Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Minor review nits

Browse source
This commit is contained in:
Tim Wojtulewicz 2024-11-12 21:22:52 -07:00
parent 43e77a3338
commit fd67206865
7 changed files with 18 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/protocols/conn/main.zeek
View file

@ -160,7 +160,7 @@ export {
tunnel_parents: set[string] &log &optional; tunnel_parents: set[string] &log &optional;
## For IP-based connections, this contains the protocol ## For IP-based connections, this contains the protocol
## identifier passed in the IP header. This is different ## identifier passed in the IP header. This is different
## from the ``proto`` field in that this value comes ## from the *proto* field in that this value comes
## directly from the header. ## directly from the header.
ip_proto: count &log &optional; ip_proto: count &log &optional;
}; };
@ -287,6 +287,7 @@ function set_conn(c: connection, eoc: bool)
c$conn$history=c$history; c$conn$history=c$history;
} }
if ( c$id$proto != 65535 )
c$conn$ip_proto = c$id$proto; c$conn$ip_proto = c$id$proto;
} }

8
scripts/policy/protocols/conn/ip-proto-name-logging.zeek
View file

@ -157,15 +157,13 @@ global protocol_names: table[count] of string = {
[142] = "rohc", [142] = "rohc",
[143] = "ethernet", [143] = "ethernet",
[144] = "aggfrag", [144] = "aggfrag",
[145] = "nsh" [145] = "nsh",
[146] = "homa"
}; };
event new_connection(c: connection) &priority=5 { event new_connection(c: connection) &priority=5 {
# In case we're the first access # In case we're the first access
Conn::set_conn(c, F); Conn::set_conn(c, F);
if ( c$conn?$ip_proto && c$conn$ip_proto in protocol_names ) { if ( c$conn?$ip_proto && c$conn$ip_proto in protocol_names )
c$conn$ip_proto_name = protocol_names[c$conn$ip_proto]; c$conn$ip_proto_name = protocol_names[c$conn$ip_proto];
} else {
c$conn$ip_proto_name = "unknown";
}
} }

4
src/IPAddr.cc
View file

@ -60,7 +60,7 @@ ConnKey::ConnKey(Val* v) {
int orig_h, orig_p; // indices into record's value list int orig_h, orig_p; // indices into record's value list
int resp_h, resp_p; int resp_h, resp_p;
uint8_t proto; int proto;
if ( vr == id::conn_id ) { if ( vr == id::conn_id ) {
orig_h = 0; orig_h = 0;
@ -77,7 +77,7 @@ ConnKey::ConnKey(Val* v) {
resp_p = vr->FieldOffset("resp_p"); resp_p = vr->FieldOffset("resp_p");
proto = vr->FieldOffset("proto"); proto = vr->FieldOffset("proto");
if ( orig_h < 0 || resp_h < 0 || orig_p < 0 || resp_p < 0 ) { if ( orig_h < 0 || resp_h < 0 || orig_p < 0 || resp_p < 0 || proto < 0 ) {
valid = false; valid = false;
return; return;
} }

4
src/TunnelEncapsulation.cc
View file

@ -14,7 +14,7 @@ EncapsulatingConn::EncapsulatingConn(Connection* c, BifEnum::Tunnel::Type t)
src_port(c->OrigPort()), src_port(c->OrigPort()),
dst_port(c->RespPort()), dst_port(c->RespPort()),
proto(c->ConnTransport()), proto(c->ConnTransport()),
proto_id(c->KeyProto()), ip_proto(c->KeyProto()),
type(t), type(t),
uid(c->GetUID()) { uid(c->GetUID()) {
if ( ! uid ) { if ( ! uid ) {
@ -31,7 +31,7 @@ RecordValPtr EncapsulatingConn::ToVal() const {
id_val->Assign(1, val_mgr->Port(ntohs(src_port), proto)); id_val->Assign(1, val_mgr->Port(ntohs(src_port), proto));
id_val->Assign(2, make_intrusive<AddrVal>(dst_addr)); id_val->Assign(2, make_intrusive<AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(ntohs(dst_port), proto)); id_val->Assign(3, val_mgr->Port(ntohs(dst_port), proto));
id_val->Assign(4, proto_id); id_val->Assign(4, ip_proto);
rv->Assign(0, std::move(id_val)); rv->Assign(0, std::move(id_val));
rv->Assign(1, BifType::Enum::Tunnel::Type->GetEnumVal(type)); rv->Assign(1, BifType::Enum::Tunnel::Type->GetEnumVal(type));

