed, 5 insertions(+), 23 deletions(-) diff --git a/src/Expr.cc b/src/Expr.cc index 2876369145..eecc2aa3a2 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -3921,7 +3921,7 @@ ValPtr RecordCoerceExpr::Fold(Val* v) const if ( ! rhs ) { // Optional field is missing. - val->Assign(i, nullptr); + val->Remove(i); continue; } @@ -3968,7 +3968,7 @@ ValPtr RecordCoerceExpr::Fold(Val* v) const val->Assign(i, std::move(def_val)); } else - val->Assign(i, nullptr); + val->Remove(i); } } diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index c321486cb8..d857d37288 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -272,11 +272,6 @@ RecordValPtr MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n, rep->Assign(1, std::move(auth_flavors)); } - else - { - rep->Assign(0, nullptr); - rep->Assign(1, nullptr); - } return rep; } diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index 856a1b6254..589f3ac1bd 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -353,22 +353,18 @@ RecordValPtr NFS_Interp::nfs3_sattr(const u_char*& buf, int& n) { auto attrs = make_intrusive(BifType::Record::NFS3::sattr_t); - attrs->Assign(0, nullptr); // mode int mode_set_it = extract_XDR_uint32(buf, n); if ( mode_set_it ) attrs->Assign(0, ExtractUint32(buf, n)); // mode - attrs->Assign(1, nullptr); // uid int uid_set_it = extract_XDR_uint32(buf, n); if ( uid_set_it ) attrs->Assign(1, ExtractUint32(buf, n)); // uid - attrs->Assign(2, nullptr); // gid int gid_set_it = extract_XDR_uint32(buf, n); if ( gid_set_it ) attrs->Assign(2, ExtractUint32(buf, n)); // gid - attrs->Assign(3, nullptr); // size int size_set_it = extract_XDR_uint32(buf, n); if ( size_set_it ) attrs->Assign(3, ExtractTime(buf, n)); // size @@ -389,11 +385,6 @@ RecordValPtr NFS_Interp::nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::N rep->Assign(0, nfs3_pre_op_attr(buf, n)); rep->Assign(1, nfs3_post_op_attr(buf, n)); } - else - { - rep->Assign(1, nullptr); - rep->Assign(2, nullptr); - } return rep; } @@ -536,8 +527,6 @@ RecordValPtr NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum:: } else { - rep->Assign(0, nullptr); - rep->Assign(1, nullptr); rep->Assign(2, nfs3_post_op_attr(buf, n)); } return rep; @@ -698,8 +687,6 @@ RecordValPtr NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum:: } else { - rep->Assign(0, nullptr); - rep->Assign(1, nullptr); rep->Assign(2, nfs3_pre_op_attr(buf, n)); rep->Assign(3, nfs3_post_op_attr(buf, n)); } diff --git a/src/broker/Data.cc b/src/broker/Data.cc index d8d03c709d..a54e30287c 100644 --- a/src/broker/Data.cc +++ b/src/broker/Data.cc @@ -430,7 +430,7 @@ struct val_converter { if ( caf::get_if(&a[idx]) != nullptr ) { - rval->Assign(i, nullptr); + rval->Remove(i); ++idx; continue; } diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 656da437af..07bca256f6 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -793,7 +793,7 @@ RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame) if ( ! same_type(got_type, expected_type) ) { - rval->Assign(0, nullptr); + rval->Remove(0); Error("event parameter #%d type mismatch, got %s, expect %s", i, type_name(got_type->Tag()), type_name(expected_type->Tag())); @@ -809,7 +809,7 @@ RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame) if ( ! data_val->HasField(0) ) { - rval->Assign(0, nullptr); + rval->Remove(0); Error("failed to convert param #%d of type %s to broker data", i, type_name(got_type->Tag())); return rval; From 53fea053deb466d2347c8f897acfd5df9df902ce Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 15:29:14 -0800 Subject: [PATCH 14/42] fix for fencepost error when looping over vectors --- src/Stmt.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Stmt.cc b/src/Stmt.cc index 11381ed733..95eb9a1035 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -1324,7 +1324,7 @@ ValPtr ForStmt::DoExec(Frame* f, Val* v, StmtFlowType& flow) const { VectorVal* vv = v->AsVectorVal(); - for ( auto i = 0u; i <= vv->Size(); ++i ) + for ( auto i = 0u; i < vv->Size(); ++i ) { // Set the loop variable to the current index, and make // another pass over the loop body. From 4213245633e7a8a01799306eddf235c460143a75 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 15:32:37 -0800 Subject: [PATCH 15/42] RecordVal methods for differentiated setting of record fields --- src/Val.h | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/src/Val.h b/src/Val.h index 65635d8d15..11ba8e5ac8 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1068,6 +1068,64 @@ public: */ void Remove(int field); + // The following provide efficient record field assignments. + void Assign(int field, bool new_val) + { + (*record_val)[field].int_val = int(new_val); + AddedField(field); + } + + void Assign(int field, int new_val) + { + (*record_val)[field].int_val = new_val; + AddedField(field); + } + + // For unsigned, we provide both uint32_t and uint64_t versions + // for convenience, since sometimes the caller has one rather + // than the other. + void Assign(int field, uint32_t new_val) + { + (*record_val)[field].uint_val = new_val; + AddedField(field); + } + void Assign(int field, uint64_t new_val) + { + (*record_val)[field].uint_val = new_val; + AddedField(field); + } + + void Assign(int field, double new_val) + { + (*record_val)[field].double_val = new_val; + AddedField(field); + } + + // The following two are the same as the previous method, + // but we use the names so that in the future if it would + // be helpful, we can track the intent of the underlying + // value representing a time or an interval. + void AssignTime(int field, double new_val) + { Assign(field, new_val); } + void AssignInterval(int field, double new_val) + { Assign(field, new_val); } + + void Assign(int field, const char* new_val) + { + (*record_val)[field].string_val = new StringVal(new_val); + AddedField(field); + } + void Assign(int field, const std::string& new_val) + { + (*record_val)[field].string_val = new StringVal(new_val); + AddedField(field); + } + void Assign(int field, String* new_val) + { + (*record_val)[field].string_val = new StringVal(new_val); + AddedField(field); + } + /** * Appends a value to the record's fields. The caller is responsible * for ensuring that fields are appended in the correct order and @@ -1311,6 +1369,12 @@ public: protected: ValPtr DoClone(CloneState* state) override; + void AddedField(int field) + { + (*is_in_record)[field] = true; + Modified(); + } + Obj* origin; using RecordTypeValMap = std::unordered_map>; From 62bab661140df3d24083528c7c77e07df2966f7a Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 16:59:26 -0800 Subject: [PATCH 16/42] migration to using new differentiated methods for setting record fields --- src/Conn.cc | 32 +-- src/DNS_Mgr.cc | 6 +- src/File.cc | 2 +- src/IP.cc | 155 +++++++------- src/RuleMatcher.cc | 6 +- src/SmithWaterman.cc | 8 +- src/Stmt.cc | 2 +- src/TunnelEncapsulation.cc | 2 +- src/Type.cc | 4 +- src/ZeekArgs.cc | 4 +- .../protocol/bittorrent/BitTorrentTracker.cc | 2 +- src/analyzer/protocol/conn-size/ConnSize.cc | 8 +- src/analyzer/protocol/dhcp/dhcp-analyzer.pac | 12 +- src/analyzer/protocol/dhcp/dhcp-options.pac | 24 +-- src/analyzer/protocol/dns/DNS.cc | 202 +++++++++--------- src/analyzer/protocol/ftp/functions.bif | 6 +- .../protocol/gtpv1/gtpv1-analyzer.pac | 49 +++-- src/analyzer/protocol/http/HTTP.cc | 20 +- src/analyzer/protocol/icmp/ICMP.cc | 66 +++--- src/analyzer/protocol/irc/IRC.cc | 18 +- src/analyzer/protocol/krb/krb-analyzer.pac | 30 +-- src/analyzer/protocol/krb/krb-padata.pac | 8 +- .../protocol/modbus/modbus-analyzer.pac | 8 +- .../protocol/mqtt/commands/connack.pac | 4 +- .../protocol/mqtt/commands/connect.pac | 10 +- .../protocol/mqtt/commands/publish.pac | 8 +- src/analyzer/protocol/ntlm/ntlm-analyzer.pac | 56 ++--- src/analyzer/protocol/ntp/ntp-analyzer.pac | 42 ++-- .../protocol/radius/radius-analyzer.pac | 4 +- src/analyzer/protocol/rdp/rdp-analyzer.pac | 90 ++++---- src/analyzer/protocol/rpc/MOUNT.cc | 22 +- src/analyzer/protocol/rpc/NFS.cc | 50 ++--- src/analyzer/protocol/rpc/NFS.h | 10 +- src/analyzer/protocol/rpc/Portmap.cc | 18 +- src/analyzer/protocol/smb/smb-time.pac | 14 +- .../protocol/smb/smb1-com-negotiate.pac | 80 +++---- .../smb/smb1-com-session-setup-andx.pac | 56 ++--- .../smb/smb1-com-transaction-secondary.pac | 16 +- .../smb/smb1-com-transaction2-secondary.pac | 18 +- .../protocol/smb/smb1-com-transaction2.pac | 34 +-- src/analyzer/protocol/smb/smb1-protocol.pac | 16 +- src/analyzer/protocol/smb/smb2-com-close.pac | 4 +- src/analyzer/protocol/smb/smb2-com-create.pac | 8 +- .../protocol/smb/smb2-com-negotiate.pac | 6 +- .../protocol/smb/smb2-com-session-setup.pac | 8 +- .../protocol/smb/smb2-com-set-info.pac | 12 +- .../smb/smb2-com-transform-header.pac | 6 +- .../protocol/smb/smb2-com-tree-connect.pac | 2 +- src/analyzer/protocol/smb/smb2-protocol.pac | 64 +++--- src/analyzer/protocol/snmp/snmp-analyzer.pac | 12 +- src/analyzer/protocol/ssh/ssh-analyzer.pac | 2 +- .../protocol/ssl/tls-handshake-analyzer.pac | 26 +-- src/analyzer/protocol/tcp/TCP.cc | 50 ++--- src/analyzer/protocol/teredo/Teredo.cc | 10 +- src/analyzer/protocol/udp/UDP.cc | 8 +- src/broker/Manager.cc | 8 +- src/broker/comm.bif | 2 +- src/file_analysis/File.cc | 24 +-- src/file_analysis/Manager.cc | 4 +- src/file_analysis/analyzer/entropy/Entropy.cc | 10 +- src/file_analysis/analyzer/pe/pe-analyzer.pac | 102 ++++----- .../analyzer/unified2/unified2-analyzer.pac | 54 ++--- src/file_analysis/analyzer/x509/X509.cc | 26 +-- src/file_analysis/analyzer/x509/X509Common.cc | 8 +- src/file_analysis/analyzer/x509/functions.bif | 4 +- src/iosource/Packet.cc | 10 +- src/iosource/pcap/pcap.bif | 10 +- src/logging/Manager.cc | 16 +- src/logging/writers/ascii/Ascii.cc | 10 +- src/stats.bif | 124 +++++------ src/supervisor/Supervisor.cc | 20 +- src/supervisor/supervisor.bif | 2 +- src/util.cc | 8 +- src/zeek.bif | 88 ++++---- 74 files changed, 982 insertions(+), 988 deletions(-) diff --git a/src/Conn.cc b/src/Conn.cc index 591d80b7f2..6cbf140228 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -343,23 +343,23 @@ const RecordValPtr& Connection::ConnVal() id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type)); auto orig_endp = make_intrusive(id::endpoint); - orig_endp->Assign(0, val_mgr->Count(0)); - orig_endp->Assign(1, val_mgr->Count(0)); - orig_endp->Assign(4, val_mgr->Count(orig_flow_label)); + orig_endp->Assign(0, 0); + orig_endp->Assign(1, 0); + orig_endp->Assign(4, orig_flow_label); const int l2_len = sizeof(orig_l2_addr); char null[l2_len]{}; if ( memcmp(&orig_l2_addr, &null, l2_len) != 0 ) - orig_endp->Assign(5, make_intrusive(fmt_mac(orig_l2_addr, l2_len))); + orig_endp->Assign(5, fmt_mac(orig_l2_addr, l2_len)); auto resp_endp = make_intrusive(id::endpoint); - resp_endp->Assign(0, val_mgr->Count(0)); - resp_endp->Assign(1, val_mgr->Count(0)); - resp_endp->Assign(4, val_mgr->Count(resp_flow_label)); + resp_endp->Assign(0, 0); + resp_endp->Assign(1, 0); + resp_endp->Assign(4, resp_flow_label); if ( memcmp(&resp_l2_addr, &null, l2_len) != 0 ) - resp_endp->Assign(5, make_intrusive(fmt_mac(resp_l2_addr, l2_len))); + resp_endp->Assign(5, fmt_mac(resp_l2_addr, l2_len)); conn_val->Assign(0, std::move(id_val)); conn_val->Assign(1, std::move(orig_endp)); @@ -371,25 +371,25 @@ const RecordValPtr& Connection::ConnVal() if ( ! uid ) uid.Set(zeek::detail::bits_per_uid); - conn_val->Assign(7, make_intrusive(uid.Base62("C").c_str())); + conn_val->Assign(7, uid.Base62("C")); if ( encapsulation && encapsulation->Depth() > 0 ) conn_val->Assign(8, encapsulation->ToVal()); if ( vlan != 0 ) - conn_val->Assign(9, val_mgr->Int(vlan)); + conn_val->Assign(9, vlan); if ( inner_vlan != 0 ) - conn_val->Assign(10, val_mgr->Int(inner_vlan)); + conn_val->Assign(10, inner_vlan); } if ( root_analyzer ) root_analyzer->UpdateConnVal(conn_val.get()); - conn_val->Assign(3, make_intrusive(start_time)); // ### - conn_val->Assign(4, make_intrusive(last_time - start_time)); - conn_val->Assign(6, make_intrusive(history.c_str())); + conn_val->AssignTime(3, start_time); // ### + conn_val->AssignInterval(4, last_time - start_time); + conn_val->Assign(6, history); conn_val->SetOrigin(this); @@ -418,7 +418,7 @@ void Connection::AppendAddl(const char* str) const char* old = cv->GetFieldAs(6)->CheckString(); const char* format = *old ? "%s %s" : "%s%s"; - cv->Assign(6, make_intrusive(util::fmt(format, old, str))); + cv->Assign(6, util::fmt(format, old, str)); } // Returns true if the character at s separates a version number. @@ -632,7 +632,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label) if ( conn_val ) { RecordVal* endp = conn_val->GetFieldAs(is_orig ? 1 : 2); - endp->Assign(4, val_mgr->Count(flow_label)); + endp->Assign(4, flow_label); } if ( connection_flow_label_changed && diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 67578b0034..6dcbb80cdf 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -718,10 +718,10 @@ ValPtr DNS_Mgr::BuildMappingVal(DNS_Mapping* dm) { auto r = make_intrusive(dm_rec); - r->Assign(0, make_intrusive(dm->CreationTime())); - r->Assign(1, make_intrusive(dm->ReqHost() ? dm->ReqHost() : "")); + r->AssignTime(0, dm->CreationTime()); + r->Assign(1, dm->ReqHost() ? dm->ReqHost() : ""); r->Assign(2, make_intrusive(dm->ReqAddr())); - r->Assign(3, val_mgr->Bool(dm->Valid())); + r->Assign(3, dm->Valid()); auto h = dm->Host(); r->Assign(4, h ? std::move(h) : make_intrusive("")); diff --git a/src/File.cc b/src/File.cc index 964c92da14..9216d29416 100644 --- a/src/File.cc +++ b/src/File.cc @@ -290,7 +290,7 @@ RecordVal* File::Rotate() return nullptr; } - info->Assign(2, open_time); + info->AssignTime(2, open_time); Unlink(); diff --git a/src/IP.cc b/src/IP.cc index 67473c8532..e85ba0a39c 100644 --- a/src/IP.cc +++ b/src/IP.cc @@ -24,12 +24,12 @@ static VectorValPtr BuildOptionsVal(const u_char* data, int len) static auto ip6_option_type = id::find_type("ip6_option"); const struct ip6_opt* opt = (const struct ip6_opt*) data; auto rv = make_intrusive(ip6_option_type); - rv->Assign(0, val_mgr->Count(opt->ip6o_type)); + rv->Assign(0, opt->ip6o_type); if ( opt->ip6o_type == 0 ) { // Pad1 option - rv->Assign(1, val_mgr->Count(0)); + rv->Assign(1, 0); rv->Assign(2, val_mgr->EmptyString()); data += sizeof(uint8_t); len -= sizeof(uint8_t); @@ -38,9 +38,8 @@ static VectorValPtr BuildOptionsVal(const u_char* data, int len) { // PadN or other option uint16_t off = 2 * sizeof(uint8_t); - rv->Assign(1, val_mgr->Count(opt->ip6o_len)); - rv->Assign(2, make_intrusive( - new String(data + off, opt->ip6o_len, true))); + rv->Assign(1, opt->ip6o_len); + rv->Assign(2, new String(data + off, opt->ip6o_len, true)); data += opt->ip6o_len + off; len -= opt->ip6o_len + off; } @@ -61,11 +60,11 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const static auto ip6_hdr_type = id::find_type("ip6_hdr"); rv = make_intrusive(ip6_hdr_type); const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data; - rv->Assign(0, val_mgr->Count((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20)); - rv->Assign(1, val_mgr->Count(ntohl(ip6->ip6_flow) & 0x000fffff)); - rv->Assign(2, val_mgr->Count(ntohs(ip6->ip6_plen))); - rv->Assign(3, val_mgr->Count(ip6->ip6_nxt)); - rv->Assign(4, val_mgr->Count(ip6->ip6_hlim)); + rv->Assign(0, (ntohl(ip6->ip6_flow) & 0x0ff00000)>>20); + rv->Assign(1, ntohl(ip6->ip6_flow) & 0x000fffff); + rv->Assign(2, ntohs(ip6->ip6_plen)); + rv->Assign(3, ip6->ip6_nxt); + rv->Assign(4, ip6->ip6_hlim); rv->Assign(5, make_intrusive(IPAddr(ip6->ip6_src))); rv->Assign(6, make_intrusive(IPAddr(ip6->ip6_dst))); if ( ! chain ) @@ -80,8 +79,8 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const static auto ip6_hopopts_type = id::find_type("ip6_hopopts"); rv = make_intrusive(ip6_hopopts_type); const struct ip6_hbh* hbh = (const struct ip6_hbh*)data; - rv->Assign(0, val_mgr->Count(hbh->ip6h_nxt)); - rv->Assign(1, val_mgr->Count(hbh->ip6h_len)); + rv->Assign(0, hbh->ip6h_nxt); + rv->Assign(1, hbh->ip6h_len); uint16_t off = 2 * sizeof(uint8_t); rv->Assign(2, BuildOptionsVal(data + off, Length() - off)); @@ -93,8 +92,8 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const static auto ip6_dstopts_type = id::find_type("ip6_dstopts"); rv = make_intrusive(ip6_dstopts_type); const struct ip6_dest* dst = (const struct ip6_dest*)data; - rv->Assign(0, val_mgr->Count(dst->ip6d_nxt)); - rv->Assign(1, val_mgr->Count(dst->ip6d_len)); + rv->Assign(0, dst->ip6d_nxt); + rv->Assign(1, dst->ip6d_len); uint16_t off = 2 * sizeof(uint8_t); rv->Assign(2, BuildOptionsVal(data + off, Length() - off)); } @@ -105,12 +104,12 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const static auto ip6_routing_type = id::find_type("ip6_routing"); rv = make_intrusive(ip6_routing_type); const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data; - rv->Assign(0, val_mgr->Count(rt->ip6r_nxt)); - rv->Assign(1, val_mgr->Count(rt->ip6r_len)); - rv->Assign(2, val_mgr->Count(rt->ip6r_type)); - rv->Assign(3, val_mgr->Count(rt->ip6r_segleft)); + rv->Assign(0, rt->ip6r_nxt); + rv->Assign(1, rt->ip6r_len); + rv->Assign(2, rt->ip6r_type); + rv->Assign(3, rt->ip6r_segleft); uint16_t off = 4 * sizeof(uint8_t); - rv->Assign(4, make_intrusive(new String(data + off, Length() - off, true))); + rv->Assign(4, new String(data + off, Length() - off, true)); } break; @@ -119,12 +118,12 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const static auto ip6_fragment_type = id::find_type("ip6_fragment"); rv = make_intrusive(ip6_fragment_type); const struct ip6_frag* frag = (const struct ip6_frag*)data; - rv->Assign(0, val_mgr->Count(frag->ip6f_nxt)); - rv->Assign(1, val_mgr->Count(frag->ip6f_reserved)); - rv->Assign(2, val_mgr->Count((ntohs(frag->ip6f_offlg) & 0xfff8)>>3)); - rv->Assign(3, val_mgr->Count((ntohs(frag->ip6f_offlg) & 0x0006)>>1)); - rv->Assign(4, val_mgr->Bool(ntohs(frag->ip6f_offlg) & 0x0001)); - rv->Assign(5, val_mgr->Count(ntohl(frag->ip6f_ident))); + rv->Assign(0, frag->ip6f_nxt); + rv->Assign(1, frag->ip6f_reserved); + rv->Assign(2, (ntohs(frag->ip6f_offlg) & 0xfff8)>>3); + rv->Assign(3, (ntohs(frag->ip6f_offlg) & 0x0006)>>1); + rv->Assign(4, bool(ntohs(frag->ip6f_offlg) & 0x0001)); + rv->Assign(5, ntohl(frag->ip6f_ident)); } break; @@ -132,18 +131,18 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const { static auto ip6_ah_type = id::find_type("ip6_ah"); rv = make_intrusive(ip6_ah_type); - rv->Assign(0, val_mgr->Count(((ip6_ext*)data)->ip6e_nxt)); - rv->Assign(1, val_mgr->Count(((ip6_ext*)data)->ip6e_len)); - rv->Assign(2, val_mgr->Count(ntohs(((uint16_t*)data)[1]))); - rv->Assign(3, val_mgr->Count(ntohl(((uint32_t*)data)[1]))); + rv->Assign(0, ((ip6_ext*)data)->ip6e_nxt); + rv->Assign(1, ((ip6_ext*)data)->ip6e_len); + rv->Assign(2, ntohs(((uint16_t*)data)[1])); + rv->Assign(3, ntohl(((uint32_t*)data)[1])); if ( Length() >= 12 ) { // Sequence Number and ICV fields can only be extracted if // Payload Len was non-zero for this header. - rv->Assign(4, val_mgr->Count(ntohl(((uint32_t*)data)[2]))); + rv->Assign(4, ntohl(((uint32_t*)data)[2])); uint16_t off = 3 * sizeof(uint32_t); - rv->Assign(5, make_intrusive(new String(data + off, Length() - off, true))); + rv->Assign(5, new String(data + off, Length() - off, true)); } } break; @@ -153,8 +152,8 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const static auto ip6_esp_type = id::find_type("ip6_esp"); rv = make_intrusive(ip6_esp_type); const uint32_t* esp = (const uint32_t*)data; - rv->Assign(0, val_mgr->Count(ntohl(esp[0]))); - rv->Assign(1, val_mgr->Count(ntohl(esp[1]))); + rv->Assign(0, ntohl(esp[0])); + rv->Assign(1, ntohl(esp[1])); } break; @@ -164,15 +163,15 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const static auto ip6_mob_type = id::find_type("ip6_mobility_hdr"); rv = make_intrusive(ip6_mob_type); const struct ip6_mobility* mob = (const struct ip6_mobility*) data; - rv->Assign(0, val_mgr->Count(mob->ip6mob_payload)); - rv->Assign(1, val_mgr->Count(mob->ip6mob_len)); - rv->Assign(2, val_mgr->Count(mob->ip6mob_type)); - rv->Assign(3, val_mgr->Count(mob->ip6mob_rsv)); - rv->Assign(4, val_mgr->Count(ntohs(mob->ip6mob_chksum))); + rv->Assign(0, mob->ip6mob_payload); + rv->Assign(1, mob->ip6mob_len); + rv->Assign(2, mob->ip6mob_type); + rv->Assign(3, mob->ip6mob_rsv); + rv->Assign(4, ntohs(mob->ip6mob_chksum)); static auto ip6_mob_msg_type = id::find_type("ip6_mobility_msg"); auto msg = make_intrusive(ip6_mob_msg_type); - msg->Assign(0, val_mgr->Count(mob->ip6mob_type)); + msg->Assign(0, mob->ip6mob_type); uint16_t off = sizeof(ip6_mobility); const u_char* msg_data = data + off; @@ -190,7 +189,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const case 0: { auto m = make_intrusive(ip6_mob_brr_type); - m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); + m->Assign(0, ntohs(*((uint16_t*)msg_data))); off += sizeof(uint16_t); m->Assign(1, BuildOptionsVal(data + off, Length() - off)); msg->Assign(1, std::move(m)); @@ -200,8 +199,8 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const case 1: { auto m = make_intrusive(ip6_mob_hoti_type); - m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); - m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))))); + m->Assign(0, ntohs(*((uint16_t*)msg_data))); + m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))); off += sizeof(uint16_t) + sizeof(uint64_t); m->Assign(2, BuildOptionsVal(data + off, Length() - off)); msg->Assign(2, std::move(m)); @@ -211,8 +210,8 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const case 2: { auto m = make_intrusive(ip6_mob_coti_type); - m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); - m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))))); + m->Assign(0, ntohs(*((uint16_t*)msg_data))); + m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))); off += sizeof(uint16_t) + sizeof(uint64_t); m->Assign(2, BuildOptionsVal(data + off, Length() - off)); msg->Assign(3, std::move(m)); @@ -222,9 +221,9 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const case 3: { auto m = make_intrusive(ip6_mob_hot_type); - m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); - m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))))); - m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t)))))); + m->Assign(0, ntohs(*((uint16_t*)msg_data))); + m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))); + m->Assign(2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))); off += sizeof(uint16_t) + 2 * sizeof(uint64_t); m->Assign(3, BuildOptionsVal(data + off, Length() - off)); msg->Assign(4, std::move(m)); @@ -234,9 +233,9 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const case 4: { auto m = make_intrusive(ip6_mob_cot_type); - m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); - m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))))); - m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t)))))); + m->Assign(0, ntohs(*((uint16_t*)msg_data))); + m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))); + m->Assign(2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))); off += sizeof(uint16_t) + 2 * sizeof(uint64_t); m->Assign(3, BuildOptionsVal(data + off, Length() - off)); msg->Assign(5, std::move(m)); @@ -246,12 +245,12 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const case 5: { auto m = make_intrusive(ip6_mob_bu_type); - m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); - m->Assign(1, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000)); - m->Assign(2, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000)); - m->Assign(3, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000)); - m->Assign(4, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000)); - m->Assign(5, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t)))))); + m->Assign(0, ntohs(*((uint16_t*)msg_data)))); + m->Assign(1, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000)); + m->Assign(2, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000)); + m->Assign(3, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000)); + m->Assign(4, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000)); + m->Assign(5, ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))); off += 3 * sizeof(uint16_t); m->Assign(6, BuildOptionsVal(data + off, Length() - off)); msg->Assign(6, std::move(m)); @@ -261,10 +260,10 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const case 6: { auto m = make_intrusive(ip6_mob_back_type); - m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data))); - m->Assign(1, val_mgr->Bool(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80)); - m->Assign(2, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))))); - m->Assign(3, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t)))))); + m->Assign(0, *((uint8_t*)msg_data)); + m->Assign(1, bool(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80)); + m->Assign(2, ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t))))); + m->Assign(3, ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))); off += 3 * sizeof(uint16_t); m->Assign(4, BuildOptionsVal(data + off, Length() - off)); msg->Assign(7, std::move(m)); @@ -274,7 +273,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const case 7: { auto m = make_intrusive(ip6_mob_be_type); - m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data))); + m->Assign(0, *((uint8_t*)msg_data)); const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16_t)); m->Assign(1, make_intrusive(IPAddr(*hoa))); off += sizeof(uint16_t) + sizeof(in6_addr); @@ -331,12 +330,12 @@ RecordValPtr IP_Hdr::ToIPHdrVal() const { static auto ip4_hdr_type = id::find_type("ip4_hdr"); rval = make_intrusive(ip4_hdr_type); - rval->Assign(0, val_mgr->Count(ip4->ip_hl * 4)); - rval->Assign(1, val_mgr->Count(ip4->ip_tos)); - rval->Assign(2, val_mgr->Count(ntohs(ip4->ip_len))); - rval->Assign(3, val_mgr->Count(ntohs(ip4->ip_id))); - rval->Assign(4, val_mgr->Count(ip4->ip_ttl)); - rval->Assign(5, val_mgr->Count(ip4->ip_p)); + rval->Assign(0, ip4->ip_hl * 4); + rval->Assign(1, ip4->ip_tos); + rval->Assign(2, ntohs(ip4->ip_len)); + rval->Assign(3, ntohs(ip4->ip_id)); + rval->Assign(4, ip4->ip_ttl); + rval->Assign(5, ip4->ip_p); rval->Assign(6, make_intrusive(ip4->ip_src.s_addr)); rval->Assign(7, make_intrusive(ip4->ip_dst.s_addr)); } @@ -380,13 +379,13 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const tcp_hdr->Assign(0, val_mgr->Port(ntohs(tp->th_sport), TRANSPORT_TCP)); tcp_hdr->Assign(1, val_mgr->Port(ntohs(tp->th_dport), TRANSPORT_TCP)); - tcp_hdr->Assign(2, val_mgr->Count(uint32_t(ntohl(tp->th_seq)))); - tcp_hdr->Assign(3, val_mgr->Count(uint32_t(ntohl(tp->th_ack)))); - tcp_hdr->Assign(4, val_mgr->Count(tcp_hdr_len)); - tcp_hdr->Assign(5, val_mgr->Count(data_len)); - tcp_hdr->Assign(6, val_mgr->Count(tp->th_x2)); - tcp_hdr->Assign(7, val_mgr->Count(tp->th_flags)); - tcp_hdr->Assign(8, val_mgr->Count(ntohs(tp->th_win))); + tcp_hdr->Assign(2, uint32_t(ntohl(tp->th_seq))); + tcp_hdr->Assign(3, uint32_t(ntohl(tp->th_ack))); + tcp_hdr->Assign(4, tcp_hdr_len); + tcp_hdr->Assign(5, data_len); + tcp_hdr->Assign(6, tp->th_x2); + tcp_hdr->Assign(7, tp->th_flags); + tcp_hdr->Assign(8, ntohs(tp->th_win)); pkt_hdr->Assign(sindex + 2, std::move(tcp_hdr)); break; @@ -399,7 +398,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const udp_hdr->Assign(0, val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP)); udp_hdr->Assign(1, val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP)); - udp_hdr->Assign(2, val_mgr->Count(ntohs(up->uh_ulen))); + udp_hdr->Assign(2, ntohs(up->uh_ulen)); pkt_hdr->Assign(sindex + 3, std::move(udp_hdr)); break; @@ -410,7 +409,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const const struct icmp* icmpp = (const struct icmp *) data; auto icmp_hdr = make_intrusive(icmp_hdr_type); - icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp_type)); + icmp_hdr->Assign(0, icmpp->icmp_type); pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr)); break; @@ -421,7 +420,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*) data; auto icmp_hdr = make_intrusive(icmp_hdr_type); - icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp6_type)); + icmp_hdr->Assign(0, icmpp->icmp6_type); pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr)); break; @@ -675,7 +674,7 @@ VectorValPtr IPv6_Hdr_Chain::ToVal() const auto v = chain[i]->ToVal(); auto ext_hdr = make_intrusive(ip6_ext_hdr_type); uint8_t type = chain[i]->Type(); - ext_hdr->Assign(0, val_mgr->Count(type)); + ext_hdr->Assign(0, type); switch (type) { case IPPROTO_HOPOPTS: diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 0dda936540..2c71985411 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -86,10 +86,10 @@ Val* RuleMatcher::BuildRuleStateValue(const Rule* rule, { static auto signature_state = id::find_type("signature_state"); auto* val = new RecordVal(signature_state); - val->Assign(0, make_intrusive(rule->ID())); + val->Assign(0, rule->ID()); val->Assign(1, state->GetAnalyzer()->ConnVal()); - val->Assign(2, val_mgr->Bool(state->is_orig)); - val->Assign(3, val_mgr->Count(state->payload_size)); + val->Assign(2, state->is_orig); + val->Assign(3, state->payload_size); return val; } diff --git a/src/SmithWaterman.cc b/src/SmithWaterman.cc index 1b567e0b05..6076606c03 100644 --- a/src/SmithWaterman.cc +++ b/src/SmithWaterman.cc @@ -74,7 +74,7 @@ VectorVal* Substring::VecToPolicy(Vec* vec) Substring* bst = (*vec)[i]; auto st_val = make_intrusive(sw_substring_type); - st_val->Assign(0, make_intrusive(new String(*bst))); + st_val->Assign(0, new String(*bst)); auto aligns = make_intrusive(sw_align_vec_type); @@ -83,14 +83,14 @@ VectorVal* Substring::VecToPolicy(Vec* vec) const BSSAlign& align = (bst->GetAlignments())[j]; auto align_val = make_intrusive(sw_align_type); - align_val->Assign(0, make_intrusive(new String(*align.string))); - align_val->Assign(1, val_mgr->Count(align.index)); + align_val->Assign(0, new String(*align.string)); + align_val->Assign(1, align.index); aligns->Assign(j, std::move(align_val)); } st_val->Assign(1, std::move(aligns)); - st_val->Assign(2, val_mgr->Bool(bst->IsNewAlignment())); + st_val->Assign(2, bst->IsNewAlignment()); result->Assign(i, std::move(st_val)); } } diff --git a/src/Stmt.cc b/src/Stmt.cc index 95eb9a1035..0be99146ac 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -297,7 +297,7 @@ static void print_log(const std::vector& vals) vec->Assign(vec->Size(), make_intrusive(d.Description())); } - record->Assign(0, make_intrusive(run_state::network_time)); + record->AssignTime(0, run_state::network_time); record->Assign(1, std::move(vec)); log_mgr->Write(plval.get(), record.get()); } diff --git a/src/TunnelEncapsulation.cc b/src/TunnelEncapsulation.cc index 831ea91f9f..0d83fe4f99 100644 --- a/src/TunnelEncapsulation.cc +++ b/src/TunnelEncapsulation.cc @@ -30,7 +30,7 @@ RecordValPtr EncapsulatingConn::ToVal() const rv->Assign(0, std::move(id_val)); rv->Assign(1, BifType::Enum::Tunnel::Type->GetEnumVal(type)); - rv->Assign(2, make_intrusive(uid.Base62("C").c_str())); + rv->Assign(2, uid.Base62("C")); return rv; } diff --git a/src/Type.cc b/src/Type.cc index 4aecb487f7..3543edd195 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -987,8 +987,8 @@ TableValPtr RecordType::GetRecordFieldsVal(const RecordVal* rv) const auto nr = make_intrusive(record_field); string s = container_type_name(ft.get()); - nr->Assign(0, make_intrusive(s)); - nr->Assign(1, val_mgr->Bool(logged)); + nr->Assign(0, s); + nr->Assign(1, logged); nr->Assign(2, std::move(fv)); nr->Assign(3, FieldDefault(i)); auto field_name = make_intrusive(FieldName(i)); diff --git a/src/ZeekArgs.cc b/src/ZeekArgs.cc index ed4a28c146..60defa6583 100644 --- a/src/ZeekArgs.cc +++ b/src/ZeekArgs.cc @@ -32,12 +32,12 @@ VectorValPtr MakeCallArgumentVector(const Args& vals, static auto call_argument = id::find_type("call_argument"); auto rec = make_intrusive(call_argument); - rec->Assign(0, make_intrusive(fname)); + rec->Assign(0, fname); ODesc d; d.SetShort(); ftype->Describe(&d); - rec->Assign(1, make_intrusive(d.Description())); + rec->Assign(1, d.Description()); if ( fdefault ) rec->Assign(2, std::move(fdefault)); diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index c01a087c3b..2f757c6969 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -500,7 +500,7 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name, auto benc_value = make_intrusive(bittorrent_benc_value); auto name_ = make_intrusive(name_len, name); - benc_value->Assign(type, val_mgr->Int(value)); + benc_value->Assign(type, int(value)); res_val_benc->Assign(std::move(name_), std::move(benc_value)); } diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index b5214749b0..60d7fffc93 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -184,10 +184,10 @@ void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val) if ( bytesidx < 0 ) reporter->InternalError("'endpoint' record missing 'num_bytes_ip' field"); - orig_endp->Assign(pktidx, val_mgr->Count(orig_pkts)); - orig_endp->Assign(bytesidx, val_mgr->Count(orig_bytes)); - resp_endp->Assign(pktidx, val_mgr->Count(resp_pkts)); - resp_endp->Assign(bytesidx, val_mgr->Count(resp_bytes)); + orig_endp->Assign(pktidx, orig_pkts); + orig_endp->Assign(bytesidx, orig_bytes); + resp_endp->Assign(pktidx, resp_pkts); + resp_endp->Assign(bytesidx, resp_bytes); Analyzer::UpdateConnVal(conn_val); } diff --git a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac index 99fe9913bc..39db461742 100644 --- a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac +++ b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac @@ -54,16 +54,16 @@ refine flow DHCP_Flow += { double secs = static_cast(${msg.secs}); auto dhcp_msg_val = zeek::make_intrusive(zeek::BifType::Record::DHCP::Msg); - dhcp_msg_val->Assign(0, zeek::val_mgr->Count(${msg.op})); - dhcp_msg_val->Assign(1, zeek::val_mgr->Count(${msg.type})); - dhcp_msg_val->Assign(2, zeek::val_mgr->Count(${msg.xid})); - dhcp_msg_val->Assign(3, zeek::make_intrusive(secs)); - dhcp_msg_val->Assign(4, zeek::val_mgr->Count(${msg.flags})); + dhcp_msg_val->Assign(0, ${msg.op}); + dhcp_msg_val->Assign(1, ${msg.type}); + dhcp_msg_val->Assign(2, ${msg.xid}); + dhcp_msg_val->AssignInterval(3, secs); + dhcp_msg_val->Assign(4, ${msg.flags}); dhcp_msg_val->Assign(5, zeek::make_intrusive(htonl(${msg.ciaddr}))); dhcp_msg_val->Assign(6, zeek::make_intrusive(htonl(${msg.yiaddr}))); dhcp_msg_val->Assign(7, zeek::make_intrusive(htonl(${msg.siaddr}))); dhcp_msg_val->Assign(8, zeek::make_intrusive(htonl(${msg.giaddr}))); - dhcp_msg_val->Assign(9, zeek::make_intrusive(mac_str)); + dhcp_msg_val->Assign(9, mac_str); int last_non_null = 0; diff --git a/src/analyzer/protocol/dhcp/dhcp-options.pac b/src/analyzer/protocol/dhcp/dhcp-options.pac index bd658a802f..d83ff93243 100644 --- a/src/analyzer/protocol/dhcp/dhcp-options.pac +++ b/src/analyzer/protocol/dhcp/dhcp-options.pac @@ -34,7 +34,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_time_offset_option(v: OptionValue): bool %{ - ${context.flow}->options->Assign(25, zeek::val_mgr->Int(${v.time_offset})); + ${context.flow}->options->Assign(25, int(${v.time_offset})); return true; %} }; @@ -250,7 +250,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_forwarding_option(v: OptionValue): bool %{ - ${context.flow}->options->Assign(6, zeek::val_mgr->Bool(${v.forwarding} == 0 ? false : true)); + ${context.flow}->options->Assign(6, ${v.forwarding} == 0 ? false : true); return true; %} @@ -414,7 +414,7 @@ refine flow DHCP_Flow += { function process_lease_option(v: OptionValue): bool %{ double lease = static_cast(${v.lease}); - ${context.flow}->options->Assign(11, zeek::make_intrusive(lease)); + ${context.flow}->options->AssignInterval(11, lease); return true; %} @@ -521,7 +521,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_max_message_size_option(v: OptionValue): bool %{ - ${context.flow}->options->Assign(15, zeek::val_mgr->Count(${v.max_msg_size})); + ${context.flow}->options->Assign(15, ${v.max_msg_size}); return true; %} @@ -546,7 +546,7 @@ refine flow DHCP_Flow += { function process_renewal_time_option(v: OptionValue): bool %{ double renewal_time = static_cast(${v.renewal_time}); - ${context.flow}->options->Assign(16, zeek::make_intrusive(renewal_time)); + ${context.flow}->options->AssignInterval(16, renewal_time); return true; %} @@ -571,7 +571,7 @@ refine flow DHCP_Flow += { function process_rebinding_time_option(v: OptionValue): bool %{ double rebinding_time = static_cast(${v.rebinding_time}); - ${context.flow}->options->Assign(17, zeek::make_intrusive(rebinding_time)); + ${context.flow}->options->AssignInterval(17, rebinding_time); return true; %} @@ -626,7 +626,7 @@ refine flow DHCP_Flow += { function process_client_id_option(v: OptionValue): bool %{ auto client_id = zeek::make_intrusive(zeek::BifType::Record::DHCP::ClientID); - client_id->Assign(0, zeek::val_mgr->Count(${v.client_id.hwtype})); + client_id->Assign(0, ${v.client_id.hwtype}); zeek::StringValPtr sv; if ( ${v.client_id.hwtype} == 0 ) @@ -695,9 +695,9 @@ refine flow DHCP_Flow += { function process_client_fqdn_option(v: OptionValue): bool %{ auto client_fqdn = zeek::make_intrusive(zeek::BifType::Record::DHCP::ClientFQDN); - client_fqdn->Assign(0, zeek::val_mgr->Count(${v.client_fqdn.flags})); - client_fqdn->Assign(1, zeek::val_mgr->Count(${v.client_fqdn.rcode1})); - client_fqdn->Assign(2, zeek::val_mgr->Count(${v.client_fqdn.rcode2})); + client_fqdn->Assign(0, ${v.client_fqdn.flags}); + client_fqdn->Assign(1, ${v.client_fqdn.rcode1}); + client_fqdn->Assign(2, ${v.client_fqdn.rcode2}); const char* domain_name = reinterpret_cast(${v.client_fqdn.domain_name}.begin()); client_fqdn->Assign(3, zeek::make_intrusive(${v.client_fqdn.domain_name}.length(), domain_name)); @@ -760,7 +760,7 @@ refine flow DHCP_Flow += { ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt ) { auto r = zeek::make_intrusive(zeek::BifType::Record::DHCP::SubOpt); - r->Assign(0, zeek::val_mgr->Count((*ptrsubopt)->code())); + r->Assign(0, (*ptrsubopt)->code()); r->Assign(1, to_stringval((*ptrsubopt)->value())); relay_agent_sub_opt->Assign(i, std::move(r)); @@ -790,7 +790,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_auto_config_option(v: OptionValue): bool %{ - ${context.flow}->options->Assign(23, zeek::val_mgr->Bool(${v.auto_config} == 0 ? false : true)); + ${context.flow}->options->Assign(23, ${v.auto_config} == 0 ? false : true); return true; %} diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 8b4ec7168b..48be5bd7db 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -622,13 +622,13 @@ bool DNS_Interpreter::ParseRR_SOA(detail::DNS_MsgInfo* msg, { static auto dns_soa = id::find_type("dns_soa"); auto r = make_intrusive(dns_soa); - r->Assign(0, make_intrusive(new String(mname, mname_end - mname, true))); - r->Assign(1, make_intrusive(new String(rname, rname_end - rname, true))); - r->Assign(2, val_mgr->Count(serial)); - r->Assign(3, make_intrusive(double(refresh), Seconds)); - r->Assign(4, make_intrusive(double(retry), Seconds)); - r->Assign(5, make_intrusive(double(expire), Seconds)); - r->Assign(6, make_intrusive(double(minimum), Seconds)); + r->Assign(0, new String(mname, mname_end - mname, true)); + r->Assign(1, new String(rname, rname_end - rname, true)); + r->Assign(2, serial); + r->AssignInterval(3, double(refresh)); + r->AssignInterval(4, double(retry)); + r->AssignInterval(5, double(expire)); + r->AssignInterval(6, double(minimum)); analyzer->EnqueueConnEvent(dns_SOA_reply, analyzer->ConnVal(), @@ -1849,19 +1849,19 @@ RecordValPtr DNS_MsgInfo::BuildHdrVal() static auto dns_msg = id::find_type("dns_msg"); auto r = make_intrusive(dns_msg); - r->Assign(0, val_mgr->Count(id)); - r->Assign(1, val_mgr->Count(opcode)); - r->Assign(2, val_mgr->Count(rcode)); - r->Assign(3, val_mgr->Bool(QR)); - r->Assign(4, val_mgr->Bool(AA)); - r->Assign(5, val_mgr->Bool(TC)); - r->Assign(6, val_mgr->Bool(RD)); - r->Assign(7, val_mgr->Bool(RA)); - r->Assign(8, val_mgr->Count(Z)); - r->Assign(9, val_mgr->Count(qdcount)); - r->Assign(10, val_mgr->Count(ancount)); - r->Assign(11, val_mgr->Count(nscount)); - r->Assign(12, val_mgr->Count(arcount)); + r->Assign(0, id); + r->Assign(1, opcode); + r->Assign(2, rcode); + r->Assign(3, bool(QR)); + r->Assign(4, bool(AA)); + r->Assign(5, bool(TC)); + r->Assign(6, bool(RD)); + r->Assign(7, bool(RA)); + r->Assign(8, Z); + r->Assign(9, qdcount); + r->Assign(10, ancount); + r->Assign(11, nscount); + r->Assign(12, arcount); return r; } @@ -1871,11 +1871,11 @@ RecordValPtr DNS_MsgInfo::BuildAnswerVal() static auto dns_answer = id::find_type("dns_answer"); auto r = make_intrusive(dns_answer); - r->Assign(0, val_mgr->Count(int(answer_type))); + r->Assign(0, int(answer_type)); r->Assign(1, query_name); - r->Assign(2, val_mgr->Count(atype)); - r->Assign(3, val_mgr->Count(aclass)); - r->Assign(4, make_intrusive(double(ttl), Seconds)); + r->Assign(2, atype); + r->Assign(3, aclass); + r->AssignInterval(4, double(ttl)); return r; } @@ -1887,14 +1887,14 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_Val() static auto dns_edns_additional = id::find_type("dns_edns_additional"); auto r = make_intrusive(dns_edns_additional); - r->Assign(0, val_mgr->Count(int(answer_type))); + r->Assign(0, uint64_t(answer_type)); r->Assign(1, query_name); // type = 0x29 or 41 = EDNS - r->Assign(2, val_mgr->Count(atype)); + r->Assign(2, atype); // sender's UDP payload size, per RFC 2671 4.3 - r->Assign(3, val_mgr->Count(aclass)); + r->Assign(3, aclass); // Need to break the TTL field into three components: // initial: [------------- ttl (32) ---------------------] @@ -1907,11 +1907,11 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_Val() unsigned int return_error = (ercode << 8) | rcode; - r->Assign(4, val_mgr->Count(return_error)); - r->Assign(5, val_mgr->Count(version)); - r->Assign(6, val_mgr->Count(z)); - r->Assign(7, make_intrusive(double(ttl), Seconds)); - r->Assign(8, val_mgr->Count(is_query)); + r->Assign(4, return_error); + r->Assign(5, version); + r->Assign(6, z); + r->AssignInterval(7, double(ttl)); + r->Assign(8, is_query); return r; } @@ -1922,8 +1922,8 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_ECS_Val(struct EDNS_ECS* opt) auto r = make_intrusive(dns_edns_ecs); r->Assign(0, opt->ecs_family); - r->Assign(1, val_mgr->Count(opt->ecs_src_pfx_len)); - r->Assign(2, val_mgr->Count(opt->ecs_scp_pfx_len)); + r->Assign(1, opt->ecs_src_pfx_len); + r->Assign(2, opt->ecs_scp_pfx_len); r->Assign(3, opt->ecs_addr); return r; @@ -1934,8 +1934,8 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_TCP_KA_Val(struct EDNS_TCP_KEEPALIVE* opt) static auto dns_edns_tcp_keepalive = id::find_type("dns_edns_tcp_keepalive"); auto r = make_intrusive(dns_edns_tcp_keepalive); - r->Assign(0, val_mgr->Bool(opt->keepalive_timeout_omitted)); - r->Assign(1, val_mgr->Count(opt->keepalive_timeout)); + r->Assign(0, bool(opt->keepalive_timeout_omitted)); + r->Assign(1, opt->keepalive_timeout); return r; } @@ -1945,9 +1945,9 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_COOKIE_Val(struct EDNS_COOKIE* opt) static auto dns_edns_cookie = id::find_type("dns_edns_cookie"); auto r = make_intrusive(dns_edns_cookie); - r->Assign(0, make_intrusive(opt->client_cookie)); + r->Assign(0, opt->client_cookie); if (opt->server_cookie != nullptr) { - r->Assign(1, make_intrusive(opt->server_cookie)); + r->Assign(1, opt->server_cookie); } return r; @@ -1959,16 +1959,16 @@ RecordValPtr DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig) auto r = make_intrusive(dns_tsig_additional); double rtime = tsig->time_s + tsig->time_ms / 1000.0; - // r->Assign(0, val_mgr->Count(int(answer_type))); + // r->Assign(0, uint64_t(answer_type)); r->Assign(0, query_name); - r->Assign(1, val_mgr->Count(int(answer_type))); - r->Assign(2, make_intrusive(tsig->alg_name)); - r->Assign(3, make_intrusive(tsig->sig)); - r->Assign(4, make_intrusive(rtime)); - r->Assign(5, make_intrusive(double(tsig->fudge))); - r->Assign(6, val_mgr->Count(tsig->orig_id)); - r->Assign(7, val_mgr->Count(tsig->rr_error)); - r->Assign(8, val_mgr->Count(is_query)); + r->Assign(1, uint64_t(answer_type)); + r->Assign(2, tsig->alg_name); + r->Assign(3, tsig->sig); + r->AssignTime(4, rtime); + r->AssignTime(5, double(tsig->fudge)); + r->Assign(6, tsig->orig_id); + r->Assign(7, tsig->rr_error); + r->Assign(8, is_query); return r; } @@ -1979,17 +1979,17 @@ RecordValPtr DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig) auto r = make_intrusive(dns_rrsig_rr); r->Assign(0, query_name); - r->Assign(1, val_mgr->Count(int(answer_type))); - r->Assign(2, val_mgr->Count(rrsig->type_covered)); - r->Assign(3, val_mgr->Count(rrsig->algorithm)); - r->Assign(4, val_mgr->Count(rrsig->labels)); - r->Assign(5, make_intrusive(double(rrsig->orig_ttl), Seconds)); - r->Assign(6, make_intrusive(double(rrsig->sig_exp))); - r->Assign(7, make_intrusive(double(rrsig->sig_incep))); - r->Assign(8, val_mgr->Count(rrsig->key_tag)); - r->Assign(9, make_intrusive(rrsig->signer_name)); - r->Assign(10, make_intrusive(rrsig->signature)); - r->Assign(11, val_mgr->Count(is_query)); + r->Assign(1, uint64_t(answer_type)); + r->Assign(2, rrsig->type_covered); + r->Assign(3, rrsig->algorithm); + r->Assign(4, rrsig->labels); + r->AssignInterval(5, double(rrsig->orig_ttl)); + r->AssignTime(6, double(rrsig->sig_exp)); + r->AssignTime(7, double(rrsig->sig_incep)); + r->Assign(8, rrsig->key_tag); + r->Assign(9, rrsig->signer_name); + r->Assign(10, rrsig->signature); + r->Assign(11, is_query); return r; } @@ -2000,12 +2000,12 @@ RecordValPtr DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey) auto r = make_intrusive(dns_dnskey_rr); r->Assign(0, query_name); - r->Assign(1, val_mgr->Count(int(answer_type))); - r->Assign(2, val_mgr->Count(dnskey->dflags)); - r->Assign(3, val_mgr->Count(dnskey->dprotocol)); - r->Assign(4, val_mgr->Count(dnskey->dalgorithm)); - r->Assign(5, make_intrusive(dnskey->public_key)); - r->Assign(6, val_mgr->Count(is_query)); + r->Assign(1, uint64_t(answer_type)); + r->Assign(2, dnskey->dflags); + r->Assign(3, dnskey->dprotocol); + r->Assign(4, dnskey->dalgorithm); + r->Assign(5, dnskey->public_key); + r->Assign(6, is_query); return r; } @@ -2016,16 +2016,16 @@ RecordValPtr DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3) auto r = make_intrusive(dns_nsec3_rr); r->Assign(0, query_name); - r->Assign(1, val_mgr->Count(int(answer_type))); - r->Assign(2, val_mgr->Count(nsec3->nsec_flags)); - r->Assign(3, val_mgr->Count(nsec3->nsec_hash_algo)); - r->Assign(4, val_mgr->Count(nsec3->nsec_iter)); - r->Assign(5, val_mgr->Count(nsec3->nsec_salt_len)); - r->Assign(6, make_intrusive(nsec3->nsec_salt)); - r->Assign(7, val_mgr->Count(nsec3->nsec_hlen)); - r->Assign(8, make_intrusive(nsec3->nsec_hash)); + r->Assign(1, uint64_t(answer_type)); + r->Assign(2, nsec3->nsec_flags); + r->Assign(3, nsec3->nsec_hash_algo); + r->Assign(4, nsec3->nsec_iter); + r->Assign(5, nsec3->nsec_salt_len); + r->Assign(6, nsec3->nsec_salt); + r->Assign(7, nsec3->nsec_hlen); + r->Assign(8, nsec3->nsec_hash); r->Assign(9, std::move(nsec3->bitmaps)); - r->Assign(10, val_mgr->Count(is_query)); + r->Assign(10, is_query); return r; } @@ -2036,13 +2036,13 @@ RecordValPtr DNS_MsgInfo::BuildNSEC3PARAM_Val(NSEC3PARAM_DATA* nsec3param) auto r = make_intrusive(dns_nsec3param_rr); r->Assign(0, query_name); - r->Assign(1, val_mgr->Count(int(answer_type))); - r->Assign(2, val_mgr->Count(nsec3param->nsec_flags)); - r->Assign(3, val_mgr->Count(nsec3param->nsec_hash_algo)); - r->Assign(4, val_mgr->Count(nsec3param->nsec_iter)); - r->Assign(5, val_mgr->Count(nsec3param->nsec_salt_len)); - r->Assign(6, make_intrusive(nsec3param->nsec_salt)); - r->Assign(7, val_mgr->Count(is_query)); + r->Assign(1, uint64_t(answer_type)); + r->Assign(2, nsec3param->nsec_flags); + r->Assign(3, nsec3param->nsec_hash_algo); + r->Assign(4, nsec3param->nsec_iter); + r->Assign(5, nsec3param->nsec_salt_len); + r->Assign(6, nsec3param->nsec_salt); + r->Assign(7, is_query); return r; } @@ -2053,12 +2053,12 @@ RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds) auto r = make_intrusive(dns_ds_rr); r->Assign(0, query_name); - r->Assign(1, val_mgr->Count(int(answer_type))); - r->Assign(2, val_mgr->Count(ds->key_tag)); - r->Assign(3, val_mgr->Count(ds->algorithm)); - r->Assign(4, val_mgr->Count(ds->digest_type)); - r->Assign(5, make_intrusive(ds->digest_val)); - r->Assign(6, val_mgr->Count(is_query)); + r->Assign(1, uint64_t(answer_type)); + r->Assign(2, ds->key_tag); + r->Assign(3, ds->algorithm); + r->Assign(4, ds->digest_type); + r->Assign(5, ds->digest_val); + r->Assign(6, is_query); return r; } @@ -2069,12 +2069,12 @@ RecordValPtr DNS_MsgInfo::BuildBINDS_Val(BINDS_DATA* binds) auto r = make_intrusive(dns_binds_rr); r->Assign(0, query_name); - r->Assign(1, val_mgr->Count(int(answer_type))); - r->Assign(2, val_mgr->Count(binds->algorithm)); - r->Assign(3, val_mgr->Count(binds->key_id)); - r->Assign(4, val_mgr->Count(binds->removal_flag)); - r->Assign(5, make_intrusive(binds->complete_flag)); - r->Assign(6, val_mgr->Count(is_query)); + r->Assign(1, uint64_t(answer_type)); + r->Assign(2, binds->algorithm); + r->Assign(3, binds->key_id); + r->Assign(4, binds->removal_flag); + r->Assign(5, binds->complete_flag); + r->Assign(6, is_query); return r; } @@ -2085,15 +2085,15 @@ RecordValPtr DNS_MsgInfo::BuildLOC_Val(LOC_DATA* loc) auto r = make_intrusive(dns_loc_rr); r->Assign(0, query_name); - r->Assign(1, val_mgr->Count(int(answer_type))); - r->Assign(2, val_mgr->Count(loc->version)); - r->Assign(3, val_mgr->Count(loc->size)); - r->Assign(4, val_mgr->Count(loc->horiz_pre)); - r->Assign(5, val_mgr->Count(loc->vert_pre)); - r->Assign(6, val_mgr->Count(loc->latitude)); - r->Assign(7, val_mgr->Count(loc->longitude)); - r->Assign(8, val_mgr->Count(loc->altitude)); - r->Assign(9, val_mgr->Count(is_query)); + r->Assign(1, uint64_t(answer_type)); + r->Assign(2, loc->version); + r->Assign(3, loc->size); + r->Assign(4, loc->horiz_pre); + r->Assign(5, loc->vert_pre); + r->Assign(6, uint64_t(loc->latitude)); + r->Assign(7, uint64_t(loc->longitude)); + r->Assign(8, uint64_t(loc->altitude)); + r->Assign(9, is_query); return r; } diff --git a/src/analyzer/protocol/ftp/functions.bif b/src/analyzer/protocol/ftp/functions.bif index 7037a939cc..8ff3a40bfa 100644 --- a/src/analyzer/protocol/ftp/functions.bif +++ b/src/analyzer/protocol/ftp/functions.bif @@ -35,13 +35,13 @@ static zeek::ValPtr parse_port(const char* line) r->Assign(0, zeek::make_intrusive(htonl(addr))); r->Assign(1, zeek::val_mgr->Port(port, TRANSPORT_TCP)); - r->Assign(2, zeek::val_mgr->Bool(good)); + r->Assign(2, good); } else { r->Assign(0, zeek::make_intrusive(uint32_t(0))); r->Assign(1, zeek::val_mgr->Port(0, TRANSPORT_TCP)); - r->Assign(2, zeek::val_mgr->False()); + r->Assign(2, false); } return r; @@ -111,7 +111,7 @@ static zeek::ValPtr parse_eftp(const char* line) r->Assign(0, zeek::make_intrusive(addr)); r->Assign(1, zeek::val_mgr->Port(port, TRANSPORT_TCP)); - r->Assign(2, zeek::val_mgr->Bool(good)); + r->Assign(2, good); return r; } diff --git a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac index c595373496..abb35d42f1 100644 --- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac +++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac @@ -9,21 +9,21 @@ zeek::RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu) { auto rv = zeek::make_intrusive(zeek::BifType::Record::gtpv1_hdr); - rv->Assign(0, zeek::val_mgr->Count(pdu->version())); - rv->Assign(1, zeek::val_mgr->Bool(pdu->pt_flag())); - rv->Assign(2, zeek::val_mgr->Bool(pdu->rsv())); - rv->Assign(3, zeek::val_mgr->Bool(pdu->e_flag())); - rv->Assign(4, zeek::val_mgr->Bool(pdu->s_flag())); - rv->Assign(5, zeek::val_mgr->Bool(pdu->pn_flag())); - rv->Assign(6, zeek::val_mgr->Count(pdu->msg_type())); - rv->Assign(7, zeek::val_mgr->Count(pdu->length())); - rv->Assign(8, zeek::val_mgr->Count(pdu->teid())); + rv->Assign(0, pdu->version()); + rv->Assign(1, bool(pdu->pt_flag())); + rv->Assign(2, bool(pdu->rsv())); + rv->Assign(3, bool(pdu->e_flag())); + rv->Assign(4, bool(pdu->s_flag())); + rv->Assign(5, bool(pdu->pn_flag())); + rv->Assign(6, pdu->msg_type()); + rv->Assign(7, pdu->length()); + rv->Assign(8, pdu->teid()); if ( pdu->has_opt() ) { - rv->Assign(9, zeek::val_mgr->Count(pdu->opt_hdr()->seq())); - rv->Assign(10, zeek::val_mgr->Count(pdu->opt_hdr()->n_pdu())); - rv->Assign(11, zeek::val_mgr->Count(pdu->opt_hdr()->next_type())); + rv->Assign(9, pdu->opt_hdr()->seq()); + rv->Assign(10, pdu->opt_hdr()->n_pdu()); + rv->Assign(11, pdu->opt_hdr()->next_type()); } return rv; @@ -37,10 +37,10 @@ static zeek::ValPtr BuildIMSI(const InformationElement* ie) static zeek::ValPtr BuildRAI(const InformationElement* ie) { auto ev = zeek::make_intrusive(zeek::BifType::Record::gtp_rai); - ev->Assign(0, zeek::val_mgr->Count(ie->rai()->mcc())); - ev->Assign(1, zeek::val_mgr->Count(ie->rai()->mnc())); - ev->Assign(2, zeek::val_mgr->Count(ie->rai()->lac())); - ev->Assign(3, zeek::val_mgr->Count(ie->rai()->rac())); + ev->Assign(0, ie->rai()->mcc()); + ev->Assign(1, ie->rai()->mnc()); + ev->Assign(2, ie->rai()->lac()); + ev->Assign(3, ie->rai()->rac()); return ev; } @@ -87,8 +87,8 @@ static zeek::ValPtr BuildTraceType(const InformationElement* ie) zeek::ValPtr BuildEndUserAddr(const InformationElement* ie) { auto ev = zeek::make_intrusive(zeek::BifType::Record::gtp_end_user_addr); - ev->Assign(0, zeek::val_mgr->Count(ie->end_user_addr()->pdp_type_org())); - ev->Assign(1, zeek::val_mgr->Count(ie->end_user_addr()->pdp_type_num())); + ev->Assign(0, ie->end_user_addr()->pdp_type_org()); + ev->Assign(1, ie->end_user_addr()->pdp_type_num()); int len = ie->end_user_addr()->pdp_addr().length(); @@ -106,8 +106,7 @@ zeek::ValPtr BuildEndUserAddr(const InformationElement* ie) zeek::IPAddr(IPv6, (const uint32*) d, zeek::IPAddr::Network))); break; default: - ev->Assign(3, zeek::make_intrusive( - new zeek::String((const u_char*) d, len, false))); + ev->Assign(3, new zeek::String((const u_char*) d, len, false)); break; } } @@ -143,7 +142,7 @@ zeek::ValPtr BuildGSN_Addr(const InformationElement* ie) ev->Assign(0, zeek::make_intrusive( zeek::IPAddr(IPv6, (const uint32*) d, zeek::IPAddr::Network))); else - ev->Assign(1, zeek::make_intrusive(new zeek::String((const u_char*) d, len, false))); + ev->Assign(1, new zeek::String((const u_char*) d, len, false)); return ev; } @@ -162,8 +161,8 @@ zeek::ValPtr BuildQoS_Profile(const InformationElement* ie) const u_char* d = (const u_char*) ie->qos_profile()->data().data(); int len = ie->qos_profile()->data().length(); - ev->Assign(0, zeek::val_mgr->Count(ie->qos_profile()->alloc_retention_priority())); - ev->Assign(1, zeek::make_intrusive(new zeek::String(d, len, false))); + ev->Assign(0, ie->qos_profile()->alloc_retention_priority()); + ev->Assign(1, new zeek::String(d, len, false)); return ev; } @@ -196,8 +195,8 @@ zeek::ValPtr BuildPrivateExt(const InformationElement* ie) const uint8* d = ie->private_ext()->value().data(); int len = ie->private_ext()->value().length(); - ev->Assign(0, zeek::val_mgr->Count(ie->private_ext()->id())); - ev->Assign(1, zeek::make_intrusive(new zeek::String((const u_char*) d, len, false))); + ev->Assign(0, ie->private_ext()->id()); + ev->Assign(1, new zeek::String((const u_char*) d, len, false)); return ev; } diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index c0f3ece9c6..a7544d4c91 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -626,12 +626,12 @@ RecordValPtr HTTP_Message::BuildMessageStat(bool interrupted, const char* msg) static auto http_message_stat = id::find_type("http_message_stat"); auto stat = make_intrusive(http_message_stat); int field = 0; - stat->Assign(field++, make_intrusive(start_time)); - stat->Assign(field++, val_mgr->Bool(interrupted)); - stat->Assign(field++, make_intrusive(msg)); - stat->Assign(field++, val_mgr->Count(body_length)); - stat->Assign(field++, val_mgr->Count(content_gap_length)); - stat->Assign(field++, val_mgr->Count(header_length)); + stat->AssignTime(field++, start_time); + stat->Assign(field++, bool(interrupted)); + stat->Assign(field++, msg); + stat->Assign(field++, uint64_t(body_length)); + stat->Assign(field++, uint64_t(content_gap_length)); + stat->Assign(field++, uint64_t(header_length)); return stat; } @@ -1165,10 +1165,10 @@ void HTTP_Analyzer::GenStats() { static auto http_stats_rec = id::find_type("http_stats_rec"); auto r = make_intrusive(http_stats_rec); - r->Assign(0, val_mgr->Count(num_requests)); - r->Assign(1, val_mgr->Count(num_replies)); - r->Assign(2, make_intrusive(request_version.ToDouble())); - r->Assign(3, make_intrusive(reply_version.ToDouble())); + r->Assign(0, num_requests); + r->Assign(1, num_replies); + r->Assign(2, request_version.ToDouble()); + r->Assign(3, reply_version.ToDouble()); // DEBUG_MSG("%.6f http_stats\n", run_state::network_time); EnqueueConnEvent(http_stats, ConnVal(), std::move(r)); diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 1a3ccbaae2..9e9179eb27 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -224,11 +224,11 @@ RecordValPtr ICMP_Analyzer::BuildInfo(const struct icmp* icmpp, int len, { static auto icmp_info = id::find_type("icmp_info"); auto rval = make_intrusive(icmp_info); - rval->Assign(0, val_mgr->Bool(icmpv6)); - rval->Assign(1, val_mgr->Count(icmpp->icmp_type)); - rval->Assign(2, val_mgr->Count(icmpp->icmp_code)); - rval->Assign(3, val_mgr->Count(len)); - rval->Assign(4, val_mgr->Count(ip_hdr->TTL())); + rval->Assign(0, bool(icmpv6)); + rval->Assign(1, uint32_t(icmpp->icmp_type)); + rval->Assign(2, uint32_t(icmpp->icmp_code)); + rval->Assign(3, uint32_t(len)); + rval->Assign(4, uint32_t(ip_hdr->TTL())); return rval; } @@ -355,13 +355,13 @@ RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data) id_val->Assign(3, val_mgr->Port(dst_port, proto)); iprec->Assign(0, std::move(id_val)); - iprec->Assign(1, val_mgr->Count(ip_len)); - iprec->Assign(2, val_mgr->Count(proto)); - iprec->Assign(3, val_mgr->Count(frag_offset)); - iprec->Assign(4, val_mgr->Bool(bad_hdr_len)); - iprec->Assign(5, val_mgr->Bool(bad_checksum)); - iprec->Assign(6, val_mgr->Bool(MF)); - iprec->Assign(7, val_mgr->Bool(DF)); + iprec->Assign(1, uint32_t(ip_len)); + iprec->Assign(2, uint32_t(proto)); + iprec->Assign(3, uint32_t(frag_offset)); + iprec->Assign(4, bool(bad_hdr_len)); + iprec->Assign(5, bool(bad_checksum)); + iprec->Assign(6, bool(MF)); + iprec->Assign(7, bool(DF)); return iprec; } @@ -415,14 +415,14 @@ RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data) id_val->Assign(3, val_mgr->Port(dst_port, proto)); iprec->Assign(0, std::move(id_val)); - iprec->Assign(1, val_mgr->Count(ip_len)); - iprec->Assign(2, val_mgr->Count(proto)); - iprec->Assign(3, val_mgr->Count(frag_offset)); - iprec->Assign(4, val_mgr->Bool(bad_hdr_len)); + iprec->Assign(1, uint32_t(ip_len)); + iprec->Assign(2, uint32_t(proto)); + iprec->Assign(3, uint32_t(frag_offset)); + iprec->Assign(4, bool(bad_hdr_len)); // bad_checksum is always false since IPv6 layer doesn't have a checksum. - iprec->Assign(5, val_mgr->False()); - iprec->Assign(6, val_mgr->Bool(MF)); - iprec->Assign(7, val_mgr->Bool(DF)); + iprec->Assign(5, false); + iprec->Assign(6, bool(MF)); + iprec->Assign(7, bool(DF)); return iprec; } @@ -472,14 +472,14 @@ void ICMP_Analyzer::UpdateEndpointVal(const ValPtr& endp_arg, bool is_orig) if ( size < 0 ) { - endp->Assign(0, val_mgr->Count(0)); - endp->Assign(1, val_mgr->Count(int(ICMP_INACTIVE))); + endp->Assign(0, 0); + endp->Assign(1, int(ICMP_INACTIVE)); } else { - endp->Assign(0, val_mgr->Count(size)); - endp->Assign(1, val_mgr->Count(int(ICMP_ACTIVE))); + endp->Assign(0, size); + endp->Assign(1, int(ICMP_ACTIVE)); } } @@ -743,8 +743,8 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data) } auto rv = make_intrusive(icmp6_nd_option_type); - rv->Assign(0, val_mgr->Count(type)); - rv->Assign(1, val_mgr->Count(length)); + rv->Assign(0, type); + rv->Assign(1, length); // Adjust length to be in units of bytes, exclude type/length fields. length = length * 8 - 2; @@ -763,7 +763,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data) if ( caplen >= length ) { String* link_addr = new String(data, length, false); - rv->Assign(2, make_intrusive(link_addr)); + rv->Assign(2, link_addr); } else set_payload_field = true; @@ -783,11 +783,11 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data) uint32_t valid_life = *((const uint32_t*)(data + 2)); uint32_t prefer_life = *((const uint32_t*)(data + 6)); in6_addr prefix = *((const in6_addr*)(data + 14)); - info->Assign(0, val_mgr->Count(prefix_len)); - info->Assign(1, val_mgr->Bool(L_flag)); - info->Assign(2, val_mgr->Bool(A_flag)); - info->Assign(3, make_intrusive((double)ntohl(valid_life), Seconds)); - info->Assign(4, make_intrusive((double)ntohl(prefer_life), Seconds)); + info->Assign(0, prefix_len); + info->Assign(1, L_flag); + info->Assign(2, A_flag); + info->AssignInterval(3, double(ntohl(valid_life))); + info->AssignInterval(4, double(ntohl(prefer_life))); info->Assign(5, make_intrusive(IPAddr(prefix))); rv->Assign(3, std::move(info)); } @@ -816,7 +816,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data) // MTU option { if ( caplen >= 6 ) - rv->Assign(5, val_mgr->Count(ntohl(*((const uint32_t*)(data + 2))))); + rv->Assign(5, uint32_t(ntohl(*((const uint32_t*)(data + 2))))); else set_payload_field = true; @@ -833,7 +833,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data) if ( set_payload_field ) { String* payload = new String(data, std::min((int)length, caplen), false); - rv->Assign(6, make_intrusive(payload)); + rv->Assign(6, payload); } data += length; diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index 1b529f1bb9..afb2a4dde8 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -841,14 +841,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) for ( size_t i = 0; i < channels.size(); ++i ) { auto info = make_intrusive(irc_join_info); - info->Assign(0, make_intrusive(nickname.c_str())); - info->Assign(1, make_intrusive(channels[i].c_str())); + info->Assign(0, nickname); + info->Assign(1, channels[i]); if ( i < passwords.size() ) - info->Assign(2, make_intrusive(passwords[i].c_str())); + info->Assign(2, passwords[i]); else - info->Assign(2, make_intrusive(empty_string.c_str())); + info->Assign(2, empty_string); // User mode. - info->Assign(3, make_intrusive(empty_string.c_str())); + info->Assign(3, empty_string); list->Assign(std::move(info), nullptr); } @@ -903,12 +903,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) mode = "voice"; } - info->Assign(0, make_intrusive(nick.c_str())); - info->Assign(1, make_intrusive(channel.c_str())); + info->Assign(0, nick); + info->Assign(1, channel); // Password: - info->Assign(2, make_intrusive(empty_string.c_str())); + info->Assign(2, empty_string); // User mode: - info->Assign(3, make_intrusive(mode.c_str())); + info->Assign(3, mode); list->Assign(std::move(info), nullptr); } diff --git a/src/analyzer/protocol/krb/krb-analyzer.pac b/src/analyzer/protocol/krb/krb-analyzer.pac index ead1219a6e..708861d731 100644 --- a/src/analyzer/protocol/krb/krb-analyzer.pac +++ b/src/analyzer/protocol/krb/krb-analyzer.pac @@ -10,19 +10,19 @@ zeek::RecordValPtr proc_krb_kdc_options(const KRB_KDC_Options* opts) { auto rv = zeek::make_intrusive(zeek::BifType::Record::KRB::KDC_Options); - rv->Assign(0, zeek::val_mgr->Bool(opts->forwardable())); - rv->Assign(1, zeek::val_mgr->Bool(opts->forwarded())); - rv->Assign(2, zeek::val_mgr->Bool(opts->proxiable())); - rv->Assign(3, zeek::val_mgr->Bool(opts->proxy())); - rv->Assign(4, zeek::val_mgr->Bool(opts->allow_postdate())); - rv->Assign(5, zeek::val_mgr->Bool(opts->postdated())); - rv->Assign(6, zeek::val_mgr->Bool(opts->renewable())); - rv->Assign(7, zeek::val_mgr->Bool(opts->opt_hardware_auth())); - rv->Assign(8, zeek::val_mgr->Bool(opts->disable_transited_check())); - rv->Assign(9, zeek::val_mgr->Bool(opts->renewable_ok())); - rv->Assign(10, zeek::val_mgr->Bool(opts->enc_tkt_in_skey())); - rv->Assign(11, zeek::val_mgr->Bool(opts->renew())); - rv->Assign(12, zeek::val_mgr->Bool(opts->validate())); + rv->Assign(0, bool(opts->forwardable())); + rv->Assign(1, bool(opts->forwarded())); + rv->Assign(2, bool(opts->proxiable())); + rv->Assign(3, bool(opts->proxy())); + rv->Assign(4, bool(opts->allow_postdate())); + rv->Assign(5, bool(opts->postdated())); + rv->Assign(6, bool(opts->renewable())); + rv->Assign(7, bool(opts->opt_hardware_auth())); + rv->Assign(8, bool(opts->disable_transited_check())); + rv->Assign(9, bool(opts->renewable_ok())); + rv->Assign(10, bool(opts->enc_tkt_in_skey())); + rv->Assign(11, bool(opts->renew())); + rv->Assign(12, bool(opts->validate())); return rv; } @@ -259,8 +259,8 @@ refine connection KRB_Conn += { if ( krb_ap_request ) { auto rv = zeek::make_intrusive(zeek::BifType::Record::KRB::AP_Options); - rv->Assign(0, zeek::val_mgr->Bool(${msg.ap_options.use_session_key})); - rv->Assign(1, zeek::val_mgr->Bool(${msg.ap_options.mutual_required})); + rv->Assign(0, bool(${msg.ap_options.use_session_key})); + rv->Assign(1, bool(${msg.ap_options.mutual_required})); auto rvticket = proc_ticket(${msg.ticket}); auto authenticationinfo = zeek_analyzer()->GetAuthenticationInfo( diff --git a/src/analyzer/protocol/krb/krb-padata.pac b/src/analyzer/protocol/krb/krb-padata.pac index ccf55a4302..33667cca41 100644 --- a/src/analyzer/protocol/krb/krb-padata.pac +++ b/src/analyzer/protocol/krb/krb-padata.pac @@ -37,7 +37,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly case PA_PW_SALT: { auto type_val = zeek::make_intrusive(zeek::BifType::Record::KRB::Type_Value); - type_val->Assign(0, zeek::val_mgr->Count(element->data_type())); + type_val->Assign(0, uint64_t(data_type)); type_val->Assign(1, to_stringval(element->pa_data_element()->pa_pw_salt()->encoding()->content())); vv->Assign(vv->Size(), std::move(type_val)); break; @@ -45,7 +45,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly case PA_ENCTYPE_INFO: { auto type_val = zeek::make_intrusive(zeek::BifType::Record::KRB::Type_Value); - type_val->Assign(0, zeek::val_mgr->Count(element->data_type())); + type_val->Assign(0, uint64_t(data_type)); type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info()->salt())); vv->Assign(vv->Size(), std::move(type_val)); break; @@ -53,7 +53,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly case PA_ENCTYPE_INFO2: { auto type_val = zeek::make_intrusive(zeek::BifType::Record::KRB::Type_Value); - type_val->Assign(0, zeek::val_mgr->Count(element->data_type())); + type_val->Assign(0, uint64_t(data_type)); type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info2()->salt())); vv->Assign(vv->Size(), std::move(type_val)); break; @@ -113,7 +113,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly if ( ! is_error && element->pa_data_element()->unknown()->meta()->length() > 0 ) { auto type_val = zeek::make_intrusive(zeek::BifType::Record::KRB::Type_Value); - type_val->Assign(0, zeek::val_mgr->Count(element->data_type())); + type_val->Assign(0, uint64_t(data_type)); type_val->Assign(1, to_stringval(element->pa_data_element()->unknown()->content())); vv->Assign(vv->Size(), std::move(type_val)); } diff --git a/src/analyzer/protocol/modbus/modbus-analyzer.pac b/src/analyzer/protocol/modbus/modbus-analyzer.pac index 5701529272..ccadd55a63 100644 --- a/src/analyzer/protocol/modbus/modbus-analyzer.pac +++ b/src/analyzer/protocol/modbus/modbus-analyzer.pac @@ -30,10 +30,10 @@ zeek::RecordValPtr HeaderToVal(ModbusTCP_TransportHeader* header) { auto modbus_header = zeek::make_intrusive(zeek::BifType::Record::ModbusHeaders); - modbus_header->Assign(0, zeek::val_mgr->Count(header->tid())); - modbus_header->Assign(1, zeek::val_mgr->Count(header->pid())); - modbus_header->Assign(2, zeek::val_mgr->Count(header->uid())); - modbus_header->Assign(3, zeek::val_mgr->Count(header->fc())); + modbus_header->Assign(0, header->tid()); + modbus_header->Assign(1, header->pid()); + modbus_header->Assign(2, header->uid()); + modbus_header->Assign(3, header->fc()); return modbus_header; } diff --git a/src/analyzer/protocol/mqtt/commands/connack.pac b/src/analyzer/protocol/mqtt/commands/connack.pac index dcc8da5858..bf810e6ab4 100644 --- a/src/analyzer/protocol/mqtt/commands/connack.pac +++ b/src/analyzer/protocol/mqtt/commands/connack.pac @@ -16,8 +16,8 @@ refine flow MQTT_Flow += { if ( mqtt_connack ) { auto m = zeek::make_intrusive(zeek::BifType::Record::MQTT::ConnectAckMsg); - m->Assign(0, zeek::val_mgr->Count(${msg.return_code})); - m->Assign(1, zeek::val_mgr->Bool(${msg.session_present})); + m->Assign(0, ${msg.return_code}); + m->Assign(1, bool(${msg.session_present})); zeek::BifEvent::enqueue_mqtt_connack(connection()->zeek_analyzer(), connection()->zeek_analyzer()->Conn(), std::move(m)); diff --git a/src/analyzer/protocol/mqtt/commands/connect.pac b/src/analyzer/protocol/mqtt/commands/connect.pac index b6db5864f7..22d78a713d 100644 --- a/src/analyzer/protocol/mqtt/commands/connect.pac +++ b/src/analyzer/protocol/mqtt/commands/connect.pac @@ -47,14 +47,14 @@ refine flow MQTT_Flow += { auto m = zeek::make_intrusive(zeek::BifType::Record::MQTT::ConnectMsg); m->Assign(0, zeek::make_intrusive(${msg.protocol_name.str}.length(), reinterpret_cast(${msg.protocol_name.str}.begin()))); - m->Assign(1, zeek::val_mgr->Count(${msg.protocol_version})); + m->Assign(1, ${msg.protocol_version}); m->Assign(2, zeek::make_intrusive(${msg.client_id.str}.length(), reinterpret_cast(${msg.client_id.str}.begin()))); - m->Assign(3, zeek::make_intrusive(double(${msg.keep_alive}), Seconds)); + m->AssignInterval(3, double(${msg.keep_alive})); - m->Assign(4, zeek::val_mgr->Bool(${msg.clean_session})); - m->Assign(5, zeek::val_mgr->Bool(${msg.will_retain})); - m->Assign(6, zeek::val_mgr->Count(${msg.will_qos})); + m->Assign(4, bool(${msg.clean_session})); + m->Assign(5, bool(${msg.will_retain})); + m->Assign(6, ${msg.will_qos}); if ( ${msg.will_flag} ) { diff --git a/src/analyzer/protocol/mqtt/commands/publish.pac b/src/analyzer/protocol/mqtt/commands/publish.pac index af1513bbb2..c2868b8fa4 100644 --- a/src/analyzer/protocol/mqtt/commands/publish.pac +++ b/src/analyzer/protocol/mqtt/commands/publish.pac @@ -24,9 +24,9 @@ refine flow MQTT_Flow += { if ( mqtt_publish ) { auto m = zeek::make_intrusive(zeek::BifType::Record::MQTT::PublishMsg); - m->Assign(0, zeek::val_mgr->Bool(${msg.dup})); - m->Assign(1, zeek::val_mgr->Count(${msg.qos})); - m->Assign(2, zeek::val_mgr->Bool(${msg.retain})); + m->Assign(0, bool(${msg.dup})); + m->Assign(1, ${msg.qos}); + m->Assign(2, bool(${msg.retain})); m->Assign(3, ${msg.topic.str}.length(), reinterpret_cast(${msg.topic.str}.begin())); @@ -40,7 +40,7 @@ refine flow MQTT_Flow += { m->Assign(4, len, reinterpret_cast(${msg.payload}.begin())); - m->Assign(5, zeek::val_mgr->Count(${msg.payload}.length())); + m->Assign(5, ${msg.payload}.length()); zeek::BifEvent::enqueue_mqtt_publish(connection()->zeek_analyzer(), connection()->zeek_analyzer()->Conn(), diff --git a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac index 6501cc649b..4cb534da4b 100644 --- a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac +++ b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac @@ -20,10 +20,10 @@ zeek::RecordValPtr build_version_record(NTLM_Version* val) { auto result = zeek::make_intrusive(zeek::BifType::Record::NTLM::Version); - result->Assign(0, zeek::val_mgr->Count(${val.major_version})); - result->Assign(1, zeek::val_mgr->Count(${val.minor_version})); - result->Assign(2, zeek::val_mgr->Count(${val.build_number})); - result->Assign(3, zeek::val_mgr->Count(${val.ntlm_revision})); + result->Assign(0, ${val.major_version}); + result->Assign(1, ${val.minor_version}); + result->Assign(2, ${val.build_number}); + result->Assign(3, ${val.ntlm_revision}); return result; } @@ -31,28 +31,28 @@ zeek::RecordValPtr build_negotiate_flag_record(NTLM_Negotiate_Flags* val) { auto flags = zeek::make_intrusive(zeek::BifType::Record::NTLM::NegotiateFlags); - flags->Assign(0, zeek::val_mgr->Bool(${val.negotiate_56})); - flags->Assign(1, zeek::val_mgr->Bool(${val.negotiate_key_exch})); - flags->Assign(2, zeek::val_mgr->Bool(${val.negotiate_128})); - flags->Assign(3, zeek::val_mgr->Bool(${val.negotiate_version})); - flags->Assign(4, zeek::val_mgr->Bool(${val.negotiate_target_info})); - flags->Assign(5, zeek::val_mgr->Bool(${val.request_non_nt_session_key})); - flags->Assign(6, zeek::val_mgr->Bool(${val.negotiate_identify})); - flags->Assign(7, zeek::val_mgr->Bool(${val.negotiate_extended_sessionsecurity})); - flags->Assign(8, zeek::val_mgr->Bool(${val.target_type_server})); - flags->Assign(9, zeek::val_mgr->Bool(${val.target_type_domain})); - flags->Assign(10, zeek::val_mgr->Bool(${val.negotiate_always_sign})); - flags->Assign(11, zeek::val_mgr->Bool(${val.negotiate_oem_workstation_supplied})); - flags->Assign(12, zeek::val_mgr->Bool(${val.negotiate_oem_domain_supplied})); - flags->Assign(13, zeek::val_mgr->Bool(${val.negotiate_anonymous_connection})); - flags->Assign(14, zeek::val_mgr->Bool(${val.negotiate_ntlm})); - flags->Assign(15, zeek::val_mgr->Bool(${val.negotiate_lm_key})); - flags->Assign(16, zeek::val_mgr->Bool(${val.negotiate_datagram})); - flags->Assign(17, zeek::val_mgr->Bool(${val.negotiate_seal})); - flags->Assign(18, zeek::val_mgr->Bool(${val.negotiate_sign})); - flags->Assign(19, zeek::val_mgr->Bool(${val.request_target})); - flags->Assign(20, zeek::val_mgr->Bool(${val.negotiate_oem})); - flags->Assign(21, zeek::val_mgr->Bool(${val.negotiate_unicode})); + flags->Assign(0, bool(${val.negotiate_56})); + flags->Assign(1, bool(${val.negotiate_key_exch})); + flags->Assign(2, bool(${val.negotiate_128})); + flags->Assign(3, bool(${val.negotiate_version})); + flags->Assign(4, bool(${val.negotiate_target_info})); + flags->Assign(5, bool(${val.request_non_nt_session_key})); + flags->Assign(6, bool(${val.negotiate_identify})); + flags->Assign(7, bool(${val.negotiate_extended_sessionsecurity})); + flags->Assign(8, bool(${val.target_type_server})); + flags->Assign(9, bool(${val.target_type_domain})); + flags->Assign(10, bool(${val.negotiate_always_sign})); + flags->Assign(11, bool(${val.negotiate_oem_workstation_supplied})); + flags->Assign(12, bool(${val.negotiate_oem_domain_supplied})); + flags->Assign(13, bool(${val.negotiate_anonymous_connection})); + flags->Assign(14, bool(${val.negotiate_ntlm})); + flags->Assign(15, bool(${val.negotiate_lm_key})); + flags->Assign(16, bool(${val.negotiate_datagram})); + flags->Assign(17, bool(${val.negotiate_seal})); + flags->Assign(18, bool(${val.negotiate_sign})); + flags->Assign(19, bool(${val.request_target})); + flags->Assign(20, bool(${val.negotiate_oem})); + flags->Assign(21, bool(${val.negotiate_unicode})); return