Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Reformat Zeek in Spicy style

Browse source 
This largely copies over Spicy's `.clang-format` configuration file. The
one place where we deviate is header include order since Zeek depends on
headers being included in a certain order.
This commit is contained in:
Benjamin Bannier 2023-10-10 21:13:34 +02:00
parent 7b8e7ed72c
commit f5a76c1aed
786 changed files with 131714 additions and 153609 deletions
Download patch file Download diff file Expand all files Collapse all files

270
src/iosource/Packet.cc
View file

@ -1,7 +1,6 @@
#include "zeek/iosource/Packet.h"
extern "C"
{
extern "C" {
#include <pcap.h>
#ifdef HAVE_NET_ETHERNET_H
#include <net/ethernet.h>
@ -13,7 +12,7 @@ extern "C"
#elif defined(HAVE_NET_ETHERTYPES_H)
#include <net/ethertypes.h>
#endif
}
}
#include "zeek/Desc.h"
#include "zeek/IP.h"
@ -22,177 +21,166 @@ extern "C"
#include "zeek/iosource/Manager.h"
#include "zeek/packet_analysis/Manager.h"
namespace zeek
{
namespace zeek {
void Packet::Init(int arg_link_type, pkt_timeval* arg_ts, uint32_t arg_caplen, uint32_t arg_len,
const u_char* arg_data, bool arg_copy, std::string arg_tag)
{
if ( data && copy )
delete[] data;
void Packet::Init(int arg_link_type, pkt_timeval* arg_ts, uint32_t arg_caplen, uint32_t arg_len, const u_char* arg_data,
bool arg_copy, std::string arg_tag) {
if ( data && copy )
delete[] data;
link_type = arg_link_type;
ts = *arg_ts;
cap_len = arg_caplen;
len = arg_len;
tag = std::move(arg_tag);
link_type = arg_link_type;
ts = *arg_ts;
cap_len = arg_caplen;
len = arg_len;
tag = std::move(arg_tag);
copy = arg_copy;
copy = arg_copy;
if ( arg_data && arg_copy )
{
data = new u_char[arg_caplen];
memcpy(const_cast<u_char*>(data), arg_data, arg_caplen);
}
else
data = arg_data;
if ( arg_data && arg_copy ) {
data = new u_char[arg_caplen];
memcpy(const_cast<u_char*>(data), arg_data, arg_caplen);
}
else
data = arg_data;
dump_packet = false;
dump_packet = false;
time = ts.tv_sec + double(ts.tv_usec) / 1e6;
eth_type = 0;
vlan = 0;
inner_vlan = 0;
time = ts.tv_sec + double(ts.tv_usec) / 1e6;
eth_type = 0;
vlan = 0;
inner_vlan = 0;
l2_src = nullptr;
l2_dst = nullptr;
l2_checksummed = false;
l2_src = nullptr;
l2_dst = nullptr;
l2_checksummed = false;
l3_proto = L3_UNKNOWN;
l3_checksummed = false;
l3_proto = L3_UNKNOWN;
l3_checksummed = false;
l4_checksummed = false;
l4_checksummed = false;
encap.reset();
ip_hdr.reset();
encap.reset();
ip_hdr.reset();
proto = -1;
tunnel_type = BifEnum::Tunnel::NONE;
gre_version = -1;
gre_link_type = DLT_RAW;
proto = -1;
tunnel_type = BifEnum::Tunnel::NONE;
gre_version = -1;
gre_link_type = DLT_RAW;
processed = false;
}
processed = false;
}
Packet::~Packet()
{
if ( copy )
delete[] data;
}
Packet::~Packet() {
if ( copy )
delete[] data;
}
RecordValPtr Packet::ToRawPktHdrVal() const
{
static auto raw_pkt_hdr_type = id::find_type<RecordType>("raw_pkt_hdr");
static auto l2_hdr_type = id::find_type<RecordType>("l2_hdr");
auto pkt_hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);
auto l2_hdr = make_intrusive<RecordVal>(l2_hdr_type);
RecordValPtr Packet::ToRawPktHdrVal() const {
static auto raw_pkt_hdr_type = id::find_type<RecordType>("raw_pkt_hdr");
static auto l2_hdr_type = id::find_type<RecordType>("l2_hdr");
auto pkt_hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);
auto l2_hdr = make_intrusive<RecordVal>(l2_hdr_type);
bool is_ethernet = link_type == DLT_EN10MB;
bool is_ethernet = link_type == DLT_EN10MB;
int l3 = BifEnum::L3_UNKNOWN;
int l3 = BifEnum::L3_UNKNOWN;
if ( l3_proto == L3_IPV4 )
l3 = BifEnum::L3_IPV4;
if ( l3_proto == L3_IPV4 )
l3 = BifEnum::L3_IPV4;
else if ( l3_proto == L3_IPV6 )
l3 = BifEnum::L3_IPV6;
else if ( l3_proto == L3_IPV6 )
l3 = BifEnum::L3_IPV6;
else if ( l3_proto == L3_ARP )
l3 = BifEnum::L3_ARP;
else if ( l3_proto == L3_ARP )
l3 = BifEnum::L3_ARP;
// TODO: Get rid of hardcoded l3 protocols.
