Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 04:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Base: Clean up explicit uses of namespaces in places where they're not necessary.

Browse source 
This commit covers all of the common and base classes.
This commit is contained in:
Tim Wojtulewicz 2020-08-21 09:29:37 -07:00
parent 9f802b2a4d
commit fe0c22c789
240 changed files with 6823 additions and 6787 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/iosource/Component.cc
View file

@ -8,11 +8,11 @@
namespace zeek::iosource {
Component::Component(const std::string& name)
: zeek::plugin::Component(zeek::plugin::component::IOSOURCE, name)
: plugin::Component(plugin::component::IOSOURCE, name)
{
}
Component::Component(zeek::plugin::component::Type type, const std::string& name)
Component::Component(plugin::component::Type type, const std::string& name)
: plugin::Component(type, name)
{
}
@ -22,9 +22,9 @@ Component::~Component()
}
PktSrcComponent::PktSrcComponent(const std::string& arg_name, const std::string& arg_prefix, InputType arg_type, factory_callback arg_factory)
: iosource::Component(zeek::plugin::component::PKTSRC, arg_name)
: Component(plugin::component::PKTSRC, arg_name)
{
zeek::util::tokenize_string(arg_prefix, ":", &prefixes);
util::tokenize_string(arg_prefix, ":", &prefixes);
type = arg_type;
factory = arg_factory;
}
@ -65,9 +65,9 @@ PktSrcComponent::factory_callback PktSrcComponent::Factory() const
return factory;
}
void PktSrcComponent::DoDescribe(zeek::ODesc* d) const
void PktSrcComponent::DoDescribe(ODesc* d) const
{
iosource::Component::DoDescribe(d);
Component::DoDescribe(d);
std::string prefs;
@ -102,15 +102,15 @@ void PktSrcComponent::DoDescribe(zeek::ODesc* d) const
break;
default:
zeek::reporter->InternalError("unknown PkrSrc type");
reporter->InternalError("unknown PkrSrc type");
}
}
PktDumperComponent::PktDumperComponent(const std::string& name, const std::string& arg_prefix, factory_callback arg_factory)
: zeek::plugin::Component(zeek::plugin::component::PKTDUMPER, name)
: plugin::Component(plugin::component::PKTDUMPER, name)
{
zeek::util::tokenize_string(arg_prefix, ":", &prefixes);
util::tokenize_string(arg_prefix, ":", &prefixes);
factory = arg_factory;
}
@ -140,9 +140,9 @@ bool PktDumperComponent::HandlesPrefix(const std::string& prefix) const
return false;
}
void PktDumperComponent::DoDescribe(zeek::ODesc* d) const
void PktDumperComponent::DoDescribe(ODesc* d) const
{
zeek::plugin::Component::DoDescribe(d);
plugin::Component::DoDescribe(d);
std::string prefs;

12
src/iosource/Component.h
View file

@ -16,7 +16,7 @@ namespace zeek::iosource {
/**
* Component description for plugins providing IOSources.
*/
class Component : public zeek::plugin::Component {
class Component : public plugin::Component {
public:
typedef IOSource* (*factory_callback)();
@ -43,13 +43,13 @@ protected:
* @param name A descriptive name for the component. This name must
* be unique across all components of this type.
*/
Component(zeek::plugin::component::Type type, const std::string& name);
Component(plugin::component::Type type, const std::string& name);
};
/**
* Component description for plugins providing a PktSrc for packet input.
*/
class PktSrcComponent : public zeek::iosource::Component {
class PktSrcComponent : public Component {
public:
/**
* Type of input a packet source supports.
@ -113,7 +113,7 @@ public:
* Generates a human-readable description of the component. This goes
* into the output of \c "bro -NN".
*/
void DoDescribe(zeek::ODesc* d) const override;
void DoDescribe(ODesc* d) const override;
private:
std::vector<std::string> prefixes;
@ -127,7 +127,7 @@ private:
* PktDumpers aren't IOSurces but we locate them here to keep them along with
* the PktSrc.
*/
class PktDumperComponent : public zeek::plugin::Component {
class PktDumperComponent : public plugin::Component {
public:
typedef PktDumper* (*factory_callback)(const std::string& path, bool append);
@ -160,7 +160,7 @@ public:
* Generates a human-readable description of the component. This goes
* into the output of \c "bro -NN".
*/
void DoDescribe(zeek::ODesc* d) const override;
void DoDescribe(ODesc* d) const override;
private:
std::vector<std::string> prefixes;