flags; } @@ -96,13 +96,13 @@ refine connection NTLM_Conn += { result->Assign(4, utf16_to_utf8_val(zeek_analyzer()->Conn(), ${val.pairs[i].dns_tree_name.data})); break; case 6: - result->Assign(5, zeek::val_mgr->Bool(${val.pairs[i].constrained_auth})); + result->Assign(5, bool(${val.pairs[i].constrained_auth})); break; case 7: result->Assign(6, filetime2zeektime(${val.pairs[i].timestamp})); break; case 8: - result->Assign(7, zeek::val_mgr->Count(${val.pairs[i].single_host.machine_id})); + result->Assign(7, ${val.pairs[i].single_host.machine_id}); break; case 9: result->Assign(8, utf16_to_utf8_val(zeek_analyzer()->Conn(), ${val.pairs[i].target_name.data})); diff --git a/src/analyzer/protocol/ntp/ntp-analyzer.pac b/src/analyzer/protocol/ntp/ntp-analyzer.pac index 41906dd075..c00c23b3d1 100644 --- a/src/analyzer/protocol/ntp/ntp-analyzer.pac +++ b/src/analyzer/protocol/ntp/ntp-analyzer.pac @@ -36,9 +36,9 @@ { auto rv = zeek::make_intrusive(zeek::BifType::Record::NTP::StandardMessage); - rv->Assign(0, zeek::val_mgr->Count(${nsm.stratum})); - rv->Assign(1, zeek::make_intrusive(pow(2, ${nsm.poll}))); - rv->Assign(2, zeek::make_intrusive(pow(2, ${nsm.precision}))); + rv->Assign(0, ${nsm.stratum}); + rv->AssignInterval(1, pow(2, ${nsm.poll})); + rv->AssignInterval(2, pow(2, ${nsm.precision})); rv->Assign(3, proc_ntp_short(${nsm.root_delay})); rv->Assign(4, proc_ntp_short(${nsm.root_dispersion})); @@ -66,19 +66,19 @@ if ( ${nsm.mac_len} == 20 ) { - rv->Assign(12, zeek::val_mgr->Count(${nsm.mac.key_id})); + rv->Assign(12, ${nsm.mac.key_id}); rv->Assign(13, to_stringval(${nsm.mac.digest})); } else if ( ${nsm.mac_len} == 24 ) { - rv->Assign(12, zeek::val_mgr->Count(${nsm.mac_ext.key_id})); + rv->Assign(12, ${nsm.mac_ext.key_id}); rv->Assign(13, to_stringval(${nsm.mac_ext.digest})); } if ( ${nsm.has_exts} ) { // TODO: add extension fields - rv->Assign(14, zeek::val_mgr->Count((uint32) ${nsm.exts}->size())); + rv->Assign(14, (uint32) ${nsm.exts}->size()); } return rv; @@ -89,20 +89,20 @@ { auto rv = zeek::make_intrusive(zeek::BifType::Record::NTP::ControlMessage); - rv->Assign(0, zeek::val_mgr->Count(${ncm.OpCode})); - rv->Assign(1, zeek::val_mgr->Bool(${ncm.R})); - rv->Assign(2, zeek::val_mgr->Bool(${ncm.E})); - rv->Assign(3, zeek::val_mgr->Bool(${ncm.M})); - rv->Assign(4, zeek::val_mgr->Count(${ncm.sequence})); - rv->Assign(5, zeek::val_mgr->Count(${ncm.status})); - rv->Assign(6, zeek::val_mgr->Count(${ncm.association_id})); + rv->Assign(0, ${ncm.OpCode}); + rv->Assign(1, bool(${ncm.R})); + rv->Assign(2, bool(${ncm.E})); + rv->Assign(3, bool(${ncm.M})); + rv->Assign(4, ${ncm.sequence}); + rv->Assign(5, ${ncm.status}); + rv->Assign(6, ${ncm.association_id}); if ( ${ncm.c} > 0 ) rv->Assign(7, to_stringval(${ncm.data})); if ( ${ncm.has_control_mac} ) { - rv->Assign(8, zeek::val_mgr->Count(${ncm.mac.key_id})); + rv->Assign(8, ${ncm.mac.key_id}); rv->Assign(9, to_stringval(${ncm.mac.crypto_checksum})); } @@ -114,11 +114,11 @@ { auto rv = zeek::make_intrusive(zeek::BifType::Record::NTP::Mode7Message); - rv->Assign(0, zeek::val_mgr->Count(${m7.request_code})); - rv->Assign(1, zeek::val_mgr->Bool(${m7.auth_bit})); - rv->Assign(2, zeek::val_mgr->Count(${m7.sequence})); - rv->Assign(3, zeek::val_mgr->Count(${m7.implementation})); - rv->Assign(4, zeek::val_mgr->Count(${m7.error_code})); + rv->Assign(0, ${m7.request_code}); + rv->Assign(1, bool(${m7.auth_bit})); + rv->Assign(2, ${m7.sequence}); + rv->Assign(3, ${m7.implementation}); + rv->Assign(4, ${m7.error_code}); if ( ${m7.data_len} > 0 ) rv->Assign(5, to_stringval(${m7.data})); @@ -139,8 +139,8 @@ refine flow NTP_Flow += { return false; auto rv = zeek::make_intrusive(zeek::BifType::Record::NTP::Message); - rv->Assign(0, zeek::val_mgr->Count(${msg.version})); - rv->Assign(1, zeek::val_mgr->Count(${msg.mode})); + rv->Assign(0, ${msg.version}); + rv->Assign(1, ${msg.mode}); // The standard record if ( ${msg.mode} >=1 && ${msg.mode} <= 5 ) diff --git a/src/analyzer/protocol/radius/radius-analyzer.pac b/src/analyzer/protocol/radius/radius-analyzer.pac index 20a2e93bef..59dc4a64ff 100644 --- a/src/analyzer/protocol/radius/radius-analyzer.pac +++ b/src/analyzer/protocol/radius/radius-analyzer.pac @@ -8,8 +8,8 @@ refine flow RADIUS_Flow += { return false; auto result = zeek::make_intrusive(zeek::BifType::Record::RADIUS::Message); - result->Assign(0, zeek::val_mgr->Count(${msg.code})); - result->Assign(1, zeek::val_mgr->Count(${msg.trans_id})); + result->Assign(0, ${msg.code}); + result->Assign(1, ${msg.trans_id}); result->Assign(2, to_stringval(${msg.authenticator})); if ( ${msg.attributes}->size() ) diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac index 3f4007824a..c3820813c8 100644 --- a/src/analyzer/protocol/rdp/rdp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -66,35 +66,35 @@ refine flow RDP_Flow += { if ( rdp_client_core_data ) { auto ec_flags = zeek::make_intrusive(zeek::BifType::Record::RDP::EarlyCapabilityFlags); - ec_flags->Assign(0, zeek::val_mgr->Bool(${ccore.SUPPORT_ERRINFO_PDU})); - ec_flags->Assign(1, zeek::val_mgr->Bool(${ccore.WANT_32BPP_SESSION})); - ec_flags->Assign(2, zeek::val_mgr->Bool(${ccore.SUPPORT_STATUSINFO_PDU})); - ec_flags->Assign(3, zeek::val_mgr->Bool(${ccore.STRONG_ASYMMETRIC_KEYS})); - ec_flags->Assign(4, zeek::val_mgr->Bool(${ccore.SUPPORT_MONITOR_LAYOUT_PDU})); - ec_flags->Assign(5, zeek::val_mgr->Bool(${ccore.SUPPORT_NETCHAR_AUTODETECT})); - ec_flags->Assign(6, zeek::val_mgr->Bool(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL})); - ec_flags->Assign(7, zeek::val_mgr->Bool(${ccore.SUPPORT_DYNAMIC_TIME_ZONE})); - ec_flags->Assign(8, zeek::val_mgr->Bool(${ccore.SUPPORT_HEARTBEAT_PDU})); + ec_flags->Assign(0, bool(${ccore.SUPPORT_ERRINFO_PDU})); + ec_flags->Assign(1, bool(${ccore.WANT_32BPP_SESSION})); + ec_flags->Assign(2, bool(${ccore.SUPPORT_STATUSINFO_PDU})); + ec_flags->Assign(3, bool(${ccore.STRONG_ASYMMETRIC_KEYS})); + ec_flags->Assign(4, bool(${ccore.SUPPORT_MONITOR_LAYOUT_PDU})); + ec_flags->Assign(5, bool(${ccore.SUPPORT_NETCHAR_AUTODETECT})); + ec_flags->Assign(6, bool(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL})); + ec_flags->Assign(7, bool(${ccore.SUPPORT_DYNAMIC_TIME_ZONE})); + ec_flags->Assign(8, bool(${ccore.SUPPORT_HEARTBEAT_PDU})); auto ccd = zeek::make_intrusive(zeek::BifType::Record::RDP::ClientCoreData); - ccd->Assign(0, zeek::val_mgr->Count(${ccore.version_major})); - ccd->Assign(1, zeek::val_mgr->Count(${ccore.version_minor})); - ccd->Assign(2, zeek::val_mgr->Count(${ccore.desktop_width})); - ccd->Assign(3, zeek::val_mgr->Count(${ccore.desktop_height})); - ccd->Assign(4, zeek::val_mgr->Count(${ccore.color_depth})); - ccd->Assign(5, zeek::val_mgr->Count(${ccore.sas_sequence})); - ccd->Assign(6, zeek::val_mgr->Count(${ccore.keyboard_layout})); - ccd->Assign(7, zeek::val_mgr->Count(${ccore.client_build})); + ccd->Assign(0, ${ccore.version_major}); + ccd->Assign(1, ${ccore.version_minor}); + ccd->Assign(2, ${ccore.desktop_width}); + ccd->Assign(3, ${ccore.desktop_height}); + ccd->Assign(4, ${ccore.color_depth}); + ccd->Assign(5, ${ccore.sas_sequence}); + ccd->Assign(6, ${ccore.keyboard_layout}); + ccd->Assign(7, ${ccore.client_build}); ccd->Assign(8, utf16_to_utf8_val(connection()->zeek_analyzer()->Conn(), ${ccore.client_name})); - ccd->Assign(9, zeek::val_mgr->Count(${ccore.keyboard_type})); - ccd->Assign(10, zeek::val_mgr->Count(${ccore.keyboard_sub})); - ccd->Assign(11, zeek::val_mgr->Count(${ccore.keyboard_function_key})); + ccd->Assign(9, ${ccore.keyboard_type}); + ccd->Assign(10, ${ccore.keyboard_sub}); + ccd->Assign(11, ${ccore.keyboard_function_key}); ccd->Assign(12, utf16_to_utf8_val(connection()->zeek_analyzer()->Conn(), ${ccore.ime_file_name})); - ccd->Assign(13, zeek::val_mgr->Count(${ccore.post_beta2_color_depth})); - ccd->Assign(14, zeek::val_mgr->Count(${ccore.client_product_id})); - ccd->Assign(15, zeek::val_mgr->Count(${ccore.serial_number})); - ccd->Assign(16, zeek::val_mgr->Count(${ccore.high_color_depth})); - ccd->Assign(17, zeek::val_mgr->Count(${ccore.supported_color_depths})); + ccd->Assign(13, ${ccore.post_beta2_color_depth}); + ccd->Assign(14, ${ccore.client_product_id}); + ccd->Assign(15, ${ccore.serial_number}); + ccd->Assign(16, ${ccore.high_color_depth}); + ccd->Assign(17, ${ccore.supported_color_depths}); ccd->Assign(18, std::move(ec_flags)); ccd->Assign(19, utf16_to_utf8_val(connection()->zeek_analyzer()->Conn(), ${ccore.dig_product_id})); @@ -112,8 +112,8 @@ refine flow RDP_Flow += { return false; auto csd = zeek::make_intrusive(zeek::BifType::Record::RDP::ClientSecurityData); - csd->Assign(0, zeek::val_mgr->Count(${csec.encryption_methods})); - csd->Assign(1, zeek::val_mgr->Count(${csec.ext_encryption_methods})); + csd->Assign(0, ${csec.encryption_methods}); + csd->Assign(1, ${csec.ext_encryption_methods}); zeek::BifEvent::enqueue_rdp_client_security_data(connection()->zeek_analyzer(), connection()->zeek_analyzer()->Conn(), @@ -135,19 +135,19 @@ refine flow RDP_Flow += { auto channel_def = zeek::make_intrusive(zeek::BifType::Record::RDP::ClientChannelDef); channel_def->Assign(0, to_stringval(${cnetwork.channel_def_array[i].name})); - channel_def->Assign(1, zeek::val_mgr->Count(${cnetwork.channel_def_array[i].options})); + channel_def->Assign(1, ${cnetwork.channel_def_array[i].options}); - channel_def->Assign(2, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED})); - channel_def->Assign(3, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP})); - channel_def->Assign(4, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_SC})); - channel_def->Assign(5, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_CS})); - channel_def->Assign(6, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_HIGH})); - channel_def->Assign(7, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_MED})); - channel_def->Assign(8, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_LOW})); - channel_def->Assign(9, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS_RDP})); - channel_def->Assign(10, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS})); - channel_def->Assign(11, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_SHOW_PROTOCOL})); - channel_def->Assign(12, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].REMOTE_CONTROL_PERSISTENT})); + channel_def->Assign(2, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED})); + channel_def->Assign(3, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP})); + channel_def->Assign(4, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_SC})); + channel_def->Assign(5, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_CS})); + channel_def->Assign(6, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_HIGH})); + channel_def->Assign(7, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_MED})); + channel_def->Assign(8, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_LOW})); + channel_def->Assign(9, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS_RDP})); + channel_def->Assign(10, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS})); + channel_def->Assign(11, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_SHOW_PROTOCOL})); + channel_def->Assign(12, bool(${cnetwork.channel_def_array[i].REMOTE_CONTROL_PERSISTENT})); channels->Assign(channels->Size(), std::move(channel_def)); } @@ -166,12 +166,12 @@ refine flow RDP_Flow += { return false; auto ccld = zeek::make_intrusive(zeek::BifType::Record::RDP::ClientClusterData); - ccld->Assign(0, zeek::val_mgr->Count(${ccluster.flags})); - ccld->Assign(1, zeek::val_mgr->Count(${ccluster.redir_session_id})); - ccld->Assign(2, zeek::val_mgr->Bool(${ccluster.REDIRECTION_SUPPORTED})); - ccld->Assign(3, zeek::val_mgr->Count(${ccluster.SERVER_SESSION_REDIRECTION_VERSION_MASK})); - ccld->Assign(4, zeek::val_mgr->Bool(${ccluster.REDIRECTED_SESSIONID_FIELD_VALID})); - ccld->Assign(5, zeek::val_mgr->Bool(${ccluster.REDIRECTED_SMARTCARD})); + ccld->Assign(0, ${ccluster.flags}); + ccld->Assign(1, ${ccluster.redir_session_id}); + ccld->Assign(2, bool(${ccluster.REDIRECTION_SUPPORTED})); + ccld->Assign(3, ${ccluster.SERVER_SESSION_REDIRECTION_VERSION_MASK}); + ccld->Assign(4, bool(${ccluster.REDIRECTED_SESSIONID_FIELD_VALID})); + ccld->Assign(5, bool(${ccluster.REDIRECTED_SMARTCARD})); zeek::BifEvent::enqueue_rdp_client_cluster_data(connection()->zeek_analyzer(), connection()->zeek_analyzer()->Conn(), diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index d857d37288..def96ed3e1 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -188,16 +188,16 @@ Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c, auto info = make_intrusive(BifType::Record::MOUNT3::info_t); info->Assign(0, BifType::Enum::rpc_status->GetEnumVal(rpc_status)); info->Assign(1, BifType::Enum::MOUNT3::status_t->GetEnumVal(mount_status)); - info->Assign(2, make_intrusive(c->StartTime())); - info->Assign(3, make_intrusive(c->LastTime() - c->StartTime())); - info->Assign(4, val_mgr->Count(c->RPCLen())); - info->Assign(5, make_intrusive(rep_start_time)); - info->Assign(6, make_intrusive(rep_last_time - rep_start_time)); - info->Assign(7, val_mgr->Count(reply_len)); - info->Assign(8, val_mgr->Count(c->Uid())); - info->Assign(9, val_mgr->Count(c->Gid())); - info->Assign(10, val_mgr->Count(c->Stamp())); - info->Assign(11, make_intrusive(c->MachineName())); + info->AssignTime(2, c->StartTime()); + info->AssignInterval(3, c->LastTime() - c->StartTime()); + info->Assign(4, c->RPCLen()); + info->AssignTime(5, rep_start_time); + info->AssignInterval(6, rep_last_time - rep_start_time); + info->Assign(7, reply_len); + info->Assign(8, c->Uid()); + info->Assign(9, c->Gid()); + info->Assign(10, c->Stamp()); + info->Assign(11, c->MachineName()); info->Assign(12, std::move(auxgids)); vl.emplace_back(std::move(info)); @@ -259,7 +259,7 @@ RecordValPtr MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n, auth_flavors_count = max_auth_flavors; } - auto enum_vector = make_intrusive(base_type(TYPE_ENUM)); + auto enum_vector = make_intrusive(BifType::Enum::MOUNT3::auth_flavor_t); auto auth_flavors = make_intrusive(std::move(enum_vector)); for ( auto i = 0u; i < auth_flavors_count; ++i ) diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index 589f3ac1bd..d8ca614538 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -321,16 +321,16 @@ Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status auto info = make_intrusive(BifType::Record::NFS3::info_t); info->Assign(0, BifType::Enum::rpc_status->GetEnumVal(rpc_status)); info->Assign(1, BifType::Enum::NFS3::status_t->GetEnumVal(nfs_status)); - info->Assign(2, make_intrusive(c->StartTime())); - info->Assign(3, make_intrusive(c->LastTime()-c->StartTime())); - info->Assign(4, val_mgr->Count(c->RPCLen())); - info->Assign(5, make_intrusive(rep_start_time)); - info->Assign(6, make_intrusive(rep_last_time-rep_start_time)); - info->Assign(7, val_mgr->Count(reply_len)); - info->Assign(8, val_mgr->Count(c->Uid())); - info->Assign(9, val_mgr->Count(c->Gid())); - info->Assign(10, val_mgr->Count(c->Stamp())); - info->Assign(11, make_intrusive(c->MachineName())); + info->AssignTime(2, c->StartTime()); + info->AssignInterval(3, c->LastTime()-c->StartTime()); + info->Assign(4, c->RPCLen()); + info->AssignTime(5, rep_start_time); + info->AssignInterval(6, rep_last_time-rep_start_time); + info->Assign(7, reply_len); + info->Assign(8, c->Uid()); + info->Assign(9, c->Gid()); + info->Assign(10, c->Stamp()); + info->Assign(11, c->MachineName()); info->Assign(12, std::move(auxgids)); vl.emplace_back(std::move(info)); @@ -554,7 +554,7 @@ RecordValPtr NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NF rep->Assign(0, nfs3_post_op_attr(buf, n)); bytes_read = extract_XDR_uint32(buf, n); - rep->Assign(1, val_mgr->Count(bytes_read)); + rep->Assign(1, bytes_read); rep->Assign(2, ExtractBool(buf, n)); rep->Assign(3, nfs3_file_data(buf, n, offset, bytes_read)); } @@ -637,9 +637,9 @@ RecordValPtr NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n) writeargs->Assign(0, nfs3_fh(buf, n)); offset = extract_XDR_uint64(buf, n); - writeargs->Assign(1, val_mgr->Count(offset)); // offset + writeargs->Assign(1, offset); // offset bytes = extract_XDR_uint32(buf, n); - writeargs->Assign(2, val_mgr->Count(bytes)); // size + writeargs->Assign(2, bytes); // size writeargs->Assign(3, nfs3_stable_how(buf, n)); writeargs->Assign(4, nfs3_file_data(buf, n, offset, bytes)); @@ -722,7 +722,7 @@ RecordValPtr NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n { auto args = make_intrusive(BifType::Record::NFS3::readdirargs_t); - args->Assign(0, val_mgr->Bool(isplus)); + args->Assign(0, isplus); args->Assign(1, nfs3_fh(buf, n)); args->Assign(2, ExtractUint64(buf,n)); // cookie args->Assign(3, ExtractUint64(buf,n)); // cookieverf @@ -739,7 +739,7 @@ RecordValPtr NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf, { auto rep = make_intrusive(BifType::Record::NFS3::readdir_reply_t); - rep->Assign(0, val_mgr->Bool(isplus)); + rep->Assign(0, isplus); if ( status == BifEnum::NFS3::NFS3ERR_OK ) { @@ -779,29 +779,29 @@ RecordValPtr NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf, return rep; } -ValPtr NFS_Interp::ExtractUint32(const u_char*& buf, int& n) +uint32_t NFS_Interp::ExtractUint32(const u_char*& buf, int& n) { - return val_mgr->Count(extract_XDR_uint32(buf, n)); + return extract_XDR_uint32(buf, n); } -ValPtr NFS_Interp::ExtractUint64(const u_char*& buf, int& n) +uint64_t NFS_Interp::ExtractUint64(const u_char*& buf, int& n) { - return val_mgr->Count(extract_XDR_uint64(buf, n)); + return extract_XDR_uint64(buf, n); } -ValPtr NFS_Interp::ExtractTime(const u_char*& buf, int& n) +double NFS_Interp::ExtractTime(const u_char*& buf, int& n) { - return make_intrusive(extract_XDR_time(buf, n)); + return extract_XDR_time(buf, n); } -ValPtr NFS_Interp::ExtractInterval(const u_char*& buf, int& n) +double NFS_Interp::ExtractInterval(const u_char*& buf, int& n) { - return make_intrusive(double(extract_XDR_uint32(buf, n)), 1.0); + return double(extract_XDR_uint32(buf, n)); } -ValPtr NFS_Interp::ExtractBool(const u_char*& buf, int& n) +bool NFS_Interp::ExtractBool(const u_char*& buf, int& n) { - return val_mgr->Bool(extract_XDR_uint32(buf, n)); + return extract_XDR_uint32(buf, n); } } // namespace detail diff --git a/src/analyzer/protocol/rpc/NFS.h b/src/analyzer/protocol/rpc/NFS.h index 3082ffffe7..0082b1da31 100644 --- a/src/analyzer/protocol/rpc/NFS.h +++ b/src/analyzer/protocol/rpc/NFS.h @@ -73,11 +73,11 @@ protected: // * size is the amount of bytes read (or requested to be written), StringValPtr nfs3_file_data(const u_char*& buf, int& n, uint64_t offset, int size); - ValPtr ExtractUint32(const u_char*& buf, int& n); - ValPtr ExtractUint64(const u_char*& buf, int& n); - ValPtr ExtractTime(const u_char*& buf, int& n); - ValPtr ExtractInterval(const u_char*& buf, int& n); - ValPtr ExtractBool(const u_char*& buf, int& n); + uint32_t ExtractUint32(const u_char*& buf, int& n); + uint64_t ExtractUint64(const u_char*& buf, int& n); + double ExtractTime(const u_char*& buf, int& n); + double ExtractInterval(const u_char*& buf, int& n); + bool ExtractBool(const u_char*& buf, int& n); }; } // namespace detail diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 3d0893a363..4b47f894e5 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -195,8 +195,8 @@ ValPtr PortmapperInterp::ExtractMapping(const u_char*& buf, int& len) static auto pm_mapping = id::find_type("pm_mapping"); auto mapping = make_intrusive(pm_mapping); - mapping->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len))); - mapping->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len))); + mapping->Assign(0, extract_XDR_uint32(buf, len)); + mapping->Assign(1, extract_XDR_uint32(buf, len)); bool is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP; uint32_t port = extract_XDR_uint32(buf, len); @@ -213,11 +213,11 @@ ValPtr PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len) static auto pm_port_request = id::find_type("pm_port_request"); auto pr = make_intrusive(pm_port_request); - pr->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len))); - pr->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len))); + pr->Assign(0, extract_XDR_uint32(buf, len)); + pr->Assign(1, extract_XDR_uint32(buf, len)); bool is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP; - pr->Assign(2, val_mgr->Bool(is_tcp)); + pr->Assign(2, bool(is_tcp)); (void) extract_XDR_uint32(buf, len); // consume the bogus port if ( ! buf ) @@ -231,13 +231,13 @@ ValPtr PortmapperInterp::ExtractCallItRequest(const u_char*& buf, int& len) static auto pm_callit_request = id::find_type("pm_callit_request"); auto c = make_intrusive(pm_callit_request); - c->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len))); - c->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len))); - c->Assign(2, val_mgr->Count(extract_XDR_uint32(buf, len))); + c->Assign(0, extract_XDR_uint32(buf, len)); + c->Assign(1, extract_XDR_uint32(buf, len)); + c->Assign(2, extract_XDR_uint32(buf, len)); int arg_n; (void) extract_XDR_opaque(buf, len, arg_n); - c->Assign(3, val_mgr->Count(arg_n)); + c->Assign(3, arg_n); if ( ! buf ) return nullptr; diff --git a/src/analyzer/protocol/smb/smb-time.pac b/src/analyzer/protocol/smb/smb-time.pac index 3f163b21a0..51a5e6c9a9 100644 --- a/src/analyzer/protocol/smb/smb-time.pac +++ b/src/analyzer/protocol/smb/smb-time.pac @@ -1,21 +1,20 @@ %header{ -zeek::ValPtr filetime2zeektime(uint64_t ts); -zeek::ValPtr time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz); +double filetime2zeektime(uint64_t ts); +double time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz); zeek::RecordValPtr SMB_BuildMACTimes(uint64_t modify, uint64_t access, uint64_t create, uint64_t change); %} %code{ -zeek::ValPtr filetime2zeektime(uint64_t ts) +double filetime2zeektime(uint64_t ts) { // Zeek can't support times back to the 1600's // so we subtract a lot of seconds. - double secs = (ts / 10000000.0L) - 11644473600.0L; - return zeek::make_intrusive(secs); + return (ts / 10000000.0L) - 11644473600.0L; } -zeek::ValPtr time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz) +double time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz) { tm lTime; lTime.tm_sec = ${t.two_seconds} * 2; @@ -25,8 +24,7 @@ zeek::ValPtr time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz) lTime.tm_mon = ${d.month}; lTime.tm_year = 1980 + ${d.year}; lTime.tm_isdst = -1; - double lResult = mktime(&lTime); - return zeek::make_intrusive(lResult + tz); + return mktime(&lTime) + tz; } zeek::RecordValPtr SMB_BuildMACTimes(uint64_t modify, uint64_t access, diff --git a/src/analyzer/protocol/smb/smb1-com-negotiate.pac b/src/analyzer/protocol/smb/smb1-com-negotiate.pac index 0a576e7a61..ee5f70b06a 100644 --- a/src/analyzer/protocol/smb/smb1-com-negotiate.pac +++ b/src/analyzer/protocol/smb/smb1-com-negotiate.pac @@ -42,7 +42,7 @@ refine connection SMB_Conn += { case 0x01: { auto core = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseCore); - core->Assign(0, zeek::val_mgr->Count(${val.dialect_index})); + core->Assign(0, ${val.dialect_index}); response->Assign(0, std::move(core)); } @@ -51,23 +51,23 @@ refine connection SMB_Conn += { case 0x0d: { auto security = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseSecurity); - security->Assign(0, zeek::val_mgr->Bool(${val.lanman.security_user_level})); - security->Assign(1, zeek::val_mgr->Bool(${val.lanman.security_challenge_response})); + security->Assign(0, bool(${val.lanman.security_user_level})); + security->Assign(1, bool(${val.lanman.security_challenge_response})); auto raw = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateRawMode); - raw->Assign(0, zeek::val_mgr->Bool(${val.lanman.raw_read_supported})); - raw->Assign(1, zeek::val_mgr->Bool(${val.lanman.raw_write_supported})); + raw->Assign(0, bool(${val.lanman.raw_read_supported})); + raw->Assign(1, bool(${val.lanman.raw_write_supported})); auto lanman = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseLANMAN); - lanman->Assign(0, zeek::val_mgr->Count(${val.word_count})); - lanman->Assign(1, zeek::val_mgr->Count(${val.dialect_index})); + lanman->Assign(0, ${val.word_count}); + lanman->Assign(1, ${val.dialect_index}); lanman->Assign(2, std::move(security)); - lanman->Assign(3, zeek::val_mgr->Count(${val.lanman.max_buffer_size})); - lanman->Assign(4, zeek::val_mgr->Count(${val.lanman.max_mpx_count})); + lanman->Assign(3, ${val.lanman.max_buffer_size}); + lanman->Assign(4, ${val.lanman.max_mpx_count}); - lanman->Assign(5, zeek::val_mgr->Count(${val.lanman.max_number_vcs})); + lanman->Assign(5, ${val.lanman.max_number_vcs}); lanman->Assign(6, std::move(raw)); - lanman->Assign(7, zeek::val_mgr->Count(${val.lanman.session_key})); + lanman->Assign(7, ${val.lanman.session_key}); lanman->Assign(8, time_from_lanman(${val.lanman.server_time}, ${val.lanman.server_date}, ${val.lanman.server_tz})); lanman->Assign(9, to_stringval(${val.lanman.encryption_key})); @@ -80,44 +80,44 @@ refine connection SMB_Conn += { case 0x11: { auto security = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseSecurity); - security->Assign(0, zeek::val_mgr->Bool(${val.ntlm.security_user_level})); - security->Assign(1, zeek::val_mgr->Bool(${val.ntlm.security_challenge_response})); - security->Assign(2, zeek::val_mgr->Bool(${val.ntlm.security_signatures_enabled})); - security->Assign(3, zeek::val_mgr->Bool(${val.ntlm.security_signatures_required})); + security->Assign(0, bool(${val.ntlm.security_user_level})); + security->Assign(1, bool(${val.ntlm.security_challenge_response})); + security->Assign(2, bool(${val.ntlm.security_signatures_enabled})); + security->Assign(3, bool(${val.ntlm.security_signatures_required})); auto capabilities = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateCapabilities); - capabilities->Assign(0, zeek::val_mgr->Bool(${val.ntlm.capabilities_raw_mode})); - capabilities->Assign(1, zeek::val_mgr->Bool(${val.ntlm.capabilities_mpx_mode})); - capabilities->Assign(2, zeek::val_mgr->Bool(${val.ntlm.capabilities_unicode})); - capabilities->Assign(3, zeek::val_mgr->Bool(${val.ntlm.capabilities_large_files})); - capabilities->Assign(4, zeek::val_mgr->Bool(${val.ntlm.capabilities_nt_smbs})); + capabilities->Assign(0, bool(${val.ntlm.capabilities_raw_mode})); + capabilities->Assign(1, bool(${val.ntlm.capabilities_mpx_mode})); + capabilities->Assign(2, bool(${val.ntlm.capabilities_unicode})); + capabilities->Assign(3, bool(${val.ntlm.capabilities_large_files})); + capabilities->Assign(4, bool(${val.ntlm.capabilities_nt_smbs})); - capabilities->Assign(5, zeek::val_mgr->Bool(${val.ntlm.capabilities_rpc_remote_apis})); - capabilities->Assign(6, zeek::val_mgr->Bool(${val.ntlm.capabilities_status32})); - capabilities->Assign(7, zeek::val_mgr->Bool(${val.ntlm.capabilities_level_2_oplocks})); - capabilities->Assign(8, zeek::val_mgr->Bool(${val.ntlm.capabilities_lock_and_read})); - capabilities->Assign(9, zeek::val_mgr->Bool(${val.ntlm.capabilities_nt_find})); + capabilities->Assign(5, bool(${val.ntlm.capabilities_rpc_remote_apis})); + capabilities->Assign(6, bool(${val.ntlm.capabilities_status32})); + capabilities->Assign(7, bool(${val.ntlm.capabilities_level_2_oplocks})); + capabilities->Assign(8, bool(${val.ntlm.capabilities_lock_and_read})); + capabilities->Assign(9, bool(${val.ntlm.capabilities_nt_find})); - capabilities->Assign(10, zeek::val_mgr->Bool(${val.ntlm.capabilities_dfs})); - capabilities->Assign(11, zeek::val_mgr->Bool(${val.ntlm.capabilities_infolevel_passthru})); - capabilities->Assign(12, zeek::val_mgr->Bool(${val.ntlm.capabilities_large_readx})); - capabilities->Assign(13, zeek::val_mgr->Bool(${val.ntlm.capabilities_large_writex})); - capabilities->Assign(14, zeek::val_mgr->Bool(${val.ntlm.capabilities_unix})); + capabilities->Assign(10, bool(${val.ntlm.capabilities_dfs})); + capabilities->Assign(11, bool(${val.ntlm.capabilities_infolevel_passthru})); + capabilities->Assign(12, bool(${val.ntlm.capabilities_large_readx})); + capabilities->Assign(13, bool(${val.ntlm.capabilities_large_writex})); + capabilities->Assign(14, bool(${val.ntlm.capabilities_unix})); - capabilities->Assign(15, zeek::val_mgr->Bool(${val.ntlm.capabilities_bulk_transfer})); - capabilities->Assign(16, zeek::val_mgr->Bool(${val.ntlm.capabilities_compressed_data})); - capabilities->Assign(17, zeek::val_mgr->Bool(${val.ntlm.capabilities_extended_security})); + capabilities->Assign(15, bool(${val.ntlm.capabilities_bulk_transfer})); + capabilities->Assign(16, bool(${val.ntlm.capabilities_compressed_data})); + capabilities->Assign(17, bool(${val.ntlm.capabilities_extended_security})); auto ntlm = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseNTLM); - ntlm->Assign(0, zeek::val_mgr->Count(${val.word_count})); - ntlm->Assign(1, zeek::val_mgr->Count(${val.dialect_index})); + ntlm->Assign(0, ${val.word_count}); + ntlm->Assign(1, ${val.dialect_index}); ntlm->Assign(2, std::move(security)); - ntlm->Assign(3, zeek::val_mgr->Count(${val.ntlm.max_buffer_size})); - ntlm->Assign(4, zeek::val_mgr->Count(${val.ntlm.max_mpx_count})); + ntlm->Assign(3, ${val.ntlm.max_buffer_size}); + ntlm->Assign(4, ${val.ntlm.max_mpx_count}); - ntlm->Assign(5, zeek::val_mgr->Count(${val.ntlm.max_number_vcs})); - ntlm->Assign(6, zeek::val_mgr->Count(${val.ntlm.max_raw_size})); - ntlm->Assign(7, zeek::val_mgr->Count(${val.ntlm.session_key})); + ntlm->Assign(5, ${val.ntlm.max_number_vcs}); + ntlm->Assign(6, ${val.ntlm.max_raw_size}); + ntlm->Assign(7, ${val.ntlm.session_key}); ntlm->Assign(8, std::move(capabilities)); ntlm->Assign(9, filetime2zeektime(${val.ntlm.server_time})); diff --git a/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac b/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac index b6b51ac390..d80ca86c24 100644 --- a/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac +++ b/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac @@ -14,13 +14,13 @@ refine connection SMB_Conn += { { auto request = zeek::make_intrusive(zeek::BifType::Record::SMB1::SessionSetupAndXRequest); - request->Assign(0, zeek::val_mgr->Count(${val.word_count})); + request->Assign(0, ${val.word_count}); switch ( ${val.word_count} ) { case 10: // pre NT LM 0.12 - request->Assign(1, zeek::val_mgr->Count(${val.lanman.max_buffer_size})); - request->Assign(2, zeek::val_mgr->Count(${val.lanman.max_mpx_count})); - request->Assign(3, zeek::val_mgr->Count(${val.lanman.vc_number})); - request->Assign(4, zeek::val_mgr->Count(${val.lanman.session_key})); + request->Assign(1, ${val.lanman.max_buffer_size}); + request->Assign(2, ${val.lanman.max_mpx_count}); + request->Assign(3, ${val.lanman.vc_number}); + request->Assign(4, ${val.lanman.session_key}); request->Assign(5, smb_string2stringval(${val.lanman.native_os})); request->Assign(6, smb_string2stringval(${val.lanman.native_lanman})); @@ -32,17 +32,17 @@ refine connection SMB_Conn += { case 12: // NT LM 0.12 with extended security { auto capabilities = zeek::make_intrusive(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities); - capabilities->Assign(0, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.unicode})); - capabilities->Assign(1, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.large_files})); - capabilities->Assign(2, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_smbs})); - capabilities->Assign(3, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.status32})); - capabilities->Assign(4, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.level_2_oplocks})); - capabilities->Assign(5, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_find})); + capabilities->Assign(0, bool(${val.ntlm_extended_security.capabilities.unicode})); + capabilities->Assign(1, bool(${val.ntlm_extended_security.capabilities.large_files})); + capabilities->Assign(2, bool(${val.ntlm_extended_security.capabilities.nt_smbs})); + capabilities->Assign(3, bool(${val.ntlm_extended_security.capabilities.status32})); + capabilities->Assign(4, bool(${val.ntlm_extended_security.capabilities.level_2_oplocks})); + capabilities->Assign(5, bool(${val.ntlm_extended_security.capabilities.nt_find})); - request->Assign(1, zeek::val_mgr->Count(${val.ntlm_extended_security.max_buffer_size})); - request->Assign(2, zeek::val_mgr->Count(${val.ntlm_extended_security.max_mpx_count})); - request->Assign(3, zeek::val_mgr->Count(${val.ntlm_extended_security.vc_number})); - request->Assign(4, zeek::val_mgr->Count(${val.ntlm_extended_security.session_key})); + request->Assign(1, ${val.ntlm_extended_security.max_buffer_size}); + request->Assign(2, ${val.ntlm_extended_security.max_mpx_count}); + request->Assign(3, ${val.ntlm_extended_security.vc_number}); + request->Assign(4, ${val.ntlm_extended_security.session_key}); request->Assign(5, smb_string2stringval(${val.ntlm_extended_security.native_os})); request->Assign(6, smb_string2stringval(${val.ntlm_extended_security.native_lanman})); @@ -54,17 +54,17 @@ refine connection SMB_Conn += { case 13: // NT LM 0.12 without extended security { auto capabilities = zeek::make_intrusive(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities); - capabilities->Assign(0, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.unicode})); - capabilities->Assign(1, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.large_files})); - capabilities->Assign(2, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_smbs})); - capabilities->Assign(3, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.status32})); - capabilities->Assign(4, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.level_2_oplocks})); - capabilities->Assign(5, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_find})); + capabilities->Assign(0, bool(${val.ntlm_nonextended_security.capabilities.unicode})); + capabilities->Assign(1, bool(${val.ntlm_nonextended_security.capabilities.large_files})); + capabilities->Assign(2, bool(${val.ntlm_nonextended_security.capabilities.nt_smbs})); + capabilities->Assign(3, bool(${val.ntlm_nonextended_security.capabilities.status32})); + capabilities->Assign(4, bool(${val.ntlm_nonextended_security.capabilities.level_2_oplocks})); + capabilities->Assign(5, bool(${val.ntlm_nonextended_security.capabilities.nt_find})); - request->Assign(1, zeek::val_mgr->Count(${val.ntlm_nonextended_security.max_buffer_size})); - request->Assign(2, zeek::val_mgr->Count(${val.ntlm_nonextended_security.max_mpx_count})); - request->Assign(3, zeek::val_mgr->Count(${val.ntlm_nonextended_security.vc_number})); - request->Assign(4, zeek::val_mgr->Count(${val.ntlm_nonextended_security.session_key})); + request->Assign(1, ${val.ntlm_nonextended_security.max_buffer_size}); + request->Assign(2, ${val.ntlm_nonextended_security.max_mpx_count}); + request->Assign(3, ${val.ntlm_nonextended_security.vc_number}); + request->Assign(4, ${val.ntlm_nonextended_security.session_key}); request->Assign(5, smb_string2stringval(${val.ntlm_nonextended_security.native_os})); request->Assign(6, smb_string2stringval(${val.ntlm_nonextended_security.native_lanman})); @@ -91,18 +91,18 @@ refine connection SMB_Conn += { if ( smb1_session_setup_andx_response ) { auto response = zeek::make_intrusive(zeek::BifType::Record::SMB1::SessionSetupAndXResponse); - response->Assign(0, zeek::val_mgr->Count(${val.word_count})); + response->Assign(0, ${val.word_count}); switch ( ${val.word_count} ) { case 3: // pre NT LM 0.12 - response->Assign(1, zeek::val_mgr->Bool(${val.lanman.is_guest})); + response->Assign(1, bool(${val.lanman.is_guest})); response->Assign(2, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_os[0]})); response->Assign(3, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_lanman[0]})); response->Assign(4, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.primary_domain[0]})); break; case 