Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/timw/clang-format-fixes'

Browse source 
* origin/topic/timw/clang-format-fixes:
  clang-format: Set penalty for breaking after assignment operator
  clang-format: Set IndentCaseBlocks to false
  clang-format: Other minor formatting changes
  clang-format: Other include ordering changes
  clang-format: Enforce ordering of includes in ZBody
  clang-format: A few minor comment-spacing fixes
  clang-format: Force zeek-config.h to be earlier in the config ordering
This commit is contained in:
Tim Wojtulewicz 2021-09-27 12:06:27 -07:00
commit ff98515f2a
181 changed files with 5236 additions and 5157 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.clang-format
View file

@ -30,7 +30,7 @@ BreakBeforeBraces: Whitesmiths
# SplitEmptyNamespace: false
AccessModifierOffset: -4
AlignAfterOpenBracket: true
AlignAfterOpenBracket: Align
AlignTrailingComments: false
AllowShortBlocksOnASingleLine: Empty
AllowShortEnumsOnASingleLine: true
@ -47,7 +47,7 @@ ColumnLimit: 100
ConstructorInitializerAllOnOneLineOrOnePerLine: false
FixNamespaceComments: false
IndentCaseLabels: true
IndentCaseBlocks: true
IndentCaseBlocks: false
IndentExternBlock: NoIndent
IndentPPDirectives: None
IndentWidth: 4
@ -70,6 +70,10 @@ SpacesInParentheses: false
TabWidth: 4
UseTab: AlignWithSpaces
# Setting this to a high number causes clang-format to prefer breaking somewhere else
# over breaking after the assignment operator in a line that's over the column limit
PenaltyBreakAssignment: 100
IncludeBlocks: Regroup
# Include categories go like this:
@ -81,11 +85,14 @@ IncludeBlocks: Regroup
# 5: everything else, which should catch any of the auto-generated code from the
# build directory as well
#
# Sections 0-1 and 2-3 get group together in their respective blocks
# Sections 0-1 and 2-3 get grouped together in their respective blocks
IncludeCategories:
- Regex: '^"zeek-config\.h"'
Priority: 0
Priority: 1
SortPriority: 1
- Regex: '^"zeek/zeek-config\.h"'
Priority: 1
SortPriority: 2
- Regex: '^<[[:print:]]+\.(h|hh)>'
Priority: 2
SortPriority: 2

3
CHANGES
View file

@ -1,3 +1,6 @@
4.2.0-dev.233 | 2021-09-27 12:06:27 -0700
* Fix a number of issues with the initial pass of clang-format (Tim Wojtulewicz, Corelight)
4.2.0-dev.224 | 2021-09-26 10:27:05 -0700