// l2_hdr layout:
// encap: link_encap; ##< L2 link encapsulation
// len: count; ##< Total frame length on wire
// cap_len: count; ##< Captured length
// src: string &optional; ##< L2 source (if ethernet)
// dst: string &optional; ##< L2 destination (if ethernet)
// vlan: count &optional; ##< VLAN tag if any (and ethernet)
// inner_vlan: count &optional; ##< Inner VLAN tag if any (and ethernet)
// ethertype: count &optional; ##< If ethernet
// proto: layer3_proto; ##< L3 proto
// TODO: Get rid of hardcoded l3 protocols.
// l2_hdr layout:
// encap: link_encap; ##< L2 link encapsulation
// len: count; ##< Total frame length on wire
// cap_len: count; ##< Captured length
// src: string &optional; ##< L2 source (if ethernet)
// dst: string &optional; ##< L2 destination (if ethernet)
// vlan: count &optional; ##< VLAN tag if any (and ethernet)
// inner_vlan: count &optional; ##< Inner VLAN tag if any (and ethernet)
// ethertype: count &optional; ##< If ethernet
// proto: layer3_proto; ##< L3 proto
if ( is_ethernet )
{
// Ethernet header layout is:
// dst[6bytes] src[6bytes] ethertype[2bytes]...
l2_hdr->Assign(0, BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_ETHERNET));
if ( is_ethernet ) {
// Ethernet header layout is:
// dst[6bytes] src[6bytes] ethertype[2bytes]...
l2_hdr->Assign(0, BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_ETHERNET));
// FmtEUI48 needs at least 6 bytes to print out the mac address, plus 6 bytes for
// skipping over the destination address.
if ( cap_len >= 12 )
l2_hdr->Assign(3, FmtEUI48(data + 6)); // src
else
l2_hdr->Assign(3, "00:00:00:00:00:00");
// FmtEUI48 needs at least 6 bytes to print out the mac address, plus 6 bytes for
// skipping over the destination address.
if ( cap_len >= 12 )
l2_hdr->Assign(3, FmtEUI48(data + 6)); // src
else
l2_hdr->Assign(3, "00:00:00:00:00:00");
if ( cap_len >= 6 )
l2_hdr->Assign(4, FmtEUI48(data)); // dst
else
l2_hdr->Assign(4, "00:00:00:00:00:00");
if ( cap_len >= 6 )
l2_hdr->Assign(4, FmtEUI48(data)); // dst
else
l2_hdr->Assign(4, "00:00:00:00:00:00");
if ( vlan )
l2_hdr->Assign(5, vlan);
if ( vlan )
l2_hdr->Assign(5, vlan);
if ( inner_vlan )
l2_hdr->Assign(6, inner_vlan);
if ( inner_vlan )
l2_hdr->Assign(6, inner_vlan);
l2_hdr->Assign(7, eth_type);
l2_hdr->Assign(7, eth_type);
if ( eth_type == ETHERTYPE_ARP || eth_type == ETHERTYPE_REVARP )
// We also identify ARP for L3 over ethernet
l3 = BifEnum::L3_ARP;
}
else
l2_hdr->Assign(0, BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_UNKNOWN));
if ( eth_type == ETHERTYPE_ARP || eth_type == ETHERTYPE_REVARP )
// We also identify ARP for L3 over ethernet
l3 = BifEnum::L3_ARP;
}
else
l2_hdr->Assign(0, BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_UNKNOWN));
l2_hdr->Assign(1, len);
l2_hdr->Assign(2, cap_len);
l2_hdr->Assign(1, len);
l2_hdr->Assign(2, cap_len);
l2_hdr->Assign(8, BifType::Enum::layer3_proto->GetEnumVal(l3));
l2_hdr->Assign(8, BifType::Enum::layer3_proto->GetEnumVal(l3));
pkt_hdr->Assign(0, std::move(l2_hdr));
pkt_hdr->Assign(0, std::move(l2_hdr));
if ( ip_hdr && cap_len >= ip_hdr->TotalLen() && (l3_proto == L3_IPV4 || l3_proto == L3_IPV6) )
// Packet analysis will have stored the IP header in the packet, so we can use
// that to build the output.