4: // NT LM 0.12 - response->Assign(1, zeek::val_mgr->Bool(${val.ntlm.is_guest})); + response->Assign(1, bool(${val.ntlm.is_guest})); response->Assign(2, smb_string2stringval(${val.ntlm.native_os})); response->Assign(3, smb_string2stringval(${val.ntlm.native_lanman})); //response->Assign(4, smb_string2stringval(${val.ntlm.primary_domain})); diff --git a/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac b/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac index 0bb7c4f1e7..c4a102a2b7 100644 --- a/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac +++ b/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac @@ -6,14 +6,14 @@ refine connection SMB_Conn += { return false; auto args = zeek::make_intrusive(zeek::BifType::Record::SMB1::Trans_Sec_Args); - args->Assign(0, zeek::val_mgr->Count(${val.total_param_count})); - args->Assign(1, zeek::val_mgr->Count(${val.total_data_count})); - args->Assign(2, zeek::val_mgr->Count(${val.param_count})); - args->Assign(3, zeek::val_mgr->Count(${val.param_offset})); - args->Assign(4, zeek::val_mgr->Count(${val.param_displacement})); - args->Assign(5, zeek::val_mgr->Count(${val.data_count})); - args->Assign(6, zeek::val_mgr->Count(${val.data_offset})); - args->Assign(7, zeek::val_mgr->Count(${val.data_displacement})); + args->Assign(0, ${val.total_param_count}); + args->Assign(1, ${val.total_data_count}); + args->Assign(2, ${val.param_count}); + args->Assign(3, ${val.param_offset}); + args->Assign(4, ${val.param_displacement}); + args->Assign(5, ${val.data_count}); + args->Assign(6, ${val.data_offset}); + args->Assign(7, ${val.data_displacement}); auto parameters = zeek::make_intrusive(${val.parameters}.length(), (const char*)${val.parameters}.data()); diff --git a/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac b/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac index 3571579cfb..b559d428c2 100644 --- a/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac +++ b/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac @@ -6,15 +6,15 @@ refine connection SMB_Conn += { return false; auto args = zeek::make_intrusive(zeek::BifType::Record::SMB1::Trans2_Sec_Args); - args->Assign(0, zeek::val_mgr->Count(${val.total_param_count})); - args->Assign(1, zeek::val_mgr->Count(${val.total_data_count})); - args->Assign(2, zeek::val_mgr->Count(${val.param_count})); - args->Assign(3, zeek::val_mgr->Count(${val.param_offset})); - args->Assign(4, zeek::val_mgr->Count(${val.param_displacement})); - args->Assign(5, zeek::val_mgr->Count(${val.data_count})); - args->Assign(6, zeek::val_mgr->Count(${val.data_offset})); - args->Assign(7, zeek::val_mgr->Count(${val.data_displacement})); - args->Assign(8, zeek::val_mgr->Count(${val.FID})); + args->Assign(0, ${val.total_param_count}); + args->Assign(1, ${val.total_data_count}); + args->Assign(2, ${val.param_count}); + args->Assign(3, ${val.param_offset}); + args->Assign(4, ${val.param_displacement}); + args->Assign(5, ${val.data_count}); + args->Assign(6, ${val.data_offset}); + args->Assign(7, ${val.data_displacement}); + args->Assign(8, ${val.FID}); auto parameters = zeek::make_intrusive(${val.parameters}.length(), (const char*)${val.parameters}.data()); auto payload = zeek::make_intrusive(${val.data}.length(), (const char*)${val.data}.data()); diff --git a/src/analyzer/protocol/smb/smb1-com-transaction2.pac b/src/analyzer/protocol/smb/smb1-com-transaction2.pac index 4dced3ddba..f83485dc70 100644 --- a/src/analyzer/protocol/smb/smb1-com-transaction2.pac +++ b/src/analyzer/protocol/smb/smb1-com-transaction2.pac @@ -25,18 +25,18 @@ refine connection SMB_Conn += { if ( smb1_transaction2_request ) { auto args = zeek::make_intrusive(zeek::BifType::Record::SMB1::Trans2_Args); - args->Assign(0, zeek::val_mgr->Count(${val.total_param_count})); - args->Assign(1, zeek::val_mgr->Count(${val.total_data_count})); - args->Assign(2, zeek::val_mgr->Count(${val.max_param_count})); - args->Assign(3, zeek::val_mgr->Count(${val.max_data_count})); - args->Assign(4, zeek::val_mgr->Count(${val.max_setup_count})); - args->Assign(5, zeek::val_mgr->Count(${val.flags})); - args->Assign(6, zeek::val_mgr->Count(${val.timeout})); - args->Assign(7, zeek::val_mgr->Count(${val.param_count})); - args->Assign(8, zeek::val_mgr->Count(${val.param_offset})); - args->Assign(9, zeek::val_mgr->Count(${val.data_count})); - args->Assign(10, zeek::val_mgr->Count(${val.data_offset})); - args->Assign(11, zeek::val_mgr->Count(${val.setup_count})); + args->Assign(0, ${val.total_param_count}); + args->Assign(1, ${val.total_data_count}); + args->Assign(2, ${val.max_param_count}); + args->Assign(3, ${val.max_data_count}); + args->Assign(4, ${val.max_setup_count}); + args->Assign(5, ${val.flags}); + args->Assign(6, ${val.timeout}); + args->Assign(7, ${val.param_count}); + args->Assign(8, ${val.param_offset}); + args->Assign(9, ${val.data_count}); + args->Assign(10, ${val.data_offset}); + args->Assign(11, ${val.setup_count}); zeek::BifEvent::enqueue_smb1_transaction2_request(zeek_analyzer(), zeek_analyzer()->Conn(), @@ -132,11 +132,11 @@ refine connection SMB_Conn += { if ( smb1_trans2_find_first2_request ) { auto result = zeek::make_intrusive(zeek::BifType::Record::SMB1::Find_First2_Request_Args); - result->Assign(0, zeek::val_mgr->Count(${val.search_attrs})); - result->Assign(1, zeek::val_mgr->Count(${val.search_count})); - result->Assign(2, zeek::val_mgr->Count(${val.flags})); - result->Assign(3, zeek::val_mgr->Count(${val.info_level})); - result->Assign(4, zeek::val_mgr->Count(${val.search_storage_type})); + result->Assign(0, ${val.search_attrs}); + result->Assign(1, ${val.search_count}); + result->Assign(2, ${val.flags}); + result->Assign(3, ${val.info_level}); + result->Assign(4, ${val.search_storage_type}); result->Assign(5, smb_string2stringval(${val.file_name})); zeek::BifEvent::enqueue_smb1_trans2_find_first2_request(zeek_analyzer(), zeek_analyzer()->Conn(), diff --git a/src/analyzer/protocol/smb/smb1-protocol.pac b/src/analyzer/protocol/smb/smb1-protocol.pac index ea3b7f3340..1ea508d0dd 100644 --- a/src/analyzer/protocol/smb/smb1-protocol.pac +++ b/src/analyzer/protocol/smb/smb1-protocol.pac @@ -25,14 +25,14 @@ // { // do nothing // } - r->Assign(0, zeek::val_mgr->Count(${hdr.command})); - r->Assign(1, zeek::val_mgr->Count(${hdr.status})); - r->Assign(2, zeek::val_mgr->Count(${hdr.flags})); - r->Assign(3, zeek::val_mgr->Count(${hdr.flags2})); - r->Assign(4, zeek::val_mgr->Count(${hdr.tid})); - r->Assign(5, zeek::val_mgr->Count(${hdr.pid})); - r->Assign(6, zeek::val_mgr->Count(${hdr.uid})); - r->Assign(7, zeek::val_mgr->Count(${hdr.mid})); + r->Assign(0, ${hdr.command}); + r->Assign(1, ${hdr.status}); + r->Assign(2, ${hdr.flags}); + r->Assign(3, ${hdr.flags2}); + r->Assign(4, ${hdr.tid}); + r->Assign(5, ${hdr.pid}); + r->Assign(6, ${hdr.uid}); + r->Assign(7, ${hdr.mid}); return r; } diff --git a/src/analyzer/protocol/smb/smb2-com-close.pac b/src/analyzer/protocol/smb/smb2-com-close.pac index 13d34f0663..1efc7ec4e7 100644 --- a/src/analyzer/protocol/smb/smb2-com-close.pac +++ b/src/analyzer/protocol/smb/smb2-com-close.pac @@ -22,8 +22,8 @@ refine connection SMB_Conn += { { auto resp = zeek::make_intrusive(zeek::BifType::Record::SMB2::CloseResponse); - resp->Assign(0, zeek::val_mgr->Count(${val.alloc_size})); - resp->Assign(1, zeek::val_mgr->Count(${val.eof})); + resp->Assign(0, ${val.alloc_size}); + resp->Assign(1, ${val.eof}); resp->Assign(2, SMB_BuildMACTimes(${val.last_write_time}, ${val.last_access_time}, ${val.creation_time}, diff --git a/src/analyzer/protocol/smb/smb2-com-create.pac b/src/analyzer/protocol/smb/smb2-com-create.pac index 97e55791e0..d10296b1cb 100644 --- a/src/analyzer/protocol/smb/smb2-com-create.pac +++ b/src/analyzer/protocol/smb/smb2-com-create.pac @@ -18,8 +18,8 @@ refine connection SMB_Conn += { { auto requestinfo = zeek::make_intrusive(zeek::BifType::Record::SMB2::CreateRequest); requestinfo->Assign(0, std::move(filename)); - requestinfo->Assign(1, zeek::val_mgr->Count(${val.disposition})); - requestinfo->Assign(2, zeek::val_mgr->Count(${val.create_options})); + requestinfo->Assign(1, ${val.disposition}); + requestinfo->Assign(2, ${val.create_options}); zeek::BifEvent::enqueue_smb2_create_request(zeek_analyzer(), zeek_analyzer()->Conn(), BuildSMB2HeaderVal(h), @@ -35,13 +35,13 @@ refine connection SMB_Conn += { { auto responseinfo = zeek::make_intrusive(zeek::BifType::Record::SMB2::CreateResponse); responseinfo->Assign(0, BuildSMB2GUID(${val.file_id})); - responseinfo->Assign(1, zeek::val_mgr->Count(${val.eof})); + responseinfo->Assign(1, ${val.eof}); responseinfo->Assign(2, SMB_BuildMACTimes(${val.last_write_time}, ${val.last_access_time}, ${val.creation_time}, ${val.change_time})); responseinfo->Assign(3, smb2_file_attrs_to_zeek(${val.file_attrs})); - responseinfo->Assign(4, zeek::val_mgr->Count(${val.create_action})); + responseinfo->Assign(4, ${val.create_action}); zeek::BifEvent::enqueue_smb2_create_response(zeek_analyzer(), zeek_analyzer()->Conn(), BuildSMB2HeaderVal(h), diff --git a/src/analyzer/protocol/smb/smb2-com-negotiate.pac b/src/analyzer/protocol/smb/smb2-com-negotiate.pac index 68012fc588..d9c1a5dde4 100644 --- a/src/analyzer/protocol/smb/smb2-com-negotiate.pac +++ b/src/analyzer/protocol/smb/smb2-com-negotiate.pac @@ -41,12 +41,12 @@ refine connection SMB_Conn += { { auto nr = zeek::make_intrusive(zeek::BifType::Record::SMB2::NegotiateResponse); - nr->Assign(0, zeek::val_mgr->Count(${val.dialect_revision})); - nr->Assign(1, zeek::val_mgr->Count(${val.security_mode})); + nr->Assign(0, ${val.dialect_revision}); + nr->Assign(1, ${val.security_mode}); nr->Assign(2, BuildSMB2GUID(${val.server_guid})); nr->Assign(3, filetime2zeektime(${val.system_time})); nr->Assign(4, filetime2zeektime(${val.server_start_time})); - nr->Assign(5, zeek::val_mgr->Count(${val.negotiate_context_count})); + nr->Assign(5, ${val.negotiate_context_count}); auto cv = zeek::make_intrusive(zeek::BifType::Vector::SMB2::NegotiateContextValues); diff --git a/src/analyzer/protocol/smb/smb2-com-session-setup.pac b/src/analyzer/protocol/smb/smb2-com-session-setup.pac index b8132184a5..365d10bbdf 100644 --- a/src/analyzer/protocol/smb/smb2-com-session-setup.pac +++ b/src/analyzer/protocol/smb/smb2-com-session-setup.pac @@ -5,7 +5,7 @@ refine connection SMB_Conn += { if ( smb2_session_setup_request ) { auto req = zeek::make_intrusive(zeek::BifType::Record::SMB2::SessionSetupRequest); - req->Assign(0, zeek::val_mgr->Count(${val.security_mode})); + req->Assign(0, ${val.security_mode}); zeek::BifEvent::enqueue_smb2_session_setup_request(zeek_analyzer(), zeek_analyzer()->Conn(), @@ -21,9 +21,9 @@ refine connection SMB_Conn += { if ( smb2_session_setup_response ) { auto flags = zeek::make_intrusive(zeek::BifType::Record::SMB2::SessionSetupFlags); - flags->Assign(0, zeek::val_mgr->Bool(${val.flag_guest})); - flags->Assign(1, zeek::val_mgr->Bool(${val.flag_anonymous})); - flags->Assign(2, zeek::val_mgr->Bool(${val.flag_encrypt})); + flags->Assign(0, bool(${val.flag_guest})); + flags->Assign(1, bool(${val.flag_anonymous})); + flags->Assign(2, bool(${val.flag_encrypt})); auto resp = zeek::make_intrusive(zeek::BifType::Record::SMB2::SessionSetupResponse); resp->Assign(0, std::move(flags)); diff --git a/src/analyzer/protocol/smb/smb2-com-set-info.pac b/src/analyzer/protocol/smb/smb2-com-set-info.pac index c76ce00781..9f109debe7 100644 --- a/src/analyzer/protocol/smb/smb2-com-set-info.pac +++ b/src/analyzer/protocol/smb/smb2-com-set-info.pac @@ -193,12 +193,12 @@ refine connection SMB_Conn += { if ( smb2_file_fscontrol ) { auto r = zeek::make_intrusive(zeek::BifType::Record::SMB2::Fscontrol); - r->Assign(0, zeek::val_mgr->Int(${val.free_space_start_filtering})); - r->Assign(1, zeek::val_mgr->Int(${val.free_space_start_threshold})); - r->Assign(2, zeek::val_mgr->Int(${val.free_space_stop_filtering})); - r->Assign(3, zeek::val_mgr->Count(${val.default_quota_threshold})); - r->Assign(4, zeek::val_mgr->Count(${val.default_quota_limit})); - r->Assign(5, zeek::val_mgr->Count(${val.file_system_control_flags})); + r->Assign(0, int(${val.free_space_start_filtering})); + r->Assign(1, int(${val.free_space_start_threshold})); + r->Assign(2, int(${val.free_space_stop_filtering})); + r->Assign(3, ${val.default_quota_threshold}); + r->Assign(4, ${val.default_quota_limit}); + r->Assign(5, ${val.file_system_control_flags}); zeek::BifEvent::enqueue_smb2_file_fscontrol(zeek_analyzer(), zeek_analyzer()->Conn(), diff --git a/src/analyzer/protocol/smb/smb2-com-transform-header.pac b/src/analyzer/protocol/smb/smb2-com-transform-header.pac index 1c28a91f6d..5c6da802ef 100644 --- a/src/analyzer/protocol/smb/smb2-com-transform-header.pac +++ b/src/analyzer/protocol/smb/smb2-com-transform-header.pac @@ -7,9 +7,9 @@ refine connection SMB_Conn += { auto r = zeek::make_intrusive(zeek::BifType::Record::SMB2::Transform_header); r->Assign(0, to_stringval(${hdr.signature})); r->Assign(1, to_stringval(${hdr.nonce})); - r->Assign(2, zeek::val_mgr->Count(${hdr.orig_msg_size})); - r->Assign(3, zeek::val_mgr->Count(${hdr.flags})); - r->Assign(4, zeek::val_mgr->Count(${hdr.session_id})); + r->Assign(2, ${hdr.orig_msg_size}); + r->Assign(3, ${hdr.flags}); + r->Assign(4, ${hdr.session_id}); zeek::BifEvent::enqueue_smb2_transform_header(zeek_analyzer(), zeek_analyzer()->Conn(), diff --git a/src/analyzer/protocol/smb/smb2-com-tree-connect.pac b/src/analyzer/protocol/smb/smb2-com-tree-connect.pac index cc7af36b4d..1ad93d0b73 100644 --- a/src/analyzer/protocol/smb/smb2-com-tree-connect.pac +++ b/src/analyzer/protocol/smb/smb2-com-tree-connect.pac @@ -19,7 +19,7 @@ refine connection SMB_Conn += { if ( smb2_tree_connect_response ) { auto resp = zeek::make_intrusive(zeek::BifType::Record::SMB2::TreeConnectResponse); - resp->Assign(0, zeek::val_mgr->Count(${val.share_type})); + resp->Assign(0, ${val.share_type}); zeek::BifEvent::enqueue_smb2_tree_connect_response(zeek_analyzer(), zeek_analyzer()->Conn(), diff --git a/src/analyzer/protocol/smb/smb2-protocol.pac b/src/analyzer/protocol/smb/smb2-protocol.pac index 95d320fbbb..488ced44f0 100644 --- a/src/analyzer/protocol/smb/smb2-protocol.pac +++ b/src/analyzer/protocol/smb/smb2-protocol.pac @@ -12,15 +12,15 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv); zeek::RecordValPtr BuildSMB2HeaderVal(SMB2_Header* hdr) { auto r = zeek::make_intrusive(zeek::BifType::Record::SMB2::Header); - r->Assign(0, zeek::val_mgr->Count(${hdr.credit_charge})); - r->Assign(1, zeek::val_mgr->Count(${hdr.status})); - r->Assign(2, zeek::val_mgr->Count(${hdr.command})); - r->Assign(3, zeek::val_mgr->Count(${hdr.credits})); - r->Assign(4, zeek::val_mgr->Count(${hdr.flags})); - r->Assign(5, zeek::val_mgr->Count(${hdr.message_id})); - r->Assign(6, zeek::val_mgr->Count(${hdr.process_id})); - r->Assign(7, zeek::val_mgr->Count(${hdr.tree_id})); - r->Assign(8, zeek::val_mgr->Count(${hdr.session_id})); + r->Assign(0, ${hdr.credit_charge}); + r->Assign(1, ${hdr.status}); + r->Assign(2, ${hdr.command}); + r->Assign(3, ${hdr.credits}); + r->Assign(4, ${hdr.flags}); + r->Assign(5, ${hdr.message_id}); + r->Assign(6, ${hdr.process_id}); + r->Assign(7, ${hdr.tree_id}); + r->Assign(8, ${hdr.session_id}); r->Assign(9, to_stringval(${hdr.signature})); return r; } @@ -28,29 +28,29 @@ zeek::RecordValPtr BuildSMB2HeaderVal(SMB2_Header* hdr) zeek::RecordValPtr BuildSMB2GUID(SMB2_guid* file_id) { auto r = zeek::make_intrusive(zeek::BifType::Record::SMB2::GUID); - r->Assign(0, zeek::val_mgr->Count(${file_id.persistent})); - r->Assign(1, zeek::val_mgr->Count(${file_id._volatile})); + r->Assign(0, ${file_id.persistent}); + r->Assign(1, ${file_id._volatile}); return r; } zeek::RecordValPtr smb2_file_attrs_to_zeek(SMB2_file_attributes* val) { auto r = zeek::make_intrusive(zeek::BifType::Record::SMB2::FileAttrs); - r->Assign(0, zeek::val_mgr->Bool(${val.read_only})); - r->Assign(1, zeek::val_mgr->Bool(${val.hidden})); - r->Assign(2, zeek::val_mgr->Bool(${val.system})); - r->Assign(3, zeek::val_mgr->Bool(${val.directory})); - r->Assign(4, zeek::val_mgr->Bool(${val.archive})); - r->Assign(5, zeek::val_mgr->Bool(${val.normal})); - r->Assign(6, zeek::val_mgr->Bool(${val.temporary})); - r->Assign(7, zeek::val_mgr->Bool(${val.sparse_file})); - r->Assign(8, zeek::val_mgr->Bool(${val.reparse_point})); - r->Assign(9, zeek::val_mgr->Bool(${val.compressed})); - r->Assign(10, zeek::val_mgr->Bool(${val.offline})); - r->Assign(11, zeek::val_mgr->Bool(${val.not_content_indexed})); - r->Assign(12, zeek::val_mgr->Bool(${val.encrypted})); - r->Assign(13, zeek::val_mgr->Bool(${val.integrity_stream})); - r->Assign(14, zeek::val_mgr->Bool(${val.no_scrub_data})); + r->Assign(0, bool(${val.read_only})); + r->Assign(1, bool(${val.hidden})); + r->Assign(2, bool(${val.system})); + r->Assign(3, bool(${val.directory})); + r->Assign(4, bool(${val.archive})); + r->Assign(5, bool(${val.normal})); + r->Assign(6, bool(${val.temporary})); + r->Assign(7, bool(${val.sparse_file})); + r->Assign(8, bool(${val.reparse_point})); + r->Assign(9, bool(${val.compressed})); + r->Assign(10, bool(${val.offline})); + r->Assign(11, bool(${val.not_content_indexed})); + r->Assign(12, bool(${val.encrypted})); + r->Assign(13, bool(${val.integrity_stream})); + r->Assign(14, bool(${val.no_scrub_data})); return r; } @@ -58,15 +58,15 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv) { auto r = zeek::make_intrusive(zeek::BifType::Record::SMB2::NegotiateContextValue); - r->Assign(0, zeek::val_mgr->Count(${ncv.context_type})); - r->Assign(1, zeek::val_mgr->Count(${ncv.data_length})); + r->Assign(0, ${ncv.context_type}); + r->Assign(1, ${ncv.data_length}); switch ( ${ncv.context_type} ) { case SMB2_PREAUTH_INTEGRITY_CAPABILITIES: { auto rpreauth = zeek::make_intrusive(zeek::BifType::Record::SMB2::PreAuthIntegrityCapabilities); - rpreauth->Assign(0, zeek::val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg_count})); - rpreauth->Assign(1, zeek::val_mgr->Count(${ncv.preauth_integrity_capabilities.salt_length})); + rpreauth->Assign(0, ${ncv.preauth_integrity_capabilities.hash_alg_count}); + rpreauth->Assign(1, ${ncv.preauth_integrity_capabilities.salt_length}); auto ha = zeek::make_intrusive(zeek::id::index_vec); @@ -85,7 +85,7 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv) case SMB2_ENCRYPTION_CAPABILITIES: { auto rencr = zeek::make_intrusive(zeek::BifType::Record::SMB2::EncryptionCapabilities); - rencr->Assign(0, zeek::val_mgr->Count(${ncv.encryption_capabilities.cipher_count})); + rencr->Assign(0, ${ncv.encryption_capabilities.cipher_count}); auto c = zeek::make_intrusive(zeek::id::index_vec); @@ -103,7 +103,7 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv) case SMB2_COMPRESSION_CAPABILITIES: { auto rcomp = zeek::make_intrusive(zeek::BifType::Record::SMB2::CompressionCapabilities); - rcomp->Assign(0, zeek::val_mgr->Count(${ncv.compression_capabilities.alg_count})); + rcomp->Assign(0, ${ncv.compression_capabilities.alg_count}); auto c = zeek::make_intrusive(zeek::id::index_vec); diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac index f719e25163..56a65cdc1c 100644 --- a/src/analyzer/protocol/snmp/snmp-analyzer.pac +++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac @@ -47,7 +47,7 @@ zeek::ValPtr asn1_obj_to_val(const ASN1Encoding* obj) zeek::RecordValPtr rval = zeek::make_intrusive(zeek::BifType::Record::SNMP::ObjectValue); uint8 tag = obj->meta()->tag(); - rval->Assign(0, zeek::val_mgr->Count(tag)); + rval->Assign(0, tag); switch ( tag ) { case VARBIND_UNSPECIFIED_TAG: @@ -93,7 +93,7 @@ zeek::ValPtr time_ticks_to_val(const TimeTicks* tt) zeek::RecordValPtr build_hdr(const Header* header) { auto rv = zeek::make_intrusive(zeek::BifType::Record::SNMP::Header); - rv->Assign(0, zeek::val_mgr->Count(header->version())); + rv->Assign(0, uint64_t(header->version())); switch ( header->version() ) { case SNMPV1_TAG: @@ -132,10 +132,10 @@ zeek::RecordValPtr build_hdrV3(const Header* header) v3->Assign(0, asn1_integer_to_val(global_data->id(), zeek::TYPE_COUNT)); v3->Assign(1, asn1_integer_to_val(global_data->max_size(), zeek::TYPE_COUNT)); - v3->Assign(2, zeek::val_mgr->Count(flags_byte)); - v3->Assign(3, zeek::val_mgr->Bool(flags_byte & 0x01)); - v3->Assign(4, zeek::val_mgr->Bool(flags_byte & 0x02)); - v3->Assign(5, zeek::val_mgr->Bool(flags_byte & 0x04)); + v3->Assign(2, flags_byte); + v3->Assign(3, bool(flags_byte & 0x01)); + v3->Assign(4, bool(flags_byte & 0x02)); + v3->Assign(5, bool(flags_byte & 0x04)); v3->Assign(6, asn1_integer_to_val(global_data->security_model(), zeek::TYPE_COUNT)); v3->Assign(7, asn1_octet_string_to_val(v3hdr->security_parameters())); diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index 71e8bcd423..6e917e0612 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -111,7 +111,7 @@ refine flow SSH_Flow += { } - result->Assign(6, zeek::val_mgr->Bool(!${msg.is_orig})); + result->Assign(6, bool(!${msg.is_orig})); zeek::BifEvent::enqueue_ssh_capabilities(connection()->zeek_analyzer(), connection()->zeek_analyzer()->Conn(), to_stringval(${msg.cookie}), diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index 9806fe31f1..961eb8eaf3 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -161,8 +161,8 @@ refine connection Handshake_Conn += { for ( unsigned int i = 0; i < supported_signature_algorithms->size(); ++i ) { auto el = zeek::make_intrusive(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm); - el->Assign(0, zeek::val_mgr->Count((*supported_signature_algorithms)[i]->HashAlgorithm())); - el->Assign(1, zeek::val_mgr->Count((*supported_signature_algorithms)[i]->SignatureAlgorithm())); + el->Assign(0, (*supported_signature_algorithms)[i]->HashAlgorithm()); + el->Assign(1, (*supported_signature_algorithms)[i]->SignatureAlgorithm()); slist->Assign(i, std::move(el)); } } @@ -345,14 +345,14 @@ refine connection Handshake_Conn += { if ( ${kex.signed_params.uses_signature_and_hashalgorithm} ) { - ha->Assign(0, zeek::val_mgr->Count(${kex.signed_params.algorithm.HashAlgorithm})); - ha->Assign(1, zeek::val_mgr->Count(${kex.signed_params.algorithm.SignatureAlgorithm})); + ha->Assign(0, ${kex.signed_params.algorithm.HashAlgorithm}); + ha->Assign(1, ${kex.signed_params.algorithm.SignatureAlgorithm}); } else { // set to impossible value - ha->Assign(0, zeek::val_mgr->Count(256)); - ha->Assign(1, zeek::val_mgr->Count(256)); + ha->Assign(0, 256); + ha->Assign(1, 256); } zeek::BifEvent::enqueue_ssl_server_signature(zeek_analyzer(), @@ -414,8 +414,8 @@ refine connection Handshake_Conn += { return true; auto ha = zeek::make_intrusive(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm); - ha->Assign(0, zeek::val_mgr->Count(digitally_signed_algorithms->HashAlgorithm())); - ha->Assign(1, zeek::val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm())); + ha->Assign(0, digitally_signed_algorithms->HashAlgorithm()); + ha->Assign(1, digitally_signed_algorithms->SignatureAlgorithm()); zeek::BifEvent::enqueue_ssl_extension_signed_certificate_timestamp(zeek_analyzer(), zeek_analyzer()->Conn(), ${rec.is_orig}, @@ -445,14 +445,14 @@ refine connection Handshake_Conn += { if ( ${signed_params.uses_signature_and_hashalgorithm} ) { - ha->Assign(0, zeek::val_mgr->Count(${signed_params.algorithm.HashAlgorithm})); - ha->Assign(1, zeek::val_mgr->Count(${signed_params.algorithm.SignatureAlgorithm})); + ha->Assign(0, ${signed_params.algorithm.HashAlgorithm}); + ha->Assign(1, ${signed_params.algorithm.SignatureAlgorithm}); } else { // set to impossible value - ha->Assign(0, zeek::val_mgr->Count(256)); - ha->Assign(1, zeek::val_mgr->Count(256)); + ha->Assign(0, 256); + ha->Assign(1, 256); } zeek::BifEvent::enqueue_ssl_server_signature(zeek_analyzer(), @@ -499,7 +499,7 @@ refine connection Handshake_Conn += { { auto el = zeek::make_intrusive(zeek::BifType::Record::SSL::PSKIdentity); el->Assign(0, zeek::make_intrusive(identity->identity().length(), (const char*) identity->identity().data())); - el->Assign(1, zeek::val_mgr->Count(identity->obfuscated_ticket_age())); + el->Assign(1, identity->obfuscated_ticket_age()); slist->Assign(slist->Size(), std::move(el)); } } diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index e6b29a000c..09708a21ad 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -109,14 +109,14 @@ static RecordVal* build_syn_packet_val(bool is_orig, const IP_Hdr* ip, static auto SYN_packet = id::find_type("SYN_packet"); auto* v = new RecordVal(SYN_packet); - v->Assign(0, val_mgr->Bool(is_orig)); - v->Assign(1, val_mgr->Bool(int(ip->DF()))); - v->Assign(2, val_mgr->Count((ip->TTL()))); - v->Assign(3, val_mgr->Count((ip->TotalLen()))); - v->Assign(4, val_mgr->Count(ntohs(tcp->th_win))); - v->Assign(5, val_mgr->Int(winscale)); - v->Assign(6, val_mgr->Count(MSS)); - v->Assign(7, val_mgr->Bool(SACK)); + v->Assign(0, bool(is_orig)); + v->Assign(1, bool(int(ip->DF()))); + v->Assign(2, uint32_t(ip->TTL())); + v->Assign(3, uint32_t((ip->TotalLen()))); + v->Assign(4, uint32_t(ntohs(tcp->th_win))); + v->Assign(5, int(winscale)); + v->Assign(6, uint32_t(MSS)); + v->Assign(7, bool(SACK)); return v; } @@ -1285,10 +1285,10 @@ void TCP_Analyzer::UpdateConnVal(RecordVal *conn_val) auto orig_endp_val = conn_val->GetFieldAs("orig"); auto resp_endp_val = conn_val->GetFieldAs("resp"); - orig_endp_val->Assign(0, val_mgr->Count(orig->Size())); - orig_endp_val->Assign(1, val_mgr->Count(int(orig->state))); - resp_endp_val->Assign(0, val_mgr->Count(resp->Size())); - resp_endp_val->Assign(1, val_mgr->Count(int(resp->state))); + orig_endp_val->Assign(0, orig->Size()); + orig_endp_val->Assign(1, int(orig->state)); + resp_endp_val->Assign(0, resp->Size()); + resp_endp_val->Assign(1, int(resp->state)); // Call children's UpdateConnVal Analyzer::UpdateConnVal(conn_val); @@ -1369,8 +1369,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) auto length = kind < 2 ? 1 : o[1]; auto option_record = make_intrusive(BifType::Record::TCP::Option); option_list->Assign(option_list->Size(), option_record); - option_record->Assign(0, val_mgr->Count(kind)); - option_record->Assign(1, val_mgr->Count(length)); + option_record->Assign(0, uint32_t(kind)); + option_record->Assign(1, uint32_t(length)); switch ( kind ) { case 2: @@ -1378,7 +1378,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) if ( length == 4 ) { auto mss = ntohs(*reinterpret_cast(o + 2)); - option_record->Assign(3, val_mgr->Count(mss)); + option_record->Assign(3, uint32_t(mss)); } else { @@ -1392,7 +1392,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) if ( length == 3 ) { auto scale = o[2]; - option_record->Assign(4, val_mgr->Count(scale)); + option_record->Assign(4, uint32_t(scale)); } else { @@ -1438,8 +1438,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) { auto send = ntohl(*reinterpret_cast(o + 2)); auto echo = ntohl(*reinterpret_cast(o + 6)); - option_record->Assign(6, val_mgr->Count(send)); - option_record->Assign(7, val_mgr->Count(echo)); + option_record->Assign(6, uint32_t(send)); + option_record->Assign(7, uint32_t(echo)); } else { @@ -2076,13 +2076,13 @@ RecordVal* TCPStats_Endpoint::BuildStats() static auto endpoint_stats = id::find_type("endpoint_stats"); auto* stats = new RecordVal(endpoint_stats); - stats->Assign(0, val_mgr->Count(num_pkts)); - stats->Assign(1, val_mgr->Count(num_rxmit)); - stats->Assign(2, val_mgr->Count(num_rxmit_bytes)); - stats->Assign(3, val_mgr->Count(num_in_order)); - stats->Assign(4, val_mgr->Count(num_OO)); - stats->Assign(5, val_mgr->Count(num_repl)); - stats->Assign(6, val_mgr->Count(endian_type)); + stats->Assign(0, num_pkts); + stats->Assign(1, num_rxmit); + stats->Assign(2, num_rxmit_bytes); + stats->Assign(3, num_in_order); + stats->Assign(4, num_OO); + stats->Assign(5, num_repl); + stats->Assign(6, endian_type); return stats; } diff --git a/src/analyzer/protocol/teredo/Teredo.cc b/src/analyzer/protocol/teredo/Teredo.cc index ef18c39f73..53c9458d14 100644 --- a/src/analyzer/protocol/teredo/Teredo.cc +++ b/src/analyzer/protocol/teredo/Teredo.cc @@ -109,12 +109,10 @@ RecordValPtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const uint8_t au_len = *((uint8_t*)(auth + 3)); uint64_t nonce = ntohll(*((uint64_t*)(auth + 4 + id_len + au_len))); uint8_t conf = *((uint8_t*)(auth + 4 + id_len + au_len + 8)); - teredo_auth->Assign(0, make_intrusive( - new String(auth + 4, id_len, true))); - teredo_auth->Assign(1, make_intrusive( - new String(auth + 4 + id_len, au_len, true))); - teredo_auth->Assign(2, val_mgr->Count(nonce)); - teredo_auth->Assign(3, val_mgr->Count(conf)); + teredo_auth->Assign(0, new String(auth + 4, id_len, true)); + teredo_auth->Assign(1, new String(auth + 4 + id_len, au_len, true)); + teredo_auth->Assign(2, nonce); + teredo_auth->Assign(3, conf); teredo_hdr->Assign(0, std::move(teredo_auth)); } diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index b24e30fb1b..577dd95810 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -235,14 +235,14 @@ void UDP_Analyzer::UpdateEndpointVal(RecordVal* endp, bool is_orig) bro_int_t size = is_orig ? request_len : reply_len; if ( size < 0 ) { - endp->Assign(0, val_mgr->Count(0)); - endp->Assign(1, val_mgr->Count(int(UDP_INACTIVE))); + endp->Assign(0, 0); + endp->Assign(1, int(UDP_INACTIVE)); } else { - endp->Assign(0, val_mgr->Count(size)); - endp->Assign(1, val_mgr->Count(int(UDP_ACTIVE))); + endp->Assign(0, uint64_t(size)); + endp->Assign(1, int(UDP_ACTIVE)); } } diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 07bca256f6..f182f98350 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -784,7 +784,7 @@ RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame) return rval; } - rval->Assign(0, make_intrusive(func->Name())); + rval->Assign(0, func->Name()); continue; } @@ -1453,20 +1453,20 @@ void Manager::ProcessStatus(broker::status_view stat) if ( ctx ) { - endpoint_info->Assign(0, make_intrusive(to_string(ctx->node))); + endpoint_info->Assign(0, to_string(ctx->node)); static auto ni = id::find_type("Broker::NetworkInfo"); auto network_info = make_intrusive(ni); if ( ctx->network ) { - network_info->Assign(0, make_intrusive(ctx->network->address.data())); + network_info->Assign(0, ctx->network->address.data()); network_info->Assign(1, val_mgr->Port(ctx->network->port, TRANSPORT_TCP)); } else { // TODO: are there any status messages where the ctx->network // is not set and actually could be? - network_info->Assign(0, make_intrusive("")); + network_info->Assign(0, ""); network_info->Assign(1, val_mgr->Port(0, TRANSPORT_TCP)); } diff --git a/src/broker/comm.bif b/src/broker/comm.bif index 87f213361c..35cb69df87 100644 --- a/src/broker/comm.bif +++ b/src/broker/comm.bif @@ -126,7 +126,7 @@ function Broker::__peers%(%): PeerInfos network_info->Assign(1, zeek::val_mgr->Port(0, TRANSPORT_TCP)); } - endpoint_info->Assign(0, zeek::make_intrusive(to_string(p.peer.node))); + endpoint_info->Assign(0, to_string(p.peer.node)); endpoint_info->Assign(1, std::move(network_info)); auto ps = (BifEnum::Broker::PeerStatus)p.status; diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 69f6e48517..16b5ac1e9f 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -92,12 +92,12 @@ File::File(const std::string& file_id, const std::string& source_name, Connectio DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Creating new File object", file_id.c_str()); val = make_intrusive(id::fa_file); - val->Assign(id_idx, make_intrusive(file_id.c_str())); + val->Assign(id_idx, file_id); SetSource(source_name); if ( conn ) { - val->Assign(is_orig_idx, val_mgr->Bool(is_orig)); + val->Assign(is_orig_idx, is_orig); UpdateConnectionFields(conn, is_orig); } @@ -115,7 +115,7 @@ File::~File() void File::UpdateLastActivityTime() { - val->Assign(last_active_idx, make_intrusive(run_state::network_time)); + val->AssignTime(last_active_idx, run_state::network_time); } double File::GetLastActivityTime() const @@ -190,7 +190,7 @@ std::string File::GetSource() const void File::SetSource(const std::string& source) { - val->Assign(source_idx, make_intrusive(source.c_str())); + val->Assign(source_idx, source); } double File::GetTimeoutInterval() const @@ -200,7 +200,7 @@ double File::GetTimeoutInterval() const void File::SetTimeoutInterval(double interval) { - val->Assign(timeout_interval_idx, make_intrusive(interval)); + val->AssignInterval(timeout_interval_idx, interval); } bool File::SetExtractionLimit(RecordValPtr args, uint64_t bytes) @@ -223,13 +223,13 @@ bool File::SetExtractionLimit(RecordValPtr args, uint64_t bytes) void File::IncrementByteCount(uint64_t size, int field_idx) { uint64_t old = LookupFieldDefaultCount(field_idx); - val->Assign(field_idx, val_mgr->Count(old + size)); + val->Assign(field_idx, old + size); } void File::SetTotalBytes(uint64_t size) { DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Total bytes %" PRIu64, id.c_str(), size); - val->Assign(total_bytes_idx, val_mgr->Count(size)); + val->Assign(total_bytes_idx, size); } bool File::IsComplete() const @@ -298,8 +298,8 @@ bool File::SetMime(const std::string& mime_type) return false; auto meta = make_intrusive(id::fa_metadata); - meta->Assign(meta_mime_type_idx, make_intrusive(mime_type)); - meta->Assign(meta_inferred_idx, val_mgr->False()); + meta->Assign(meta_mime_type_idx, mime_type); + meta->Assign(meta_inferred_idx, false); FileEvent(file_sniff, {val, std::move(meta)}); return true; @@ -317,7 +317,7 @@ void File::InferMetadata() return; String* bs = concatenate(bof_buffer.chunks); - val->Assign(bof_buffer_idx, bs); + val->Assign(bof_buffer_idx, bs); bof_buffer_val = val->GetField(bof_buffer_idx).get(); } @@ -334,7 +334,7 @@ void File::InferMetadata() if ( ! matches.empty() ) { - meta->Assign(meta_mime_type_idx, + meta->Assign(meta_mime_type_idx, *(matches.begin()->second.begin())); meta->Assign(meta_mime_types_idx, file_analysis::GenMIMEMatchesVal(matches)); @@ -361,7 +361,7 @@ bool File::BufferBOF(const u_char* data, uint64_t len) if ( bof_buffer.size > 0 ) { String* bs = concatenate(bof_buffer.chunks); - val->Assign(bof_buffer_idx, make_intrusive(bs)); + val->Assign(bof_buffer_idx, bs); } return false; diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index 9300a9e2ea..30b3a9fe27 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -524,8 +524,8 @@ VectorValPtr GenMIMEMatchesVal(const zeek::detail::RuleMatcher::MIME_Matches& m) for ( set::const_iterator it2 = it->second.begin(); it2 != it->second.end(); ++it2 ) { - element->Assign(0, val_mgr->Int(it->first)); - element->Assign(1, make_intrusive(*it2)); + element->Assign(0, it->first); + element->Assign(1, *it2); } rval->Assign(rval->Size(), std::move(element)); diff --git a/src/file_analysis/analyzer/entropy/Entropy.cc b/src/file_analysis/analyzer/entropy/Entropy.cc index 22517e720d..849e907db0 100644 --- a/src/file_analysis/analyzer/entropy/Entropy.cc +++ b/src/file_analysis/analyzer/entropy/Entropy.cc @@ -63,11 +63,11 @@ void Entropy::Finalize() static auto entropy_test_result = id::find_type("entropy_test_result"); auto ent_result = make_intrusive(entropy_test_result); - ent_result->Assign(0, ent); - ent_result->Assign(1, chisq); - ent_result->Assign(2, mean); - ent_result->Assign(3, montepi); - ent_result->Assign(4, scc); + ent_result->Assign(0, ent); + ent_result->Assign(1, chisq); + ent_result->Assign(2, mean); + ent_result->Assign(3, montepi); + ent_result->Assign(4, scc); event_mgr.Enqueue(file_entropy, GetFile()->ToVal(), diff --git a/src/file_analysis/analyzer/pe/pe-analyzer.pac b/src/file_analysis/analyzer/pe/pe-analyzer.pac index 0527a12189..6b34babe8c 100644 --- a/src/file_analysis/analyzer/pe/pe-analyzer.pac +++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac @@ -49,22 +49,22 @@ refine flow File += { { auto dh = zeek::make_intrusive(zeek::BifType::Record::PE::DOSHeader); dh->Assign(0, zeek::make_intrusive(${h.signature}.length(), (const