2
VERSION
View file

@ -1 +1 @@
4.2.0-dev.224
4.2.0-dev.233

562
src/Attr.cc
View file

@ -2,13 +2,14 @@
#include "zeek/Attr.h"
#include "zeek/zeek-config.h"
#include "zeek/Desc.h"
#include "zeek/Expr.h"
#include "zeek/IntrusivePtr.h"
#include "zeek/Val.h"
#include "zeek/input/Manager.h"
#include "zeek/threading/SerialTypes.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{
@ -316,58 +317,96 @@ void Attributes::CheckAttr(Attr* a)
case ATTR_ADD_FUNC:
case ATTR_DEL_FUNC:
{
bool is_add = a->Tag() == ATTR_ADD_FUNC;
const auto& at = a->GetExpr()->GetType();
if ( at->Tag() != TYPE_FUNC )
{
bool is_add = a->Tag() == ATTR_ADD_FUNC;
const auto& at = a->GetExpr()->GetType();
if ( at->Tag() != TYPE_FUNC )
{
a->GetExpr()->Error(is_add ? "&add_func must be a function"
: "&delete_func must be a function");
break;
}
FuncType* aft = at->AsFuncType();
if ( ! same_type(aft->Yield(), type) )
{
a->GetExpr()->Error(
is_add ? "&add_func function must yield same type as variable"
: "&delete_func function must yield same type as variable");
break;
}
a->GetExpr()->Error(is_add ? "&add_func must be a function"
: "&delete_func must be a function");
break;
}
FuncType* aft = at->AsFuncType();
if ( ! same_type(aft->Yield(), type) )
{
a->GetExpr()->Error(is_add
? "&add_func function must yield same type as variable"
: "&delete_func function must yield same type as variable");
break;
}
}
break;
case ATTR_DEFAULT:
{
// &default is allowed for global tables, since it's used in initialization
// of table fields. it's not allowed otherwise.
if ( global_var && ! type->IsTable() )
{
// &default is allowed for global tables, since it's used in initialization
// of table fields. it's not allowed otherwise.
if ( global_var && ! type->IsTable() )
Error("&default is not valid for global variables except for tables");
break;
}
const auto& atype = a->GetExpr()->GetType();
if ( type->Tag() != TYPE_TABLE || (type->IsSet() && ! in_record) )
{
if ( same_type(atype, type) )
// Ok.
break;
// Record defaults may be promotable.
if ( (type->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD &&
record_promotion_compatible(atype->AsRecordType(), type->AsRecordType())) )
// Ok.
break;
if ( type->Tag() == TYPE_TABLE && type->AsTableType()->IsUnspecifiedTable() )
// Ok.
break;
auto e = check_and_promote_expr(a->GetExpr(), type);
if ( e )
{
Error("&default is not valid for global variables except for tables");
a->SetAttrExpr(std::move(e));
// Ok.
break;
}
const auto& atype = a->GetExpr()->GetType();
a->GetExpr()->Error("&default value has inconsistent type", type.get());
return;
}
if ( type->Tag() != TYPE_TABLE || (type->IsSet() && ! in_record) )
TableType* tt = type->AsTableType();
const auto& ytype = tt->Yield();
if ( ! in_record )
{
// &default applies to the type itself.
if ( ! same_type(atype, ytype) )
{
if ( same_type(atype, type) )
// It can still be a default function.
if ( atype->Tag() == TYPE_FUNC )
{
FuncType* f = atype->AsFuncType();
if ( ! f->CheckArgs(tt->GetIndexTypes()) || ! same_type(f->Yield(), ytype) )
Error("&default function type clash");
// Ok.
break;
}
// Record defaults may be promotable.
if ( (type->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD &&
// Table defaults may be promotable.
if ( (ytype->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD &&
record_promotion_compatible(atype->AsRecordType(),
type->AsRecordType())) )
ytype->AsRecordType())) )
// Ok.
break;
if ( type->Tag() == TYPE_TABLE && type->AsTableType()->IsUnspecifiedTable() )
// Ok.
break;
auto e = check_and_promote_expr(a->GetExpr(), type);
auto e = check_and_promote_expr(a->GetExpr(), ytype);
if ( e )
{
@ -376,120 +415,79 @@ void Attributes::CheckAttr(Attr* a)
break;
}
a->GetExpr()->Error("&default value has inconsistent type", type.get());
return;
Error("&default value has inconsistent type 2");
}
TableType* tt = type->AsTableType();
const auto& ytype = tt->Yield();
// Ok.
break;
}
if ( ! in_record )
{
// &default applies to the type itself.
if ( ! same_type(atype, ytype) )
{
// It can still be a default function.
if ( atype->Tag() == TYPE_FUNC )
{
FuncType* f = atype->AsFuncType();
if ( ! f->CheckArgs(tt->GetIndexTypes()) ||
! same_type(f->Yield(), ytype) )
Error("&default function type clash");
// Ok.
break;
}
// Table defaults may be promotable.
if ( (ytype->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD &&
record_promotion_compatible(atype->AsRecordType(),
ytype->AsRecordType())) )
// Ok.
break;
auto e = check_and_promote_expr(a->GetExpr(), ytype);
if ( e )
{
a->SetAttrExpr(std::move(e));
// Ok.
break;
}
Error("&default value has inconsistent type 2");
}
else
{
// &default applies to record field.
if ( same_type(atype, type) )
// Ok.
break;
}
else
if ( (atype->Tag() == TYPE_TABLE && atype->AsTableType()->IsUnspecifiedTable()) )
{
// &default applies to record field.
auto e = check_and_promote_expr(a->GetExpr(), type);
if ( same_type(atype, type) )
// Ok.
break;
if ( (atype->Tag() == TYPE_TABLE &&
atype->AsTableType()->IsUnspecifiedTable()) )
if ( e )
{
auto e = check_and_promote_expr(a->GetExpr(), type);