36
src/iosource/Manager.cc
View file

@ -25,7 +25,7 @@ namespace zeek::iosource {
Manager::WakeupHandler::WakeupHandler()
{
if ( ! iosource_mgr->RegisterFd(flare.FD(), this) )
zeek::reporter->FatalError("Failed to register WakeupHandler's fd with iosource_mgr");
reporter->FatalError("Failed to register WakeupHandler's fd with iosource_mgr");
}
Manager::WakeupHandler::~WakeupHandler()
@ -40,7 +40,7 @@ void Manager::WakeupHandler::Process()
void Manager::WakeupHandler::Ping(const std::string& where)
{
DBG_LOG(zeek::DBG_MAINLOOP, "Pinging WakeupHandler from %s", where.c_str());
DBG_LOG(DBG_MAINLOOP, "Pinging WakeupHandler from %s", where.c_str());
flare.Fire();
}
@ -48,7 +48,7 @@ Manager::Manager()
{
event_queue = kqueue();
if ( event_queue == -1 )
zeek::reporter->FatalError("Failed to initialize kqueue: %s", strerror(errno));
reporter->FatalError("Failed to initialize kqueue: %s", strerror(errno));
}
Manager::~Manager()
@ -115,7 +115,7 @@ void Manager::FindReadySources(std::vector<IOSource*>* ready)
// If there aren't any sources and exit_only_after_terminate is false, just
// return an empty set of sources. We want the main loop to end.
if ( Size() == 0 && ( ! zeek::BifConst::exit_only_after_terminate || zeek::run_state::terminating ) )
if ( Size() == 0 && ( ! BifConst::exit_only_after_terminate || run_state::terminating ) )
return;
double timeout = -1;
@ -166,7 +166,7 @@ void Manager::FindReadySources(std::vector<IOSource*>* ready)
}
else
{
if ( ! zeek::run_state::pseudo_realtime )
if ( ! run_state::pseudo_realtime )
// A pcap file is always ready to process unless it's suspended
ready->push_back(pkt_src);
}
@ -174,7 +174,7 @@ void Manager::FindReadySources(std::vector<IOSource*>* ready)
}
}
DBG_LOG(zeek::DBG_MAINLOOP, "timeout: %f ready size: %zu time_to_poll: %d\n",
DBG_LOG(DBG_MAINLOOP, "timeout: %f ready size: %zu time_to_poll: %d\n",
timeout, ready->size(), time_to_poll);
// If we didn't find any IOSources with zero timeouts or it's time to
@ -195,7 +195,7 @@ void Manager::Poll(std::vector<IOSource*>* ready, double timeout, IOSource* time
// Ignore interrupts since we may catch one during shutdown and we don't want the
// error to get printed.
if ( errno != EINTR )
zeek::reporter->InternalWarning("Error calling kevent: %s", strerror(errno));
reporter->InternalWarning("Error calling kevent: %s", strerror(errno));
}
else if ( ret == 0 )
{
@ -243,7 +243,7 @@ bool Manager::RegisterFd(int fd, IOSource* src)
if ( ret != -1 )
{
events.push_back({});
DBG_LOG(zeek::DBG_MAINLOOP, "Registered fd %d from %s", fd, src->Tag());
DBG_LOG(DBG_MAINLOOP, "Registered fd %d from %s", fd, src->Tag());
fd_map[fd] = src;
Wakeup("RegisterFd");
@ -251,7 +251,7 @@ bool Manager::RegisterFd(int fd, IOSource* src)
}
else
{
zeek::reporter->Error("Failed to register fd %d from %s: %s", fd, src->Tag(), strerror(errno));
reporter->Error("Failed to register fd %d from %s: %s", fd, src->Tag(), strerror(errno));
return false;
}
}
@ -264,7 +264,7 @@ bool Manager::UnregisterFd(int fd, IOSource* src)
EV_SET(&event, fd, EVFILT_READ, EV_DELETE, 0, 0, NULL);
int ret = kevent(event_queue, &event, 1, NULL, 0, NULL);
if ( ret != -1 )
DBG_LOG(zeek::DBG_MAINLOOP, "Unregistered fd %d from %s", fd, src->Tag());
DBG_LOG(DBG_MAINLOOP, "Unregistered fd %d from %s", fd, src->Tag());
fd_map.erase(fd);
@ -273,7 +273,7 @@ bool Manager::UnregisterFd(int fd, IOSource* src)
}
else
{
zeek::reporter->Error("Attempted to unregister an unknown file descriptor %d from %s", fd, src->Tag());
reporter->Error("Attempted to unregister an unknown file descriptor %d from %s", fd, src->Tag());
return false;
}
}
@ -315,7 +315,7 @@ void Manager::Register(PktSrc* src)
// little bit for those sources.
if ( src->IsLive() )
poll_interval = 10;
else if ( zeek::run_state::pseudo_realtime )
else if ( run_state::pseudo_realtime )
poll_interval = 1;
Register(src, false);
@ -350,7 +350,7 @@ PktSrc* Manager::OpenPktSrc(const std::string& path, bool is_live)
PktSrcComponent* component = nullptr;
std::list<PktSrcComponent*> all_components = zeek::plugin_mgr->Components<PktSrcComponent>();
std::list<PktSrcComponent*> all_components = plugin_mgr->Components<PktSrcComponent>();
for ( const auto& c : all_components )
{
if ( c->HandlesPrefix(prefix) &&
@ -364,14 +364,14 @@ PktSrc* Manager::OpenPktSrc(const std::string& path, bool is_live)
if ( ! component )
zeek::reporter->FatalError("type of packet source '%s' not recognized, or mode not supported", prefix.c_str());
reporter->FatalError("type of packet source '%s' not recognized, or mode not supported", prefix.c_str());
// Instantiate packet source.
PktSrc* ps = (*component->Factory())(npath, is_live);
assert(ps);
DBG_LOG(zeek::DBG_PKTIO, "Created packet source of type %s for %s", component->Name().c_str(), npath.c_str());
DBG_LOG(DBG_PKTIO, "Created packet source of type %s for %s", component->Name().c_str(), npath.c_str());
Register(ps);
return ps;
@ -388,7 +388,7 @@ PktDumper* Manager::OpenPktDumper(const std::string& path, bool append)
PktDumperComponent* component = nullptr;
std::list<PktDumperComponent*> all_components = zeek::plugin_mgr->Components<PktDumperComponent>();
std::list<PktDumperComponent*> all_components = plugin_mgr->Components<PktDumperComponent>();
for ( const auto& c : all_components )
{
if ( c->HandlesPrefix(prefix) )
@ -399,7 +399,7 @@ PktDumper* Manager::OpenPktDumper(const std::string& path, bool append)
}
if ( ! component )
zeek::reporter->FatalError("type of packet dumper '%s' not recognized", prefix.c_str());
reporter->FatalError("type of packet dumper '%s' not recognized", prefix.c_str());
// Instantiate packet dumper.
@ -410,7 +410,7 @@ PktDumper* Manager::OpenPktDumper(const std::string& path, bool append)
// Set an error message if it didn't open successfully.
pd->Error("could not open");
DBG_LOG(zeek::DBG_PKTIO, "Created packer dumper of type %s for %s", component->Name().c_str(), npath.c_str());
DBG_LOG(DBG_PKTIO, "Created packer dumper of type %s for %s", component->Name().c_str(), npath.c_str());
pd->Init();
pkt_dumpers.push_back(pd);