char*) ${h.signature}.data())); - dh->Assign(1, zeek::val_mgr->Count(${h.UsedBytesInTheLastPage})); - dh->Assign(2, zeek::val_mgr->Count(${h.FileSizeInPages})); - dh->Assign(3, zeek::val_mgr->Count(${h.NumberOfRelocationItems})); - dh->Assign(4, zeek::val_mgr->Count(${h.HeaderSizeInParagraphs})); - dh->Assign(5, zeek::val_mgr->Count(${h.MinimumExtraParagraphs})); - dh->Assign(6, zeek::val_mgr->Count(${h.MaximumExtraParagraphs})); - dh->Assign(7, zeek::val_mgr->Count(${h.InitialRelativeSS})); - dh->Assign(8, zeek::val_mgr->Count(${h.InitialSP})); - dh->Assign(9, zeek::val_mgr->Count(${h.Checksum})); - dh->Assign(10, zeek::val_mgr->Count(${h.InitialIP})); - dh->Assign(11, zeek::val_mgr->Count(${h.InitialRelativeCS})); - dh->Assign(12, zeek::val_mgr->Count(${h.AddressOfRelocationTable})); - dh->Assign(13, zeek::val_mgr->Count(${h.OverlayNumber})); - dh->Assign(14, zeek::val_mgr->Count(${h.OEMid})); - dh->Assign(15, zeek::val_mgr->Count(${h.OEMinfo})); - dh->Assign(16, zeek::val_mgr->Count(${h.AddressOfNewExeHeader})); + dh->Assign(1, ${h.UsedBytesInTheLastPage}); + dh->Assign(2, ${h.FileSizeInPages}); + dh->Assign(3, ${h.NumberOfRelocationItems}); + dh->Assign(4, ${h.HeaderSizeInParagraphs}); + dh->Assign(5, ${h.MinimumExtraParagraphs}); + dh->Assign(6, ${h.MaximumExtraParagraphs}); + dh->Assign(7, ${h.InitialRelativeSS}); + dh->Assign(8, ${h.InitialSP}); + dh->Assign(9, ${h.Checksum}); + dh->Assign(10, ${h.InitialIP}); + dh->Assign(11, ${h.InitialRelativeCS}); + dh->Assign(12, ${h.AddressOfRelocationTable}); + dh->Assign(13, ${h.OverlayNumber}); + dh->Assign(14, ${h.OEMid}); + dh->Assign(15, ${h.OEMinfo}); + dh->Assign(16, ${h.AddressOfNewExeHeader}); zeek::event_mgr.Enqueue(pe_dos_header, connection()->zeek_analyzer()->GetFile()->ToVal(), @@ -98,11 +98,11 @@ refine flow File += { if ( pe_file_header ) { auto fh = zeek::make_intrusive(zeek::BifType::Record::PE::FileHeader); - fh->Assign(0, zeek::val_mgr->Count(${h.Machine})); - fh->Assign(1, zeek::make_intrusive(static_cast(${h.TimeDateStamp}))); - fh->Assign(2, zeek::val_mgr->Count(${h.PointerToSymbolTable})); - fh->Assign(3, zeek::val_mgr->Count(${h.NumberOfSymbols})); - fh->Assign(4, zeek::val_mgr->Count(${h.SizeOfOptionalHeader})); + fh->Assign(0, ${h.Machine}); + fh->AssignTime(1, double(${h.TimeDateStamp})); + fh->Assign(2, ${h.PointerToSymbolTable}); + fh->Assign(3, ${h.NumberOfSymbols}); + fh->Assign(4, ${h.SizeOfOptionalHeader}); fh->Assign(5, characteristics_to_zeek(${h.Characteristics}, 16)); zeek::event_mgr.Enqueue(pe_file_header, @@ -127,31 +127,31 @@ refine flow File += { { auto oh = zeek::make_intrusive(zeek::BifType::Record::PE::OptionalHeader); - oh->Assign(0, zeek::val_mgr->Count(${h.magic})); - oh->Assign(1, zeek::val_mgr->Count(${h.major_linker_version})); - oh->Assign(2, zeek::val_mgr->Count(${h.minor_linker_version})); - oh->Assign(3, zeek::val_mgr->Count(${h.size_of_code})); - oh->Assign(4, zeek::val_mgr->Count(${h.size_of_init_data})); - oh->Assign(5, zeek::val_mgr->Count(${h.size_of_uninit_data})); - oh->Assign(6, zeek::val_mgr->Count(${h.addr_of_entry_point})); - oh->Assign(7, zeek::val_mgr->Count(${h.base_of_code})); + oh->Assign(0, ${h.magic}); + oh->Assign(1, ${h.major_linker_version}); + oh->Assign(2, ${h.minor_linker_version}); + oh->Assign(3, ${h.size_of_code}); + oh->Assign(4, ${h.size_of_init_data}); + oh->Assign(5, ${h.size_of_uninit_data}); + oh->Assign(6, ${h.addr_of_entry_point}); + oh->Assign(7, ${h.base_of_code}); if ( ${h.pe_format} != PE32_PLUS ) - oh->Assign(8, zeek::val_mgr->Count(${h.base_of_data})); + oh->Assign(8, ${h.base_of_data}); - oh->Assign(9, zeek::val_mgr->Count(${h.image_base})); - oh->Assign(10, zeek::val_mgr->Count(${h.section_alignment})); - oh->Assign(11, zeek::val_mgr->Count(${h.file_alignment})); - oh->Assign(12, zeek::val_mgr->Count(${h.os_version_major})); - oh->Assign(13, zeek::val_mgr->Count(${h.os_version_minor})); - oh->Assign(14, zeek::val_mgr->Count(${h.major_image_version})); - oh->Assign(15, zeek::val_mgr->Count(${h.minor_image_version})); - oh->Assign(16, zeek::val_mgr->Count(${h.major_subsys_version})); - oh->Assign(17, zeek::val_mgr->Count(${h.minor_subsys_version})); - oh->Assign(18, zeek::val_mgr->Count(${h.size_of_image})); - oh->Assign(19, zeek::val_mgr->Count(${h.size_of_headers})); - oh->Assign(20, zeek::val_mgr->Count(${h.checksum})); - oh->Assign(21, zeek::val_mgr->Count(${h.subsystem})); + oh->Assign(9, ${h.image_base}); + oh->Assign(10, ${h.section_alignment}); + oh->Assign(11, ${h.file_alignment}); + oh->Assign(12, ${h.os_version_major}); + oh->Assign(13, ${h.os_version_minor}); + oh->Assign(14, ${h.major_image_version}); + oh->Assign(15, ${h.minor_image_version}); + oh->Assign(16, ${h.major_subsys_version}); + oh->Assign(17, ${h.minor_subsys_version}); + oh->Assign(18, ${h.size_of_image}); + oh->Assign(19, ${h.size_of_headers}); + oh->Assign(20, ${h.checksum}); + oh->Assign(21, ${h.subsystem}); oh->Assign(22, characteristics_to_zeek(${h.dll_characteristics}, 16)); oh->Assign(23, process_rvas(${h.rvas})); @@ -178,14 +178,14 @@ refine flow File += { name_len = first_null - ${h.name}.data(); section_header->Assign(0, zeek::make_intrusive(name_len, (const char*) ${h.name}.data())); - section_header->Assign(1, zeek::val_mgr->Count(${h.virtual_size})); - section_header->Assign(2, zeek::val_mgr->Count(${h.virtual_addr})); - section_header->Assign(3, zeek::val_mgr->Count(${h.size_of_raw_data})); - section_header->Assign(4, zeek::val_mgr->Count(${h.ptr_to_raw_data})); - section_header->Assign(5, zeek::val_mgr->Count(${h.non_used_ptr_to_relocs})); - section_header->Assign(6, zeek::val_mgr->Count(${h.non_used_ptr_to_line_nums})); - section_header->Assign(7, zeek::val_mgr->Count(${h.non_used_num_of_relocs})); - section_header->Assign(8, zeek::val_mgr->Count(${h.non_used_num_of_line_nums})); + section_header->Assign(1, ${h.virtual_size}); + section_header->Assign(2, ${h.virtual_addr}); + section_header->Assign(3, ${h.size_of_raw_data}); + section_header->Assign(4, ${h.ptr_to_raw_data}); + section_header->Assign(5, ${h.non_used_ptr_to_relocs}); + section_header->Assign(6, ${h.non_used_ptr_to_line_nums}); + section_header->Assign(7, ${h.non_used_num_of_relocs}); + section_header->Assign(8, ${h.non_used_num_of_line_nums}); section_header->Assign(9, characteristics_to_zeek(${h.characteristics}, 32)); zeek::event_mgr.Enqueue(pe_section_header, diff --git a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac index dbb7c88079..d30af665e2 100644 --- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac +++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac @@ -73,19 +73,19 @@ refine flow Flow += { if ( ::unified2_event ) { auto ids_event = zeek::make_intrusive(zeek::BifType::Record::Unified2::IDSEvent); - ids_event->Assign(0, zeek::val_mgr->Count(${ev.sensor_id})); - ids_event->Assign(1, zeek::val_mgr->Count(${ev.event_id})); - ids_event->Assign(2, zeek::make_intrusive(ts_to_double(${ev.ts}))); - ids_event->Assign(3, zeek::val_mgr->Count(${ev.signature_id})); - ids_event->Assign(4, zeek::val_mgr->Count(${ev.generator_id})); - ids_event->Assign(5, zeek::val_mgr->Count(${ev.signature_revision})); - ids_event->Assign(6, zeek::val_mgr->Count(${ev.classification_id})); - ids_event->Assign(7, zeek::val_mgr->Count(${ev.priority_id})); + ids_event->Assign(0, ${ev.sensor_id}); + ids_event->Assign(1, ${ev.event_id}); + ids_event->AssignTime(2, ts_to_double(${ev.ts})); + ids_event->Assign(3, ${ev.signature_id}); + ids_event->Assign(4, ${ev.generator_id}); + ids_event->Assign(5, ${ev.signature_revision}); + ids_event->Assign(6, ${ev.classification_id}); + ids_event->Assign(7, ${ev.priority_id}); ids_event->Assign(8, unified2_addr_to_zeek_addr(${ev.src_ip})); ids_event->Assign(9, unified2_addr_to_zeek_addr(${ev.dst_ip})); ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol})); ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol})); - ids_event->Assign(17, zeek::val_mgr->Count(${ev.packet_action})); + ids_event->Assign(17, ${ev.packet_action}); zeek::event_mgr.Enqueue(::unified2_event, connection()->zeek_analyzer()->GetFile()->ToVal(), @@ -99,23 +99,23 @@ refine flow Flow += { if ( ::unified2_event ) { auto ids_event = zeek::make_intrusive(zeek::BifType::Record::Unified2::IDSEvent); - ids_event->Assign(0, zeek::val_mgr->Count(${ev.sensor_id})); - ids_event->Assign(1, zeek::val_mgr->Count(${ev.event_id})); - ids_event->Assign(2, zeek::make_intrusive(ts_to_double(${ev.ts}))); - ids_event->Assign(3, zeek::val_mgr->Count(${ev.signature_id})); - ids_event->Assign(4, zeek::val_mgr->Count(${ev.generator_id})); - ids_event->Assign(5, zeek::val_mgr->Count(${ev.signature_revision})); - ids_event->Assign(6, zeek::val_mgr->Count(${ev.classification_id})); - ids_event->Assign(7, zeek::val_mgr->Count(${ev.priority_id})); + ids_event->Assign(0, ${ev.sensor_id}); + ids_event->Assign(1, ${ev.event_id}); + ids_event->AssignTime(2, ts_to_double(${ev.ts})); + ids_event->Assign(3, ${ev.signature_id}); + ids_event->Assign(4, ${ev.generator_id}); + ids_event->Assign(5, ${ev.signature_revision}); + ids_event->Assign(6, ${ev.classification_id}); + ids_event->Assign(7, ${ev.priority_id}); ids_event->Assign(8, unified2_addr_to_zeek_addr(${ev.src_ip})); ids_event->Assign(9, unified2_addr_to_zeek_addr(${ev.dst_ip})); ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol})); ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol})); - ids_event->Assign(12, zeek::val_mgr->Count(${ev.impact_flag})); - ids_event->Assign(13, zeek::val_mgr->Count(${ev.impact})); - ids_event->Assign(14, zeek::val_mgr->Count(${ev.blocked})); - ids_event->Assign(15, zeek::val_mgr->Count(${ev.mpls_label})); - ids_event->Assign(16, zeek::val_mgr->Count(${ev.vlan_id})); + ids_event->Assign(12, ${ev.impact_flag}); + ids_event->Assign(13, ${ev.impact}); + ids_event->Assign(14, ${ev.blocked}); + ids_event->Assign(15, ${ev.mpls_label}); + ids_event->Assign(16, ${ev.vlan_id}); zeek::event_mgr.Enqueue(::unified2_event, connection()->zeek_analyzer()->GetFile()->ToVal(), @@ -130,11 +130,11 @@ refine flow Flow += { if ( ::unified2_packet ) { auto packet = zeek::make_intrusive(zeek::BifType::Record::Unified2::Packet); - packet->Assign(0, zeek::val_mgr->Count(${pkt.sensor_id})); - packet->Assign(1, zeek::val_mgr->Count(${pkt.event_id})); - packet->Assign(2, zeek::val_mgr->Count(${pkt.event_second})); - packet->Assign(3, zeek::make_intrusive(ts_to_double(${pkt.packet_ts}))); - packet->Assign(4, zeek::val_mgr->Count(${pkt.link_type})); + packet->Assign(0, ${pkt.sensor_id}); + packet->Assign(1, ${pkt.event_id}); + packet->Assign(2, ${pkt.event_second}); + packet->AssignTime(3, ts_to_double(${pkt.packet_ts})); + packet->Assign(4, ${pkt.link_type}); packet->Assign(5, to_stringval(${pkt.packet_data})); zeek::event_mgr.Enqueue(::unified2_packet, diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index 2f2899b0aa..dc987f8220 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -124,7 +124,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, auto pX509Cert = make_intrusive(BifType::Record::X509::Certificate); BIO *bio = BIO_new(BIO_s_mem()); - pX509Cert->Assign(0, val_mgr->Count((uint64_t) X509_get_version(ssl_cert) + 1)); + pX509Cert->Assign(0, uint64_t(X509_get_version(ssl_cert) + 1)); i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert)); int len = BIO_read(bio, buf, sizeof(buf)); pX509Cert->Assign(1, make_intrusive(len, buf)); @@ -161,8 +161,8 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, pX509Cert->Assign(3, make_intrusive(len, buf)); BIO_free(bio); - pX509Cert->Assign(5, make_intrusive(GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter))); - pX509Cert->Assign(6, make_intrusive(GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter))); + pX509Cert->AssignTime(5, GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter)); + pX509Cert->AssignTime(6, GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter)); // we only read 255 bytes because byte 256 is always 0. // if the string is longer than 255, that will be our null-termination, @@ -172,7 +172,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, if ( ! i2t_ASN1_OBJECT(buf, 255, algorithm) ) buf[0] = 0; - pX509Cert->Assign(7, make_intrusive(buf)); + pX509Cert->Assign(7, buf); // Special case for RDP server certificates. For some reason some (all?) RDP server // certificates like to specify their key algorithm as md5WithRSAEncryption, which @@ -194,25 +194,25 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, if ( ! i2t_ASN1_OBJECT(buf, 255, OBJ_nid2obj(X509_get_signature_nid(ssl_cert))) ) buf[0] = 0; - pX509Cert->Assign(8, make_intrusive(buf)); + pX509Cert->Assign(8, buf); // Things we can do when we have the key... EVP_PKEY *pkey = X509_extract_key(ssl_cert); if ( pkey != NULL ) { if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA ) - pX509Cert->Assign(9, make_intrusive("dsa")); + pX509Cert->Assign(9, "dsa"); else if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA ) { - pX509Cert->Assign(9, make_intrusive("rsa")); + pX509Cert->Assign(9, "rsa"); const BIGNUM *e; RSA_get0_key(EVP_PKEY_get0_RSA(pkey), NULL, &e, NULL); char *exponent = BN_bn2dec(e); if ( exponent != NULL ) { - pX509Cert->Assign(11, make_intrusive(exponent)); + pX509Cert->Assign(11, exponent); OPENSSL_free(exponent); exponent = NULL; } @@ -220,7 +220,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, #ifndef OPENSSL_NO_EC else if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_EC ) { - pX509Cert->Assign(9, make_intrusive("ecdsa")); + pX509Cert->Assign(9, "ecdsa"); pX509Cert->Assign(12, KeyCurve(pkey)); } #endif @@ -232,7 +232,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, unsigned int length = KeyLength(pkey); if ( length > 0 ) - pX509Cert->Assign(10, val_mgr->Count(length)); + pX509Cert->Assign(10, length); EVP_PKEY_free(pkey); } @@ -292,10 +292,10 @@ void X509::ParseBasicConstraints(X509_EXTENSION* ex) if ( x509_ext_basic_constraints ) { auto pBasicConstraint = make_intrusive(BifType::Record::X509::BasicConstraints); - pBasicConstraint->Assign(0, val_mgr->Bool(constr->ca)); + pBasicConstraint->Assign(0, constr->ca); if ( constr->pathlen ) - pBasicConstraint->Assign(1, val_mgr->Count((int32_t) ASN1_INTEGER_get(constr->pathlen))); + pBasicConstraint->Assign(1, int32_t(ASN1_INTEGER_get(constr->pathlen))); event_mgr.Enqueue(x509_ext_basic_constraints, GetFile()->ToVal(), @@ -436,7 +436,7 @@ void X509::ParseSAN(X509_EXTENSION* ext) if ( ips != nullptr ) sanExt->Assign(3, ips); - sanExt->Assign(4, val_mgr->Bool(otherfields)); + sanExt->Assign(4, otherfields); event_mgr.Enqueue(x509_ext_subject_alternative_name, GetFile()->ToVal(), diff --git a/src/file_analysis/analyzer/x509/X509Common.cc b/src/file_analysis/analyzer/x509/X509Common.cc index cb78d1d48c..3ce48255f0 100644 --- a/src/file_analysis/analyzer/x509/X509Common.cc +++ b/src/file_analysis/analyzer/x509/X509Common.cc @@ -273,13 +273,13 @@ void X509Common::ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bo ext_val = make_intrusive(0, ""); auto pX509Ext = make_intrusive(BifType::Record::X509::Extension); - pX509Ext->Assign(0, make_intrusive(name)); + pX509Ext->Assign(0, name); if ( short_name and strlen(short_name) > 0 ) - pX509Ext->Assign(1, make_intrusive(short_name)); + pX509Ext->Assign(1, short_name); - pX509Ext->Assign(2, make_intrusive(oid)); - pX509Ext->Assign(3, val_mgr->Bool(critical)); + pX509Ext->Assign(2, oid); + pX509Ext->Assign(3, critical); pX509Ext->Assign(4, ext_val); // send off generic extension event diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif index 3f18ed163f..847962850f 100644 --- a/src/file_analysis/analyzer/x509/functions.bif +++ b/src/file_analysis/analyzer/x509/functions.bif @@ -16,8 +16,8 @@ static zeek::RecordValPtr x509_result_record(uint64_t num, const char* reason, z { auto rrecord = zeek::make_intrusive(zeek::BifType::Record::X509::Result); - rrecord->Assign(0, zeek::val_mgr->Int(num)); - rrecord->Assign(1, zeek::make_intrusive(reason)); + rrecord->Assign(0, num); + rrecord->Assign(1, reason); if ( chainVector ) rrecord->Assign(2, std::move(chainVector)); diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index f779ae2e79..64febf5f29 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -117,12 +117,12 @@ RecordValPtr Packet::ToRawPktHdrVal() const l2_hdr->Assign(4, FmtEUI48(data)); // dst if ( vlan ) - l2_hdr->Assign(5, val_mgr->Count(vlan)); + l2_hdr->Assign(5, vlan); if ( inner_vlan ) - l2_hdr->Assign(6, val_mgr->Count(inner_vlan)); + l2_hdr->Assign(6, inner_vlan); - l2_hdr->Assign(7, val_mgr->Count(eth_type)); + l2_hdr->Assign(7, eth_type); if ( eth_type == ETHERTYPE_ARP || eth_type == ETHERTYPE_REVARP ) // We also identify ARP for L3 over ethernet @@ -131,8 +131,8 @@ RecordValPtr Packet::ToRawPktHdrVal() const else l2_hdr->Assign(0, BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_UNKNOWN)); - l2_hdr->Assign(1, val_mgr->Count(len)); - l2_hdr->Assign(2, val_mgr->Count(cap_len)); + l2_hdr->Assign(1, len); + l2_hdr->Assign(2, cap_len); l2_hdr->Assign(8, BifType::Enum::layer3_proto->GetEnumVal(l3)); diff --git a/src/iosource/pcap/pcap.bif b/src/iosource/pcap/pcap.bif index bb2cf53633..0f0e6e47f7 100644 --- a/src/iosource/pcap/pcap.bif +++ b/src/iosource/pcap/pcap.bif @@ -127,9 +127,9 @@ function findalldevs%(%): Pcap::Interfaces { auto r = make_intrusive(iface_type); - r->Assign(0, make_intrusive(d->name)); + r->Assign(0, d->name); if ( d->description ) - r->Assign(1, make_intrusive(d->description)); + r->Assign(1, d->description); auto addrs = make_intrusive(TYPE_ADDR); for ( auto addr = d->addresses; addr != NULL; addr = addr->next ) @@ -146,11 +146,11 @@ function findalldevs%(%): Pcap::Interfaces } } r->Assign(2, addrs->ToSetVal()); - r->Assign(3, val_mgr->Bool(d->flags & PCAP_IF_LOOPBACK)); + r->Assign(3, bool(d->flags & PCAP_IF_LOOPBACK)); #ifdef PCAP_IF_UP // These didn't become available until libpcap 1.6.1 - r->Assign(4, val_mgr->Bool(d->flags & PCAP_IF_UP)); - r->Assign(5, val_mgr->Bool(d->flags & PCAP_IF_RUNNING)); + r->Assign(4, bool(d->flags & PCAP_IF_UP)); + r->Assign(5, bool(d->flags & PCAP_IF_RUNNING)); #endif pcap_interfaces->Assign(std::move(r), nullptr); diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 27b2216262..ea7040e3ff 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -1517,9 +1517,9 @@ std::string Manager::FormatRotationPath(EnumValPtr writer, auto ri = make_intrusive(BifType::Record::Log::RotationFmtInfo); ri->Assign(0, std::move(writer)); ri->Assign(1, path.size(), path.data()); - ri->Assign(2, open); - ri->Assign(3, close); - ri->Assign(4, val_mgr->Bool(terminating)); + ri->AssignTime(2, open); + ri->AssignTime(3, close); + ri->Assign(4, terminating); ri->Assign(5, std::move(postprocessor)); std::string rval; @@ -1608,11 +1608,11 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con auto info = make_intrusive(BifType::Record::Log::RotationInfo); info->Assign(0, {NewRef{}, winfo->type}); - info->Assign(1, make_intrusive(new_name)); - info->Assign(2, make_intrusive(winfo->writer->Info().path)); - info->Assign(3, make_intrusive(open)); - info->Assign(4, make_intrusive(close)); - info->Assign(5, val_mgr->Bool(terminating)); + info->Assign(1, new_name); + info->Assign(2, winfo->writer->Info().path); + info->AssignTime(3, open); + info->AssignTime(4, close); + info->Assign(5, terminating); static auto default_ppf = id::find_func("Log::__default_rotation_postprocessor"); diff --git a/src/logging/writers/ascii/Ascii.cc b/src/logging/writers/ascii/Ascii.cc index 23d4c2833d..942aa5125b 100644 --- a/src/logging/writers/ascii/Ascii.cc +++ b/src/logging/writers/ascii/Ascii.cc @@ -818,11 +818,11 @@ void Ascii::RotateLeftoverLogs() auto rot_info = make_intrusive(rot_info_type); rot_info->Assign(0, writer_val); - rot_info->Assign(1, rotation_path); - rot_info->Assign(2, ll.Path()); - rot_info->Assign(3, ll.open_time); - rot_info->Assign(4, ll.close_time); - rot_info->Assign(5, val_mgr->False()); + rot_info->Assign(1, rotation_path); + rot_info->Assign(2, ll.Path()); + rot_info->AssignTime(3, double(ll.open_time)); + rot_info->AssignTime(4, double(ll.close_time)); + rot_info->Assign(5, false); if ( rename(ll.filename.data(), rotation_path.data()) != 0 ) reporter->FatalError("Found leftover/unprocessed log '%s', but " diff --git a/src/stats.bif b/src/stats.bif index a1dcedce7c..f2d9a2c4cc 100644 --- a/src/stats.bif +++ b/src/stats.bif @@ -57,10 +57,10 @@ function get_net_stats%(%): NetStats auto r = zeek::make_intrusive(NetStats); int n = 0; - r->Assign(n++, zeek::val_mgr->Count(recv)); - r->Assign(n++, zeek::val_mgr->Count(drop)); - r->Assign(n++, zeek::val_mgr->Count(link)); - r->Assign(n++, zeek::val_mgr->Count(bytes_recv)); + r->Assign(n++, recv); + r->Assign(n++, drop); + r->Assign(n++, link); + r->Assign(n++, bytes_recv); return r; %} @@ -86,16 +86,16 @@ function get_conn_stats%(%): ConnStats auto r = zeek::make_intrusive(ConnStats); int n = 0; - r->Assign(n++, zeek::val_mgr->Count(Connection::TotalConnections())); - r->Assign(n++, zeek::val_mgr->Count(Connection::CurrentConnections())); - r->Assign(n++, zeek::val_mgr->Count(sessions->CurrentConnections())); + r->Assign(n++, Connection::TotalConnections()); + r->Assign(n++, Connection::CurrentConnections()); + r->Assign(n++, sessions->CurrentConnections()); SessionStats s; if ( sessions ) sessions->GetStats(s); #define ADD_STAT(x) \ - r->Assign(n++, zeek::val_mgr->Count(unsigned(sessions ? x : 0))); + r->Assign(n++, unsigned(sessions ? x : 0)); ADD_STAT(s.num_packets); ADD_STAT(s.num_fragments); @@ -110,7 +110,7 @@ function get_conn_stats%(%): ConnStats ADD_STAT(s.max_ICMP_conns); ADD_STAT(s.cumulative_ICMP_conns); - r->Assign(n++, zeek::val_mgr->Count(zeek::detail::killed_by_inactivity)); + r->Assign(n++, zeek::detail::killed_by_inactivity); return r; %} @@ -147,27 +147,27 @@ function get_proc_stats%(%): ProcStats double(ru.ru_stime.tv_sec) + double(ru.ru_stime.tv_usec) / 1e6; #ifdef DEBUG - r->Assign(n++, zeek::val_mgr->Count(1)); + r->Assign(n++, true); #else - r->Assign(n++, zeek::val_mgr->Count(0)); + r->Assign(n++, false); #endif - r->Assign(n++, zeek::make_intrusive(zeek::run_state::zeek_start_time)); + r->AssignTime(n++, zeek::run_state::zeek_start_time); - r->Assign(n++, zeek::make_intrusive(elapsed_time, Seconds)); - r->Assign(n++, zeek::make_intrusive(user_time, Seconds)); - r->Assign(n++, zeek::make_intrusive(system_time, Seconds)); + r->AssignInterval(n++, elapsed_time); + r->AssignInterval(n++, user_time); + r->AssignInterval(n++, system_time); uint64_t total_mem; zeek::util::get_memory_usage(&total_mem, NULL); - r->Assign(n++, zeek::val_mgr->Count(unsigned(total_mem))); + r->Assign(n++, unsigned(total_mem)); - r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_minflt))); - r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_majflt))); - r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_nswap))); - r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_inblock))); - r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_oublock))); - r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_nivcsw))); + r->Assign(n++, unsigned(ru.ru_minflt)); + r->Assign(n++, unsigned(ru.ru_majflt)); + r->Assign(n++, unsigned(ru.ru_nswap)); + r->Assign(n++, unsigned(ru.ru_inblock)); + r->Assign(n++, unsigned(ru.ru_oublock)); + r->Assign(n++, unsigned(ru.ru_nivcsw)); return r; %} @@ -193,8 +193,8 @@ function get_event_stats%(%): EventStats auto r = zeek::make_intrusive(EventStats); int n = 0; - r->Assign(n++, zeek::val_mgr->Count(event_mgr.num_events_queued)); - r->Assign(n++, zeek::val_mgr->Count(event_mgr.num_events_dispatched)); + r->Assign(n++, event_mgr.num_events_queued); + r->Assign(n++, event_mgr.num_events_dispatched); return r; %} @@ -220,10 +220,10 @@ function get_reassembler_stats%(%): ReassemblerStats auto r = zeek::make_intrusive(ReassemblerStats); int n = 0; - r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_FILE))); - r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_FRAG))); - r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_TCP))); - r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_UNKNOWN))); + r->Assign(n++, Reassembler::MemoryAllocation(zeek::REASSEM_FILE)); + r->Assign(n++, Reassembler::MemoryAllocation(zeek::REASSEM_FRAG)); + r->Assign(n++, Reassembler::MemoryAllocation(zeek::REASSEM_TCP)); + r->Assign(n++, Reassembler::MemoryAllocation(zeek::REASSEM_UNKNOWN)); return r; %} @@ -252,12 +252,12 @@ function get_dns_stats%(%): DNSStats zeek::detail::DNS_Mgr::Stats dstats; zeek::detail::dns_mgr->GetStats(&dstats); - r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.requests))); - r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.successful))); - r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.failed))); - r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.pending))); - r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.cached_hosts))); - r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.cached_addresses))); + r->Assign(n++, unsigned(dstats.requests)); + r->Assign(n++, unsigned(dstats.successful)); + r->Assign(n++, unsigned(dstats.failed)); + r->Assign(n++, unsigned(dstats.pending)); + r->Assign(n++, unsigned(dstats.cached_hosts)); + r->Assign(n++, unsigned(dstats.cached_addresses)); return r; %} @@ -283,9 +283,9 @@ function get_timer_stats%(%): TimerStats auto r = zeek::make_intrusive(TimerStats); int n = 0; - r->Assign(n++, zeek::val_mgr->Count(unsigned(zeek::detail::timer_mgr->Size()))); - r->Assign(n++, zeek::val_mgr->Count(unsigned(zeek::detail::timer_mgr->PeakSize()))); - r->Assign(n++, zeek::val_mgr->Count(zeek::detail::timer_mgr->CumulativeNum())); + r->Assign(n++, unsigned(zeek::detail::timer_mgr->Size())); + r->Assign(n++, unsigned(zeek::detail::timer_mgr->PeakSize())); + r->Assign(n++, zeek::detail::timer_mgr->CumulativeNum()); return r; %} @@ -311,9 +311,9 @@ function get_file_analysis_stats%(%): FileAnalysisStats auto r = zeek::make_intrusive(FileAnalysisStats); int n = 0; - r->Assign(n++, zeek::val_mgr->Count(zeek::file_mgr->CurrentFiles())); - r->Assign(n++, zeek::val_mgr->Count(zeek::file_mgr->MaxFiles())); - r->Assign(n++, zeek::val_mgr->Count(zeek::file_mgr->CumulativeFiles())); + r->Assign(n++, zeek::file_mgr->CurrentFiles()); + r->Assign(n++, zeek::file_mgr->MaxFiles()); + r->Assign(n++, zeek::file_mgr->CumulativeFiles()); return r; %} @@ -339,7 +339,7 @@ function get_thread_stats%(%): ThreadStats auto r = zeek::make_intrusive(ThreadStats); int n = 0; - r->Assign(n++, zeek::val_mgr->Count(zeek::thread_mgr->NumThreads())); + r->Assign(n++, zeek::thread_mgr->NumThreads()); return r; %} @@ -365,10 +365,10 @@ function get_gap_stats%(%): GapStats auto r = zeek::make_intrusive(GapStats); int n = 0; - r->Assign(n++, zeek::val_mgr->Count(zeek::detail::tot_ack_events)); - r->Assign(n++, zeek::val_mgr->Count(zeek::detail::tot_ack_bytes)); - r->Assign(n++, zeek::val_mgr->Count(zeek::detail::tot_gap_events)); - r->Assign(n++, zeek::val_mgr->Count(zeek::detail::tot_gap_bytes)); + r->Assign(n++, zeek::detail::tot_ack_events); + r->Assign(n++, zeek::detail::tot_ack_bytes); + r->Assign(n++, zeek::detail::tot_gap_events); + r->Assign(n++, zeek::detail::tot_gap_bytes); return r; %} @@ -402,13 +402,13 @@ function get_matcher_stats%(%): MatcherStats if ( zeek::detail::rule_matcher ) zeek::detail::rule_matcher->GetStats(&s); - r->Assign(n++, zeek::val_mgr->Count(s.matchers)); - r->Assign(n++, zeek::val_mgr->Count(s.nfa_states)); - r->Assign(n++, zeek::val_mgr->Count(s.dfa_states)); - r->Assign(n++, zeek::val_mgr->Count(s.computed)); - r->Assign(n++, zeek::val_mgr->Count(s.mem)); - r->Assign(n++, zeek::val_mgr->Count(s.hits)); - r->Assign(n++, zeek::val_mgr->Count(s.misses)); + r->Assign(n++, s.matchers); + r->Assign(n++, s.nfa_states); + r->Assign(n++, s.dfa_states); + r->Assign(n++, s.computed); + r->Assign(n++, s.mem); + r->Assign(n++, s.hits); + r->Assign(n++, s.misses); return r; %} @@ -436,15 +436,15 @@ function get_broker_stats%(%): BrokerStats int n = 0; auto cs = broker_mgr->GetStatistics(); - r->Assign(n++, zeek::val_mgr->Count(static_cast(cs.num_peers))); - r->Assign(n++, zeek::val_mgr->Count(static_cast(cs.num_stores))); - r->Assign(n++, zeek::val_mgr->Count(static_cast(cs.num_pending_queries))); - r->Assign(n++, zeek::val_mgr->Count(static_cast(cs.num_events_incoming))); - r->Assign(n++, zeek::val_mgr->Count(static_cast(cs.num_events_outgoing))); - r->Assign(n++, zeek::val_mgr->Count(static_cast(cs.num_logs_incoming))); - r->Assign(n++, zeek::val_mgr->Count(static_cast(cs.num_logs_outgoing))); - r->Assign(n++, zeek::val_mgr->Count(static_cast(cs.num_ids_incoming))); - r->Assign(n++, zeek::val_mgr->Count(static_cast(cs.num_ids_outgoing))); + r->Assign(n++, static_cast(cs.num_peers)); + r->Assign(n++, static_cast(cs.num_stores)); + r->Assign(n++, static_cast(cs.num_pending_queries)); + r->Assign(n++, static_cast(cs.num_events_incoming)); + r->Assign(n++, static_cast(cs.num_events_outgoing)); + r->Assign(n++, static_cast(cs.num_logs_incoming)); + r->Assign(n++, static_cast(cs.num_logs_outgoing)); + r->Assign(n++, static_cast(cs.num_ids_incoming)); + r->Assign(n++, static_cast(cs.num_ids_outgoing)); return r; %} @@ -478,7 +478,7 @@ function get_reporter_stats%(%): ReporterStats weirds_by_type->Assign(std::move(weird), zeek::val_mgr->Count(kv.second)); } - r->Assign(n++, zeek::val_mgr->Count(reporter->GetWeirdCount())); + r->Assign(n++, reporter->GetWeirdCount()); r->Assign(n++, std::move(weirds_by_type)); return r; diff --git a/src/supervisor/Supervisor.cc b/src/supervisor/Supervisor.cc index f8d957c482..ce3fe8d220 100644 --- a/src/supervisor/Supervisor.cc +++ b/src/supervisor/Supervisor.cc @@ -1348,22 +1348,22 @@ RecordValPtr Supervisor::NodeConfig::ToRecord() const { const auto& rt = BifType::Record::Supervisor::NodeConfig; auto rval = make_intrusive(rt); - rval->Assign(rt->FieldOffset("name"), make_intrusive(name)); + rval->Assign(rt->FieldOffset("name"), name); if ( interface ) - rval->Assign(rt->FieldOffset("interface"), make_intrusive(*interface)); + rval->Assign(rt->FieldOffset("interface"), *interface); if ( directory ) - rval->Assign(rt->FieldOffset("directory"), make_intrusive(*directory)); + rval->Assign(rt->FieldOffset("directory"), *directory); if ( stdout_file ) - rval->Assign(rt->FieldOffset("stdout_file"), make_intrusive(*stdout_file)); + rval->Assign(rt->FieldOffset("stdout_file"), *stdout_file); if ( stderr_file ) - rval->Assign(rt->FieldOffset("stderr_file"), make_intrusive(*stderr_file)); + rval->Assign(rt->FieldOffset("stderr_file"), *stderr_file); if ( cpu_affinity ) - rval->Assign(rt->FieldOffset("cpu_affinity"), val_mgr->Int(*cpu_affinity)); + rval->Assign(rt->FieldOffset("cpu_affinity"), *cpu_affinity); auto st = rt->GetFieldType("scripts"); auto scripts_val = make_intrusive(std::move(st)); @@ -1390,7 +1390,7 @@ RecordValPtr Supervisor::NodeConfig::ToRecord() const val->Assign(ept->FieldOffset("p"), val_mgr->Port(ep.port, TRANSPORT_TCP)); if ( ep.interface ) - val->Assign(ept->FieldOffset("interface"), make_intrusive(*ep.interface)); + val->Assign(ept->FieldOffset("interface"), *ep.interface); cluster_val->Assign(std::move(key), std::move(val)); } @@ -1406,7 +1406,7 @@ RecordValPtr SupervisorNode::ToRecord() const rval->Assign(rt->FieldOffset("node"), config.ToRecord()); if ( pid ) - rval->Assign(rt->FieldOffset("pid"), val_mgr->Int(pid)); + rval->Assign(rt->FieldOffset("pid"), pid); return rval; } @@ -1464,11 +1464,11 @@ bool SupervisedNode::InitCluster() const if ( ep.interface ) val->Assign(cluster_node_type->FieldOffset("interface"), - make_intrusive(*ep.interface)); + *ep.interface); if ( manager_name && ep.role != BifEnum::Supervisor::MANAGER ) val->Assign(cluster_node_type->FieldOffset("manager"), - make_intrusive(*manager_name)); + *manager_name); cluster_nodes->Assign(std::move(key), std::move(val)); } diff --git a/src/supervisor/supervisor.bif b/src/supervisor/supervisor.bif index 4dd1909519..c143bc1dcf 100644 --- a/src/supervisor/supervisor.bif +++ b/src/supervisor/supervisor.bif @@ -86,7 +86,7 @@ function Supervisor::__node%(%): Supervisor::NodeConfig zeek::emit_builtin_error("not a supervised process"); const auto& rt = zeek::BifType::Record::Supervisor::NodeConfig; auto rval = zeek::make_intrusive(rt); - rval->Assign(rt->FieldOffset("name"), ""); + rval->Assign(rt->FieldOffset("name"), ""); return rval; } diff --git a/src/util.cc b/src/util.cc index e18e758cd8..f00e3d646a 100644 --- a/src/util.cc +++ b/src/util.cc @@ -865,10 +865,10 @@ FILE* rotate_file(const char* name, RecordVal* rotate_info) // Init rotate_info. if ( rotate_info ) { - rotate_info->Assign(0, name); - rotate_info->Assign(1, newname); - rotate_info->Assign(2, run_state::network_time); - rotate_info->Assign(3, run_state::network_time); + rotate_info->Assign(0, name); + rotate_info->Assign(1, newname); + rotate_info->AssignTime(2, run_state::network_time); + rotate_info->AssignTime(3, run_state::network_time); } return newf; diff --git a/src/zeek.bif b/src/zeek.bif index 91e0120ba7..a0e63d6ecd 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -1053,11 +1053,11 @@ function find_entropy%(data: string%): entropy_test_result static auto entropy_test_result = zeek::id::find_type("entropy_test_result"); auto ent_result = zeek::make_intrusive(entropy_test_result); - ent_result->Assign(0, zeek::make_intrusive(ent)); - ent_result->Assign(1, zeek::make_intrusive(chisq)); - ent_result->Assign(2, zeek::make_intrusive(mean)); - ent_result->Assign(3, zeek::make_intrusive(montepi)); - ent_result->Assign(4, zeek::make_intrusive(scc)); + ent_result->Assign(0, ent); + ent_result->Assign(1, chisq); + ent_result->Assign(2, mean); + ent_result->Assign(3, montepi); + ent_result->Assign(4, scc); return ent_result; %} @@ -1105,11 +1105,11 @@ function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result static auto entropy_test_result = zeek::id::find_type("entropy_test_result"); auto ent_result = zeek::make_intrusive(entropy_test_result); - ent_result->Assign(0, zeek::make_intrusive(ent)); - ent_result->Assign(1, zeek::make_intrusive(chisq)); - ent_result->Assign(2, zeek::make_intrusive(mean)); - ent_result->Assign(3, zeek::make_intrusive(montepi)); - ent_result->Assign(4, zeek::make_intrusive(scc)); + ent_result->Assign(0, ent); + ent_result->Assign(1, chisq); + ent_result->Assign(2, mean); + ent_result->Assign(3, montepi); + ent_result->Assign(4, scc); return ent_result; %} @@ -1926,10 +1926,10 @@ function packet_source%(%): PacketSource if ( ps ) { - r->Assign(0, zeek::val_mgr->Bool(ps->IsLive())); - r->Assign(1, zeek::make_intrusive(ps->Path())); - r->Assign(2, zeek::val_mgr->Int(ps->LinkType())); - r->Assign(3, zeek::val_mgr->Count(ps->Netmask())); + r->Assign(0, bool(ps->IsLive())); + r->Assign(1, ps->Path()); + r->Assign(2, ps->LinkType()); + r->Assign(3, ps->Netmask()); } return r; @@ -1979,13 +1979,13 @@ function global_ids%(%): id_table const auto& id = global.second; static auto script_id = zeek::id::find_type("script_id"); auto rec = zeek::make_intrusive(script_id); - rec->Assign(0, zeek::make_intrusive(type_name(id->GetType()->Tag()))); - rec->Assign(1, zeek::val_mgr->Bool(id->IsExport())); - rec->Assign(2, zeek::val_mgr->Bool(id->IsConst())); - rec->Assign(3, zeek::val_mgr->Bool(id->IsEnumConst())); - rec->Assign(4, zeek::val_mgr->Bool(id->IsOption())); - rec->Assign(5, zeek::val_mgr->Bool(id->IsRedefinable())); - rec->Assign(6, zeek::val_mgr->Bool(id->GetAttr(zeek::detail::ATTR_BACKEND) != zeek::detail::Attr::nil)); + rec->Assign(0, type_name(id->GetType()->Tag())); + rec->Assign(1, bool(id->IsExport())); + rec->Assign(2, bool(id->IsConst())); + rec->Assign(3, bool(id->IsEnumConst())); + rec->Assign(4, bool(id->IsOption())); + rec->Assign(5, bool(id->IsRedefinable())); + rec->Assign(6, bool(id->GetAttr(zeek::detail::ATTR_BACKEND) != zeek::detail::Attr::nil)); if ( id->HasVal() ) rec->Assign(7, id->GetVal()); @@ -2235,14 +2235,14 @@ function backtrace%(%): Backtrace const auto& params = ci.func->GetType()->Params(); auto args = MakeCallArgumentVector(ci.args, params); - elem->Assign(function_name_idx, ci.func->Name()); + elem->Assign(function_name_idx, ci.func->Name()); elem->Assign(function_args_idx, std::move(args)); if ( ci.call ) { auto loc = ci.call->GetLocationInfo(); - elem->Assign(file_location_idx, loc->filename); - elem->Assign(line_location_idx, val_mgr->Count(loc->first_line)); + elem->Assign(file_location_idx, loc->filename); + elem->Assign(line_location_idx, loc->first_line); } rval->Assign(rval->Size(), std::move(elem)); @@ -3414,18 +3414,18 @@ function lookup_connection%(cid: conn_id%): connection c->Assign(0, std::move(id_val)); auto orig_endp = zeek::make_intrusive(zeek::id::endpoint); - orig_endp->Assign(0, zeek::val_mgr->Count(0)); - orig_endp->Assign(1, zeek::val_mgr->Count(int(0))); + orig_endp->Assign(0, 0); + orig_endp->Assign(1, 0); auto resp_endp = zeek::make_intrusive(zeek::id::endpoint); - resp_endp->Assign(0, zeek::val_mgr->Count(0)); - resp_endp->Assign(1, zeek::val_mgr->Count(int(0))); + resp_endp->Assign(0, 0); + resp_endp->Assign(1, 0); c->Assign(1, std::move(orig_endp)); c->Assign(2, std::move(resp_endp)); - c->Assign(3, zeek::make_intrusive(zeek::run_state::network_time)); - c->Assign(4, zeek::make_intrusive(0.0)); + c->AssignTime(3, zeek::run_state::network_time); + c->AssignInterval(4, 0.0); c->Assign(5, zeek::make_intrusive(zeek::id::string_set)); // service c->Assign(6, zeek::val_mgr->EmptyString()); // history @@ -3494,19 +3494,19 @@ function