if ( e )
{
a->SetAttrExpr(std::move(e));
break;
}
}
// Table defaults may be promotable.
if ( ytype && ytype->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD &&
record_promotion_compatible(atype->AsRecordType(), ytype->AsRecordType()) )
// Ok.
a->SetAttrExpr(std::move(e));
break;
Error("&default value has inconsistent type");
}
}
// Table defaults may be promotable.
if ( ytype && ytype->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD &&
record_promotion_compatible(atype->AsRecordType(), ytype->AsRecordType()) )
// Ok.
break;
Error("&default value has inconsistent type");
}
}
break;
case ATTR_EXPIRE_READ:
{
if ( Find(ATTR_BROKER_STORE) )
Error("&broker_store and &read_expire cannot be used simultaneously");
{
if ( Find(ATTR_BROKER_STORE) )
Error("&broker_store and &read_expire cannot be used simultaneously");
if ( Find(ATTR_BACKEND) )
Error("&backend and &read_expire cannot be used simultaneously");
}
if ( Find(ATTR_BACKEND) )
Error("&backend and &read_expire cannot be used simultaneously");
}
// fallthrough
case ATTR_EXPIRE_WRITE:
case ATTR_EXPIRE_CREATE:
{
if ( type->Tag() != TYPE_TABLE )
{
if ( type->Tag() != TYPE_TABLE )
{
Error("expiration only applicable to sets/tables");
break;
}
int num_expires = 0;
for ( const auto& a : attrs )
{
if ( a->Tag() == ATTR_EXPIRE_READ || a->Tag() == ATTR_EXPIRE_WRITE ||
a->Tag() == ATTR_EXPIRE_CREATE )
num_expires++;
}
if ( num_expires > 1 )
{
Error("set/table can only have one of &read_expire, &write_expire, "
"&create_expire");
break;
}
Error("expiration only applicable to sets/tables");
break;
}
int num_expires = 0;
for ( const auto& a : attrs )
{
if ( a->Tag() == ATTR_EXPIRE_READ || a->Tag() == ATTR_EXPIRE_WRITE ||
a->Tag() == ATTR_EXPIRE_CREATE )
num_expires++;
}
if ( num_expires > 1 )
{
Error("set/table can only have one of &read_expire, &write_expire, "
"&create_expire");
break;
}
}
#if 0
//### not easy to test this w/o knowing the ID.
if ( ! global_var )
@ -499,172 +497,172 @@ void Attributes::CheckAttr(Attr* a)
break;
case ATTR_EXPIRE_FUNC:
{
if ( type->Tag() != TYPE_TABLE )
{
if ( type->Tag() != TYPE_TABLE )
{
Error("expiration only applicable to tables");
break;
}
type->AsTableType()->CheckExpireFuncCompatibility({NewRef{}, a});
if ( Find(ATTR_BROKER_STORE) )
Error("&broker_store and &expire_func cannot be used simultaneously");
if ( Find(ATTR_BACKEND) )
Error("&backend and &expire_func cannot be used simultaneously");
Error("expiration only applicable to tables");
break;
}
type->AsTableType()->CheckExpireFuncCompatibility({NewRef{}, a});
if ( Find(ATTR_BROKER_STORE) )
Error("&broker_store and &expire_func cannot be used simultaneously");
if ( Find(ATTR_BACKEND) )
Error("&backend and &expire_func cannot be used simultaneously");
break;
}
case ATTR_ON_CHANGE:
{
if ( type->Tag() != TYPE_TABLE )
{
if ( type->Tag() != TYPE_TABLE )
{
Error("&on_change only applicable to sets/tables");
break;
}
const auto& change_func = a->GetExpr();
if ( change_func->GetType()->Tag() != TYPE_FUNC ||
change_func->GetType()->AsFuncType()->Flavor() != FUNC_FLAVOR_FUNCTION )
Error("&on_change attribute is not a function");
const FuncType* c_ft = change_func->GetType()->AsFuncType();
if ( c_ft->Yield()->Tag() != TYPE_VOID )
{
Error("&on_change must not return a value");
break;
}
const TableType* the_table = type->AsTableType();
if ( the_table->IsUnspecifiedTable() )
break;
const auto& args = c_ft->ParamList()->GetTypes();
const auto& t_indexes = the_table->GetIndexTypes();
if ( args.size() != (type->IsSet() ? 2 : 3) + t_indexes.size() )
{
Error("&on_change function has incorrect number of arguments");
break;
}
if ( ! same_type(args[0], the_table->AsTableType()) )
{
Error("&on_change: first argument must be of same type as table");
break;
}
// can't check exact type here yet - the data structures don't exist yet.
if ( args[1]->Tag() != TYPE_ENUM )
{
Error("&on_change: second argument must be a TableChange enum");
break;
}
for ( size_t i = 0; i < t_indexes.size(); i++ )
{
if ( ! same_type(args[2 + i], t_indexes[i]) )
{
Error("&on_change: index types do not match table");
break;
}
}
if ( ! type->IsSet() )
if ( ! same_type(args[2 + t_indexes.size()], the_table->Yield()) )
{
Error("&on_change: value type does not match table");
break;
}
Error("&on_change only applicable to sets/tables");
break;
}
const auto& change_func = a->GetExpr();
if ( change_func->GetType()->Tag() != TYPE_FUNC ||
change_func->GetType()->AsFuncType()->Flavor() != FUNC_FLAVOR_FUNCTION )
Error("&on_change attribute is not a function");
const FuncType* c_ft = change_func->GetType()->AsFuncType();
if ( c_ft->Yield()->Tag() != TYPE_VOID )
{
Error("&on_change must not return a value");
break;
}
const TableType* the_table = type->AsTableType();
if ( the_table->IsUnspecifiedTable() )
break;
const auto& args = c_ft->ParamList()->GetTypes();
const auto& t_indexes = the_table->GetIndexTypes();
if ( args.size() != (type->IsSet() ? 2 : 3) + t_indexes.size() )
{
Error("&on_change function has incorrect number of arguments");
break;
}