42
src/iosource/Packet.cc
View file

@ -68,9 +68,9 @@ void Packet::Init(int arg_link_type, pkt_timeval *arg_ts, uint32_t arg_caplen,
ProcessLayer2();
}
const zeek::IP_Hdr Packet::IP() const
const IP_Hdr Packet::IP() const
{
return zeek::IP_Hdr((struct ip *) (data + hdr_size), false);
return IP_Hdr((struct ip *) (data + hdr_size), false);
}
void Packet::Weird(const char* name)
@ -593,12 +593,12 @@ void Packet::ProcessLayer2()
hdr_size = (pdata - data);
}
zeek::RecordValPtr Packet::ToRawPktHdrVal() const
RecordValPtr Packet::ToRawPktHdrVal() const
{
static auto raw_pkt_hdr_type = zeek::id::find_type<zeek::RecordType>("raw_pkt_hdr");
static auto l2_hdr_type = zeek::id::find_type<zeek::RecordType>("l2_hdr");
auto pkt_hdr = zeek::make_intrusive<zeek::RecordVal>(raw_pkt_hdr_type);
auto l2_hdr = zeek::make_intrusive<zeek::RecordVal>(l2_hdr_type);
static auto raw_pkt_hdr_type = id::find_type<RecordType>("raw_pkt_hdr");
static auto l2_hdr_type = id::find_type<RecordType>("l2_hdr");
auto pkt_hdr = make_intrusive<RecordVal>(raw_pkt_hdr_type);
auto l2_hdr = make_intrusive<RecordVal>(l2_hdr_type);
bool is_ethernet = link_type == DLT_EN10MB;
@ -628,41 +628,41 @@ zeek::RecordValPtr Packet::ToRawPktHdrVal() const
{
// Ethernet header layout is:
// dst[6bytes] src[6bytes] ethertype[2bytes]...
l2_hdr->Assign(0, zeek::BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_ETHERNET));
l2_hdr->Assign(0, BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_ETHERNET));
l2_hdr->Assign(3, FmtEUI48(data + 6)); // src
l2_hdr->Assign(4, FmtEUI48(data)); // dst
if ( vlan )
l2_hdr->Assign(5, zeek::val_mgr->Count(vlan));
l2_hdr->Assign(5, val_mgr->Count(vlan));
if ( inner_vlan )
l2_hdr->Assign(6, zeek::val_mgr->Count(inner_vlan));
l2_hdr->Assign(6, val_mgr->Count(inner_vlan));
l2_hdr->Assign(7, zeek::val_mgr->Count(eth_type));
l2_hdr->Assign(7, val_mgr->Count(eth_type));
if ( eth_type == ETHERTYPE_ARP || eth_type == ETHERTYPE_REVARP )
// We also identify ARP for L3 over ethernet
l3 = BifEnum::L3_ARP;
}
else
l2_hdr->Assign(0, zeek::BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_UNKNOWN));
l2_hdr->Assign(0, BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_UNKNOWN));
l2_hdr->Assign(1, zeek::val_mgr->Count(len));
l2_hdr->Assign(2, zeek::val_mgr->Count(cap_len));
l2_hdr->Assign(1, val_mgr->Count(len));
l2_hdr->Assign(2, val_mgr->Count(cap_len));
l2_hdr->Assign(8, zeek::BifType::Enum::layer3_proto->GetEnumVal(l3));
l2_hdr->Assign(8, BifType::Enum::layer3_proto->GetEnumVal(l3));
pkt_hdr->Assign(0, std::move(l2_hdr));
if ( l3_proto == L3_IPV4 )
{
zeek::IP_Hdr ip_hdr((const struct ip*)(data + hdr_size), false);
IP_Hdr ip_hdr((const struct ip*)(data + hdr_size), false);
return ip_hdr.ToPktHdrVal(std::move(pkt_hdr), 1);
}
else if ( l3_proto == L3_IPV6 )
{
zeek::IP_Hdr ip6_hdr((const struct ip6_hdr*)(data + hdr_size), false, cap_len);
IP_Hdr ip6_hdr((const struct ip6_hdr*)(data + hdr_size), false, cap_len);
return ip6_hdr.ToPktHdrVal(std::move(pkt_hdr), 1);
}
@ -670,22 +670,22 @@ zeek::RecordValPtr Packet::ToRawPktHdrVal() const
return pkt_hdr;
}
zeek::RecordVal* Packet::BuildPktHdrVal() const
RecordVal* Packet::BuildPktHdrVal() const
{
return ToRawPktHdrVal().release();
}
zeek::ValPtr Packet::FmtEUI48(const u_char* mac) const
ValPtr Packet::FmtEUI48(const u_char* mac) const
{
char buf[20];
snprintf(buf, sizeof buf, "%02x:%02x:%02x:%02x:%02x:%02x",
mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
return zeek::make_intrusive<zeek::StringVal>(buf);
return make_intrusive<StringVal>(buf);
}
void Packet::Describe(ODesc* d) const
{
const zeek::IP_Hdr ip = IP();
const IP_Hdr ip = IP();
d->Add(ip.SrcAddr());
d->Add("->");
d->Add(ip.DstAddr());

14
src/iosource/Packet.h
View file

@ -22,8 +22,8 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
namespace zeek {
template <class T> class IntrusivePtr;
using ValPtr = zeek::IntrusivePtr<zeek::Val>;
using RecordValPtr = zeek::IntrusivePtr<zeek::RecordVal>;
using ValPtr = IntrusivePtr<Val>;
using RecordValPtr = IntrusivePtr<RecordVal>;
/**
* The Layer 3 type of a packet, as determined by the parsing code in Packet.
@ -129,16 +129,16 @@ public:
* Interprets the Layer 3 of the packet as IP and returns a
* correspondign object.
*/
const zeek::IP_Hdr IP() const;
const IP_Hdr IP() const;
/**
* Returns a \c raw_pkt_hdr RecordVal, which includes layer 2 and
* also everything in zeek::IP_Hdr (i.e., IP4/6 + TCP/UDP/ICMP).
* also everything in IP_Hdr (i.e., IP4/6 + TCP/UDP/ICMP).
*/
zeek::RecordValPtr ToRawPktHdrVal() const;
RecordValPtr ToRawPktHdrVal() const;
[[deprecated("Remove in v4.1. Use ToRawPktHdrval() instead.")]]
zeek::RecordVal* BuildPktHdrVal() const;
RecordVal* BuildPktHdrVal() const;
/**
* Static method returning the link-layer header size for a given
@ -232,7 +232,7 @@ private:
void Weird(const char* name);
// Renders an MAC address into its ASCII representation.
zeek::ValPtr FmtEUI48(const u_char* mac) const;
ValPtr FmtEUI48(const u_char* mac) const;
// True if we need to delete associated packet memory upon
// destruction.