get_current_packet%(%) : pcap_packet if ( ! pkt_src || ! pkt_src->GetCurrentPacket(&p) ) { - pkt->Assign(0, zeek::val_mgr->Count(0)); - pkt->Assign(1, zeek::val_mgr->Count(0)); - pkt->Assign(2, zeek::val_mgr->Count(0)); - pkt->Assign(3, zeek::val_mgr->Count(0)); + pkt->Assign(0, 0); + pkt->Assign(1, 0); + pkt->Assign(2, 0); + pkt->Assign(3, 0); pkt->Assign(4, zeek::val_mgr->EmptyString()); pkt->Assign(5, zeek::BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_UNKNOWN)); return pkt; } - pkt->Assign(0, zeek::val_mgr->Count(uint32_t(p->ts.tv_sec))); - pkt->Assign(1, zeek::val_mgr->Count(uint32_t(p->ts.tv_usec))); - pkt->Assign(2, zeek::val_mgr->Count(p->cap_len)); - pkt->Assign(3, zeek::val_mgr->Count(p->len)); + pkt->Assign(0, uint32_t(p->ts.tv_sec)); + pkt->Assign(1, uint32_t(p->ts.tv_usec)); + pkt->Assign(2, p->cap_len); + pkt->Assign(3, p->len); pkt->Assign(4, zeek::make_intrusive(p->cap_len, (const char*)p->data)); pkt->Assign(5, zeek::BifType::Enum::link_encap->GetEnumVal(p->link_type)); @@ -4736,8 +4736,8 @@ function rotate_file%(f: file%): rotate_info info = zeek::make_intrusive(rotate_info); info->Assign(0, zeek::val_mgr->EmptyString()); info->Assign(1, zeek::val_mgr->EmptyString()); - info->Assign(2, zeek::make_intrusive(0.0)); - info->Assign(3, zeek::make_intrusive(0.0)); + info->AssignTime(2, 0.0); + info->AssignTime(3, 0.0); return info; %} @@ -4779,8 +4779,8 @@ function rotate_file_by_name%(f: string%): rotate_info // Record indicating error. info->Assign(0, zeek::val_mgr->EmptyString()); info->Assign(1, zeek::val_mgr->EmptyString()); - info->Assign(2, zeek::make_intrusive(0.0)); - info->Assign(3, zeek::make_intrusive(0.0)); + info->AssignTime(2, 0.0); + info->AssignTime(3, 0.0); return info; } @@ -4788,12 +4788,12 @@ function rotate_file_by_name%(f: string%): rotate_info if ( is_pkt_dumper ) { - info->Assign(2, zeek::make_intrusive(zeek::run_state::detail::pkt_dumper->OpenTime())); + info->AssignTime(2, zeek::run_state::detail::pkt_dumper->OpenTime()); zeek::run_state::detail::pkt_dumper->Open(); } if ( is_addl_pkt_dumper ) - info->Assign(2, zeek::make_intrusive(addl_pkt_dumper->OpenTime())); + info->AssignTime(2, addl_pkt_dumper->OpenTime()); return info; %} From ab0b773522a01d02845c6193377e4855401cb7c6 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 17:00:36 -0800 Subject: [PATCH 17/42] test suite updates reflecting that vectors no longer support arbitrary "holes" --- .../btest/Baseline/language.record-index-complex-fields/output | 2 +- .../Baseline/scripts.base.frameworks.logging.ascii-json/ssh.log | 2 +- testing/btest/Baseline/scripts.base.utils.json/output | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/testing/btest/Baseline/language.record-index-complex-fields/output b/testing/btest/Baseline/language.record-index-complex-fields/output index a277a05a0d..431623305a 100644 --- a/testing/btest/Baseline/language.record-index-complex-fields/output +++ b/testing/btest/Baseline/language.record-index-complex-fields/output @@ -11,7 +11,7 @@ b } } { -[a=13, tags_v=[, , 2, 3], tags_t={ +[a=13, tags_v=[0, 0, 2, 3], tags_t={ [four] = 4, [five] = 5 }, tags_s={ diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json/ssh.log index 1a1c60d615..efb85b99a7 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json/ssh.log @@ -1,2 +1,2 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -{"b":true,"i":-42,"e":"SSH::LOG","c":21,"p":123,"sn":"10.0.0.0/24","a":"1.2.3.4","d":3.14,"t":XXXXXXXXXX.XXXXXX,"iv":100.0,"s":"hurz","sc":[4,2,3,1],"ss":["CC","BB","AA"],"se":[],"vc":[10,20,30],"ve":[],"vn":[0,null,2],"f":"SSH::foo\n{ \nif (0 < SSH::i) \n\treturn (Foo);\nelse\n\treturn (Bar);\n\n}"} +{"b":true,"i":-42,"e":"SSH::LOG","c":21,"p":123,"sn":"10.0.0.0/24","a":"1.2.3.4","d":3.14,"t":XXXXXXXXXX.XXXXXX,"iv":100.0,"s":"hurz","sc":[4,2,3,1],"ss":["CC","BB","AA"],"se":[],"vc":[10,20,30],"ve":[],"vn":[0,0,2],"f":"SSH::foo\n{ \nif (0 < SSH::i) \n\treturn (Foo);\nelse\n\treturn (Bar);\n\n}"} diff --git a/testing/btest/Baseline/scripts.base.utils.json/output b/testing/btest/Baseline/scripts.base.utils.json/output index d5e4a4a38d..b1726f5da1 100644 --- a/testing/btest/Baseline/scripts.base.utils.json/output +++ b/testing/btest/Baseline/scripts.base.utils.json/output @@ -29,7 +29,7 @@ XXXXXXXXXX.XXXXXX ["1.2.3.4"] [[false,true]] [{"s":"test"}] -[0,null,2] +[0,0,2] [] [2,1] ["1.2.3.4"] From 98ada4e419ffe2445561009a8f9b0d27530cb4f1 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 17:01:33 -0800 Subject: [PATCH 18/42] test suite updates for expanded sort() BiF semantics (bools, doubles) --- testing/btest/Baseline/bifs.sort/out | 10 ++++++---- testing/btest/bifs/sort.zeek | 18 +++++++++++++++++- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/testing/btest/Baseline/bifs.sort/out b/testing/btest/Baseline/bifs.sort/out index 520a1536bd..92ad481a01 100644 --- a/testing/btest/Baseline/bifs.sort/out +++ b/testing/btest/Baseline/bifs.sort/out @@ -3,12 +3,14 @@ [2, 3, 5, 8] [-7.0 mins, 1.0 sec, 5.0 hrs, 2.0 days] [-7.0 mins, 1.0 sec, 5.0 hrs, 2.0 days] +[T, F, F, T] +[T, F, F, T] [F, F, T, T] [F, F, T, T] -[57/tcp, 123/tcp, 7/udp, 500/udp, 12/icmp] -[57/tcp, 123/tcp, 7/udp, 500/udp, 12/icmp] -[3.03, 3.01, 3.02, 3.015] -[3.03, 3.01, 3.02, 3.015] +[12/icmp, 123/tcp, 500/udp, 7/udp, 57/tcp] +[12/icmp, 123/tcp, 500/udp, 7/udp, 57/tcp] +[3.01, 3.015, 3.02, 3.03] +[3.01, 3.015, 3.02, 3.03] [192.168.123.200, 10.0.0.157, 192.168.0.3] [192.168.123.200, 10.0.0.157, 192.168.0.3] [10.0.0.157, 192.168.0.3, 192.168.123.200] diff --git a/testing/btest/bifs/sort.zeek b/testing/btest/bifs/sort.zeek index 8bfd1c5f5d..a84f2aab93 100644 --- a/testing/btest/bifs/sort.zeek +++ b/testing/btest/bifs/sort.zeek @@ -20,6 +20,16 @@ function myfunc2(a: double, b: double): int return 1; } +function myfunc3(a: bool, b: bool): int + { + if (a == b) + return 0; + else if (a) + return 1; + else + return -1; + } + event zeek_init() { # Tests without supplying a comparison function @@ -34,17 +44,23 @@ event zeek_init() print a2; print b2; + # this one is expected to fail (i.e., "sort" doesn't sort the vector) local a3: vector of bool = vector( T, F, F, T ); local b3 = sort(a3); print a3; print b3; + local a3x: vector of bool = vector( T, F, F, T ); + local b3x = sort(a3x, myfunc3); + print a3x; + print b3x; + + # this one is expected to fail (i.e., "sort" doesn't sort the vector) local a4: vector of port = vector( 12/icmp, 123/tcp, 500/udp, 7/udp, 57/tcp ); local b4 = sort(a4); print a4; print b4; - # this one is expected to fail (i.e., "sort" doesn't sort the vector) local a5: vector of double = vector( 3.03, 3.01, 3.02, 3.015 ); local b5 = sort(a5); print a5; From 5084584020e64994a691c04ad29c9e9e28a0f66a Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 25 Feb 2021 17:10:16 -0800 Subject: [PATCH 19/42] test suite update for Smith-Waterman now using 0-based vectors --- testing/btest/language/smith-waterman-test.zeek | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/btest/language/smith-waterman-test.zeek b/testing/btest/language/smith-waterman-test.zeek index 2b13a1a5dc..248f41ec90 100644 --- a/testing/btest/language/smith-waterman-test.zeek +++ b/testing/btest/language/smith-waterman-test.zeek @@ -12,7 +12,7 @@ global s1: string_vec; global s2: string_vec; # Single alignment, no matches: -s1[++c] = "abcdefgh"; +s1[c] = "abcdefgh"; s2[c] = "ijklmnop"; min[c] = 2;; mode[c] = 0; From 9468b81a7b8d0cb98d8ed66c35dbb13aaa3ae193 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Fri, 26 Feb 2021 15:51:09 -0800 Subject: [PATCH 20/42] dagnabbit, forgot to port over destructor cleanup from ZAM_vector/ZAM_record --- src/Val.cc | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/Val.cc b/src/Val.cc index b08855f8ea..fcdc0eca95 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2868,6 +2868,12 @@ RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t)) RecordVal::~RecordVal() { + auto n = record_val->size(); + + for ( unsigned int i = 0; i < n; ++i ) + if ( HasField(i) ) + DeleteIfManaged((*record_val)[i], rt->GetFieldType(i)); + delete record_val; delete is_in_record; } @@ -3194,8 +3200,21 @@ VectorVal::VectorVal(VectorTypePtr t) : Val(t) VectorVal::~VectorVal() { + if ( yield_types ) + { + auto n = yield_types->size(); + for ( auto i = 0; i < n; ++i ) + DeleteIfManaged((*vector_val)[i], (*yield_types)[i]); + delete yield_types; + } + + else if ( IsManagedType(yield_type) ) + { + for ( auto& elem : *vector_val ) + DeleteManagedType(elem); + } + delete vector_val; - delete yield_types; } ValPtr VectorVal::SizeVal() const From 1447736b35ed7ede6b14239d07116c405025632c Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 06:11:01 -0800 Subject: [PATCH 21/42] ... porting over memory management for assignment to record fields --- src/Type.cc | 20 +++++++++++++++++++- src/Type.h | 11 +++++++++++ src/Val.cc | 15 +++++++++------ src/Val.h | 33 +++++++++++++++++++++------------ 4 files changed, 60 insertions(+), 19 deletions(-) diff --git a/src/Type.cc b/src/Type.cc index 3543edd195..0bd5b90227 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -826,7 +826,16 @@ void TypeDecl::DescribeReST(ODesc* d, bool roles_only) const RecordType::RecordType(type_decl_list* arg_types) : Type(TYPE_RECORD) { types = arg_types; - num_fields = types ? types->length() : 0; + + if ( types ) + { + num_fields = types->length(); + + loop_over_list(*types, i) + AddField(i, (*types)[i]); + } + else + num_fields = 0; } // in this case the clone is actually not so shallow, since @@ -850,6 +859,13 @@ RecordType::~RecordType() } } +void RecordType::AddField(unsigned int field, const TypeDecl* td) + { + ASSERT(field == managed_fields.size()); + + managed_fields.push_back(IsManagedType(td->type)); + } + bool RecordType::HasField(const char* field) const { return FieldOffset(field) >= 0; @@ -1023,7 +1039,9 @@ const char* RecordType::AddFields(const type_decl_list& others, td->attrs->AddAttr(make_intrusive(detail::ATTR_LOG)); } + int field = types->size(); types->push_back(td); + AddField(field, td); } num_fields = types->length(); diff --git a/src/Type.h b/src/Type.h index 88d6efdb25..5e5978506b 100644 --- a/src/Type.h +++ b/src/Type.h @@ -599,6 +599,11 @@ public: const TypeDecl* FieldDecl(int field) const; TypeDecl* FieldDecl(int field); + // Returns flags corresponding to which fields in the record + // have types requiring memory management (reference counting). + const std::vector& ManagedFields() const + { return managed_fields; } + int NumFields() const { return num_fields; } /** @@ -634,6 +639,12 @@ public: protected: RecordType() { types = nullptr; } + void AddField(unsigned int field, const TypeDecl* td); + + // If we were willing to bound the size of records, then we could + // use std::bitset here instead. + std::vector managed_fields; + int num_fields; type_decl_list* types; }; diff --git a/src/Val.cc b/src/Val.cc index fcdc0eca95..166445d6f8 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2785,10 +2785,11 @@ TableVal::TableRecordDependencies TableVal::parse_time_table_record_dependencies RecordVal::RecordTypeValMap RecordVal::parse_time_records; -RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t)) +RecordVal::RecordVal(RecordTypePtr t, bool init_fields) +: Val(t), is_managed(t->ManagedFields()) { origin = nullptr; - rt = {NewRef{}, GetType()->AsRecordType()}; + rt = std::move(t); int n = rt->NumFields(); @@ -2871,8 +2872,8 @@ RecordVal::~RecordVal() auto n = record_val->size(); for ( unsigned int i = 0; i < n; ++i ) - if ( HasField(i) ) - DeleteIfManaged((*record_val)[i], rt->GetFieldType(i)); + if ( HasField(i) && IsManaged(i) ) + DeleteManagedType((*record_val)[i]); delete record_val; delete is_in_record; @@ -2887,6 +2888,8 @@ void RecordVal::Assign(int field, ValPtr new_val) { if ( new_val ) { + DeleteFieldIfManaged(field); + auto t = rt->GetFieldType(field); (*record_val)[field] = ZVal(new_val, t); (*is_in_record)[field] = true; @@ -2900,8 +2903,8 @@ void RecordVal::Remove(int field) { if ( HasField(field) ) { - auto t = rt->GetFieldType(field); - DeleteIfManaged((*record_val)[field], t); + if ( IsManaged(field) ) + DeleteManagedType((*record_val)[field]); (*record_val)[field] = ZVal(); (*is_in_record)[field] = false; diff --git a/src/Val.h b/src/Val.h index 11ba8e5ac8..98796cf61b 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1110,21 +1110,18 @@ public: void AssignInterval(int field, double new_val) { Assign(field, new_val); } + void Assign(int field, StringVal* new_val) + { + DeleteManagedType((*record_val)[field]); + (*record_val)[field].string_val = new_val; + AddedField(field); + } void Assign(int field, const char* new_val) - { - (*record_val)[field].string_val = new StringVal(new_val); - AddedField(field); - } + { Assign(field, new StringVal(new_val)); } void Assign(int field, const std::string& new_val) - { - (*record_val)[field].string_val = new StringVal(new_val); - AddedField(field); - } + { Assign(field, new StringVal(new_val)); } void Assign(int field, String* new_val) - { - (*record_val)[field].string_val = new StringVal(new_val); - AddedField(field); - } + { Assign(field, new StringVal(new_val)); } /** * Appends a value to the record's fields. The caller is responsible @@ -1381,6 +1378,15 @@ protected: static RecordTypeValMap parse_time_records; private: + void DeleteFieldIfManaged(unsigned int field) + { + if ( HasField(field) && IsManaged(field) ) + DeleteManagedType((*record_val)[field]); + } + + bool IsManaged(unsigned int offset) const + { return is_managed[offset]; } + // Just for template inferencing. RecordVal* Get() { return this; } @@ -1394,6 +1400,9 @@ private: // Zeek does not enforce that non-optional fields are actually // present. std::vector* is_in_record; + + // Whether a given field requires explicit memory management. + const std::vector& is_managed; }; class EnumVal final : public detail::IntValImplementation { From f92946509c883d86b3eb679cf2e961effe8c8a44 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 06:37:50 -0800 Subject: [PATCH 22/42] ... and porting over memory management for assignment to vector elements --- src/Val.cc | 25 +++++++++++++++++++++---- src/Val.h | 4 ++++ 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/src/Val.cc b/src/Val.cc index 166445d6f8..10f7206c82 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -3199,6 +3199,7 @@ VectorVal::VectorVal(VectorTypePtr t) : Val(t) auto y_tag = yield_type->Tag(); any_yield = (y_tag == TYPE_VOID || y_tag == TYPE_ANY); + managed_yield = IsManagedType(yield_type); } VectorVal::~VectorVal() @@ -3211,7 +3212,7 @@ VectorVal::~VectorVal() delete yield_types; } - else if ( IsManagedType(yield_type) ) + else if ( managed_yield ) { for ( auto& elem : *vector_val ) DeleteManagedType(elem); @@ -3279,10 +3280,15 @@ bool VectorVal::Assign(unsigned int index, ValPtr element) { const auto& t = element->GetType(); (*yield_types)[index] = t; + DeleteIfManaged((*vector_val)[index], t); (*vector_val)[index] = ZVal(std::move(element), t); } else + { + if ( managed_yield ) + DeleteManagedType((*vector_val)[index]); (*vector_val)[index] = ZVal(std::move(element), yield_type); + } Modified(); return true; @@ -3308,11 +3314,18 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) vector::iterator it; vector::iterator types_it; + const auto& t = element->GetType(); + if ( index < vector_val->size() ) { it = std::next(vector_val->begin(), index); if ( yield_types ) + { + DeleteIfManaged(*it, t); types_it = std::next(yield_types->begin(), index); + } + else if ( managed_yield ) + DeleteManagedType(*it); } else { @@ -3323,8 +3336,7 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) if ( yield_types ) { - const auto& t = element->GetType(); - yield_types->insert(types_it, element->GetType()); + yield_types->insert(types_it, t); vector_val->insert(it, ZVal(std::move(element), t)); } else @@ -3340,14 +3352,19 @@ bool VectorVal::Remove(unsigned int index) return false; auto it = std::next(vector_val->begin(), index); - vector_val->erase(it); if ( yield_types ) { auto types_it = std::next(yield_types->begin(), index); + DeleteIfManaged(*it, *types_it); yield_types->erase(types_it); } + else if ( managed_yield ) + DeleteManagedType(*it); + + vector_val->erase(it); + Modified(); return true; } diff --git a/src/Val.h b/src/Val.h index 98796cf61b..d5665d1dca 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1582,6 +1582,10 @@ private: // the case for empty vectors created using "vector()"). bool any_yield; + // True if this is a vector-of-managed-types, requiring explicit + // memory management. + bool managed_yield; + // For heterogeneous vectors, the individual type of each element, // parallel to vector_val. Heterogeneous vectors can arise for // "vector of any" when disparate elements are stored in the vector. From 963d50bd482417df90ec28cbe3b5e81c8c5c4900 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 08:34:38 -0800 Subject: [PATCH 23/42] fix for now-incorrect assumption that GetField always returns an existing ValPtr --- src/CompHash.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/CompHash.cc b/src/CompHash.cc index 2f19771637..506c4626af 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -184,7 +184,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0, for ( int i = 0; i < num_fields; ++i ) { - auto rv_i = rv->GetField(i).get(); + auto rv_i = rv->GetField(i); Attributes* a = rt->FieldDecl(i)->attrs.get(); bool optional = (a && a->Find(ATTR_OPTIONAL)); @@ -194,7 +194,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0, if ( ! (kp = SingleValHash(type_check, kp, rt->GetFieldType(i).get(), - rv_i, optional)) ) + rv_i.get(), optional)) ) return nullptr; } @@ -517,8 +517,9 @@ int CompositeHash::SingleTypeKeySize(Type* bt, const Val* v, Attributes* a = rt->FieldDecl(i)->attrs.get(); bool optional = (a && a->Find(ATTR_OPTIONAL)); + auto rv_v = rv ? rv->GetField(i) : nullptr; sz = SingleTypeKeySize(rt->GetFieldType(i).get(), - rv ? rv->GetField(i).get() : nullptr, + rv_v.get(), type_check, sz, optional, calc_static_size); if ( ! sz ) From 84a56e353ee5eadc0ceb637fd922587710bb1f2d Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 10:29:32 -0800 Subject: [PATCH 24/42] fix other instances of GetField().get() assuming long-lived ValPtr's --- src/file_analysis/File.cc | 8 ++++---- src/option.bif | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 16b5ac1e9f..a879a16aa4 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -128,12 +128,12 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig) if ( ! conn ) return false; - Val* conns = val->GetField(conns_idx).get(); + auto conns = val->GetField(conns_idx); if ( ! conns ) { auto ect = empty_connection_table(); - conns = ect.get(); + conns = ect; val->Assign(conns_idx, std::move(ect)); } @@ -309,7 +309,7 @@ void File::InferMetadata() { did_metadata_inference = true; - Val* bof_buffer_val = val->GetField(bof_buffer_idx).get(); + auto bof_buffer_val = val->GetField(bof_buffer_idx); if ( ! bof_buffer_val ) { @@ -318,7 +318,7 @@ void File::InferMetadata() String* bs = concatenate(bof_buffer.chunks); val->Assign(bof_buffer_idx, bs); - bof_buffer_val = val->GetField(bof_buffer_idx).get(); + bof_buffer_val = val->GetField(bof_buffer_idx); } if ( ! FileEventAvailable(file_sniff) ) diff --git a/src/option.bif b/src/option.bif index 496baae0cc..fca30b3bdf 100644 --- a/src/option.bif +++ b/src/option.bif @@ -80,7 +80,8 @@ function Option::set%(ID: string, val: any, location: string &default=""%): bool if ( same_type(val->GetType(), zeek::Broker::detail::DataVal::ScriptDataType()) ) { - auto dv = static_cast(val->AsRecordVal()->GetField(0).get()); + auto valptr = val->AsRecordVal()->GetField(0); + auto dv = static_cast(valptr.get()); auto val_from_data = dv->castTo(i->GetType().get()); if ( ! val_from_data ) From 588fcce7df330ad552ffb51413115804cfdbac31 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 10:54:11 -0800 Subject: [PATCH 25/42] explicitly populate holes created in vectors --- src/Val.cc | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/Val.cc b/src/Val.cc index 10f7206c82..72821af7ff 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -3314,14 +3314,14 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) vector::iterator it; vector::iterator types_it; - const auto& t = element->GetType(); + auto n = vector_val->size(); - if ( index < vector_val->size() ) - { + if ( index < n ) + { // May need to delete previous element it = std::next(vector_val->begin(), index); if ( yield_types ) { - DeleteIfManaged(*it, t); + DeleteIfManaged(*it, element->GetType()); types_it = std::next(yield_types->begin(), index); } else if ( managed_yield ) @@ -3332,10 +3332,15 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) it = vector_val->end(); if ( yield_types ) types_it = yield_types->end(); + + // Initialize any holes the assignment induces in the vector. + for ( auto i = n; i < index; ++i ) + vector_val->emplace_back(ZVal()); } if ( yield_types ) { + const auto& t = element->GetType(); yield_types->insert(types_it, t); vector_val->insert(it, ZVal(std::move(element), t)); } From f43be3a206e3b3626dcd6903f95ea8b3a4e55576 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 12:06:02 -0800 Subject: [PATCH 26/42] initialize vector holes to the correct corresponding type --- src/Val.cc | 6 +++- src/ZVal.cc | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++ src/ZVal.h | 3 ++ 3 files changed, 88 insertions(+), 1 deletion(-) diff --git a/src/Val.cc b/src/Val.cc index 72821af7ff..94657cdbde 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -3334,8 +3334,12 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) types_it = yield_types->end(); // Initialize any holes the assignment induces in the vector. + TypePtr fill_t = yield_type; + if ( yield_type->Tag() == TYPE_VOID ) + fill_t = base_type(TYPE_ANY); + for ( auto i = n; i < index; ++i ) - vector_val->emplace_back(ZVal()); + vector_val->emplace_back(ZVal(fill_t)); } if ( yield_types ) diff --git a/src/ZVal.cc b/src/ZVal.cc index 17f94ef825..5480ae0da6 100644 --- a/src/ZVal.cc +++ b/src/ZVal.cc @@ -139,6 +139,86 @@ ZVal::ZVal(ValPtr v, const TypePtr& t) } } +ZVal::ZVal(const TypePtr& t) + { + switch ( t->Tag() ) { + case TYPE_BOOL: + case TYPE_INT: + case TYPE_ENUM: + int_val = 0; + break; + + case TYPE_COUNT: + case TYPE_PORT: + uint_val = 0; + break; + + case TYPE_DOUBLE: + case TYPE_INTERVAL: + case TYPE_TIME: + double_val = 0.0; + break; + + case TYPE_FUNC: + func_val = nullptr; + break; + + case TYPE_FILE: + file_val = nullptr; + break; + + case TYPE_LIST: + list_val = nullptr; + break; + + case TYPE_OPAQUE: + opaque_val = nullptr; + break; + + case TYPE_PATTERN: + re_val = nullptr; + break; + + case TYPE_TABLE: + table_val = nullptr; + break; + + case TYPE_VECTOR: + vector_val = nullptr; + break; + + case TYPE_RECORD: + record_val = nullptr; + break; + + case TYPE_STRING: + string_val = nullptr; + break; + + case TYPE_ADDR: + addr_val = nullptr; + break; + + case TYPE_SUBNET: + subnet_val = nullptr; + break; + + case TYPE_ANY: + any_val = nullptr; + break; + + case TYPE_TYPE: + type_val = nullptr; + break; + + case TYPE_ERROR: + case TYPE_TIMER: + case TYPE_UNION: + case TYPE_VOID: + reporter->InternalError("bad type in ZVal constructor"); + } + } + ValPtr ZVal::ToVal(const TypePtr& t) const { Val* v; diff --git a/src/ZVal.h b/src/ZVal.h index b05eb48ce6..f448e3ceef 100644 --- a/src/ZVal.h +++ b/src/ZVal.h @@ -43,6 +43,9 @@ union ZVal { // Construct from a given higher-level script value with a given type. ZVal(ValPtr v, const TypePtr& t); + // Construct an empty value compatible with the given type. + ZVal(const TypePtr& t); + // Convert to a higher-level script value. The caller needs to // ensure that they're providing the correct type. ValPtr ToVal(const TypePtr& t) const; From 0f10c46f42e6d45f495e84723cbe2e7906ff8c11 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 13:34:53 -0800 Subject: [PATCH 27/42] overlooked another way in which vector holes can be created --- src/Val.cc | 24 +++++++++++++++--------- src/Val.h | 3 +++ 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/src/Val.cc b/src/Val.cc index 94657cdbde..5f39fbba9a 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -3269,8 +3269,11 @@ bool VectorVal::Assign(unsigned int index, ValPtr element) if ( ! CheckElementType(element) ) return false; - if ( index >= vector_val->size() ) + auto n = vector_val->size(); + + if ( index >= n ) { + AddHoles(index - n); vector_val->resize(index + 1); if ( yield_types ) yield_types->resize(index + 1); @@ -3332,14 +3335,7 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) it = vector_val->end(); if ( yield_types ) types_it = yield_types->end(); - - // Initialize any holes the assignment induces in the vector. - TypePtr fill_t = yield_type; - if ( yield_type->Tag() == TYPE_VOID ) - fill_t = base_type(TYPE_ANY); - - for ( auto i = n; i < index; ++i ) - vector_val->emplace_back(ZVal(fill_t)); + AddHoles(index - n); } if ( yield_types ) @@ -3355,6 +3351,16 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) return true; } +void VectorVal::AddHoles(int nholes) + { + TypePtr fill_t = yield_type; + if ( yield_type->Tag() == TYPE_VOID ) + fill_t = base_type(TYPE_ANY); + + for ( auto i = 0; i < nholes; ++i ) + vector_val->emplace_back(ZVal(fill_t)); + } + bool VectorVal::Remove(unsigned int index) { if ( index >= vector_val->size() ) diff --git a/src/Val.h b/src/Val.h index d5665d1dca..70961d0f59 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1571,6 +1571,9 @@ private: // element type-checked. bool CheckElementType(const ValPtr& element); + // Add the given number of "holes" to the end of a vector. + void AddHoles(int nholes); + std::vector* vector_val; // For homogeneous vectors (the usual case), the type of the From 679ee6ce22cc07a9380b5fb0bf5392a1256f68e7 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 17:00:37 -0800 Subject: [PATCH 28/42] fix #include's that lack zeek/ prefixes --- src/script_opt/DefItem.cc | 4 ++-- src/script_opt/ReachingDefs.cc | 2 +- src/script_opt/Reduce.cc | 16 ++++++++-------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/script_opt/DefItem.cc b/src/script_opt/DefItem.cc index d5c7c8dd40..1c3ec90688 100644 --- a/src/script_opt/DefItem.cc +++ b/src/script_opt/DefItem.cc @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "DefItem.h" -#include "Expr.h" +#include "zeek/Expr.h" +#include "zeek/script_opt/DefItem.h" namespace zeek::detail { diff --git a/src/script_opt/ReachingDefs.cc b/src/script_opt/ReachingDefs.cc index 9271ca49ed..d74db1d5a2 100644 --- a/src/script_opt/ReachingDefs.cc +++ b/src/script_opt/ReachingDefs.cc @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. #include "zeek/script_opt/ReachingDefs.h" -#include "Desc.h" +#include "zeek/Desc.h" namespace zeek::detail { diff --git a/src/script_opt/Reduce.cc b/src/script_opt/Reduce.cc index ce13b5063b..05b5efc283 100644 --- a/src/script_opt/Reduce.cc +++ b/src/script_opt/Reduce.cc @@ -1,13 +1,13 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "ID.h" -#include "Var.h" -#include "Scope.h" -#include "Expr.h" -#include "Stmt.h" -#include "Desc.h" -#include "ProfileFunc.h" -#include "Reporter.h" +#include "zeek/ID.h" +#include "zeek/Var.h" +#include "zeek/Scope.h" +#include "zeek/Expr.h" +#include "zeek/Stmt.h" +#include "zeek/Desc.h" +#include "zeek/Reporter.h" +#include "zeek/script_opt/ProfileFunc.h" #include "zeek/script_opt/Reduce.h" #include "zeek/script_opt/TempVar.h" From 498d8c4bdea600c6f92c77658f4cecd89ba6762d Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Fri, 26 Feb 2021 15:51:09 -0800 Subject: [PATCH 29/42] destructor cleanup from ZAM_vector/ZAM_record --- src/Val.cc | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/Val.cc b/src/Val.cc index b08855f8ea..fcdc0eca95 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2868,6 +2868,12 @@ RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t)) RecordVal::~RecordVal() { + auto n = record_val->size(); + + for ( unsigned int i = 0; i < n; ++i ) + if ( HasField(i) ) + DeleteIfManaged((*record_val)[i], rt->GetFieldType(i)); + delete record_val; delete is_in_record; } @@ -3194,8 +3200,21 @@ VectorVal::VectorVal(VectorTypePtr t) : Val(t) VectorVal::~VectorVal() { + if ( yield_types ) + { + auto n = yield_types->size(); + for ( auto i = 0; i < n; ++i ) + DeleteIfManaged((*vector_val)[i], (*yield_types)[i]); + delete yield_types; + } + + else if ( IsManagedType(yield_type) ) + { + for ( auto& elem : *vector_val ) + DeleteManagedType(elem); + } + delete vector_val; - delete yield_types; } ValPtr VectorVal::SizeVal() const From 7adcd1b27ba7211408598fb8b275ef20dbaa0247 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 06:11:01 -0800 Subject: [PATCH 30/42] memory management for assignment to record fields --- src/Type.cc | 20 +++++++++++++++++++- src/Type.h | 11 +++++++++++ src/Val.cc | 15 +++++++++------ src/Val.h | 33 +++++++++++++++++++++------------ 4 files changed, 60 insertions(+), 19 deletions(-) diff --git a/src/Type.cc b/src/Type.cc index 3543edd195..0bd5b90227 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -826,7 +826,16 @@ void TypeDecl::DescribeReST(ODesc* d, bool roles_only) const RecordType::RecordType(type_decl_list* arg_types) : Type(TYPE_RECORD) { types = arg_types; - num_fields = types ? types->length() : 0; + + if ( types ) + { + num_fields = types->length(); + + loop_over_list(*types, i) + AddField(i, (*types)[i]); + } + else + num_fields = 0; } // in this case the clone is actually not so shallow, since @@ -850,6 +859,13 @@ RecordType::~RecordType() } } +void RecordType::AddField(unsigned int field, const TypeDecl* td) + { + ASSERT(field == managed_fields.size()); + + managed_fields.push_back(IsManagedType(td->type)); + } + bool RecordType::HasField(const char* field) const { return FieldOffset(field) >= 0; @@ -1023,7 +1039,9 @@ const char* RecordType::AddFields(const type_decl_list& others, td->attrs->AddAttr(make_intrusive(detail::ATTR_LOG)); } + int field = types->size(); types->push_back(td); + AddField(field, td); } num_fields = types->length(); diff --git a/src/Type.h b/src/Type.h index 88d6efdb25..5e5978506b 100644 --- a/src/Type.h +++ b/src/Type.h @@ -599,6 +599,11 @@ public: const TypeDecl* FieldDecl(int field) const; TypeDecl* FieldDecl(int field); + // Returns flags corresponding to which fields in the record + // have types requiring memory management (reference counting). + const std::vector& ManagedFields() const + { return managed_fields; } + int NumFields() const { return num_fields; } /** @@ -634,6 +639,12 @@ public: protected: RecordType() { types = nullptr; } + void AddField(unsigned int field, const TypeDecl* td); + + // If we were willing to bound the size of records, then we could + // use std::bitset here instead. + std::vector managed_fields; + int num_fields; type_decl_list* types; }; diff --git a/src/Val.cc b/src/Val.cc index fcdc0eca95..166445d6f8 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2785,10 +2785,11 @@ TableVal::TableRecordDependencies TableVal::parse_time_table_record_dependencies RecordVal::RecordTypeValMap RecordVal::parse_time_records; -RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t)) +RecordVal::RecordVal(RecordTypePtr t, bool init_fields) +: Val(t), is_managed(t->ManagedFields()) { origin = nullptr; - rt = {NewRef{}, GetType()->AsRecordType()}; + rt = std::move(t); int n = rt->NumFields(); @@ -2871,8 +2872,8 @@ RecordVal::~RecordVal() auto n = record_val->size(); for ( unsigned int i = 0; i < n; ++i ) - if ( HasField(i) ) - DeleteIfManaged((*record_val)[i], rt->GetFieldType(i)); + if ( HasField(i) && IsManaged(i) ) + DeleteManagedType((*record_val)[i]); delete record_val; delete is_in_record; @@ -2887,6 +2888,8 @@ void RecordVal::Assign(int field, ValPtr new_val) { if ( new_val ) { + DeleteFieldIfManaged(field); + auto t = rt->GetFieldType(field); (*record_val)[field] = ZVal(new_val, t); (*is_in_record)[field] = true; @@ -2900,8 +2903,8 @@ void RecordVal::Remove(int field) { if ( HasField(field) ) { - auto t = rt->GetFieldType(field); - DeleteIfManaged((*record_val)[field], t); + if ( IsManaged(field) ) + DeleteManagedType((*record_val)[field]); (*record_val)[field] = ZVal(); (*is_in_record)[field] = false; diff --git a/src/Val.h b/src/Val.h index 11ba8e5ac8..98796cf61b 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1110,21 +1110,18 @@ public: void AssignInterval(int field, double new_val) { Assign(field, new_val); } + void Assign(int field, StringVal* new_val) + { + DeleteManagedType((*record_val)[field]); + (*record_val)[field].string_val = new_val; + AddedField(field); + } void Assign(int field, const char* new_val) - { - (*record_val)[field].string_val = new StringVal(new_val); - AddedField(field); - } + { Assign(field, new StringVal(new_val)); } void Assign(int field, const std::string& new_val) - { - (*record_val)[field].string_val = new StringVal(new_val); - AddedField(field); - } + { Assign(field, new StringVal(new_val)); } void Assign(int field, String* new_val) - { - (*record_val)[field].string_val = new StringVal(new_val); - AddedField(field); - } + { Assign(field, new StringVal(new_val)); } /** * Appends a value to the record's fields. The caller is responsible @@ -1381,6 +1378,15 @@ protected: static RecordTypeValMap parse_time_records; private: + void DeleteFieldIfManaged(unsigned int field) + { + if ( HasField(field) && IsManaged(field) ) + DeleteManagedType((*record_val)[field]); + } + + bool IsManaged(unsigned int offset) const + { return is_managed[offset]; } + // Just for template inferencing. RecordVal* Get() { return this; } @@ -1394,6 +1400,9 @@ private: // Zeek does not enforce that non-optional fields are actually // present. std::vector* is_in_record; + + // Whether a given field requires explicit memory management. + const std::vector& is_managed; }; class EnumVal final : public detail::IntValImplementation { From 3a59bc1a371dcc5de7f5b8e86f56d9b40e354834 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 06:37:50 -0800 Subject: [PATCH 31/42] memory management for assignment to vector elements --- src/Val.cc | 25 +++++++++++++++++++++---- src/Val.h | 4 ++++ 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/src/Val.cc b/src/Val.cc index 166445d6f8..10f7206c82 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -3199,6 +3199,7 @@ VectorVal::VectorVal(VectorTypePtr t) : Val(t) auto y_tag = yield_type->Tag(); any_yield = (y_tag == TYPE_VOID || y_tag == TYPE_ANY); + managed_yield = IsManagedType(yield_type); } VectorVal::~VectorVal() @@ -3211,7 +3212,7 @@ VectorVal::~VectorVal() delete yield_types; } - else if ( IsManagedType(yield_type) ) + else if ( managed_yield ) { for ( auto& elem : *vector_val ) DeleteManagedType(elem); @@ -3279,10 +3280,15 @@ bool VectorVal::Assign(unsigned int index, ValPtr element) { const auto& t = element->GetType(); (*yield_types)[index] = t; + DeleteIfManaged((*vector_val)[index], t); (*vector_val)[index] = ZVal(std::move(element), t); } else + { + if ( managed_yield ) + DeleteManagedType((*vector_val)[index]); (*vector_val)[index] = ZVal(std::move(element), yield_type); + } Modified(); return true; @@ -3308,11 +3314,18 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) vector::iterator it; vector::iterator types_it; + const auto& t = element->GetType(); + if ( index < vector_val->size() ) { it = std::next(vector_val->begin(), index); if ( yield_types ) + { + DeleteIfManaged(*it, t); types_it = std::next(yield_types->begin(), index); + } + else if ( managed_yield ) + DeleteManagedType(*it); } else { @@ -3323,8 +3336,7 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) if ( yield_types ) { - const auto& t = element->GetType(); - yield_types->insert(types_it, element->GetType()); + yield_types->insert(types_it, t); vector_val->insert(it, ZVal(std::move(element), t)); } else @@ -3340,14 +3352,19 @@ bool VectorVal::Remove(unsigned int index) return false; auto it = std::next(vector_val->begin(), index); - vector_val->erase(it); if ( yield_types ) { auto types_it = std::next(yield_types->begin(), index); + DeleteIfManaged(*it, *types_it); yield_types->erase(types_it); } + else if ( managed_yield ) + DeleteManagedType(*it); + + vector_val->erase(it); + Modified(); return true; } diff --git a/src/Val.h b/src/Val.h index 98796cf61b..d5665d1dca 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1582,6 +1582,10 @@ private: // the case for empty vectors created using "vector()"). bool any_yield; + // True if this is a vector-of-managed-types, requiring explicit + // memory management. + bool managed_yield; + // For heterogeneous vectors, the individual type of each element, // parallel to vector_val. Heterogeneous vectors can arise for // "vector of any" when