if ( ! same_type(args[0], the_table->AsTableType()) )
{
Error("&on_change: first argument must be of same type as table");
break;
}
// can't check exact type here yet - the data structures don't exist yet.
if ( args[1]->Tag() != TYPE_ENUM )
{
Error("&on_change: second argument must be a TableChange enum");
break;
}
for ( size_t i = 0; i < t_indexes.size(); i++ )
{
if ( ! same_type(args[2 + i], t_indexes[i]) )
{
Error("&on_change: index types do not match table");
break;
}
}
if ( ! type->IsSet() )
if ( ! same_type(args[2 + t_indexes.size()], the_table->Yield()) )
{
Error("&on_change: value type does not match table");
break;
}
}
break;
case ATTR_BACKEND:
{
if ( ! global_var || type->Tag() != TYPE_TABLE )
{
if ( ! global_var || type->Tag() != TYPE_TABLE )
{
Error("&backend only applicable to global sets/tables");
break;
}
// cannot do better equality check - the Broker types are not
// actually existing yet when we are here. We will do that
// later - before actually attaching to a broker store
if ( a->GetExpr()->GetType()->Tag() != TYPE_ENUM )
{
Error("&backend must take an enum argument");
break;
}
// Only support atomic types for the moment, unless
// explicitly overriden
if ( ! type->AsTableType()->IsSet() &&
! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )
{
Error("&backend only supports atomic types as table value");
}
if ( Find(ATTR_EXPIRE_FUNC) )
Error("&backend and &expire_func cannot be used simultaneously");
if ( Find(ATTR_EXPIRE_READ) )
Error("&backend and &read_expire cannot be used simultaneously");
if ( Find(ATTR_BROKER_STORE) )
Error("&backend and &broker_store cannot be used simultaneously");
Error("&backend only applicable to global sets/tables");
break;
}
// cannot do better equality check - the Broker types are not
// actually existing yet when we are here. We will do that
// later - before actually attaching to a broker store
if ( a->GetExpr()->GetType()->Tag() != TYPE_ENUM )
{
Error("&backend must take an enum argument");
break;
}
// Only support atomic types for the moment, unless
// explicitly overriden
if ( ! type->AsTableType()->IsSet() &&
! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )
{
Error("&backend only supports atomic types as table value");
}
if ( Find(ATTR_EXPIRE_FUNC) )
Error("&backend and &expire_func cannot be used simultaneously");
if ( Find(ATTR_EXPIRE_READ) )
Error("&backend and &read_expire cannot be used simultaneously");
if ( Find(ATTR_BROKER_STORE) )
Error("&backend and &broker_store cannot be used simultaneously");
break;
}
case ATTR_BROKER_STORE:
{
if ( type->Tag() != TYPE_TABLE )
{
if ( type->Tag() != TYPE_TABLE )
{
Error("&broker_store only applicable to sets/tables");
break;
}
if ( a->GetExpr()->GetType()->Tag() != TYPE_STRING )
{
Error("&broker_store must take a string argument");
break;
}
// Only support atomic types for the moment, unless
// explicitly overriden
if ( ! type->AsTableType()->IsSet() &&
! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )
{
Error("&broker_store only supports atomic types as table value");
}
if ( Find(ATTR_EXPIRE_FUNC) )
Error("&broker_store and &expire_func cannot be used simultaneously");
if ( Find(ATTR_EXPIRE_READ) )
Error("&broker_store and &read_expire cannot be used simultaneously");
if ( Find(ATTR_BACKEND) )
Error("&backend and &broker_store cannot be used simultaneously");
Error("&broker_store only applicable to sets/tables");
break;
}
case ATTR_BROKER_STORE_ALLOW_COMPLEX:
if ( a->GetExpr()->GetType()->Tag() != TYPE_STRING )
{
if ( type->Tag() != TYPE_TABLE )
{
Error("&broker_allow_complex_type only applicable to sets/tables");
break;
}
Error("&broker_store must take a string argument");
break;
}
// Only support atomic types for the moment, unless
// explicitly overriden
if ( ! type->AsTableType()->IsSet() &&
! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )
{
Error("&broker_store only supports atomic types as table value");
}
if ( Find(ATTR_EXPIRE_FUNC) )
Error("&broker_store and &expire_func cannot be used simultaneously");
if ( Find(ATTR_EXPIRE_READ) )
Error("&broker_store and &read_expire cannot be used simultaneously");
if ( Find(ATTR_BACKEND) )
Error("&backend and &broker_store cannot be used simultaneously");
break;
}
case ATTR_BROKER_STORE_ALLOW_COMPLEX:
{
if ( type->Tag() != TYPE_TABLE )
{
Error("&broker_allow_complex_type only applicable to sets/tables");
break;
}
}
case ATTR_TRACKED:
// FIXME: Check here for global ID?
break;
@ -694,24 +692,24 @@ void Attributes::CheckAttr(Attr* a)
break;
case ATTR_TYPE_COLUMN:
{
if ( type->Tag() != TYPE_PORT )
{
if ( type->Tag() != TYPE_PORT )
{
Error("type_column tag only applicable to ports");
break;
}
const auto& atype = a->GetExpr()->GetType();
if ( atype->Tag() != TYPE_STRING )
{
Error("type column needs to have a string argument");
break;
}
Error("type_column tag only applicable to ports");
break;
}
const auto& atype = a->GetExpr()->GetType();
if ( atype->Tag() != TYPE_STRING )
{
Error("type column needs to have a string argument");
break;
}
break;
}
default:
BadTag("Attributes::CheckAttr", attr_name(a->Tag()));
}