6
src/iosource/PktDumper.cc
View file

@ -62,13 +62,13 @@ void PktDumper::Opened(const Properties& arg_props)
{
is_open = true;
props = arg_props;
DBG_LOG(zeek::DBG_PKTIO, "Opened dumper %s", props.path.c_str());
DBG_LOG(DBG_PKTIO, "Opened dumper %s", props.path.c_str());
}
void PktDumper::Closed()
{
is_open = false;
DBG_LOG(zeek::DBG_PKTIO, "Closed dumper %s", props.path.c_str());
DBG_LOG(DBG_PKTIO, "Closed dumper %s", props.path.c_str());
props.path = "";
}
@ -76,7 +76,7 @@ void PktDumper::Error(const std::string& msg)
{
errmsg = msg;
DBG_LOG(zeek::DBG_PKTIO, "Error with dumper %s: %s",
DBG_LOG(DBG_PKTIO, "Error with dumper %s: %s",
IsOpen() ? props.path.c_str() : "<not open>",
msg.c_str());
}

2
src/iosource/PktDumper.h
View file

@ -85,7 +85,7 @@ public:
* @return True if succesful, false otherwise (in which case \a
* Error() must have been called.)
*/
virtual bool Dump(const zeek::Packet* pkt) = 0;
virtual bool Dump(const Packet* pkt) = 0;
protected:
friend class Manager;

