Reformat Zeek in Spicy style

This largely copies over Spicy's `.clang-format` configuration file. The one place where we deviate is header include order since Zeek depends on headers being included in a certain order.
2025-10-03 23:28:20 +00:00 · 2023-10-10 21:13:34 +02:00 · 2023-10-10 21:13:34 +02:00 · f5a76c1aed
commit f5a76c1aed
parent 7b8e7ed72c
786 changed files with 131714 additions and 153609 deletions
--- a/src/packet_analysis/Analyzer.cc
+++ b/src/packet_analysis/Analyzer.cc
@ -8,235 +8,194 @@
 #include "zeek/session/Manager.h"
 #include "zeek/util.h"

-namespace zeek::packet_analysis
-	{
+namespace zeek::packet_analysis {

 Analyzer::Analyzer(std::string name, bool report_unknown_protocols)
-	: report_unknown_protocols(report_unknown_protocols)
-	{
-	Tag t = packet_mgr->GetComponentTag(name);
+    : report_unknown_protocols(report_unknown_protocols) {
+    Tag t = packet_mgr->GetComponentTag(name);

-	if ( ! t )
-		reporter->InternalError("unknown packet_analysis name %s", name.c_str());
+    if ( ! t )
+        reporter->InternalError("unknown packet_analysis name %s", name.c_str());

-	Init(t);
-	}
+    Init(t);
+}

-Analyzer::Analyzer(const Tag& tag)
-	{
-	Init(tag);
-	}
+Analyzer::Analyzer(const Tag& tag) { Init(tag); }

-void Analyzer::Init(const Tag& _tag)
-	{
-	tag = _tag;
-	}
+void Analyzer::Init(const Tag& _tag) { tag = _tag; }

-void Analyzer::Initialize()
-	{
-	default_analyzer = LoadAnalyzer("default_analyzer");
-	}
+void Analyzer::Initialize() { default_analyzer = LoadAnalyzer("default_analyzer"); }

-zeek::packet_analysis::AnalyzerPtr Analyzer::LoadAnalyzer(const std::string& name)
-	{
-	auto& analyzer = zeek::id::find(GetModuleName() + name);
-	if ( ! analyzer )
-		return nullptr;
+zeek::packet_analysis::AnalyzerPtr Analyzer::LoadAnalyzer(const std::string& name) {
+    auto& analyzer = zeek::id::find(GetModuleName() + name);
+    if ( ! analyzer )
+        return nullptr;

-	auto& analyzer_val = analyzer->GetVal();
-	if ( ! analyzer_val )
-		return nullptr;
+    auto& analyzer_val = analyzer->GetVal();
+    if ( ! analyzer_val )
+        return nullptr;

-	return packet_mgr->GetAnalyzer(analyzer_val->AsEnumVal());
-	}
+    return packet_mgr->GetAnalyzer(analyzer_val->AsEnumVal());
+}

-const Tag Analyzer::GetAnalyzerTag() const
-	{
-	assert(tag);
-	return tag;
-	}
+const Tag Analyzer::GetAnalyzerTag() const {
+    assert(tag);
+    return tag;
+}

-const char* Analyzer::GetAnalyzerName() const
-	{
-	assert(tag);
-	return packet_mgr->GetComponentName(tag).c_str();
-	}
+const char* Analyzer::GetAnalyzerName() const {
+    assert(tag);
+    return packet_mgr->GetComponentName(tag).c_str();
+}

-bool Analyzer::IsAnalyzer(const char* name)
-	{
-	assert(tag);
-	return packet_mgr->GetComponentName(tag) == name;
-	}
+bool Analyzer::IsAnalyzer(const char* name) {
+    assert(tag);
+    return packet_mgr->GetComponentName(tag) == name;
+}

-AnalyzerPtr Analyzer::Lookup(uint32_t identifier) const
-	{
-	return dispatcher.Lookup(identifier);
-	}
+AnalyzerPtr Analyzer::Lookup(uint32_t identifier) const { return dispatcher.Lookup(identifier); }

-bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet,
-                             uint32_t identifier) const
-	{
-	auto inner_analyzer = Lookup(identifier);
-	if ( ! inner_analyzer )
-		{
-		for ( const auto& child : analyzers_to_detect )
-			{
-			if ( child->DetectProtocol(len, data, packet) )
-				{
-				DBG_LOG(DBG_PACKET_ANALYSIS,
-				        "Protocol detection in %s succeeded, next layer analyzer is %s",
-				        GetAnalyzerName(), child->GetAnalyzerName());
-				inner_analyzer = child;
-				break;
-				}
-			}
-		}
+bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet, uint32_t identifier) const {
+    auto inner_analyzer = Lookup(identifier);
+    if ( ! inner_analyzer ) {
+        for ( const auto& child : analyzers_to_detect ) {
+            if ( child->DetectProtocol(len, data, packet) ) {
+                DBG_LOG(DBG_PACKET_ANALYSIS, "Protocol detection in %s succeeded, next layer analyzer is %s",
+                        GetAnalyzerName(), child->GetAnalyzerName());
+                inner_analyzer = child;
+                break;
+            }
+        }
+    }

-	if ( ! inner_analyzer )
-		inner_analyzer = default_analyzer;
+    if ( ! inner_analyzer )
+        inner_analyzer = default_analyzer;

-	if ( ! inner_analyzer )
-		{
-		DBG_LOG(DBG_PACKET_ANALYSIS,
-		        "Analysis in %s failed, could not find analyzer for identifier %#x.",
-		        GetAnalyzerName(), identifier);
+    if ( ! inner_analyzer ) {
+        DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s failed, could not find analyzer for identifier %#x.",
+                GetAnalyzerName(), identifier);

-		if ( report_unknown_protocols )
-			packet_mgr->ReportUnknownProtocol(GetAnalyzerName(), identifier, data, len);
+        if ( report_unknown_protocols )
+            packet_mgr->ReportUnknownProtocol(GetAnalyzerName(), identifier, data, len);

-		return false;
-		}
+        return false;
+    }

-	if ( ! inner_analyzer->IsEnabled() )
-		{
-		DBG_LOG(DBG_PACKET_ANALYSIS,
-		        "Analysis in %s found disabled next layer analyzer %s for identifier %#x",
-		        GetAnalyzerName(), inner_analyzer->GetAnalyzerName(), identifier);
-		return false;
-		}
+    if ( ! inner_analyzer->IsEnabled() ) {
+        DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s found disabled next layer analyzer %s for identifier %#x",
+                GetAnalyzerName(), inner_analyzer->GetAnalyzerName(), identifier);
+        return false;
+    }

-	DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.",
-	        GetAnalyzerName(), identifier);
-	return inner_analyzer->AnalyzePacket(len, data, packet);
-	}
+    DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.", GetAnalyzerName(),
+            identifier);
+    return inner_analyzer->AnalyzePacket(len, data, packet);
+}

-bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet) const
-	{
-	AnalyzerPtr inner_analyzer = nullptr;
+bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet) const {
+    AnalyzerPtr inner_analyzer = nullptr;

-	for ( const auto& child : analyzers_to_detect )
-		{
-		if ( child->DetectProtocol(len, data, packet) )
-			{
-			DBG_LOG(DBG_PACKET_ANALYSIS,
-			        "Protocol detection in %s succeeded, next layer analyzer is %s",
-			        GetAnalyzerName(), child->GetAnalyzerName());
-			inner_analyzer = child;
-			break;
-			}
-		}
+    for ( const auto& child : analyzers_to_detect ) {
+        if ( child->DetectProtocol(len, data, packet) ) {
+            DBG_LOG(DBG_PACKET_ANALYSIS, "Protocol detection in %s succeeded, next layer analyzer is %s",
+                    GetAnalyzerName(), child->GetAnalyzerName());
+            inner_analyzer = child;
+            break;
+        }
+    }