3
src/Base64.cc
View file

@ -1,11 +1,12 @@
#include "zeek/Base64.h"
#include "zeek/zeek-config.h"
#include <math.h>
#include "zeek/Conn.h"
#include "zeek/Reporter.h"
#include "zeek/ZeekString.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{

4
src/Base64.h
View file

@ -1,9 +1,9 @@
#pragma once
#include <string>
#include "zeek/zeek-config.h"
#include <string>
namespace zeek
{

3
src/BifReturnVal.h
View file

@ -2,9 +2,10 @@
#pragma once
#include "zeek/IntrusivePtr.h"
#include "zeek/zeek-config.h"
#include "zeek/IntrusivePtr.h"
namespace zeek
{

3
src/CCL.cc
View file

@ -2,11 +2,12 @@
#include "zeek/CCL.h"
#include "zeek/zeek-config.h"
#include <algorithm>
#include "zeek/DFA.h"
#include "zeek/RE.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{

1102
src/CompHash.cc
View file

File diff suppressed because it is too large Load diff

3
src/Conn.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Conn.h"
#include "zeek/zeek-config.h"
#include <binpac.h>
#include <ctype.h>
@ -19,7 +21,6 @@
#include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
#include "zeek/packet_analysis/protocol/tcp/TCP.h"
#include "zeek/session/Manager.h"
#include "zeek/zeek-config.h"
namespace zeek
{

3
src/DFA.cc
View file

@ -2,10 +2,11 @@
#include "zeek/DFA.h"
#include "zeek/zeek-config.h"
#include "zeek/Desc.h"
#include "zeek/EquivClass.h"
#include "zeek/Hash.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{

18
src/DNS_Mgr.cc
View file

@ -2,10 +2,10 @@
#include "zeek/DNS_Mgr.h"
#include "zeek/zeek-config.h"
#include <sys/socket.h>
#include <sys/types.h>
#include "zeek/zeek-config.h"
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
@ -1167,16 +1167,16 @@ void DNS_Mgr::IssueAsyncRequests()
if ( req->IsAddrReq() )
success = DoRequest(nb_dns, new DNS_Mgr_Request(req->host));
else if ( req->is_txt )
success =
DoRequest(nb_dns, new DNS_Mgr_Request(req->name.c_str(), AF_INET, req->is_txt));
success = DoRequest(nb_dns,
new DNS_Mgr_Request(req->name.c_str(), AF_INET, req->is_txt));
else
{
// If only one request type succeeds, don't consider it a failure.
success =
DoRequest(nb_dns, new DNS_Mgr_Request(req->name.c_str(), AF_INET, req->is_txt));
success =
DoRequest(nb_dns, new DNS_Mgr_Request(req->name.c_str(), AF_INET6, req->is_txt)) ||
success;
success = DoRequest(nb_dns,
new DNS_Mgr_Request(req->name.c_str(), AF_INET, req->is_txt));
success = DoRequest(nb_dns,
new DNS_Mgr_Request(req->name.c_str(), AF_INET6, req->is_txt)) ||
success;
}
if ( ! success )

23
src/DbgBreakpoint.cc
View file

@ -2,6 +2,8 @@
#include "zeek/DbgBreakpoint.h"
#include "zeek/zeek-config.h"
#include <assert.h>
#include "zeek/Debug.h"
@ -15,7 +17,6 @@
#include "zeek/Timer.h"
#include "zeek/Val.h"
#include "zeek/module_util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{
@ -347,19 +348,19 @@ void DbgBreakpoint::PrintHitMsg()
case BP_STMT:
case BP_FUNC:
case BP_LINE:
{
ODesc d;
Frame* f = g_frame_stack.back();
const ScriptFunc* func = f->GetFunction();
{
ODesc d;
Frame* f = g_frame_stack.back();
const ScriptFunc* func = f->GetFunction();
if ( func )
func->DescribeDebug(&d, f->GetFuncArgs());
if ( func )
func->DescribeDebug(&d, f->GetFuncArgs());
const Location* loc = at_stmt->GetLocationInfo();
const Location* loc = at_stmt->GetLocationInfo();
debug_msg("Breakpoint %d, %s at %s:%d\n", GetID(), d.Description(), loc->filename,
loc->first_line);
}
debug_msg("Breakpoint %d, %s at %s:%d\n", GetID(), d.Description(), loc->filename,
loc->first_line);
}
return;
case BP_TIME:

3
src/DbgHelp.cc
View file

@ -1,4 +1,5 @@
// Bro Debugger Help
#include "zeek/Debug.h"
#include "zeek/zeek-config.h"
#include "zeek/Debug.h"

3
src/DbgWatch.cc
View file

@ -2,9 +2,10 @@
#include "zeek/DbgWatch.h"
#include "zeek/zeek-config.h"
#include "zeek/Debug.h"
#include "zeek/Reporter.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{

4
src/Debug.cc
View file

@ -2,14 +2,14 @@
#include "zeek/Debug.h"
#include "zeek/zeek-config.h"
#include <ctype.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <string>
#include "zeek/zeek-config.h"
#ifdef HAVE_READLINE
#include <readline/history.h>
#include <readline/readline.h>

3
src/DebugCmds.cc
View file

@ -3,6 +3,8 @@
#include "zeek/DebugCmds.h"
#include "zeek/zeek-config.h"
#include <assert.h>
#include <regex.h>
#include <string.h>
@ -21,7 +23,6 @@
#include "zeek/Stmt.h"
#include "zeek/Val.h"
#include "zeek/util.h"
#include "zeek/zeek-config.h"
using namespace std;