66
src/iosource/PktSrc.cc
View file

@ -82,15 +82,15 @@ double PktSrc::CurrentPacketTimestamp()
double PktSrc::CurrentPacketWallClock()
{
// We stop time when we are suspended.
if ( zeek::run_state::is_processing_suspended() )
current_wallclock = zeek::util::current_time(true);
if ( run_state::is_processing_suspended() )
current_wallclock = util::current_time(true);
return current_wallclock;
}
void PktSrc::Opened(const Properties& arg_props)
{
if ( zeek::Packet::GetLinkHeaderSize(arg_props.link_type) < 0 )
if ( Packet::GetLinkHeaderSize(arg_props.link_type) < 0 )
{
char buf[512];
snprintf(buf, sizeof(buf),
@ -112,7 +112,7 @@ void PktSrc::Opened(const Properties& arg_props)
if ( props.is_live )
{
Info(zeek::util::fmt("listening on %s\n", props.path.c_str()));
Info(util::fmt("listening on %s\n", props.path.c_str()));
// We only register the file descriptor if we're in live
// mode because libpcap's file descriptor for trace files
@ -120,10 +120,10 @@ void PktSrc::Opened(const Properties& arg_props)
// data to read.
if ( props.selectable_fd != -1 )
if ( ! iosource_mgr->RegisterFd(props.selectable_fd, this) )
zeek::reporter->FatalError("Failed to register pktsrc fd with iosource_mgr");
reporter->FatalError("Failed to register pktsrc fd with iosource_mgr");
}
DBG_LOG(zeek::DBG_PKTIO, "Opened source %s", props.path.c_str());
DBG_LOG(DBG_PKTIO, "Opened source %s", props.path.c_str());
}
void PktSrc::Closed()
@ -133,7 +133,7 @@ void PktSrc::Closed()
if ( props.is_live && props.selectable_fd != -1 )
iosource_mgr->UnregisterFd(props.selectable_fd, this);
DBG_LOG(zeek::DBG_PKTIO, "Closed source %s", props.path.c_str());
DBG_LOG(DBG_PKTIO, "Closed source %s", props.path.c_str());
}
void PktSrc::Error(const std::string& msg)
@ -141,29 +141,29 @@ void PktSrc::Error(const std::string& msg)
// We don't report this immediately, Bro will ask us for the error
// once it notices we aren't open.
errbuf = msg;
DBG_LOG(zeek::DBG_PKTIO, "Error with source %s: %s",
DBG_LOG(DBG_PKTIO, "Error with source %s: %s",
IsOpen() ? props.path.c_str() : "<not open>",
msg.c_str());
}
void PktSrc::Info(const std::string& msg)
{
zeek::reporter->Info("%s", msg.c_str());
reporter->Info("%s", msg.c_str());
}
void PktSrc::Weird(const std::string& msg, const zeek::Packet* p)
void PktSrc::Weird(const std::string& msg, const Packet* p)
{
zeek::sessions->Weird(msg.c_str(), p, nullptr);
sessions->Weird(msg.c_str(), p, nullptr);
}
void PktSrc::InternalError(const std::string& msg)
{
zeek::reporter->InternalError("%s", msg.c_str());
reporter->InternalError("%s", msg.c_str());
}
void PktSrc::ContinueAfterSuspend()
{
current_wallclock = zeek::util::current_time(true);
current_wallclock = util::current_time(true);
}
double PktSrc::CheckPseudoTime()
@ -175,9 +175,9 @@ double PktSrc::CheckPseudoTime()
return 0;
double pseudo_time = current_packet.time - first_timestamp;
double ct = (zeek::util::current_time(true) - first_wallclock) * zeek::run_state::pseudo_realtime;
double ct = (util::current_time(true) - first_wallclock) * run_state::pseudo_realtime;
return pseudo_time <= ct ? zeek::run_state::zeek_start_time + pseudo_time : 0;
return pseudo_time <= ct ? run_state::zeek_start_time + pseudo_time : 0;
}
void PktSrc::InitSource()
@ -201,16 +201,16 @@ void PktSrc::Process()
if ( current_packet.Layer2Valid() )
{
if ( zeek::run_state::pseudo_realtime )
if ( run_state::pseudo_realtime )
{
current_pseudo = CheckPseudoTime();
zeek::run_state::detail::dispatch_packet(current_pseudo, &current_packet, this);
run_state::detail::dispatch_packet(current_pseudo, &current_packet, this);