disparate elements are stored in the vector. From 2f47cce8a616397305dbeed8c631ab08ab2d528b Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 08:34:38 -0800 Subject: [PATCH 32/42] fixes for now-incorrect assumption that GetField always returns an existing ValPtr --- src/CompHash.cc | 7 ++++--- src/file_analysis/File.cc | 8 ++++---- src/option.bif | 3 ++- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/CompHash.cc b/src/CompHash.cc index 2f19771637..506c4626af 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -184,7 +184,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0, for ( int i = 0; i < num_fields; ++i ) { - auto rv_i = rv->GetField(i).get(); + auto rv_i = rv->GetField(i); Attributes* a = rt->FieldDecl(i)->attrs.get(); bool optional = (a && a->Find(ATTR_OPTIONAL)); @@ -194,7 +194,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0, if ( ! (kp = SingleValHash(type_check, kp, rt->GetFieldType(i).get(), - rv_i, optional)) ) + rv_i.get(), optional)) ) return nullptr; } @@ -517,8 +517,9 @@ int CompositeHash::SingleTypeKeySize(Type* bt, const Val* v, Attributes* a = rt->FieldDecl(i)->attrs.get(); bool optional = (a && a->Find(ATTR_OPTIONAL)); + auto rv_v = rv ? rv->GetField(i) : nullptr; sz = SingleTypeKeySize(rt->GetFieldType(i).get(), - rv ? rv->GetField(i).get() : nullptr, + rv_v.get(), type_check, sz, optional, calc_static_size); if ( ! sz ) diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 16b5ac1e9f..a879a16aa4 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -128,12 +128,12 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig) if ( ! conn ) return false; - Val* conns = val->GetField(conns_idx).get(); + auto conns = val->GetField(conns_idx); if ( ! conns ) { auto ect = empty_connection_table(); - conns = ect.get(); + conns = ect; val->Assign(conns_idx, std::move(ect)); } @@ -309,7 +309,7 @@ void File::InferMetadata() { did_metadata_inference = true; - Val* bof_buffer_val = val->GetField(bof_buffer_idx).get(); + auto bof_buffer_val = val->GetField(bof_buffer_idx); if ( ! bof_buffer_val ) { @@ -318,7 +318,7 @@ void File::InferMetadata() String* bs = concatenate(bof_buffer.chunks); val->Assign(bof_buffer_idx, bs); - bof_buffer_val = val->GetField(bof_buffer_idx).get(); + bof_buffer_val = val->GetField(bof_buffer_idx); } if ( ! FileEventAvailable(file_sniff) ) diff --git a/src/option.bif b/src/option.bif index 496baae0cc..fca30b3bdf 100644 --- a/src/option.bif +++ b/src/option.bif @@ -80,7 +80,8 @@ function Option::set%(ID: string, val: any, location: string &default=""%): bool if ( same_type(val->GetType(), zeek::Broker::detail::DataVal::ScriptDataType()) ) { - auto dv = static_cast(val->AsRecordVal()->GetField(0).get()); + auto valptr = val->AsRecordVal()->GetField(0); + auto dv = static_cast(valptr.get()); auto val_from_data = dv->castTo(i->GetType().get()); if ( ! val_from_data ) From 6aab151d9716979279ac7d9c8a98d7142051014e Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 10:54:11 -0800 Subject: [PATCH 33/42] explicitly populate holes created in vectors --- src/Val.cc | 25 +++++++++++++---- src/Val.h | 3 ++ src/ZVal.cc | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++ src/ZVal.h | 3 ++ 4 files changed, 106 insertions(+), 5 deletions(-) diff --git a/src/Val.cc b/src/Val.cc index 10f7206c82..5f39fbba9a 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -3269,8 +3269,11 @@ bool VectorVal::Assign(unsigned int index, ValPtr element) if ( ! CheckElementType(element) ) return false; - if ( index >= vector_val->size() ) + auto n = vector_val->size(); + + if ( index >= n ) { + AddHoles(index - n); vector_val->resize(index + 1); if ( yield_types ) yield_types->resize(index + 1); @@ -3314,14 +3317,14 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) vector::iterator it; vector::iterator types_it; - const auto& t = element->GetType(); + auto n = vector_val->size(); - if ( index < vector_val->size() ) - { + if ( index < n ) + { // May need to delete previous element it = std::next(vector_val->begin(), index); if ( yield_types ) { - DeleteIfManaged(*it, t); + DeleteIfManaged(*it, element->GetType()); types_it = std::next(yield_types->begin(), index); } else if ( managed_yield ) @@ -3332,10 +3335,12 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) it = vector_val->end(); if ( yield_types ) types_it = yield_types->end(); + AddHoles(index - n); } if ( yield_types ) { + const auto& t = element->GetType(); yield_types->insert(types_it, t); vector_val->insert(it, ZVal(std::move(element), t)); } @@ -3346,6 +3351,16 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) return true; } +void VectorVal::AddHoles(int nholes) + { + TypePtr fill_t = yield_type; + if ( yield_type->Tag() == TYPE_VOID ) + fill_t = base_type(TYPE_ANY); + + for ( auto i = 0; i < nholes; ++i ) + vector_val->emplace_back(ZVal(fill_t)); + } + bool VectorVal::Remove(unsigned int index) { if ( index >= vector_val->size() ) diff --git a/src/Val.h b/src/Val.h index d5665d1dca..70961d0f59 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1571,6 +1571,9 @@ private: // element type-checked. bool CheckElementType(const ValPtr& element); + // Add the given number of "holes" to the end of a vector. + void AddHoles(int nholes); + std::vector* vector_val; // For homogeneous vectors (the usual case), the type of the diff --git a/src/ZVal.cc b/src/ZVal.cc index 17f94ef825..5480ae0da6 100644 --- a/src/ZVal.cc +++ b/src/ZVal.cc @@ -139,6 +139,86 @@ ZVal::ZVal(ValPtr v, const TypePtr& t) } } +ZVal::ZVal(const TypePtr& t) + { + switch ( t->Tag() ) { + case TYPE_BOOL: + case TYPE_INT: + case TYPE_ENUM: + int_val = 0; + break; + + case TYPE_COUNT: + case TYPE_PORT: + uint_val = 0; + break; + + case TYPE_DOUBLE: + case TYPE_INTERVAL: + case TYPE_TIME: + double_val = 0.0; + break; + + case TYPE_FUNC: + func_val = nullptr; + break; + + case TYPE_FILE: + file_val = nullptr; + break; + + case TYPE_LIST: + list_val = nullptr; + break; + + case TYPE_OPAQUE: + opaque_val = nullptr; + break; + + case TYPE_PATTERN: + re_val = nullptr; + break; + + case TYPE_TABLE: + table_val = nullptr; + break; + + case TYPE_VECTOR: + vector_val = nullptr; + break; + + case TYPE_RECORD: + record_val = nullptr; + break; + + case TYPE_STRING: + string_val = nullptr; + break; + + case TYPE_ADDR: + addr_val = nullptr; + break; + + case TYPE_SUBNET: + subnet_val = nullptr; + break; + + case TYPE_ANY: + any_val = nullptr; + break; + + case TYPE_TYPE: + type_val = nullptr; + break; + + case TYPE_ERROR: + case TYPE_TIMER: + case TYPE_UNION: + case TYPE_VOID: + reporter->InternalError("bad type in ZVal constructor"); + } + } + ValPtr ZVal::ToVal(const TypePtr& t) const { Val* v; diff --git a/src/ZVal.h b/src/ZVal.h index b05eb48ce6..f448e3ceef 100644 --- a/src/ZVal.h +++ b/src/ZVal.h @@ -43,6 +43,9 @@ union ZVal { // Construct from a given higher-level script value with a given type. ZVal(ValPtr v, const TypePtr& t); + // Construct an empty value compatible with the given type. + ZVal(const TypePtr& t); + // Convert to a higher-level script value. The caller needs to // ensure that they're providing the correct type. ValPtr ToVal(const TypePtr& t) const; From 526ba54f1513a619033242f9a57d80b79af62bb3 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Sat, 27 Feb 2021 17:00:37 -0800 Subject: [PATCH 34/42] fix #include's that lack zeek/ prefixes --- src/script_opt/DefItem.cc | 4 ++-- src/script_opt/ReachingDefs.cc | 2 +- src/script_opt/Reduce.cc | 16 ++++++++-------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/script_opt/DefItem.cc b/src/script_opt/DefItem.cc index d5c7c8dd40..1c3ec90688 100644 --- a/src/script_opt/DefItem.cc +++ b/src/script_opt/DefItem.cc @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "DefItem.h" -#include "Expr.h" +#include "zeek/Expr.h" +#include "zeek/script_opt/DefItem.h" namespace zeek::detail { diff --git a/src/script_opt/ReachingDefs.cc b/src/script_opt/ReachingDefs.cc index 9271ca49ed..d74db1d5a2 100644 --- a/src/script_opt/ReachingDefs.cc +++ b/src/script_opt/ReachingDefs.cc @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. #include "zeek/script_opt/ReachingDefs.h" -#include "Desc.h" +#include "zeek/Desc.h" namespace zeek::detail { diff --git a/src/script_opt/Reduce.cc b/src/script_opt/Reduce.cc index ce13b5063b..05b5efc283 100644 --- a/src/script_opt/Reduce.cc +++ b/src/script_opt/Reduce.cc @@ -1,13 +1,13 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "ID.h" -#include "Var.h" -#include "Scope.h" -#include "Expr.h" -#include "Stmt.h" -#include "Desc.h" -#include "ProfileFunc.h" -#include "Reporter.h" +#include "zeek/ID.h" +#include "zeek/Var.h" +#include "zeek/Scope.h" +#include "zeek/Expr.h" +#include "zeek/Stmt.h" +#include "zeek/Desc.h" +#include "zeek/Reporter.h" +#include "zeek/script_opt/ProfileFunc.h" #include "zeek/script_opt/Reduce.h" #include "zeek/script_opt/TempVar.h" From 150ba6443e27a21b56fb60917349f42a5790acb4 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Mon, 1 Mar 2021 11:18:12 -0700 Subject: [PATCH 35/42] Remove use of obsolete forward-declaration macros --- src/ZVal.h | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/src/ZVal.h b/src/ZVal.h index f448e3ceef..e96615a12d 100644 --- a/src/ZVal.h +++ b/src/ZVal.h @@ -4,27 +4,29 @@ #pragma once +#include "zeek/zeek-config.h" + #include #include "zeek/Dict.h" #include "zeek/Expr.h" -ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(AddrVal, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(SubNetVal, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(File, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(Func, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(ListVal, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(OpaqueVal, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(PatternVal, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(Type, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek); - namespace zeek { +class StringVal; +class AddrVal; +class SubNetVal; +class File; +class Func; +class ListVal; +class OpaqueVal; +class PatternVal; +class TableVal; +class RecordVal; +class VectorVal; +class Type; +class Val; + // Note that a ZVal by itself is ambiguous: it doesn't track its type. // This makes them consume less memory and cheaper to copy. It does // however require a separate way to determine the type. Generally From 602d8a537277986ec2c19bed016375c7f40cf706 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Mon, 1 Mar 2021 17:08:06 -0800 Subject: [PATCH 36/42] address lint concern about uninitialized variable --- src/ZVal.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ZVal.cc b/src/ZVal.cc index 5480ae0da6..0fa35c98d4 100644 --- a/src/ZVal.cc +++ b/src/ZVal.cc @@ -289,6 +289,7 @@ ValPtr ZVal::ToVal(const TypePtr& t) const case TYPE_TIMER: case TYPE_UNION: case TYPE_VOID: + v = nullptr; reporter->InternalError("bad ret type return tag"); } From 1e316c05c9856375b0e59ba2967c30efadb4e6d0 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Mon, 1 Mar 2021 17:08:14 -0800 Subject: [PATCH 37/42] fix some unsigned/signed integer warnings --- src/Val.cc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Val.cc b/src/Val.cc index 5f39fbba9a..a504e398d6 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -3206,7 +3206,7 @@ VectorVal::~VectorVal() { if ( yield_types ) { - auto n = yield_types->size(); + int n = yield_types->size(); for ( auto i = 0; i < n; ++i ) DeleteIfManaged((*vector_val)[i], (*yield_types)[i]); delete yield_types; @@ -3238,7 +3238,7 @@ bool VectorVal::CheckElementType(const ValPtr& element) if ( any_yield ) { - auto n = vector_val->size(); + int n = vector_val->size(); if ( n == 0 ) // First addition to an empty vector-of-any, perhaps @@ -3269,7 +3269,7 @@ bool VectorVal::Assign(unsigned int index, ValPtr element) if ( ! CheckElementType(element) ) return false; - auto n = vector_val->size(); + unsigned int n = vector_val->size(); if ( index >= n ) { @@ -3555,7 +3555,7 @@ VectorValPtr VectorVal::Order(Func* cmp_func) // Set up initial mapping of indices directly to corresponding // elements. vector ind_vv(n); - size_t i; + int i; for ( i = 0; i < n; ++i ) { ind_vv[i] = i; @@ -3615,7 +3615,7 @@ ValPtr VectorVal::DoClone(CloneState* state) vv->Reserve(vector_val->size()); state->NewClone(this, vv); - auto n = vector_val->size(); + int n = vector_val->size(); for ( auto i = 0; i < n; ++i ) { From efe40204e06d07c3b840dc705d53c72e6762b293 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 18 Mar 2021 11:31:31 -0700 Subject: [PATCH 38/42] change functions for ZVal type management to static members --- src/Type.cc | 2 +- src/Val.cc | 26 +++++++++++++------------- src/Val.h | 4 ++-- src/ZVal.cc | 49 ++++++++++++++++++++++++------------------------- src/ZVal.h | 36 ++++++++++++++++++------------------ 5 files changed, 58 insertions(+), 59 deletions(-) diff --git a/src/Type.cc b/src/Type.cc index 0bd5b90227..41d1468041 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -863,7 +863,7 @@ void RecordType::AddField(unsigned int field, const TypeDecl* td) { ASSERT(field == managed_fields.size()); - managed_fields.push_back(IsManagedType(td->type)); + managed_fields.push_back(ZVal::IsManagedType(td->type)); } bool RecordType::HasField(const char* field) const diff --git a/src/Val.cc b/src/Val.cc index a504e398d6..6afac43654 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2873,7 +2873,7 @@ RecordVal::~RecordVal() for ( unsigned int i = 0; i < n; ++i ) if ( HasField(i) && IsManaged(i) ) - DeleteManagedType((*record_val)[i]); + ZVal::DeleteManagedType((*record_val)[i]); delete record_val; delete is_in_record; @@ -2904,7 +2904,7 @@ void RecordVal::Remove(int field) if ( HasField(field) ) { if ( IsManaged(field) ) - DeleteManagedType((*record_val)[field]); + ZVal::DeleteManagedType((*record_val)[field]); (*record_val)[field] = ZVal(); (*is_in_record)[field] = false; @@ -3199,7 +3199,7 @@ VectorVal::VectorVal(VectorTypePtr t) : Val(t) auto y_tag = yield_type->Tag(); any_yield = (y_tag == TYPE_VOID || y_tag == TYPE_ANY); - managed_yield = IsManagedType(yield_type); + managed_yield = ZVal::IsManagedType(yield_type); } VectorVal::~VectorVal() @@ -3208,14 +3208,14 @@ VectorVal::~VectorVal() { int n = yield_types->size(); for ( auto i = 0; i < n; ++i ) - DeleteIfManaged((*vector_val)[i], (*yield_types)[i]); + ZVal::DeleteIfManaged((*vector_val)[i], (*yield_types)[i]); delete yield_types; } else if ( managed_yield ) { for ( auto& elem : *vector_val ) - DeleteManagedType(elem); + ZVal::DeleteManagedType(elem); } delete vector_val; @@ -3283,13 +3283,13 @@ bool VectorVal::Assign(unsigned int index, ValPtr element) { const auto& t = element->GetType(); (*yield_types)[index] = t; - DeleteIfManaged((*vector_val)[index], t); + ZVal::DeleteIfManaged((*vector_val)[index], t); (*vector_val)[index] = ZVal(std::move(element), t); } else { if ( managed_yield ) - DeleteManagedType((*vector_val)[index]); + ZVal::DeleteManagedType((*vector_val)[index]); (*vector_val)[index] = ZVal(std::move(element), yield_type); } @@ -3324,11 +3324,11 @@ bool VectorVal::Insert(unsigned int index, ValPtr element) it = std::next(vector_val->begin(), index); if ( yield_types ) { - DeleteIfManaged(*it, element->GetType()); + ZVal::DeleteIfManaged(*it, element->GetType()); types_it = std::next(yield_types->begin(), index); } else if ( managed_yield ) - DeleteManagedType(*it); + ZVal::DeleteManagedType(*it); } else { @@ -3371,12 +3371,12 @@ bool VectorVal::Remove(unsigned int index) if ( yield_types ) { auto types_it = std::next(yield_types->begin(), index); - DeleteIfManaged(*it, *types_it); + ZVal::DeleteIfManaged(*it, *types_it); yield_types->erase(types_it); } else if ( managed_yield ) - DeleteManagedType(*it); + ZVal::DeleteManagedType(*it); vector_val->erase(it); @@ -3488,7 +3488,7 @@ void VectorVal::Sort(Func* cmp_func) reporter->RuntimeError(GetLocationInfo(), "cannot sort a vector-of-any"); sort_type = yield_type; - sort_type_is_managed = IsManagedType(sort_type); + sort_type_is_managed = ZVal::IsManagedType(sort_type); bool (*sort_func)(const ZVal&, const ZVal&); @@ -3525,7 +3525,7 @@ VectorValPtr VectorVal::Order(Func* cmp_func) } sort_type = yield_type; - sort_type_is_managed = IsManagedType(sort_type); + sort_type_is_managed = ZVal::IsManagedType(sort_type); bool (*sort_func)(size_t, size_t); diff --git a/src/Val.h b/src/Val.h index 70961d0f59..06a74085b5 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1112,7 +1112,7 @@ public: void Assign(int field, StringVal* new_val) { - DeleteManagedType((*record_val)[field]); + ZVal::DeleteManagedType((*record_val)[field]); (*record_val)[field].string_val = new_val; AddedField(field); } @@ -1381,7 +1381,7 @@ private: void DeleteFieldIfManaged(unsigned int field) { if ( HasField(field) && IsManaged(field) ) - DeleteManagedType((*record_val)[field]); + ZVal::DeleteManagedType((*record_val)[field]); } bool IsManaged(unsigned int offset) const diff --git a/src/ZVal.cc b/src/ZVal.cc index 0fa35c98d4..a5dfea8a7e 100644 --- a/src/ZVal.cc +++ b/src/ZVal.cc @@ -13,31 +13,6 @@ using namespace zeek; bool ZVal::zval_was_nil = false; -bool zeek::IsManagedType(const TypePtr& t) - { - switch ( t->Tag() ) { - case zeek::TYPE_ADDR: - case zeek::TYPE_ANY: - case zeek::TYPE_FILE: - case zeek::TYPE_FUNC: - case zeek::TYPE_LIST: - case zeek::TYPE_OPAQUE: - case zeek::TYPE_PATTERN: - case zeek::TYPE_RECORD: - case zeek::TYPE_STRING: - case zeek::TYPE_SUBNET: - case zeek::TYPE_TABLE: - case zeek::TYPE_TYPE: - case zeek::TYPE_VECTOR: - return true; - - default: - return false; - - } - } - - ZVal::ZVal(ValPtr v, const TypePtr& t) { if ( ! v ) @@ -300,3 +275,27 @@ ValPtr ZVal::ToVal(const TypePtr& t) const return nullptr; } + +bool ZVal::IsManagedType(const TypePtr& t) + { + switch ( t->Tag() ) { + case zeek::TYPE_ADDR: + case zeek::TYPE_ANY: + case zeek::TYPE_FILE: + case zeek::TYPE_FUNC: + case zeek::TYPE_LIST: + case zeek::TYPE_OPAQUE: + case zeek::TYPE_PATTERN: + case zeek::TYPE_RECORD: + case zeek::TYPE_STRING: + case zeek::TYPE_SUBNET: + case zeek::TYPE_TABLE: + case zeek::TYPE_TYPE: + case zeek::TYPE_VECTOR: + return true; + + default: + return false; + + } + } diff --git a/src/ZVal.h b/src/ZVal.h index e96615a12d..7cfb228047 100644 --- a/src/ZVal.h +++ b/src/ZVal.h @@ -79,6 +79,24 @@ union ZVal { Obj* ManagedVal() const { return managed_val; } + // True if a given type is one for which we manage the associated + // memory internally. + static bool IsManagedType(const TypePtr& t); + + // Deletes a managed value. Caller needs to ensure that the ZVal + // indeed holds such. + static void DeleteManagedType(ZVal& v) + { + Unref(v.ManagedVal()); + } + + // Deletes a possibly-managed value. + static void DeleteIfManaged(ZVal& v, const TypePtr& t) + { + if ( IsManagedType(t) ) + DeleteManagedType(v); + } + private: friend class RecordVal; friend class VectorVal; @@ -124,22 +142,4 @@ private: static bool zval_was_nil; }; -// True if a given type is one for which we manage the associated -// memory internally. -bool IsManagedType(const TypePtr& t); - -// Deletes a managed value. Caller needs to ensure that the ZVal -// indeed holds such. -inline void DeleteManagedType(ZVal& v) - { - Unref(v.ManagedVal()); - } - -// Deletes a possibly-managed value. -inline void DeleteIfManaged(ZVal& v, const TypePtr& t) - { - if ( IsManagedType(t) ) - DeleteManagedType(v); - } - } // zeek From 2faaccf10a05e0deab3eec9703adea00126f7fbb Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 18 Mar 2021 11:32:34 -0700 Subject: [PATCH 39/42] explain cmp_func default --- src/Val.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Val.h b/src/Val.h index 06a74085b5..4b5fe3f345 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1522,7 +1522,10 @@ public: /** * Returns a "vector of count" holding the indices of this * vector when sorted using the given (optional) comparison function. - * @param cmp_func Comparison function for vector elements. + * @param cmp_func Comparison function for vector elements. If + * nullptr, then the vector must be internally + * of a numeric, and the usual '<' comparison + * will be used. */ VectorValPtr Order(Func* cmp_func = nullptr); From 245108e86e34c655bfdc09eb182d5ae35bc5d282 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Thu, 18 Mar 2021 13:24:25 -0700 Subject: [PATCH 40/42] remove unnecessary casts, and change necessary ones to use static_cast<> --- src/IP.cc | 16 +++--- src/Val.h | 2 +- .../protocol/bittorrent/BitTorrentTracker.cc | 2 +- src/analyzer/protocol/dhcp/dhcp-options.pac | 2 +- src/analyzer/protocol/dns/DNS.cc | 40 +++++++------- .../protocol/gtpv1/gtpv1-analyzer.pac | 10 ++-- src/analyzer/protocol/http/HTTP.cc | 8 +-- src/analyzer/protocol/icmp/ICMP.cc | 42 +++++++-------- src/analyzer/protocol/krb/krb-analyzer.pac | 30 +++++------ src/analyzer/protocol/krb/krb-padata.pac | 10 ++-- .../protocol/mqtt/commands/connack.pac | 2 +- .../protocol/mqtt/commands/connect.pac | 4 +- .../protocol/mqtt/commands/publish.pac | 4 +- src/analyzer/protocol/ntlm/ntlm-analyzer.pac | 46 ++++++++-------- src/analyzer/protocol/ntp/ntp-analyzer.pac | 10 ++-- src/analyzer/protocol/rdp/rdp-analyzer.pac | 46 ++++++++-------- src/analyzer/protocol/rpc/Portmap.cc | 2 +- .../protocol/smb/smb1-com-negotiate.pac | 52 +++++++++---------- .../smb/smb1-com-session-setup-andx.pac | 28 +++++----- .../protocol/smb/smb2-com-session-setup.pac | 6 +-- .../protocol/smb/smb2-com-set-info.pac | 6 +-- src/analyzer/protocol/smb/smb2-protocol.pac | 30 +++++------ src/analyzer/protocol/snmp/snmp-analyzer.pac | 8 +-- src/analyzer/protocol/ssh/ssh-analyzer.pac | 2 +- src/analyzer/protocol/tcp/TCP.cc | 32 ++++++------ src/analyzer/protocol/udp/UDP.cc | 6 +-- src/file_analysis/analyzer/x509/X509.cc | 4 +- src/iosource/pcap/pcap.bif | 6 +-- src/stats.bif | 32 ++++++------ src/zeek.bif | 18 +++---- 30 files changed, 253 insertions(+), 253 deletions(-) diff --git a/src/IP.cc b/src/IP.cc index e85ba0a39c..d086997645 100644 --- a/src/IP.cc +++ b/src/IP.cc @@ -122,7 +122,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const rv->Assign(1, frag->ip6f_reserved); rv->Assign(2, (ntohs(frag->ip6f_offlg) & 0xfff8)>>3); rv->Assign(3, (ntohs(frag->ip6f_offlg) & 0x0006)>>1); - rv->Assign(4, bool(ntohs(frag->ip6f_offlg) & 0x0001)); + rv->Assign(4, static_cast(ntohs(frag->ip6f_offlg) & 0x0001)); rv->Assign(5, ntohl(frag->ip6f_ident)); } break; @@ -246,10 +246,10 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const { auto m = make_intrusive(ip6_mob_bu_type); m->Assign(0, ntohs(*((uint16_t*)msg_data)))); - m->Assign(1, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000)); - m->Assign(2, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000)); - m->Assign(3, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000)); - m->Assign(4, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000)); + m->Assign(1, static_cast(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000)); + m->Assign(2, static_cast(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000)); + m->Assign(3, static_cast(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000)); + m->Assign(4, static_cast(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000)); m->Assign(5, ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))); off += 3 * sizeof(uint16_t); m->Assign(6, BuildOptionsVal(data + off, Length() - off)); @@ -261,7 +261,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const { auto m = make_intrusive(ip6_mob_back_type); m->Assign(0, *((uint8_t*)msg_data)); - m->Assign(1, bool(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80)); + m->Assign(1, static_cast(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80)); m->Assign(2, ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t))))); m->Assign(3, ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))); off += 3 * sizeof(uint16_t); @@ -379,8 +379,8 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const tcp_hdr->Assign(0, val_mgr->Port(ntohs(tp->th_sport), TRANSPORT_TCP)); tcp_hdr->Assign(1, val_mgr->Port(ntohs(tp->th_dport), TRANSPORT_TCP)); - tcp_hdr->Assign(2, uint32_t(ntohl(tp->th_seq))); - tcp_hdr->Assign(3, uint32_t(ntohl(tp->th_ack))); + tcp_hdr->Assign(2, ntohl(tp->th_seq)); + tcp_hdr->Assign(3, ntohl(tp->th_ack)); tcp_hdr->Assign(4, tcp_hdr_len); tcp_hdr->Assign(5, data_len); tcp_hdr->Assign(6, tp->th_x2); diff --git a/src/Val.h b/src/Val.h index 4b5fe3f345..dcb7b8d222 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1543,7 +1543,7 @@ public: const RecordVal* RecordValAt(unsigned int index) const { return (*vector_val)[index].record_val; } bool BoolAt(unsigned int index) const - { return bool((*vector_val)[index].uint_val); } + { return static_cast((*vector_val)[index].uint_val); } const StringVal* StringValAt(unsigned int index) const { return (*vector_val)[index].string_val; } const String* StringAt(unsigned int index) const diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index 2f757c6969..68f423b751 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -500,7 +500,7 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name, auto benc_value = make_intrusive(bittorrent_benc_value); auto name_ = make_intrusive(name_len, name); - benc_value->Assign(type, int(value)); + benc_value->Assign(type, static_cast(value)); res_val_benc->Assign(std::move(name_), std::move(benc_value)); } diff --git a/src/analyzer/protocol/dhcp/dhcp-options.pac b/src/analyzer/protocol/dhcp/dhcp-options.pac index d83ff93243..632c4059ea 100644 --- a/src/analyzer/protocol/dhcp/dhcp-options.pac +++ b/src/analyzer/protocol/dhcp/dhcp-options.pac @@ -34,7 +34,7 @@ refine casetype OptionValue += { refine flow DHCP_Flow += { function process_time_offset_option(v: OptionValue): bool %{ - ${context.flow}->options->Assign(25, int(${v.time_offset})); + ${context.flow}->options->Assign(25, ${v.time_offset}); return true; %} }; diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 48be5bd7db..fa30291201 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -1852,11 +1852,11 @@ RecordValPtr DNS_MsgInfo::BuildHdrVal() r->Assign(0, id); r->Assign(1, opcode); r->Assign(2, rcode); - r->Assign(3, bool(QR)); - r->Assign(4, bool(AA)); - r->Assign(5, bool(TC)); - r->Assign(6, bool(RD)); - r->Assign(7, bool(RA)); + r->Assign(3, static_cast(QR)); + r->Assign(4, static_cast(AA)); + r->Assign(5, static_cast(TC)); + r->Assign(6, static_cast(RD)); + r->Assign(7, static_cast(RA)); r->Assign(8, Z); r->Assign(9, qdcount); r->Assign(10, ancount); @@ -1871,7 +1871,7 @@ RecordValPtr DNS_MsgInfo::BuildAnswerVal() static auto dns_answer = id::find_type("dns_answer"); auto r = make_intrusive(dns_answer); - r->Assign(0, int(answer_type)); + r->Assign(0, answer_type); r->Assign(1, query_name); r->Assign(2, atype); r->Assign(3, aclass); @@ -1887,7 +1887,7 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_Val() static auto dns_edns_additional = id::find_type("dns_edns_additional"); auto r = make_intrusive(dns_edns_additional); - r->Assign(0, uint64_t(answer_type)); + r->Assign(0, answer_type); r->Assign(1, query_name); // type = 0x29 or 41 = EDNS @@ -1934,7 +1934,7 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_TCP_KA_Val(struct EDNS_TCP_KEEPALIVE* opt) static auto dns_edns_tcp_keepalive = id::find_type("dns_edns_tcp_keepalive"); auto r = make_intrusive(dns_edns_tcp_keepalive); - r->Assign(0, bool(opt->keepalive_timeout_omitted)); + r->Assign(0, opt->keepalive_timeout_omitted); r->Assign(1, opt->keepalive_timeout); return r; @@ -1959,9 +1959,9 @@ RecordValPtr DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig) auto r = make_intrusive(dns_tsig_additional); double rtime = tsig->time_s + tsig->time_ms / 1000.0; - // r->Assign(0, uint64_t(answer_type)); + // r->Assign(0, answer_type); r->Assign(0, query_name); - r->Assign(1, uint64_t(answer_type)); + r->Assign(1, answer_type); r->Assign(2, tsig->alg_name); r->Assign(3, tsig->sig); r->AssignTime(4, rtime); @@ -1979,7 +1979,7 @@ RecordValPtr DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig) auto r = make_intrusive(dns_rrsig_rr); r->Assign(0, query_name); - r->Assign(1, uint64_t(answer_type)); + r->Assign(1, answer_type); r->Assign(2, rrsig->type_covered); r->Assign(3, rrsig->algorithm); r->Assign(4, rrsig->labels); @@ -2000,7 +2000,7 @@ RecordValPtr DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey) auto r = make_intrusive(dns_dnskey_rr); r->Assign(0, query_name); - r->Assign(1, uint64_t(answer_type)); + r->Assign(1, answer_type); r->Assign(2, dnskey->dflags); r->Assign(3, dnskey->dprotocol); r->Assign(4, dnskey->dalgorithm); @@ -2016,7 +2016,7 @@ RecordValPtr DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3) auto r = make_intrusive(dns_nsec3_rr); r->Assign(0, query_name); - r->Assign(1, uint64_t(answer_type)); + r->Assign(1, answer_type); r->Assign(2, nsec3->nsec_flags); r->Assign(3, nsec3->nsec_hash_algo); r->Assign(4, nsec3->nsec_iter); @@ -2036,7 +2036,7 @@ RecordValPtr DNS_MsgInfo::BuildNSEC3PARAM_Val(NSEC3PARAM_DATA* nsec3param) auto r = make_intrusive(dns_nsec3param_rr); r->Assign(0, query_name); - r->Assign(1, uint64_t(answer_type)); + r->Assign(1, answer_type); r->Assign(2, nsec3param->nsec_flags); r->Assign(3, nsec3param->nsec_hash_algo); r->Assign(4, nsec3param->nsec_iter); @@ -2053,7 +2053,7 @@ RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds) auto r = make_intrusive(dns_ds_rr); r->Assign(0, query_name); - r->Assign(1, uint64_t(answer_type)); + r->Assign(1, answer_type); r->Assign(2, ds->key_tag); r->Assign(3, ds->algorithm); r->Assign(4, ds->digest_type); @@ -2069,7 +2069,7 @@ RecordValPtr DNS_MsgInfo::BuildBINDS_Val(BINDS_DATA* binds) auto r = make_intrusive(dns_binds_rr); r->Assign(0, query_name); - r->Assign(1, uint64_t(answer_type)); + r->Assign(1, answer_type); r->Assign(2, binds->algorithm); r->Assign(3, binds->key_id); r->Assign(4, binds->removal_flag); @@ -2085,14 +2085,14 @@ RecordValPtr DNS_MsgInfo::BuildLOC_Val(LOC_DATA* loc) auto r = make_intrusive(dns_loc_rr); r->Assign(0, query_name); - r->Assign(1, uint64_t(answer_type)); + r->Assign(1, answer_type); r->Assign(2, loc->version); r->Assign(3, loc->size); r->Assign(4, loc->horiz_pre); r->Assign(5, loc->vert_pre); - r->Assign(6, uint64_t(loc->latitude)); - r->Assign(7, uint64_t(loc->longitude)); - r->Assign(8, uint64_t(loc->altitude)); + r->Assign(6, static_cast(loc->latitude)); + r->Assign(7, static_cast(loc->longitude)); + r->Assign(8, static_cast(loc->altitude)); r->Assign(9, is_query); return r; diff --git a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac index abb35d42f1..eac96ba3a2 100644 --- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac +++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac @@ -10,11 +10,11 @@ zeek::RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu) auto rv = zeek::make_intrusive(zeek::BifType::Record::gtpv1_hdr); rv->Assign(0, pdu->version()); - rv->Assign(1, bool(pdu->pt_flag())); - rv->Assign(2, bool(pdu->rsv())); - rv->Assign(3, bool(pdu->e_flag())); - rv->Assign(4, bool(pdu->s_flag())); - rv->Assign(5, bool(pdu->pn_flag())); + rv->Assign(1, pdu->pt_flag()); + rv->Assign(2, pdu->rsv()); + rv->Assign(3, pdu->e_flag()); + rv->Assign(4, pdu->s_flag()); + rv->Assign(5, pdu->pn_flag()); rv->Assign(6, pdu->msg_type()); rv->Assign(7, pdu->length()); rv->Assign(8, pdu->teid()); diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index a7544d4c91..62b2216179 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -627,11 +627,11 @@ RecordValPtr HTTP_Message::BuildMessageStat(bool interrupted, const char* msg) auto stat = make_intrusive(http_message_stat); int field = 0; stat->AssignTime(field++, start_time); - stat->Assign(field++, bool(interrupted)); + stat->Assign(field++, interrupted); stat->Assign(field++, msg); - stat->Assign(field++, uint64_t(body_length)); - stat->Assign(field++, uint64_t(content_gap_length)); - stat->Assign(field++, uint64_t(header_length)); + stat->Assign(field++, static_cast(body_length)); + stat->Assign(field++, static_cast(content_gap_length)); + stat->Assign(field++, static_cast(header_length)); return stat; } diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 9e9179eb27..4abcca8f62 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -224,11 +224,11 @@ RecordValPtr ICMP_Analyzer::BuildInfo(const struct icmp* icmpp, int len, { static auto icmp_info = id::find_type("icmp_info"); auto rval = make_intrusive(icmp_info); - rval->Assign(0, bool(icmpv6)); - rval->Assign(1, uint32_t(icmpp->icmp_type)); - rval->Assign(2, uint32_t(icmpp->icmp_code)); - rval->Assign(3, uint32_t(len)); - rval->Assign(4, uint32_t(ip_hdr->TTL())); + rval->Assign(0, static_cast(icmpv6)); + rval->Assign(1, icmpp->icmp_type); + rval->Assign(2, icmpp->icmp_code); + rval->Assign(3, len); + rval->Assign(4, ip_hdr->TTL()); return rval; } @@ -355,13 +355,13 @@ RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data) id_val->Assign(3, val_mgr->Port(dst_port, proto)); iprec->Assign(0, std::move(id_val)); - iprec->Assign(1, uint32_t(ip_len)); - iprec->Assign(2, uint32_t(proto)); - iprec->Assign(3, uint32_t(frag_offset)); - iprec->Assign(4, bool(bad_hdr_len)); - iprec->Assign(5, bool(bad_checksum)); - iprec->Assign(6, bool(MF)); - iprec->Assign(7, bool(DF)); + iprec->Assign(1, ip_len); + iprec->Assign(2, proto); + iprec->Assign(3, frag_offset); + iprec->Assign(4, static_cast(bad_hdr_len)); + iprec->Assign(5, static_cast(bad_checksum)); + iprec->Assign(6, static_cast(MF)); + iprec->Assign(7, static_cast(DF)); return iprec; } @@ -415,14 +415,14 @@ RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data) id_val->Assign(3, val_mgr->Port(dst_port, proto)); iprec->Assign(0, std::move(id_val)); - iprec->Assign(1, uint32_t(ip_len)); - iprec->Assign(2, uint32_t(proto)); - iprec->Assign(3, uint32_t(frag_offset)); - iprec->Assign(4, bool(bad_hdr_len)); + iprec->Assign(1, ip_len); + iprec->Assign(2, proto); + iprec->Assign(3, frag_offset); + iprec->Assign(4, static_cast(bad_hdr_len)); // bad_checksum is always false since IPv6 layer doesn't have a checksum. iprec->Assign(5, false); - iprec->Assign(6, bool(MF)); - iprec->Assign(7, bool(DF)); + iprec->Assign(6, static_cast(MF)); + iprec->Assign(7, static_cast(DF)); return iprec; } @@ -473,13 +473,13 @@ void ICMP_Analyzer::UpdateEndpointVal(const ValPtr& endp_arg, bool is_orig) if ( size < 0 ) { endp->Assign(0, 0); - endp->Assign(1, int(ICMP_INACTIVE)); + endp->Assign(1, ICMP_INACTIVE); } else { endp->Assign(0, size); - endp->Assign(1, int(ICMP_ACTIVE)); + endp->Assign(1, ICMP_ACTIVE); } } @@ -816,7 +816,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data) // MTU option { if ( caplen >= 6 ) - rv->Assign(5, uint32_t(ntohl(*((const uint32_t*)(data + 2))))); + rv->Assign(5, ntohl(*((const uint32_t*)(data + 2)))); else set_payload_field = true; diff --git a/src/analyzer/protocol/krb/krb-analyzer.pac b/src/analyzer/protocol/krb/krb-analyzer.pac index 708861d731..d5d0e0bd31 100644 --- a/src/analyzer/protocol/krb/krb-analyzer.pac +++ b/src/analyzer/protocol/krb/krb-analyzer.pac @@ -10,19 +10,19 @@ zeek::RecordValPtr proc_krb_kdc_options(const KRB_KDC_Options* opts) { auto rv = zeek::make_intrusive(zeek::BifType::Record::KRB::KDC_Options); - rv->Assign(0, bool(opts->forwardable())); - rv->Assign(1, bool(opts->forwarded())); - rv->Assign(2, bool(opts->proxiable())); - rv->Assign(3, bool(opts->proxy())); - rv->Assign(4, bool(opts->allow_postdate())); - rv->Assign(5, bool(opts->postdated())); - rv->Assign(6, bool(opts->renewable())); - rv->Assign(7, bool(opts->opt_hardware_auth())); - rv->Assign(8, bool(opts->disable_transited_check())); - rv->Assign(9, bool(opts->renewable_ok())); - rv->Assign(10, bool(opts->enc_tkt_in_skey())); - rv->Assign(11, bool(opts->renew())); - rv->Assign(12, bool(opts->validate())); + rv->Assign(0, opts->forwardable()); + rv->Assign(1, opts->forwarded()); + rv->Assign(2, opts->proxiable()); + rv->Assign(3, opts->proxy()); + rv->Assign(4, opts->allow_postdate()); + rv->Assign(5, opts->postdated()); + rv->Assign(6, opts->renewable()); + rv->Assign(7, opts->opt_hardware_auth()); + rv->Assign(8, opts->disable_transited_check()); + rv->Assign(9, opts->renewable_ok()); + rv->Assign(10, opts->enc_tkt_in_skey()); + rv->Assign(11, opts->renew()); + rv->Assign(12, opts->validate()); return rv; } @@ -259,8 +259,8 @@ refine connection KRB_Conn += { if ( krb_ap_request ) { auto rv = zeek::make_intrusive(zeek::BifType::Record::KRB::AP_Options); - rv->Assign(0, bool(${msg.ap_options.use_session_key})); - rv->Assign(1, bool(${msg.ap_options.mutual_required})); + rv->Assign(0, ${msg.ap_options.use_session_key}); + rv->Assign(1, ${msg.ap_options.mutual_required}); auto rvticket = proc_ticket(${msg.ticket}); auto authenticationinfo = zeek_analyzer()->GetAuthenticationInfo( diff --git