4
src/DebugLogger.h
View file

@ -5,12 +5,12 @@
#ifdef DEBUG
#include "zeek/zeek-config.h"
#include <stdio.h>
#include <set>
#include <string>
#include "zeek/zeek-config.h"
#define DBG_LOG(stream, args...) \
if ( ::zeek::detail::debug_logger.IsEnabled(stream) ) \
::zeek::detail::debug_logger.Log(stream, args)

3
src/Desc.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Desc.h"
#include "zeek/zeek-config.h"
#include <errno.h>
#include <math.h>
#include <stdlib.h>
@ -11,7 +13,6 @@
#include "zeek/File.h"
#include "zeek/IPAddr.h"
#include "zeek/Reporter.h"
#include "zeek/zeek-config.h"
#define DEFAULT_SIZE 128
#define SLOP 10

8
src/Dict.cc
View file

@ -1060,8 +1060,8 @@ int Dictionary::LookupIndex(const void* key, int key_size, detail::hash_t hash,
#ifdef DEBUG
int linear_position = LinearLookupIndex(key, key_size, hash);
#endif // DEBUG
int position =
LookupIndex(key, key_size, hash, bucket, Capacity(), insert_position, insert_distance);
int position = LookupIndex(key, key_size, hash, bucket, Capacity(), insert_position,
insert_distance);
if ( position >= 0 )
{
ASSERT(position == linear_position); // same as linearLookup
@ -1239,7 +1239,7 @@ void Dictionary::InsertRelocateAndAdjust(detail::DictEntry& entry, int insert_po
// range if the changed range straddles over remap_end.
if ( Remapping() && insert_position <= remap_end && remap_end < last_affected_position )
{ //[i,j] range changed. if map_end in between. then possibly old entry pushed down across
//map_end.
// map_end.
remap_end = last_affected_position; // adjust to j on the conservative side.
}
@ -1498,7 +1498,7 @@ void Dictionary::Remap()
if ( ! table[remap_end].Empty() && Remap(remap_end) )
left--;
else //< successful Remap may increase remap_end in the case of SizeUp due to insert. if so,
//remap_end need to be worked on again.
// remap_end need to be worked on again.
remap_end--;
}
if ( remap_end < 0 )

7
src/Discard.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Discard.h"
#include "zeek/zeek-config.h"
#include <algorithm>
#include "zeek/Func.h"
@ -11,7 +13,6 @@
#include "zeek/Val.h"
#include "zeek/Var.h"
#include "zeek/ZeekString.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{
@ -71,8 +72,8 @@ bool Discarder::NextPacket(const std::unique_ptr<IP_Hdr>& ip, int len, int caple
bool is_tcp = (proto == IPPROTO_TCP);
bool is_udp = (proto == IPPROTO_UDP);
int min_hdr_len =
is_tcp ? sizeof(struct tcphdr) : (is_udp ? sizeof(struct udphdr) : sizeof(struct icmp));
int min_hdr_len = is_tcp ? sizeof(struct tcphdr)
: (is_udp ? sizeof(struct udphdr) : sizeof(struct icmp));
if ( len < min_hdr_len || caplen < min_hdr_len )
// we don't have a complete protocol header

3
src/EquivClass.cc
View file

@ -2,9 +2,10 @@
#include "zeek/EquivClass.h"
#include "zeek/zeek-config.h"
#include "zeek/CCL.h"
#include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{

3
src/Event.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Event.h"
#include "zeek/zeek-config.h"
#include "zeek/Desc.h"
#include "zeek/Func.h"
#include "zeek/NetVar.h"
@ -11,7 +13,6 @@
#include "zeek/iosource/Manager.h"
#include "zeek/iosource/PktSrc.h"
#include "zeek/plugin/Manager.h"
#include "zeek/zeek-config.h"
zeek::EventMgr zeek::event_mgr;
zeek::EventMgr& mgr = zeek::event_mgr;

4
src/EventHandler.cc
View file

@ -32,8 +32,8 @@ const FuncTypePtr& EventHandler::GetType(bool check_export)
if ( type )
return type;
const auto& id =
detail::lookup_ID(name.data(), detail::current_module.c_str(), false, false, check_export);
const auto& id = detail::lookup_ID(name.data(), detail::current_module.c_str(), false, false,
check_export);
if ( ! id )
return FuncType::nil;

4
src/EventRegistry.h
View file

@ -2,14 +2,14 @@
#pragma once
#include "zeek/zeek-config.h"
#include <map>
#include <memory>
#include <string>
#include <string_view>
#include <vector>
#include "zeek/zeek-config.h"
namespace zeek
{

