Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Reformat Zeek in Spicy style

Browse source 
This largely copies over Spicy's `.clang-format` configuration file. The
one place where we deviate is header include order since Zeek depends on
headers being included in a certain order.
This commit is contained in:
Benjamin Bannier 2023-10-10 21:13:34 +02:00
parent 7b8e7ed72c
commit f5a76c1aed
786 changed files with 131714 additions and 153609 deletions
Download patch file Download diff file Expand all files Collapse all files

194
src/iosource/BPF_Program.cc
View file

@ -14,149 +14,127 @@
#include "zeek/util.h"
#ifdef DONT_HAVE_LIBPCAP_PCAP_FREECODE
extern "C"
{
extern "C" {
#include <pcap-int.h>
int pcap_freecode(pcap_t* unused, struct bpf_program* program)
{
program->bf_len = 0;
int pcap_freecode(pcap_t* unused, struct bpf_program* program) {
program->bf_len = 0;
if ( program->bf_insns )
{
free((char*)program->bf_insns); // copied from libpcap
program->bf_insns = 0;
}
if ( program->bf_insns ) {
free((char*)program->bf_insns); // copied from libpcap
program->bf_insns = 0;
}
return 0;
}
return 0;
}
pcap_t* pcap_open_dead(int linktype, int snaplen)
{
pcap_t* p;
pcap_t* pcap_open_dead(int linktype, int snaplen) {
pcap_t* p;
p = (pcap_t*)malloc(sizeof(*p));
if ( ! p )
return 0;
p = (pcap_t*)malloc(sizeof(*p));
if ( ! p )
return 0;
memset(p, 0, sizeof(*p));
memset(p, 0, sizeof(*p));
p->fd = -1;
p->snapshot = snaplen;
p->linktype = linktype;
p->fd = -1;
p->snapshot = snaplen;
p->linktype = linktype;
return p;
}
return p;
}
int pcap_compile_nopcap(int snaplen_arg, int linktype_arg, struct bpf_program* program,
char* buf, int optimize, bpf_u_int32 mask)
{
pcap_t* p;
int ret;
int pcap_compile_nopcap(int snaplen_arg, int linktype_arg, struct bpf_program* program, char* buf, int optimize,
bpf_u_int32 mask) {
pcap_t* p;
int ret;
p = pcap_open_dead(linktype_arg, snaplen_arg);
if ( ! p )
return -1;
p = pcap_open_dead(linktype_arg, snaplen_arg);
if ( ! p )
return -1;
ret = pcap_compile(p, program, buf, optimize, mask);
pcap_close(p);
ret = pcap_compile(p, program, buf, optimize, mask);
pcap_close(p);
return ret;
}
}
return ret;
}
}
#endif
namespace zeek::iosource::detail
{
namespace zeek::iosource::detail {
// Simple heuristic to identify filters that always match, so that we can
// skip the filtering in that case. "ip or not ip" is Zeek's default filter.
static bool filter_matches_anything(const char* filter)
{
return (! filter) || strlen(filter) == 0 || strcmp(filter, "ip or not ip") == 0;
}
static bool filter_matches_anything(const char* filter) {
return (! filter) || strlen(filter) == 0 || strcmp(filter, "ip or not ip") == 0;
}
BPF_Program::BPF_Program() : m_program() { }
BPF_Program::BPF_Program() : m_program() {}
BPF_Program::~BPF_Program()
{
FreeCode();
}
BPF_Program::~BPF_Program() { FreeCode(); }
bool BPF_Program::Compile(pcap_t* pcap, const char* filter, uint32_t netmask, bool optimize)
{
if ( ! pcap )
return false;
bool BPF_Program::Compile(pcap_t* pcap, const char* filter, uint32_t netmask, bool optimize) {
if ( ! pcap )
return false;
FreeCode();
FreeCode();
if ( pcap_compile(pcap, &m_program, (char*)filter, optimize, netmask) < 0 )
{
state_message = std::string(pcap_geterr(pcap));
state = GetStateFromMessage(state_message);
return false;
}
if ( pcap_compile(pcap, &m_program, (char*)filter, optimize, netmask) < 0 ) {
state_message = std::string(pcap_geterr(pcap));
state = GetStateFromMessage(state_message);
return false;
}
m_compiled = true;
m_matches_anything = filter_matches_anything(filter);
m_compiled = true;
m_matches_anything = filter_matches_anything(filter);
return true;
}
return true;
}
bool BPF_Program::Compile(zeek_uint_t snaplen, int linktype, const char* filter, uint32_t netmask,
bool optimize)
{
FreeCode();
bool BPF_Program::Compile(zeek_uint_t snaplen, int linktype, const char* filter, uint32_t netmask, bool optimize) {
FreeCode();
if ( linktype == DLT_NFLOG )
{
// No-op, NFLOG does not support BPF filters.
// Raising a warning might be good, but it would also be noisy
// since the default scripts will always attempt to compile
// and install a default filter
m_compiled = true;
m_matches_anything = true;
return true;
}
if ( linktype == DLT_NFLOG ) {
// No-op, NFLOG does not support BPF filters.
// Raising a warning might be good, but it would also be noisy
// since the default scripts will always attempt to compile
// and install a default filter
m_compiled = true;
m_matches_anything = true;
return true;
}
pcap_t* pcap = pcap_open_dead(linktype, snaplen);
if ( ! pcap )
{
state = FilterState::FATAL;
state_message = "Failed to open pcap based on linktype/snaplen";
return false;
}
pcap_t* pcap = pcap_open_dead(linktype, snaplen);
if ( ! pcap ) {
state = FilterState::FATAL;
state_message = "Failed to open pcap based on linktype/snaplen";
return false;
}
bool status = Compile(pcap, filter, netmask, optimize);
pcap_close(pcap);
bool status = Compile(pcap, filter, netmask, optimize);
pcap_close(pcap);
return status;
}
return status;
}
bpf_program* BPF_Program::GetProgram()
{
return m_compiled ? &m_program : nullptr;
}
bpf_program* BPF_Program::GetProgram() { return m_compiled ? &m_program : nullptr; }
void BPF_Program::FreeCode()
{
if ( m_compiled )
{
void BPF_Program::FreeCode() {
if ( m_compiled ) {
#ifdef DONT_HAVE_LIBPCAP_PCAP_FREECODE
pcap_freecode(NULL, &m_program);
pcap_freecode(NULL, &m_program);
#else
pcap_freecode(&m_program);
pcap_freecode(&m_program);
#endif
m_compiled = false;
}
}
m_compiled = false;
}
}
FilterState BPF_Program::GetStateFromMessage(const std::string& err)
{
if ( err.find("filtering not implemented") != std::string::npos )
return FilterState::WARNING;
FilterState BPF_Program::GetStateFromMessage(const std::string& err) {
if ( err.find("filtering not implemented") != std::string::npos )
return FilterState::WARNING;
return FilterState::FATAL;
}
return FilterState::FATAL;
}
} // namespace zeek::iosource::detail
} // namespace zeek::iosource::detail