14
src/TunnelEncapsulation.h
View file

@ -46,7 +46,7 @@ public:
src_port(0), src_port(0),
dst_port(0), dst_port(0),
proto(TRANSPORT_UNKNOWN), proto(TRANSPORT_UNKNOWN),
proto_id(UNKNOWN_IP_PROTO), ip_proto(UNKNOWN_IP_PROTO),
type(t), type(t),
uid(UID(detail::bits_per_uid)) {} uid(UID(detail::bits_per_uid)) {}
@ -71,7 +71,7 @@ public:
src_port(other.src_port), src_port(other.src_port),
dst_port(other.dst_port), dst_port(other.dst_port),
proto(other.proto), proto(other.proto),
proto_id(other.proto_id), ip_proto(other.ip_proto),
type(other.type), type(other.type),
uid(other.uid) {} uid(other.uid) {}
@ -87,7 +87,7 @@ public:
src_port = other.src_port; src_port = other.src_port;
dst_port = other.dst_port; dst_port = other.dst_port;
proto = other.proto; proto = other.proto;
proto_id = other.proto_id; ip_proto = other.ip_proto;
type = other.type; type = other.type;
uid = other.uid; uid = other.uid;
ip_hdr = other.ip_hdr; ip_hdr = other.ip_hdr;
@ -109,7 +109,7 @@ public:
if ( ec1.type == BifEnum::Tunnel::IP || ec1.type == BifEnum::Tunnel::GRE ) if ( ec1.type == BifEnum::Tunnel::IP || ec1.type == BifEnum::Tunnel::GRE )
// Reversing endpoints is still same tunnel. // Reversing endpoints is still same tunnel.
return ec1.uid == ec2.uid && ec1.proto == ec2.proto && ec1.proto_id == ec2.proto_id && return ec1.uid == ec2.uid && ec1.proto == ec2.proto && ec1.ip_proto == ec2.ip_proto &&
((ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr) || ((ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr) ||
(ec1.src_addr == ec2.dst_addr && ec1.dst_addr == ec2.src_addr)); (ec1.src_addr == ec2.dst_addr && ec1.dst_addr == ec2.src_addr));
@ -117,13 +117,13 @@ public:
// Reversing endpoints is still same tunnel, destination port is // Reversing endpoints is still same tunnel, destination port is
// always the same. // always the same.
return ec1.dst_port == ec2.dst_port && ec1.uid == ec2.uid && ec1.proto == ec2.proto && return ec1.dst_port == ec2.dst_port && ec1.uid == ec2.uid && ec1.proto == ec2.proto &&
ec1.proto_id == ec2.proto_id && ec1.ip_proto == ec2.ip_proto &&
((ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr) || ((ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr) ||
(ec1.src_addr == ec2.dst_addr && ec1.dst_addr == ec2.src_addr)); (ec1.src_addr == ec2.dst_addr && ec1.dst_addr == ec2.src_addr));
return ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr && ec1.src_port == ec2.src_port && return ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr && ec1.src_port == ec2.src_port &&
ec1.dst_port == ec2.dst_port && ec1.uid == ec2.uid && ec1.proto == ec2.proto && ec1.dst_port == ec2.dst_port && ec1.uid == ec2.uid && ec1.proto == ec2.proto &&
ec1.proto_id == ec2.proto_id; ec1.ip_proto == ec2.ip_proto;
} }
friend bool operator!=(const EncapsulatingConn& ec1, const EncapsulatingConn& ec2) { return ! (ec1 == ec2); } friend bool operator!=(const EncapsulatingConn& ec1, const EncapsulatingConn& ec2) { return ! (ec1 == ec2); }
@ -137,7 +137,7 @@ protected:
uint16_t src_port; uint16_t src_port;
uint16_t dst_port; uint16_t dst_port;
TransportProto proto; TransportProto proto;
uint16_t proto_id; uint16_t ip_proto;
BifEnum::Tunnel::Type type; BifEnum::Tunnel::Type type;
UID uid; UID uid;
}; };

1
src/zeek.bif
View file

@ -315,7 +315,6 @@ zeek::RecordValPtr zeek::detail::build_dummy_conn_record()
id_val->Assign(1, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP)); id_val->Assign(1, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP));
id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>((unsigned int) 0)); id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>((unsigned int) 0));
id_val->Assign(3, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP)); id_val->Assign(3, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP));
id_val->Assign(4, 255);
c->Assign(0, std::move(id_val)); c->Assign(0, std::move(id_val));
auto orig_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint); auto orig_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);