if ( ! first_wallclock )
first_wallclock = zeek::util::current_time(true);
first_wallclock = util::current_time(true);
}
else
zeek::run_state::detail::dispatch_packet(current_packet.time, &current_packet, this);
run_state::detail::dispatch_packet(current_packet.time, &current_packet, this);
}
have_packet = false;
@ -231,11 +231,11 @@ bool PktSrc::ExtractNextPacketInternal()
// Don't return any packets if processing is suspended (except for the
// very first packet which we need to set up times).
if ( zeek::run_state::is_processing_suspended() && first_timestamp )
if ( run_state::is_processing_suspended() && first_timestamp )
return false;
if ( zeek::run_state::pseudo_realtime )
current_wallclock = zeek::util::current_time(true);
if ( run_state::pseudo_realtime )
current_wallclock = util::current_time(true);
if ( ExtractNextPacket(&current_packet) )
{
@ -252,7 +252,7 @@ bool PktSrc::ExtractNextPacketInternal()
return true;
}
if ( zeek::run_state::pseudo_realtime && ! IsOpen() )
if ( run_state::pseudo_realtime && ! IsOpen() )
{
if ( broker_mgr->Active() )
iosource_mgr->Terminate();
@ -269,11 +269,11 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter)
char errbuf[PCAP_ERRBUF_SIZE];
// Compile filter.
auto* code = new zeek::iosource::detail::BPF_Program();
auto* code = new detail::BPF_Program();
if ( ! code->Compile(zeek::BifConst::Pcap::snaplen, LinkType(), filter.c_str(), Netmask(), errbuf, sizeof(errbuf)) )
if ( ! code->Compile(BifConst::Pcap::snaplen, LinkType(), filter.c_str(), Netmask(), errbuf, sizeof(errbuf)) )
{
std::string msg = zeek::util::fmt("cannot compile BPF filter \"%s\"", filter.c_str());
std::string msg = util::fmt("cannot compile BPF filter \"%s\"", filter.c_str());
if ( *errbuf )
msg += ": " + std::string(errbuf);
@ -296,7 +296,7 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter)
return true;
}
zeek::iosource::detail::BPF_Program* PktSrc::GetBPFFilter(int index)
detail::BPF_Program* PktSrc::GetBPFFilter(int index)
{
if ( index < 0 )
return nullptr;
@ -306,11 +306,11 @@ zeek::iosource::detail::BPF_Program* PktSrc::GetBPFFilter(int index)
bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_char *pkt)
{
zeek::iosource::detail::BPF_Program* code = GetBPFFilter(index);
detail::BPF_Program* code = GetBPFFilter(index);
if ( ! code )
{
Error(zeek::util::fmt("BPF filter %d not compiled", index));
Error(util::fmt("BPF filter %d not compiled", index));
Close();
return false;
}
@ -321,7 +321,7 @@ bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_ch
return pcap_offline_filter(code->GetProgram(), hdr, pkt);
}
bool PktSrc::GetCurrentPacket(const zeek::Packet** pkt)
bool PktSrc::GetCurrentPacket(const Packet** pkt)
{
if ( ! have_packet )
return false;
@ -344,16 +344,16 @@ double PktSrc::GetNextTimeout()
// but we're not in pseudo-realtime mode, let the loop just spin as fast as it can. If we're
// in pseudo-realtime mode, find the next time that a packet is ready and have poll block until
// then.
if ( IsLive() || zeek::run_state::is_processing_suspended() )
if ( IsLive() || run_state::is_processing_suspended() )
return -1;
else if ( ! zeek::run_state::pseudo_realtime )
else if ( ! run_state::pseudo_realtime )
return 0;
if ( ! have_packet )
ExtractNextPacketInternal();
double pseudo_time = current_packet.time - first_timestamp;
double ct = (zeek::util::current_time(true) - first_wallclock) * zeek::run_state::pseudo_realtime;
double ct = (util::current_time(true) - first_wallclock) * run_state::pseudo_realtime;
return std::max(0.0, pseudo_time - ct);
}