a/src/analyzer/protocol/krb/krb-padata.pac b/src/analyzer/protocol/krb/krb-padata.pac index 33667cca41..4c69425f38 100644 --- a/src/analyzer/protocol/krb/krb-padata.pac +++ b/src/analyzer/protocol/krb/krb-padata.pac @@ -21,7 +21,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly for ( uint i = 0; i < data->data()->padata_elems()->size(); ++i) { KRB_PA_Data* element = (*data->data()->padata_elems())[i]; - int64 data_type = element->data_type(); + uint64_t data_type = element->data_type(); if ( is_error && ( data_type == PA_PW_AS_REQ || data_type == PA_PW_AS_REP ) ) data_type = 0; @@ -37,7 +37,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly case PA_PW_SALT: { auto type_val = zeek::make_intrusive(zeek::BifType::Record::KRB::Type_Value); - type_val->Assign(0, uint64_t(data_type)); + type_val->Assign(0, data_type); type_val->Assign(1, to_stringval(element->pa_data_element()->pa_pw_salt()->encoding()->content())); vv->Assign(vv->Size(), std::move(type_val)); break; @@ -45,7 +45,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly case PA_ENCTYPE_INFO: { auto type_val = zeek::make_intrusive(zeek::BifType::Record::KRB::Type_Value); - type_val->Assign(0, uint64_t(data_type)); + type_val->Assign(0, data_type); type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info()->salt())); vv->Assign(vv->Size(), std::move(type_val)); break; @@ -53,7 +53,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly case PA_ENCTYPE_INFO2: { auto type_val = zeek::make_intrusive(zeek::BifType::Record::KRB::Type_Value); - type_val->Assign(0, uint64_t(data_type)); + type_val->Assign(0, data_type); type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info2()->salt())); vv->Assign(vv->Size(), std::move(type_val)); break; @@ -113,7 +113,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly if ( ! is_error && element->pa_data_element()->unknown()->meta()->length() > 0 ) { auto type_val = zeek::make_intrusive(zeek::BifType::Record::KRB::Type_Value); - type_val->Assign(0, uint64_t(data_type)); + type_val->Assign(0, data_type); type_val->Assign(1, to_stringval(element->pa_data_element()->unknown()->content())); vv->Assign(vv->Size(), std::move(type_val)); } diff --git a/src/analyzer/protocol/mqtt/commands/connack.pac b/src/analyzer/protocol/mqtt/commands/connack.pac index bf810e6ab4..c776850c98 100644 --- a/src/analyzer/protocol/mqtt/commands/connack.pac +++ b/src/analyzer/protocol/mqtt/commands/connack.pac @@ -17,7 +17,7 @@ refine flow MQTT_Flow += { { auto m = zeek::make_intrusive(zeek::BifType::Record::MQTT::ConnectAckMsg); m->Assign(0, ${msg.return_code}); - m->Assign(1, bool(${msg.session_present})); + m->Assign(1, ${msg.session_present}); zeek::BifEvent::enqueue_mqtt_connack(connection()->zeek_analyzer(), connection()->zeek_analyzer()->Conn(), std::move(m)); diff --git a/src/analyzer/protocol/mqtt/commands/connect.pac b/src/analyzer/protocol/mqtt/commands/connect.pac index 22d78a713d..07da3ea01c 100644 --- a/src/analyzer/protocol/mqtt/commands/connect.pac +++ b/src/analyzer/protocol/mqtt/commands/connect.pac @@ -52,8 +52,8 @@ refine flow MQTT_Flow += { reinterpret_cast(${msg.client_id.str}.begin()))); m->AssignInterval(3, double(${msg.keep_alive})); - m->Assign(4, bool(${msg.clean_session})); - m->Assign(5, bool(${msg.will_retain})); + m->Assign(4, ${msg.clean_session}); + m->Assign(5, ${msg.will_retain}); m->Assign(6, ${msg.will_qos}); if ( ${msg.will_flag} ) diff --git a/src/analyzer/protocol/mqtt/commands/publish.pac b/src/analyzer/protocol/mqtt/commands/publish.pac index c2868b8fa4..708327acdb 100644 --- a/src/analyzer/protocol/mqtt/commands/publish.pac +++ b/src/analyzer/protocol/mqtt/commands/publish.pac @@ -24,9 +24,9 @@ refine flow MQTT_Flow += { if ( mqtt_publish ) { auto m = zeek::make_intrusive(zeek::BifType::Record::MQTT::PublishMsg); - m->Assign(0, bool(${msg.dup})); + m->Assign(0, ${msg.dup}); m->Assign(1, ${msg.qos}); - m->Assign(2, bool(${msg.retain})); + m->Assign(2, ${msg.retain}); m->Assign(3, ${msg.topic.str}.length(), reinterpret_cast(${msg.topic.str}.begin())); diff --git a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac index 4cb534da4b..d5d5a5ed9f 100644 --- a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac +++ b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac @@ -31,28 +31,28 @@ zeek::RecordValPtr build_negotiate_flag_record(NTLM_Negotiate_Flags* val) { auto flags = zeek::make_intrusive(zeek::BifType::Record::NTLM::NegotiateFlags); - flags->Assign(0, bool(${val.negotiate_56})); - flags->Assign(1, bool(${val.negotiate_key_exch})); - flags->Assign(2, bool(${val.negotiate_128})); - flags->Assign(3, bool(${val.negotiate_version})); - flags->Assign(4, bool(${val.negotiate_target_info})); - flags->Assign(5, bool(${val.request_non_nt_session_key})); - flags->Assign(6, bool(${val.negotiate_identify})); - flags->Assign(7, bool(${val.negotiate_extended_sessionsecurity})); - flags->Assign(8, bool(${val.target_type_server})); - flags->Assign(9, bool(${val.target_type_domain})); - flags->Assign(10, bool(${val.negotiate_always_sign})); - flags->Assign(11, bool(${val.negotiate_oem_workstation_supplied})); - flags->Assign(12, bool(${val.negotiate_oem_domain_supplied})); - flags->Assign(13, bool(${val.negotiate_anonymous_connection})); - flags->Assign(14, bool(${val.negotiate_ntlm})); - flags->Assign(15, bool(${val.negotiate_lm_key})); - flags->Assign(16, bool(${val.negotiate_datagram})); - flags->Assign(17, bool(${val.negotiate_seal})); - flags->Assign(18, bool(${val.negotiate_sign})); - flags->Assign(19, bool(${val.request_target})); - flags->Assign(20, bool(${val.negotiate_oem})); - flags->Assign(21, bool(${val.negotiate_unicode})); + flags->Assign(0, ${val.negotiate_56}); + flags->Assign(1, ${val.negotiate_key_exch}); + flags->Assign(2, ${val.negotiate_128}); + flags->Assign(3, ${val.negotiate_version}); + flags->Assign(4, ${val.negotiate_target_info}); + flags->Assign(5, ${val.request_non_nt_session_key}); + flags->Assign(6, ${val.negotiate_identify}); + flags->Assign(7, ${val.negotiate_extended_sessionsecurity}); + flags->Assign(8, ${val.target_type_server}); + flags->Assign(9, ${val.target_type_domain}); + flags->Assign(10, ${val.negotiate_always_sign}); + flags->Assign(11, ${val.negotiate_oem_workstation_supplied}); + flags->Assign(12, ${val.negotiate_oem_domain_supplied}); + flags->Assign(13, ${val.negotiate_anonymous_connection}); + flags->Assign(14, ${val.negotiate_ntlm}); + flags->Assign(15, ${val.negotiate_lm_key}); + flags->Assign(16, ${val.negotiate_datagram}); + flags->Assign(17, ${val.negotiate_seal}); + flags->Assign(18, ${val.negotiate_sign}); + flags->Assign(19, ${val.request_target}); + flags->Assign(20, ${val.negotiate_oem}); + flags->Assign(21, ${val.negotiate_unicode}); return flags; } @@ -96,7 +96,7 @@ refine connection NTLM_Conn += { result->Assign(4, utf16_to_utf8_val(zeek_analyzer()->Conn(), ${val.pairs[i].dns_tree_name.data})); break; case 6: - result->Assign(5, bool(${val.pairs[i].constrained_auth})); + result->Assign(5, ${val.pairs[i].constrained_auth}); break; case 7: result->Assign(6, filetime2zeektime(${val.pairs[i].timestamp})); diff --git a/src/analyzer/protocol/ntp/ntp-analyzer.pac b/src/analyzer/protocol/ntp/ntp-analyzer.pac index c00c23b3d1..705be24083 100644 --- a/src/analyzer/protocol/ntp/ntp-analyzer.pac +++ b/src/analyzer/protocol/ntp/ntp-analyzer.pac @@ -78,7 +78,7 @@ if ( ${nsm.has_exts} ) { // TODO: add extension fields - rv->Assign(14, (uint32) ${nsm.exts}->size()); + rv->Assign(14, static_cast(${nsm.exts}->size())); } return rv; @@ -90,9 +90,9 @@ auto rv = zeek::make_intrusive(zeek::BifType::Record::NTP::ControlMessage); rv->Assign(0, ${ncm.OpCode}); - rv->Assign(1, bool(${ncm.R})); - rv->Assign(2, bool(${ncm.E})); - rv->Assign(3, bool(${ncm.M})); + rv->Assign(1, ${ncm.R}); + rv->Assign(2, ${ncm.E}); + rv->Assign(3, ${ncm.M}); rv->Assign(4, ${ncm.sequence}); rv->Assign(5, ${ncm.status}); rv->Assign(6, ${ncm.association_id}); @@ -115,7 +115,7 @@ auto rv = zeek::make_intrusive(zeek::BifType::Record::NTP::Mode7Message); rv->Assign(0, ${m7.request_code}); - rv->Assign(1, bool(${m7.auth_bit})); + rv->Assign(1, ${m7.auth_bit}); rv->Assign(2, ${m7.sequence}); rv->Assign(3, ${m7.implementation}); rv->Assign(4, ${m7.error_code}); diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac index c3820813c8..c540d44d0c 100644 --- a/src/analyzer/protocol/rdp/rdp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -66,15 +66,15 @@ refine flow RDP_Flow += { if ( rdp_client_core_data ) { auto ec_flags = zeek::make_intrusive(zeek::BifType::Record::RDP::EarlyCapabilityFlags); - ec_flags->Assign(0, bool(${ccore.SUPPORT_ERRINFO_PDU})); - ec_flags->Assign(1, bool(${ccore.WANT_32BPP_SESSION})); - ec_flags->Assign(2, bool(${ccore.SUPPORT_STATUSINFO_PDU})); - ec_flags->Assign(3, bool(${ccore.STRONG_ASYMMETRIC_KEYS})); - ec_flags->Assign(4, bool(${ccore.SUPPORT_MONITOR_LAYOUT_PDU})); - ec_flags->Assign(5, bool(${ccore.SUPPORT_NETCHAR_AUTODETECT})); - ec_flags->Assign(6, bool(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL})); - ec_flags->Assign(7, bool(${ccore.SUPPORT_DYNAMIC_TIME_ZONE})); - ec_flags->Assign(8, bool(${ccore.SUPPORT_HEARTBEAT_PDU})); + ec_flags->Assign(0, ${ccore.SUPPORT_ERRINFO_PDU}); + ec_flags->Assign(1, ${ccore.WANT_32BPP_SESSION}); + ec_flags->Assign(2, ${ccore.SUPPORT_STATUSINFO_PDU}); + ec_flags->Assign(3, ${ccore.STRONG_ASYMMETRIC_KEYS}); + ec_flags->Assign(4, ${ccore.SUPPORT_MONITOR_LAYOUT_PDU}); + ec_flags->Assign(5, ${ccore.SUPPORT_NETCHAR_AUTODETECT}); + ec_flags->Assign(6, ${ccore.SUPPORT_DYNVC_GFX_PROTOCOL}); + ec_flags->Assign(7, ${ccore.SUPPORT_DYNAMIC_TIME_ZONE}); + ec_flags->Assign(8, ${ccore.SUPPORT_HEARTBEAT_PDU}); auto ccd = zeek::make_intrusive(zeek::BifType::Record::RDP::ClientCoreData); ccd->Assign(0, ${ccore.version_major}); @@ -137,17 +137,17 @@ refine flow RDP_Flow += { channel_def->Assign(0, to_stringval(${cnetwork.channel_def_array[i].name})); channel_def->Assign(1, ${cnetwork.channel_def_array[i].options}); - channel_def->Assign(2, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED})); - channel_def->Assign(3, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP})); - channel_def->Assign(4, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_SC})); - channel_def->Assign(5, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_CS})); - channel_def->Assign(6, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_HIGH})); - channel_def->Assign(7, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_MED})); - channel_def->Assign(8, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_LOW})); - channel_def->Assign(9, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS_RDP})); - channel_def->Assign(10, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS})); - channel_def->Assign(11, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_SHOW_PROTOCOL})); - channel_def->Assign(12, bool(${cnetwork.channel_def_array[i].REMOTE_CONTROL_PERSISTENT})); + channel_def->Assign(2, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED}); + channel_def->Assign(3, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP}); + channel_def->Assign(4, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_SC}); + channel_def->Assign(5, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_CS}); + channel_def->Assign(6, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_HIGH}); + channel_def->Assign(7, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_MED}); + channel_def->Assign(8, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_LOW}); + channel_def->Assign(9, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS_RDP}); + channel_def->Assign(10, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS}); + channel_def->Assign(11, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_SHOW_PROTOCOL}); + channel_def->Assign(12, ${cnetwork.channel_def_array[i].REMOTE_CONTROL_PERSISTENT}); channels->Assign(channels->Size(), std::move(channel_def)); } @@ -168,10 +168,10 @@ refine flow RDP_Flow += { auto ccld = zeek::make_intrusive(zeek::BifType::Record::RDP::ClientClusterData); ccld->Assign(0, ${ccluster.flags}); ccld->Assign(1, ${ccluster.redir_session_id}); - ccld->Assign(2, bool(${ccluster.REDIRECTION_SUPPORTED})); + ccld->Assign(2, ${ccluster.REDIRECTION_SUPPORTED}); ccld->Assign(3, ${ccluster.SERVER_SESSION_REDIRECTION_VERSION_MASK}); - ccld->Assign(4, bool(${ccluster.REDIRECTED_SESSIONID_FIELD_VALID})); - ccld->Assign(5, bool(${ccluster.REDIRECTED_SMARTCARD})); + ccld->Assign(4, ${ccluster.REDIRECTED_SESSIONID_FIELD_VALID}); + ccld->Assign(5, ${ccluster.REDIRECTED_SMARTCARD}); zeek::BifEvent::enqueue_rdp_client_cluster_data(connection()->zeek_analyzer(), connection()->zeek_analyzer()->Conn(), diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 4b47f894e5..3d0821e08d 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -217,7 +217,7 @@ ValPtr PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len) pr->Assign(1, extract_XDR_uint32(buf, len)); bool is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP; - pr->Assign(2, bool(is_tcp)); + pr->Assign(2, is_tcp); (void) extract_XDR_uint32(buf, len); // consume the bogus port if ( ! buf ) diff --git a/src/analyzer/protocol/smb/smb1-com-negotiate.pac b/src/analyzer/protocol/smb/smb1-com-negotiate.pac index ee5f70b06a..2a42dbf05c 100644 --- a/src/analyzer/protocol/smb/smb1-com-negotiate.pac +++ b/src/analyzer/protocol/smb/smb1-com-negotiate.pac @@ -51,12 +51,12 @@ refine connection SMB_Conn += { case 0x0d: { auto security = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseSecurity); - security->Assign(0, bool(${val.lanman.security_user_level})); - security->Assign(1, bool(${val.lanman.security_challenge_response})); + security->Assign(0, ${val.lanman.security_user_level}); + security->Assign(1, ${val.lanman.security_challenge_response}); auto raw = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateRawMode); - raw->Assign(0, bool(${val.lanman.raw_read_supported})); - raw->Assign(1, bool(${val.lanman.raw_write_supported})); + raw->Assign(0, ${val.lanman.raw_read_supported}); + raw->Assign(1, ${val.lanman.raw_write_supported}); auto lanman = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseLANMAN); lanman->Assign(0, ${val.word_count}); @@ -80,33 +80,33 @@ refine connection SMB_Conn += { case 0x11: { auto security = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseSecurity); - security->Assign(0, bool(${val.ntlm.security_user_level})); - security->Assign(1, bool(${val.ntlm.security_challenge_response})); - security->Assign(2, bool(${val.ntlm.security_signatures_enabled})); - security->Assign(3, bool(${val.ntlm.security_signatures_required})); + security->Assign(0, ${val.ntlm.security_user_level}); + security->Assign(1, ${val.ntlm.security_challenge_response}); + security->Assign(2, ${val.ntlm.security_signatures_enabled}); + security->Assign(3, ${val.ntlm.security_signatures_required}); auto capabilities = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateCapabilities); - capabilities->Assign(0, bool(${val.ntlm.capabilities_raw_mode})); - capabilities->Assign(1, bool(${val.ntlm.capabilities_mpx_mode})); - capabilities->Assign(2, bool(${val.ntlm.capabilities_unicode})); - capabilities->Assign(3, bool(${val.ntlm.capabilities_large_files})); - capabilities->Assign(4, bool(${val.ntlm.capabilities_nt_smbs})); + capabilities->Assign(0, ${val.ntlm.capabilities_raw_mode}); + capabilities->Assign(1, ${val.ntlm.capabilities_mpx_mode}); + capabilities->Assign(2, ${val.ntlm.capabilities_unicode}); + capabilities->Assign(3, ${val.ntlm.capabilities_large_files}); + capabilities->Assign(4, ${val.ntlm.capabilities_nt_smbs}); - capabilities->Assign(5, bool(${val.ntlm.capabilities_rpc_remote_apis})); - capabilities->Assign(6, bool(${val.ntlm.capabilities_status32})); - capabilities->Assign(7, bool(${val.ntlm.capabilities_level_2_oplocks})); - capabilities->Assign(8, bool(${val.ntlm.capabilities_lock_and_read})); - capabilities->Assign(9, bool(${val.ntlm.capabilities_nt_find})); + capabilities->Assign(5, ${val.ntlm.capabilities_rpc_remote_apis}); + capabilities->Assign(6, ${val.ntlm.capabilities_status32}); + capabilities->Assign(7, ${val.ntlm.capabilities_level_2_oplocks}); + capabilities->Assign(8, ${val.ntlm.capabilities_lock_and_read}); + capabilities->Assign(9, ${val.ntlm.capabilities_nt_find}); - capabilities->Assign(10, bool(${val.ntlm.capabilities_dfs})); - capabilities->Assign(11, bool(${val.ntlm.capabilities_infolevel_passthru})); - capabilities->Assign(12, bool(${val.ntlm.capabilities_large_readx})); - capabilities->Assign(13, bool(${val.ntlm.capabilities_large_writex})); - capabilities->Assign(14, bool(${val.ntlm.capabilities_unix})); + capabilities->Assign(10, ${val.ntlm.capabilities_dfs}); + capabilities->Assign(11, ${val.ntlm.capabilities_infolevel_passthru}); + capabilities->Assign(12, ${val.ntlm.capabilities_large_readx}); + capabilities->Assign(13, ${val.ntlm.capabilities_large_writex}); + capabilities->Assign(14, ${val.ntlm.capabilities_unix}); - capabilities->Assign(15, bool(${val.ntlm.capabilities_bulk_transfer})); - capabilities->Assign(16, bool(${val.ntlm.capabilities_compressed_data})); - capabilities->Assign(17, bool(${val.ntlm.capabilities_extended_security})); + capabilities->Assign(15, ${val.ntlm.capabilities_bulk_transfer}); + capabilities->Assign(16, ${val.ntlm.capabilities_compressed_data}); + capabilities->Assign(17, ${val.ntlm.capabilities_extended_security}); auto ntlm = zeek::make_intrusive(zeek::BifType::Record::SMB1::NegotiateResponseNTLM); ntlm->Assign(0, ${val.word_count}); diff --git a/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac b/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac index d80ca86c24..8f23f64c25 100644 --- a/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac +++ b/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac @@ -32,12 +32,12 @@ refine connection SMB_Conn += { case 12: // NT LM 0.12 with extended security { auto capabilities = zeek::make_intrusive(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities); - capabilities->Assign(0, bool(${val.ntlm_extended_security.capabilities.unicode})); - capabilities->Assign(1, bool(${val.ntlm_extended_security.capabilities.large_files})); - capabilities->Assign(2, bool(${val.ntlm_extended_security.capabilities.nt_smbs})); - capabilities->Assign(3, bool(${val.ntlm_extended_security.capabilities.status32})); - capabilities->Assign(4, bool(${val.ntlm_extended_security.capabilities.level_2_oplocks})); - capabilities->Assign(5, bool(${val.ntlm_extended_security.capabilities.nt_find})); + capabilities->Assign(0, ${val.ntlm_extended_security.capabilities.unicode}); + capabilities->Assign(1, ${val.ntlm_extended_security.capabilities.large_files}); + capabilities->Assign(2, ${val.ntlm_extended_security.capabilities.nt_smbs}); + capabilities->Assign(3, ${val.ntlm_extended_security.capabilities.status32}); + capabilities->Assign(4, ${val.ntlm_extended_security.capabilities.level_2_oplocks}); + capabilities->Assign(5, ${val.ntlm_extended_security.capabilities.nt_find}); request->Assign(1, ${val.ntlm_extended_security.max_buffer_size}); request->Assign(2, ${val.ntlm_extended_security.max_mpx_count}); @@ -54,12 +54,12 @@ refine connection SMB_Conn += { case 13: // NT LM 0.12 without extended security { auto capabilities = zeek::make_intrusive(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities); - capabilities->Assign(0, bool(${val.ntlm_nonextended_security.capabilities.unicode})); - capabilities->Assign(1, bool(${val.ntlm_nonextended_security.capabilities.large_files})); - capabilities->Assign(2, bool(${val.ntlm_nonextended_security.capabilities.nt_smbs})); - capabilities->Assign(3, bool(${val.ntlm_nonextended_security.capabilities.status32})); - capabilities->Assign(4, bool(${val.ntlm_nonextended_security.capabilities.level_2_oplocks})); - capabilities->Assign(5, bool(${val.ntlm_nonextended_security.capabilities.nt_find})); + capabilities->Assign(0, ${val.ntlm_nonextended_security.capabilities.unicode}); + capabilities->Assign(1, ${val.ntlm_nonextended_security.capabilities.large_files}); + capabilities->Assign(2, ${val.ntlm_nonextended_security.capabilities.nt_smbs}); + capabilities->Assign(3, ${val.ntlm_nonextended_security.capabilities.status32}); + capabilities->Assign(4, ${val.ntlm_nonextended_security.capabilities.level_2_oplocks}); + capabilities->Assign(5, ${val.ntlm_nonextended_security.capabilities.nt_find}); request->Assign(1, ${val.ntlm_nonextended_security.max_buffer_size}); request->Assign(2, ${val.ntlm_nonextended_security.max_mpx_count}); @@ -96,13 +96,13 @@ refine connection SMB_Conn += { switch ( ${val.word_count} ) { case 3: // pre NT LM 0.12 - response->Assign(1, bool(${val.lanman.is_guest})); + response->Assign(1, ${val.lanman.is_guest}); response->Assign(2, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_os[0]})); response->Assign(3, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_lanman[0]})); response->Assign(4, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.primary_domain[0]})); break; case 4: // NT LM 0.12 - response->Assign(1, bool(${val.ntlm.is_guest})); + response->Assign(1, ${val.ntlm.is_guest}); response->Assign(2, smb_string2stringval(${val.ntlm.native_os})); response->Assign(3, smb_string2stringval(${val.ntlm.native_lanman})); //response->Assign(4, smb_string2stringval(${val.ntlm.primary_domain})); diff --git a/src/analyzer/protocol/smb/smb2-com-session-setup.pac b/src/analyzer/protocol/smb/smb2-com-session-setup.pac index 365d10bbdf..f7fbd976fa 100644 --- a/src/analyzer/protocol/smb/smb2-com-session-setup.pac +++ b/src/analyzer/protocol/smb/smb2-com-session-setup.pac @@ -21,9 +21,9 @@ refine connection SMB_Conn += { if ( smb2_session_setup_response ) { auto flags = zeek::make_intrusive(zeek::BifType::Record::SMB2::SessionSetupFlags); - flags->Assign(0, bool(${val.flag_guest})); - flags->Assign(1, bool(${val.flag_anonymous})); - flags->Assign(2, bool(${val.flag_encrypt})); + flags->Assign(0, ${val.flag_guest}); + flags->Assign(1, ${val.flag_anonymous}); + flags->Assign(2, ${val.flag_encrypt}); auto resp = zeek::make_intrusive(zeek::BifType::Record::SMB2::SessionSetupResponse); resp->Assign(0, std::move(flags)); diff --git a/src/analyzer/protocol/smb/smb2-com-set-info.pac b/src/analyzer/protocol/smb/smb2-com-set-info.pac index 9f109debe7..10f5868699 100644 --- a/src/analyzer/protocol/smb/smb2-com-set-info.pac +++ b/src/analyzer/protocol/smb/smb2-com-set-info.pac @@ -193,9 +193,9 @@ refine connection SMB_Conn += { if ( smb2_file_fscontrol ) { auto r = zeek::make_intrusive(zeek::BifType::Record::SMB2::Fscontrol); - r->Assign(0, int(${val.free_space_start_filtering})); - r->Assign(1, int(${val.free_space_start_threshold})); - r->Assign(2, int(${val.free_space_stop_filtering})); + r->Assign(0, static_cast(${val.free_space_start_filtering})); + r->Assign(1, static_cast(${val.free_space_start_threshold})); + r->Assign(2, static_cast(${val.free_space_stop_filtering})); r->Assign(3, ${val.default_quota_threshold}); r->Assign(4, ${val.default_quota_limit}); r->Assign(5, ${val.file_system_control_flags}); diff --git a/src/analyzer/protocol/smb/smb2-protocol.pac b/src/analyzer/protocol/smb/smb2-protocol.pac index 488ced44f0..3c354d3216 100644 --- a/src/analyzer/protocol/smb/smb2-protocol.pac +++ b/src/analyzer/protocol/smb/smb2-protocol.pac @@ -36,21 +36,21 @@ zeek::RecordValPtr BuildSMB2GUID(SMB2_guid* file_id) zeek::RecordValPtr smb2_file_attrs_to_zeek(SMB2_file_attributes* val) { auto r = zeek::make_intrusive(zeek::BifType::Record::SMB2::FileAttrs); - r->Assign(0, bool(${val.read_only})); - r->Assign(1, bool(${val.hidden})); - r->Assign(2, bool(${val.system})); - r->Assign(3, bool(${val.directory})); - r->Assign(4, bool(${val.archive})); - r->Assign(5, bool(${val.normal})); - r->Assign(6, bool(${val.temporary})); - r->Assign(7, bool(${val.sparse_file})); - r->Assign(8, bool(${val.reparse_point})); - r->Assign(9, bool(${val.compressed})); - r->Assign(10, bool(${val.offline})); - r->Assign(11, bool(${val.not_content_indexed})); - r->Assign(12, bool(${val.encrypted})); - r->Assign(13, bool(${val.integrity_stream})); - r->Assign(14, bool(${val.no_scrub_data})); + r->Assign(0, ${val.read_only}); + r->Assign(1, ${val.hidden}); + r->Assign(2, ${val.system}); + r->Assign(3, ${val.directory}); + r->Assign(4, ${val.archive}); + r->Assign(5, ${val.normal}); + r->Assign(6, ${val.temporary}); + r->Assign(7, ${val.sparse_file}); + r->Assign(8, ${val.reparse_point}); + r->Assign(9, ${val.compressed}); + r->Assign(10, ${val.offline}); + r->Assign(11, ${val.not_content_indexed}); + r->Assign(12, ${val.encrypted}); + r->Assign(13, ${val.integrity_stream}); + r->Assign(14, ${val.no_scrub_data}); return r; } diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac index 56a65cdc1c..f59a4de912 100644 --- a/src/analyzer/protocol/snmp/snmp-analyzer.pac +++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac @@ -93,7 +93,7 @@ zeek::ValPtr time_ticks_to_val(const TimeTicks* tt) zeek::RecordValPtr build_hdr(const Header* header) { auto rv = zeek::make_intrusive(zeek::BifType::Record::SNMP::Header); - rv->Assign(0, uint64_t(header->version())); + rv->Assign(0, static_cast(header->version())); switch ( header->version() ) { case SNMPV1_TAG: @@ -133,9 +133,9 @@ zeek::RecordValPtr build_hdrV3(const Header* header) v3->Assign(0, asn1_integer_to_val(global_data->id(), zeek::TYPE_COUNT)); v3->Assign(1, asn1_integer_to_val(global_data->max_size(), zeek::TYPE_COUNT)); v3->Assign(2, flags_byte); - v3->Assign(3, bool(flags_byte & 0x01)); - v3->Assign(4, bool(flags_byte & 0x02)); - v3->Assign(5, bool(flags_byte & 0x04)); + v3->Assign(3, static_cast(flags_byte & 0x01)); + v3->Assign(4, static_cast(flags_byte & 0x02)); + v3->Assign(5, static_cast(flags_byte & 0x04)); v3->Assign(6, asn1_integer_to_val(global_data->security_model(), zeek::TYPE_COUNT)); v3->Assign(7, asn1_octet_string_to_val(v3hdr->security_parameters())); diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index 6e917e0612..1f0683f44a 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -111,7 +111,7 @@ refine flow SSH_Flow += { } - result->Assign(6, bool(!${msg.is_orig})); + result->Assign(6, !${msg.is_orig}); zeek::BifEvent::enqueue_ssh_capabilities(connection()->zeek_analyzer(), connection()->zeek_analyzer()->Conn(), to_stringval(${msg.cookie}), diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 09708a21ad..26f4381e7d 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -109,14 +109,14 @@ static RecordVal* build_syn_packet_val(bool is_orig, const IP_Hdr* ip, static auto SYN_packet = id::find_type("SYN_packet"); auto* v = new RecordVal(SYN_packet); - v->Assign(0, bool(is_orig)); - v->Assign(1, bool(int(ip->DF()))); - v->Assign(2, uint32_t(ip->TTL())); - v->Assign(3, uint32_t((ip->TotalLen()))); - v->Assign(4, uint32_t(ntohs(tcp->th_win))); - v->Assign(5, int(winscale)); - v->Assign(6, uint32_t(MSS)); - v->Assign(7, bool(SACK)); + v->Assign(0, is_orig); + v->Assign(1, static_cast(ip->DF())); + v->Assign(2, ip->TTL()); + v->Assign(3, ip->TotalLen()); + v->Assign(4, ntohs(tcp->th_win)); + v->Assign(5, winscale); + v->Assign(6, MSS); + v->Assign(7, static_cast(SACK)); return v; } @@ -1286,9 +1286,9 @@ void TCP_Analyzer::UpdateConnVal(RecordVal *conn_val) auto resp_endp_val = conn_val->GetFieldAs("resp"); orig_endp_val->Assign(0, orig->Size()); - orig_endp_val->Assign(1, int(orig->state)); + orig_endp_val->Assign(1, orig->state); resp_endp_val->Assign(0, resp->Size()); - resp_endp_val->Assign(1, int(resp->state)); + resp_endp_val->Assign(1, resp->state); // Call children's UpdateConnVal Analyzer::UpdateConnVal(conn_val); @@ -1369,8 +1369,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) auto length = kind < 2 ? 1 : o[1]; auto option_record = make_intrusive(BifType::Record::TCP::Option); option_list->Assign(option_list->Size(), option_record); - option_record->Assign(0, uint32_t(kind)); - option_record->Assign(1, uint32_t(length)); + option_record->Assign(0, kind); + option_record->Assign(1, length); switch ( kind ) { case 2: @@ -1378,7 +1378,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) if ( length == 4 ) { auto mss = ntohs(*reinterpret_cast(o + 2)); - option_record->Assign(3, uint32_t(mss)); + option_record->Assign(3, mss); } else { @@ -1392,7 +1392,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) if ( length == 3 ) { auto scale = o[2]; - option_record->Assign(4, uint32_t(scale)); + option_record->Assign(4, scale); } else { @@ -1438,8 +1438,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) { auto send = ntohl(*reinterpret_cast(o + 2)); auto echo = ntohl(*reinterpret_cast(o + 6)); - option_record->Assign(6, uint32_t(send)); - option_record->Assign(7, uint32_t(echo)); + option_record->Assign(6, send); + option_record->Assign(7, echo); } else { diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 577dd95810..e29f14d251 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -236,13 +236,13 @@ void UDP_Analyzer::UpdateEndpointVal(RecordVal* endp, bool is_orig) if ( size < 0 ) { endp->Assign(0, 0); - endp->Assign(1, int(UDP_INACTIVE)); + endp->Assign(1, UDP_INACTIVE); } else { - endp->Assign(0, uint64_t(size)); - endp->Assign(1, int(UDP_ACTIVE)); + endp->Assign(0, static_cast(size)); + endp->Assign(1, UDP_ACTIVE); } } diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index dc987f8220..055cc0c434 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -124,7 +124,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, auto pX509Cert = make_intrusive(BifType::Record::X509::Certificate); BIO *bio = BIO_new(BIO_s_mem()); - pX509Cert->Assign(0, uint64_t(X509_get_version(ssl_cert) + 1)); + pX509Cert->Assign(0, static_cast(X509_get_version(ssl_cert) + 1)); i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert)); int len = BIO_read(bio, buf, sizeof(buf)); pX509Cert->Assign(1, make_intrusive(len, buf)); @@ -295,7 +295,7 @@ void X509::ParseBasicConstraints(X509_EXTENSION* ex) pBasicConstraint->Assign(0, constr->ca); if ( constr->pathlen ) - pBasicConstraint->Assign(1, int32_t(ASN1_INTEGER_get(constr->pathlen))); + pBasicConstraint->Assign(1, static_cast(ASN1_INTEGER_get(constr->pathlen))); event_mgr.Enqueue(x509_ext_basic_constraints, GetFile()->ToVal(), diff --git a/src/iosource/pcap/pcap.bif b/src/iosource/pcap/pcap.bif index 0f0e6e47f7..0e0db396c8 100644 --- a/src/iosource/pcap/pcap.bif +++ b/src/iosource/pcap/pcap.bif @@ -146,11 +146,11 @@ function findalldevs%(%): Pcap::Interfaces } } r->Assign(2, addrs->ToSetVal()); - r->Assign(3, bool(d->flags & PCAP_IF_LOOPBACK)); + r->Assign(3, static_cast(d->flags & PCAP_IF_LOOPBACK)); #ifdef PCAP_IF_UP // These didn't become available until libpcap 1.6.1 - r->Assign(4, bool(d->flags & PCAP_IF_UP)); - r->Assign(5, bool(d->flags & PCAP_IF_RUNNING)); + r->Assign(4, static_cast(d->flags & PCAP_IF_UP)); + r->Assign(5, static_cast(d->flags & PCAP_IF_RUNNING)); #endif pcap_interfaces->Assign(std::move(r), nullptr); diff --git a/src/stats.bif b/src/stats.bif index f2d9a2c4cc..5363ba3493 100644 --- a/src/stats.bif +++ b/src/stats.bif @@ -95,7 +95,7 @@ function get_conn_stats%(%): ConnStats sessions->GetStats(s); #define ADD_STAT(x) \ - r->Assign(n++, unsigned(sessions ? x : 0)); + r->Assign(n++, static_cast(sessions ? x : 0)); ADD_STAT(s.num_packets); ADD_STAT(s.num_fragments); @@ -160,14 +160,14 @@ function get_proc_stats%(%): ProcStats uint64_t total_mem; zeek::util::get_memory_usage(&total_mem, NULL); - r->Assign(n++, unsigned(total_mem)); + r->Assign(n++, static_cast(total_mem)); - r->Assign(n++, unsigned(ru.ru_minflt)); - r->Assign(n++, unsigned(ru.ru_majflt)); - r->Assign(n++, unsigned(ru.ru_nswap)); - r->Assign(n++, unsigned(ru.ru_inblock)); - r->Assign(n++, unsigned(ru.ru_oublock)); - r->Assign(n++, unsigned(ru.ru_nivcsw)); + r->Assign(n++, static_cast(ru.ru_minflt)); + r->Assign(n++, static_cast(ru.ru_majflt)); + r->Assign(n++, static_cast(ru.ru_nswap)); + r->Assign(n++, static_cast(ru.ru_inblock)); + r->Assign(n++, static_cast(ru.ru_oublock)); + r->Assign(n++, static_cast(ru.ru_nivcsw)); return r; %} @@ -252,12 +252,12 @@ function get_dns_stats%(%): DNSStats zeek::detail::DNS_Mgr::Stats dstats; zeek::detail::dns_mgr->GetStats(&dstats); - r->Assign(n++, unsigned(dstats.requests)); - r->Assign(n++, unsigned(dstats.successful)); - r->Assign(n++, unsigned(dstats.failed)); - r->Assign(n++, unsigned(dstats.pending)); - r->Assign(n++, unsigned(dstats.cached_hosts)); - r->Assign(n++, unsigned(dstats.cached_addresses)); + r->Assign(n++, static_cast(dstats.requests)); + r->Assign(n++, static_cast(dstats.successful)); + r->Assign(n++, static_cast(dstats.failed)); + r->Assign(n++, static_cast(dstats.pending)); + r->Assign(n++, static_cast(dstats.cached_hosts)); + r->Assign(n++, static_cast(dstats.cached_addresses)); return r; %} @@ -283,8 +283,8 @@ function get_timer_stats%(%): TimerStats auto r = zeek::make_intrusive(TimerStats); int n = 0; - r->Assign(n++, unsigned(zeek::detail::timer_mgr->Size())); - r->Assign(n++, unsigned(zeek::detail::timer_mgr->PeakSize())); + r->Assign(n++, static_cast(zeek::detail::timer_mgr->Size())); + r->Assign(n++, static_cast(zeek::detail::timer_mgr->PeakSize())); r->Assign(n++, zeek::detail::timer_mgr->CumulativeNum()); return r; diff --git a/src/zeek.bif b/src/zeek.bif index a0e63d6ecd..132f3e39b1 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -1926,7 +1926,7 @@ function packet_source%(%): PacketSource if ( ps ) { - r->Assign(0, bool(ps->IsLive())); + r->Assign(0, ps->IsLive()); r->Assign(1, ps->Path()); r->Assign(2, ps->LinkType()); r->Assign(3, ps->Netmask()); @@ -1980,12 +1980,12 @@ function global_ids%(%): id_table static auto script_id = zeek::id::find_type("script_id"); auto rec = zeek::make_intrusive(script_id); rec->Assign(0, type_name(id->GetType()->Tag())); - rec->Assign(1, bool(id->IsExport())); - rec->Assign(2, bool(id->IsConst())); - rec->Assign(3, bool(id->IsEnumConst())); - rec->Assign(4, bool(id->IsOption())); - rec->Assign(5, bool(id->IsRedefinable())); - rec->Assign(6, bool(id->GetAttr(zeek::detail::ATTR_BACKEND) != zeek::detail::Attr::nil)); + rec->Assign(1, id->IsExport()); + rec->Assign(2, id->IsConst()); + rec->Assign(3, id->IsEnumConst()); + rec->Assign(4, id->IsOption()); + rec->Assign(5, id->IsRedefinable()); + rec->Assign(6, id->GetAttr(zeek::detail::ATTR_BACKEND) != zeek::detail::Attr::nil); if ( id->HasVal() ) rec->Assign(7, id->GetVal()); @@ -3503,8 +3503,8 @@ function get_current_packet%(%) : pcap_packet return pkt; } - pkt->Assign(0, uint32_t(p->ts.tv_sec)); - pkt->Assign(1, uint32_t(p->ts.tv_usec)); + pkt->Assign(0, static_cast(p->ts.tv_sec)); + pkt->Assign(1, static_cast(p->ts.tv_usec)); pkt->Assign(2, p->cap_len); pkt->Assign(3, p->len); pkt->Assign(4, zeek::make_intrusive(p->cap_len, (const char*)p->data)); From 46e303b000f1837ea852715ee2b3793db557fd15 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Mon, 22 Mar 2021 21:20:52 -0700 Subject: [PATCH 41/42] resolved some TODO comments --- src/Val.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/Val.h b/src/Val.h index dcb7b8d222..eac5cfee17 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1288,8 +1288,10 @@ public: return record_val->at(field).table_val->Get(); else { - // TODO: error here, although because of the - // type trait it really shouldn't ever get here. + // It's an error to reach here, although because of + // the type trait we really shouldn't ever wind up + // here. + reporter->InternalError("bad type in GetFieldAs"); } } @@ -1305,7 +1307,7 @@ public: else if constexpr ( std::is_floating_point_v ) return record_val->at(field).double_val; - // Could add other types here using type traits, + // Note: we could add other types here using type traits, // such as is_same_v, etc. return T{}; From d5b523cd2cc98921613cfd801b55f1e0bc06b679 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Mon, 22 Mar 2021 21:23:15 -0700 Subject: [PATCH 42/42] whitespace tweaks --- src/Expr.cc | 2 +- src/file_analysis/analyzer/extract/Extract.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Expr.cc b/src/Expr.cc index eecc2aa3a2..556981b368 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -732,7 +732,7 @@ ValPtr BinaryExpr::Eval(Frame* f) const auto vv_i = vv->ValAt(i); if ( vv_i ) v_result->Assign(i, is_vec1 ? Fold(vv_i.get(), v2.get()) - : Fold(v1.get(), vv_i.get())); + : Fold(v1.get(), vv_i.get())); else v_result->Assign(i, nullptr); } diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index 6520a6dc13..b058f7e8eb 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -35,7 +35,7 @@ Extract::~Extract() } static ValPtr get_extract_field_val(const RecordValPtr& args, - const char* name) + const char* name) { const auto& rval = args->GetField(name);