291
src/Expr.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Expr.h"
#include "zeek/zeek-config.h"
#include "zeek/DebugLogger.h"
#include "zeek/Desc.h"
#include "zeek/Event.h"
@ -20,7 +22,6 @@
#include "zeek/digest.h"
#include "zeek/module_util.h"
#include "zeek/script_opt/ExprOptInfo.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{
@ -276,8 +277,8 @@ void Expr::AssignToIndex(ValPtr v1, ValPtr v2, ValPtr v3) const
{
bool iterators_invalidated;
auto error_msg =
assign_to_index(std::move(v1), std::move(v2), std::move(v3), iterators_invalidated);
auto error_msg = assign_to_index(std::move(v1), std::move(v2), std::move(v3),
iterators_invalidated);
if ( iterators_invalidated )
{
@ -319,75 +320,75 @@ const char* assign_to_index(ValPtr v1, ValPtr v2, ValPtr v3, bool& iterators_inv
switch ( v1->GetType()->Tag() )
{
case TYPE_VECTOR:
{
const ListVal* lv = v2->AsListVal();
VectorVal* v1_vect = v1->AsVectorVal();
if ( lv->Length() > 1 )
{
const ListVal* lv = v2->AsListVal();
VectorVal* v1_vect = v1->AsVectorVal();
auto len = v1_vect->Size();
bro_int_t first = get_slice_index(lv->Idx(0)->CoerceToInt(), len);
bro_int_t last = get_slice_index(lv->Idx(1)->CoerceToInt(), len);
if ( lv->Length() > 1 )
{
auto len = v1_vect->Size();
bro_int_t first = get_slice_index(lv->Idx(0)->CoerceToInt(), len);
bro_int_t last = get_slice_index(lv->Idx(1)->CoerceToInt(), len);
// Remove the elements from the vector within the slice.
for ( auto idx = first; idx < last; idx++ )
v1_vect->Remove(first);
// Remove the elements from the vector within the slice.
for ( auto idx = first; idx < last; idx++ )
v1_vect->Remove(first);
// Insert the new elements starting at the first
// position.
// Insert the new elements starting at the first
// position.
VectorVal* v_vect = v3->AsVectorVal();
VectorVal* v_vect = v3->AsVectorVal();
for ( auto idx = 0u; idx < v_vect->Size(); idx++, first++ )
v1_vect->Insert(first, v_vect->ValAt(idx));
}
else if ( ! v1_vect->Assign(lv->Idx(0)->CoerceToUnsigned(), std::move(v3)) )
{
v3 = std::move(v_extra);
if ( v3 )
{
ODesc d;
v3->Describe(&d);
const auto& vt = v3->GetType();
auto vtt = vt->Tag();
std::string tn = vtt == TYPE_RECORD ? vt->GetName() : type_name(vtt);
return util::fmt(
"vector index assignment failed for invalid type '%s', value: %s",
tn.data(), d.Description());
}
else
return "assignment failed with null value";
}
break;
for ( auto idx = 0u; idx < v_vect->Size(); idx++, first++ )
v1_vect->Insert(first, v_vect->ValAt(idx));
}
else if ( ! v1_vect->Assign(lv->Idx(0)->CoerceToUnsigned(), std::move(v3)) )
{
v3 = std::move(v_extra);
if ( v3 )
{
ODesc d;
v3->Describe(&d);
const auto& vt = v3->GetType();
auto vtt = vt->Tag();
std::string tn = vtt == TYPE_RECORD ? vt->GetName() : type_name(vtt);
return util::fmt(
"vector index assignment failed for invalid type '%s', value: %s",
tn.data(), d.Description());
}
else
return "assignment failed with null value";
}
break;
}
case TYPE_TABLE:
{
if ( ! v1->AsTableVal()->Assign(std::move(v2), std::move(v3), true,
&iterators_invalidated) )
{
if ( ! v1->AsTableVal()->Assign(std::move(v2), std::move(v3), true,
&iterators_invalidated) )
v3 = std::move(v_extra);
if ( v3 )
{
v3 = std::move(v_extra);
if ( v3 )
{
ODesc d;
v3->Describe(&d);
const auto& vt = v3->GetType();
auto vtt = vt->Tag();
std::string tn = vtt == TYPE_RECORD ? vt->GetName() : type_name(vtt);
return util::fmt(
"table index assignment failed for invalid type '%s', value: %s",
tn.data(), d.Description());
}
else
return "assignment failed with null value";
ODesc d;
v3->Describe(&d);
const auto& vt = v3->GetType();
auto vtt = vt->Tag();
std::string tn = vtt == TYPE_RECORD ? vt->GetName() : type_name(vtt);
return util::fmt(
"table index assignment failed for invalid type '%s', value: %s", tn.data(),
d.Description());
}
break;
else
return "assignment failed with null value";
}
break;
}
case TYPE_STRING:
return "assignment via string index accessor not allowed";
break;
@ -717,8 +718,8 @@ ValPtr UnaryExpr::Fold(Val* v) const
void UnaryExpr::ExprDescribe(ODesc* d) const
{
bool is_coerce =