12
src/iosource/PktSrc.h
View file

@ -136,7 +136,7 @@ public:
* @return The BPF filter associated, or null if none has been
* (successfully) compiled.
*/
zeek::iosource::detail::BPF_Program* GetBPFFilter(int index);
detail::BPF_Program* GetBPFFilter(int index);
/**
* Applies a precompiled BPF filter to a packet. This will close the
@ -163,7 +163,7 @@ public:
*
* @return True if the current packet is available, or false if not.
*/
bool GetCurrentPacket(const zeek::Packet** hdr);
bool GetCurrentPacket(const Packet** hdr);
// PacketSource interace for derived classes to override.
@ -297,7 +297,7 @@ protected:
*
* @param pkt The packet associated with the weird, or null if none.
*/
void Weird(const std::string& msg, const zeek::Packet* pkt);
void Weird(const std::string& msg, const Packet* pkt);
/**
* Can be called from derived classes to flag an internal error,
@ -340,7 +340,7 @@ protected:
* if not packet is available or an error occured (which must be
* flageed via Error()).
*/
virtual bool ExtractNextPacket(zeek::Packet* pkt) = 0;
virtual bool ExtractNextPacket(Packet* pkt) = 0;
/**
* Signals that the data of previously extracted packet will no
@ -365,10 +365,10 @@ private:
Properties props;
bool have_packet;
zeek::Packet current_packet;
Packet current_packet;
// For BPF filtering support.
std::vector<zeek::iosource::detail::BPF_Program *> filters;
std::vector<detail::BPF_Program *> filters;
// Only set in pseudo-realtime mode.
double first_timestamp;

12
src/iosource/pcap/Dumper.cc
View file

@ -27,7 +27,7 @@ void PcapDumper::Open()
{
int linktype = -1;
pd = pcap_open_dead(DLT_EN10MB, zeek::BifConst::Pcap::snaplen);
pd = pcap_open_dead(DLT_EN10MB, BifConst::Pcap::snaplen);
if ( ! pd )
{
@ -51,7 +51,7 @@ void PcapDumper::Open()
if ( exists < 0 && errno != ENOENT )
{
Error(zeek::util::fmt("can't stat file %s: %s", props.path.c_str(), strerror(errno)));
Error(util::fmt("can't stat file %s: %s", props.path.c_str(), strerror(errno)));
return;
}
}
@ -76,13 +76,13 @@ void PcapDumper::Open()
dumper = (pcap_dumper_t*) fopen(props.path.c_str(), "a");
if ( ! dumper )
{
Error(zeek::util::fmt("can't open dump %s: %s", props.path.c_str(), strerror(errno)));
Error(util::fmt("can't open dump %s: %s", props.path.c_str(), strerror(errno)));
return;
}
}
props.open_time = zeek::run_state::network_time;
props.hdr_size = zeek::Packet::GetLinkHeaderSize(pcap_datalink(pd));
props.open_time = run_state::network_time;
props.hdr_size = Packet::GetLinkHeaderSize(pcap_datalink(pd));
Opened(props);
}
@ -99,7 +99,7 @@ void PcapDumper::Close()
Closed();
}
bool PcapDumper::Dump(const zeek::Packet* pkt)
bool PcapDumper::Dump(const Packet* pkt)
{
if ( ! dumper )
return false;

2
src/iosource/pcap/Dumper.h
View file

@ -21,7 +21,7 @@ protected:
// PktDumper interface.
void Open() override;
void Close() override;
bool Dump(const zeek::Packet* pkt) override;
bool Dump(const Packet* pkt) override;
private:
Properties props;

16
src/iosource/pcap/Plugin.cc
View file

@ -7,17 +7,17 @@
namespace zeek::plugin::detail::Zeek_Pcap {
class Plugin : public zeek::plugin::Plugin {
class Plugin : public plugin::Plugin {
public:
zeek::plugin::Configuration Configure() override
plugin::Configuration Configure() override
{
AddComponent(new zeek::iosource::PktSrcComponent(
"PcapReader", "pcap", zeek::iosource::PktSrcComponent::BOTH,
zeek::iosource::pcap::PcapSource::Instantiate));
AddComponent(new zeek::iosource::PktDumperComponent(
"PcapWriter", "pcap", zeek::iosource::pcap::PcapDumper::Instantiate));
AddComponent(new iosource::PktSrcComponent(
"PcapReader", "pcap", iosource::PktSrcComponent::BOTH,
iosource::pcap::PcapSource::Instantiate));
AddComponent(new iosource::PktDumperComponent(
"PcapWriter", "pcap", iosource::pcap::PcapDumper::Instantiate));
zeek::plugin::Configuration config;
plugin::Configuration config;
config.name = "Zeek::Pcap";
config.description = "Packet acquisition via libpcap";
return config;