-	if ( ! inner_analyzer )
-		inner_analyzer = default_analyzer;
+    if ( ! inner_analyzer )
+        inner_analyzer = default_analyzer;

-	if ( ! inner_analyzer )
-		{
-		DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s stopped, no default analyzer available.",
-		        GetAnalyzerName());
+    if ( ! inner_analyzer ) {
+        DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s stopped, no default analyzer available.", GetAnalyzerName());

-		if ( report_unknown_protocols )
-			Weird("no_suitable_analyzer_found", packet);
+        if ( report_unknown_protocols )
+            Weird("no_suitable_analyzer_found", packet);

-		return false;
-		}
+        return false;
+    }

-	return inner_analyzer->AnalyzePacket(len, data, packet);
-	}
+    return inner_analyzer->AnalyzePacket(len, data, packet);
+}

-void Analyzer::DumpDebug() const
-	{
+void Analyzer::DumpDebug() const {
 #ifdef DEBUG
-	DBG_LOG(DBG_PACKET_ANALYSIS, "Dispatcher for %s", this->GetAnalyzerName());
-	dispatcher.DumpDebug();
+    DBG_LOG(DBG_PACKET_ANALYSIS, "Dispatcher for %s", this->GetAnalyzerName());
+    dispatcher.DumpDebug();
 #endif
-	}
+}

-void Analyzer::RegisterProtocol(uint32_t identifier, AnalyzerPtr child)
-	{
-	if ( run_state::detail::zeek_init_done )
-		reporter->FatalError("Packet protocols cannot be registered after zeek_init has finished.");
+void Analyzer::RegisterProtocol(uint32_t identifier, AnalyzerPtr child) {
+    if ( run_state::detail::zeek_init_done )
+        reporter->FatalError("Packet protocols cannot be registered after zeek_init has finished.");

-	dispatcher.Register(identifier, std::move(child));
-	}
+    dispatcher.Register(identifier, std::move(child));
+}

-void Analyzer::Weird(const char* name, Packet* packet, const char* addl) const
-	{
-	session_mgr->Weird(name, packet, addl, GetAnalyzerName());
-	}
+void Analyzer::Weird(const char* name, Packet* packet, const char* addl) const {
+    session_mgr->Weird(name, packet, addl, GetAnalyzerName());
+}

-void Analyzer::EnqueueAnalyzerConfirmationInfo(session::Session* session, const zeek::Tag& arg_tag)
-	{
-	static auto info_type = zeek::id::find_type<RecordType>("AnalyzerConfirmationInfo");
-	static auto info_c_idx = info_type->FieldOffset("c");
+void Analyzer::EnqueueAnalyzerConfirmationInfo(session::Session* session, const zeek::Tag& arg_tag) {
+    static auto info_type = zeek::id::find_type<RecordType>("AnalyzerConfirmationInfo");
+    static auto info_c_idx = info_type->FieldOffset("c");

-	auto info = make_intrusive<RecordVal>(info_type);
-	info->Assign(info_c_idx, session->GetVal());
+    auto info = make_intrusive<RecordVal>(info_type);
+    info->Assign(info_c_idx, session->GetVal());

-	event_mgr.Enqueue(analyzer_confirmation_info, arg_tag.AsVal(), info);
-	}
+    event_mgr.Enqueue(analyzer_confirmation_info, arg_tag.AsVal(), info);
+}

-void Analyzer::AnalyzerConfirmation(session::Session* session, zeek::Tag arg_tag)
-	{
-	const auto& effective_tag = arg_tag ? arg_tag : GetAnalyzerTag();
+void Analyzer::AnalyzerConfirmation(session::Session* session, zeek::Tag arg_tag) {
+    const auto& effective_tag = arg_tag ? arg_tag : GetAnalyzerTag();