return ip_hdr->ToPktHdrVal(std::move(pkt_hdr), 1);
else
return pkt_hdr;
}
if ( ip_hdr && cap_len >= ip_hdr->TotalLen() && (l3_proto == L3_IPV4 || l3_proto == L3_IPV6) )
// Packet analysis will have stored the IP header in the packet, so we can use
// that to build the output.
return ip_hdr->ToPktHdrVal(std::move(pkt_hdr), 1);
else
return pkt_hdr;
}
RecordValPtr Packet::ToVal(const Packet* p)
{
static auto pcap_packet = zeek::id::find_type<zeek::RecordType>("pcap_packet");
auto val = zeek::make_intrusive<zeek::RecordVal>(pcap_packet);
RecordValPtr Packet::ToVal(const Packet* p) {
static auto pcap_packet = zeek::id::find_type<zeek::RecordType>("pcap_packet");
auto val = zeek::make_intrusive<zeek::RecordVal>(pcap_packet);
if ( p )
{
val->Assign(0, static_cast<uint32_t>(p->ts.tv_sec));
val->Assign(1, static_cast<uint32_t>(p->ts.tv_usec));
val->Assign(2, p->cap_len);
val->Assign(3, p->len);
val->Assign(4, zeek::make_intrusive<zeek::StringVal>(p->cap_len, (const char*)p->data));
val->Assign(5, zeek::BifType::Enum::link_encap->GetEnumVal(p->link_type));
}
else
{
val->Assign(0, 0);
val->Assign(1, 0);
val->Assign(2, 0);
val->Assign(3, 0);
val->Assign(4, zeek::val_mgr->EmptyString());
val->Assign(5, zeek::BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_UNKNOWN));
}
if ( p ) {
val->Assign(0, static_cast<uint32_t>(p->ts.tv_sec));
val->Assign(1, static_cast<uint32_t>(p->ts.tv_usec));
val->Assign(2, p->cap_len);
val->Assign(3, p->len);
val->Assign(4, zeek::make_intrusive<zeek::StringVal>(p->cap_len, (const char*)p->data));
val->Assign(5, zeek::BifType::Enum::link_encap->GetEnumVal(p->link_type));
}
else {
val->Assign(0, 0);
val->Assign(1, 0);
val->Assign(2, 0);
val->Assign(3, 0);
val->Assign(4, zeek::val_mgr->EmptyString());
val->Assign(5, zeek::BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_UNKNOWN));
}
return val;
}
return val;
}
ValPtr Packet::FmtEUI48(const u_char* mac) const
{
char buf[20];
snprintf(buf, sizeof buf, "%02x:%02x:%02x:%02x:%02x:%02x", mac[0], mac[1], mac[2], mac[3],
mac[4], mac[5]);
return make_intrusive<StringVal>(buf);
}
ValPtr Packet::FmtEUI48(const u_char* mac) const {
char buf[20];
snprintf(buf, sizeof buf, "%02x:%02x:%02x:%02x:%02x:%02x", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
return make_intrusive<StringVal>(buf);
}
} // namespace zeek
} // namespace zeek