30
src/iosource/pcap/Source.cc
View file

@ -47,7 +47,7 @@ void PcapSource::Close()
Closed();
if ( Pcap::file_done )
zeek::event_mgr.Enqueue(Pcap::file_done, zeek::make_intrusive<zeek::StringVal>(props.path));
event_mgr.Enqueue(Pcap::file_done, make_intrusive<StringVal>(props.path));
}
void PcapSource::OpenLive()
@ -61,7 +61,7 @@ void PcapSource::OpenLive()
if ( pcap_findalldevs(&devs, errbuf) < 0 )
{
Error(zeek::util::fmt("pcap_findalldevs: %s", errbuf));
Error(util::fmt("pcap_findalldevs: %s", errbuf));
return;
}
@ -110,7 +110,7 @@ void PcapSource::OpenLive()
return;
}
if ( pcap_set_snaplen(pd, zeek::BifConst::Pcap::snaplen) )
if ( pcap_set_snaplen(pd, BifConst::Pcap::snaplen) )
{
PcapError("pcap_set_snaplen");
return;
@ -136,7 +136,7 @@ void PcapSource::OpenLive()
return;
}
if ( pcap_set_buffer_size(pd, zeek::BifConst::Pcap::bufsize * 1024 * 1024) )
if ( pcap_set_buffer_size(pd, BifConst::Pcap::bufsize * 1024 * 1024) )
{
PcapError("pcap_set_buffer_size");
return;
@ -157,7 +157,7 @@ void PcapSource::OpenLive()
#endif
#ifdef HAVE_PCAP_INT_H
Info(zeek::util::fmt("pcap bufsize = %d\n", ((struct pcap *) pd)->bufsize));
Info(util::fmt("pcap bufsize = %d\n", ((struct pcap *) pd)->bufsize));
#endif
props.selectable_fd = pcap_get_selectable_fd(pd);
@ -191,7 +191,7 @@ void PcapSource::OpenOffline()
Opened(props);
}
bool PcapSource::ExtractNextPacket(zeek::Packet* pkt)
bool PcapSource::ExtractNextPacket(Packet* pkt)
{
if ( ! pd )
return false;
@ -210,11 +210,11 @@ bool PcapSource::ExtractNextPacket(zeek::Packet* pkt)
case PCAP_ERROR: // -1
// Error occurred while reading the packet.
if ( props.is_live )
zeek::reporter->Error("failed to read a packet from %s: %s",
props.path.data(), pcap_geterr(pd));
reporter->Error("failed to read a packet from %s: %s",
props.path.data(), pcap_geterr(pd));
else
zeek::reporter->FatalError("failed to read a packet from %s: %s",
props.path.data(), pcap_geterr(pd));
reporter->FatalError("failed to read a packet from %s: %s",
props.path.data(), pcap_geterr(pd));
return false;
case 0:
// Read from live interface timed out (ok).
@ -223,7 +223,7 @@ bool PcapSource::ExtractNextPacket(zeek::Packet* pkt)
// Read a packet without problem.
break;
default:
zeek::reporter->InternalError("unhandled pcap_next_ex return value: %d", res);
reporter->InternalError("unhandled pcap_next_ex return value: %d", res);
return false;
}
@ -258,7 +258,7 @@ bool PcapSource::SetFilter(int index)
char errbuf[PCAP_ERRBUF_SIZE];
zeek::iosource::detail::BPF_Program* code = GetBPFFilter(index);
iosource::detail::BPF_Program* code = GetBPFFilter(index);
if ( ! code )
{
@ -328,12 +328,12 @@ void PcapSource::PcapError(const char* where)
std::string location;
if ( where )
location = zeek::util::fmt(" (%s)", where);
location = util::fmt(" (%s)", where);
if ( pd )
Error(zeek::util::fmt("pcap_error: %s%s", pcap_geterr(pd), location.c_str()));
Error(util::fmt("pcap_error: %s%s", pcap_geterr(pd), location.c_str()));
else
Error(zeek::util::fmt("pcap_error: not open%s", location.c_str()));
Error(util::fmt("pcap_error: not open%s", location.c_str()));
Close();
}

4
src/iosource/pcap/Source.h
View file

@ -12,7 +12,7 @@ extern "C" {
namespace zeek::iosource::pcap {
class PcapSource : public zeek::iosource::PktSrc {
class PcapSource : public PktSrc {
public:
PcapSource(const std::string& path, bool is_live);
~PcapSource() override;
@ -23,7 +23,7 @@ protected:
// PktSrc interface.
void Open() override;
void Close() override;
bool ExtractNextPacket(zeek::Packet* pkt) override;
bool ExtractNextPacket(Packet* pkt) override;
void DoneWithPacket() override;
bool PrecompileFilter(int index, const std::string& filter) override;
bool SetFilter(int index) override;