-	if ( ! session )
-		return;
+    if ( ! session )
+        return;

-	if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::CONFIRMED )
-		return;
+    if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::CONFIRMED )
+        return;

-	// If this session violated previously, we don't allow through a confirmation.
-	if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::VIOLATED )
-		return;
+    // If this session violated previously, we don't allow through a confirmation.
+    if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::VIOLATED )
+        return;

-	session->SetAnalyzerState(effective_tag, session::AnalyzerConfirmationState::CONFIRMED);
+    session->SetAnalyzerState(effective_tag, session::AnalyzerConfirmationState::CONFIRMED);

-	if ( analyzer_confirmation_info )
-		EnqueueAnalyzerConfirmationInfo(session, effective_tag);
-	}
+    if ( analyzer_confirmation_info )
+        EnqueueAnalyzerConfirmationInfo(session, effective_tag);
+}

-void Analyzer::EnqueueAnalyzerViolationInfo(session::Session* session, const char* reason,
-                                            const char* data, int len, const zeek::Tag& arg_tag)
-	{
-	static auto info_type = zeek::id::find_type<RecordType>("AnalyzerViolationInfo");
-	static auto info_reason_idx = info_type->FieldOffset("reason");
-	static auto info_c_idx = info_type->FieldOffset("c");
-	static auto info_data_idx = info_type->FieldOffset("data");
+void Analyzer::EnqueueAnalyzerViolationInfo(session::Session* session, const char* reason, const char* data, int len,
+                                            const zeek::Tag& arg_tag) {
+    static auto info_type = zeek::id::find_type<RecordType>("AnalyzerViolationInfo");
+    static auto info_reason_idx = info_type->FieldOffset("reason");
+    static auto info_c_idx = info_type->FieldOffset("c");
+    static auto info_data_idx = info_type->FieldOffset("data");

-	auto info = zeek::make_intrusive<RecordVal>(info_type);
-	info->Assign(info_reason_idx, make_intrusive<StringVal>(reason));
-	info->Assign(info_c_idx, session->GetVal());
-	if ( data && len )
-		info->Assign(info_data_idx, make_intrusive<StringVal>(len, data));
+    auto info = zeek::make_intrusive<RecordVal>(info_type);
+    info->Assign(info_reason_idx, make_intrusive<StringVal>(reason));
+    info->Assign(info_c_idx, session->GetVal());
+    if ( data && len )
+        info->Assign(info_data_idx, make_intrusive<StringVal>(len, data));

-	event_mgr.Enqueue(analyzer_violation_info, arg_tag.AsVal(), info);
-	}
+    event_mgr.Enqueue(analyzer_violation_info, arg_tag.AsVal(), info);
+}

-void Analyzer::AnalyzerViolation(const char* reason, session::Session* session, const char* data,
-                                 int len, zeek::Tag arg_tag)
-	{
-	const auto& effective_tag = arg_tag ? arg_tag : GetAnalyzerTag();
+void Analyzer::AnalyzerViolation(const char* reason, session::Session* session, const char* data, int len,
+                                 zeek::Tag arg_tag) {
+    const auto& effective_tag = arg_tag ? arg_tag : GetAnalyzerTag();

-	if ( ! session )
-		return;
+    if ( ! session )
+        return;

-	if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::VIOLATED )
-		return;
+    if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::VIOLATED )
+        return;

-	session->SetAnalyzerState(effective_tag, session::AnalyzerConfirmationState::VIOLATED);
+    session->SetAnalyzerState(effective_tag, session::AnalyzerConfirmationState::VIOLATED);

-	if ( analyzer_violation_info )
-		EnqueueAnalyzerViolationInfo(session, reason, data, len, effective_tag);
-	}
+    if ( analyzer_violation_info )
+        EnqueueAnalyzerViolationInfo(session, reason, data, len, effective_tag);
+}

-	} // namespace zeek::packet_analysis
+} // namespace zeek::packet_analysis