Tag() == EXPR_ARITH_COERCE || Tag() == EXPR_RECORD_COERCE || Tag() == EXPR_TABLE_COERCE;
bool is_coerce = Tag() == EXPR_ARITH_COERCE || Tag() == EXPR_RECORD_COERCE ||
Tag() == EXPR_TABLE_COERCE;
if ( d->IsReadable() )
{
@ -924,54 +925,54 @@ ValPtr BinaryExpr::Fold(Val* v1, Val* v2) const
DO_FOLD(*);
break;
case EXPR_DIVIDE:
{
if ( is_integral )
{
if ( is_integral )
{
if ( i2 == 0 )
RuntimeError("division by zero");
if ( i2 == 0 )
RuntimeError("division by zero");
i3 = i1 / i2;
}
else if ( is_unsigned )
{
if ( u2 == 0 )
RuntimeError("division by zero");
u3 = u1 / u2;
}
else
{
if ( d2 == 0 )
RuntimeError("division by zero");
d3 = d1 / d2;
}
i3 = i1 / i2;
}
else if ( is_unsigned )
{
if ( u2 == 0 )
RuntimeError("division by zero");
u3 = u1 / u2;
}
else
{
if ( d2 == 0 )
RuntimeError("division by zero");
d3 = d1 / d2;
}
}
break;
case EXPR_MOD:
{
if ( is_integral )
{
if ( is_integral )
{
if ( i2 == 0 )
RuntimeError("modulo by zero");
if ( i2 == 0 )
RuntimeError("modulo by zero");
i3 = i1 % i2;
}
else if ( is_unsigned )
{
if ( u2 == 0 )
RuntimeError("modulo by zero");
u3 = u1 % u2;
}
else
RuntimeErrorWithCallStack("bad type in BinaryExpr::Fold");
i3 = i1 % i2;
}
else if ( is_unsigned )
{
if ( u2 == 0 )
RuntimeError("modulo by zero");
u3 = u1 % u2;
}
else
RuntimeErrorWithCallStack("bad type in BinaryExpr::Fold");
}
break;
case EXPR_AND:
@ -1060,13 +1061,13 @@ ValPtr BinaryExpr::StringFold(Val* v1, Val* v2) const
case EXPR_ADD:
case EXPR_ADD_TO:
{
std::vector<const String*> strings;
strings.push_back(s1);
strings.push_back(s2);
{
std::vector<const String*> strings;
strings.push_back(s1);
strings.push_back(s2);
return make_intrusive<StringVal>(concatenate(strings));
}
return make_intrusive<StringVal>(concatenate(strings));
}
default:
BadTag("BinaryExpr::StringFold", expr_name(tag));
@ -1083,8 +1084,8 @@ ValPtr BinaryExpr::PatternFold(Val* v1, Val* v2) const
if ( tag != EXPR_AND && tag != EXPR_OR )
BadTag("BinaryExpr::PatternFold");
RE_Matcher* res =
tag == EXPR_AND ? RE_Matcher_conjunction(re1, re2) : RE_Matcher_disjunction(re1, re2);
RE_Matcher* res = tag == EXPR_AND ? RE_Matcher_conjunction(re1, re2)
: RE_Matcher_disjunction(re1, re2);
return make_intrusive<PatternVal>(res);
}
@ -1101,24 +1102,24 @@ ValPtr BinaryExpr::SetFold(Val* v1, Val* v2) const
return tv1->Intersection(*tv2);
case EXPR_OR:
{
auto rval = v1->Clone();
{
auto rval = v1->Clone();
if ( ! tv2->AddTo(rval.get(), false, false) )
reporter->InternalError("set union failed to type check");
if ( ! tv2->AddTo(rval.get(), false, false) )
reporter->InternalError("set union failed to type check");
return rval;
}
return rval;
}
case EXPR_SUB:
{
auto rval = v1->Clone();
{
auto rval = v1->Clone();
if ( ! tv2->RemoveFrom(rval.get()) )
reporter->InternalError("set difference failed to type check");
if ( ! tv2->RemoveFrom(rval.get()) )
reporter->InternalError("set difference failed to type check");
return rval;
}
return rval;
}
case EXPR_EQ:
res = tv1->EqualTo(*tv2);
@ -2859,9 +2860,9 @@ IndexExpr::IndexExpr(ExprPtr arg_op1, ListExprPtr arg_op2, bool arg_is_slice)
if ( match_type == DOES_NOT_MATCH_INDEX )
{
std::string error_msg =
util::fmt("expression with type '%s' is not a type that can be indexed",
type_name(op1->GetType()->Tag()));
std::string error_msg = util::fmt(
"expression with type '%s' is not a type that can be indexed",
type_name(op1->GetType()->Tag()));
SetError(error_msg.data());
}
@ -3019,15 +3020,15 @@ ValPtr IndexExpr::Fold(Val* v1, Val* v2) const
switch ( v1->GetType()->Tag() )
{
case TYPE_VECTOR:
{
VectorVal* vect = v1->AsVectorVal();
const ListVal* lv = v2->AsListVal();
{
VectorVal* vect = v1->AsVectorVal();
const ListVal* lv = v2->AsListVal();
if ( lv->Length() == 1 )
v = vect->ValAt(lv->Idx(0)->CoerceToUnsigned());
else
return index_slice(vect, lv);
}
if ( lv->Length() == 1 )
v = vect->ValAt(lv->Idx(0)->CoerceToUnsigned());
else
return index_slice(vect, lv);
}
break;
case TYPE_TABLE:
@ -3994,8 +3995,8 @@ RecordCoerceExpr::RecordCoerceExpr(ExprPtr arg_op, RecordTypePtr r)
if ( ! is_arithmetic_promotable(sup_t_i.get(), sub_t_i.get()) &&
! is_record_promotable(sup_t_i.get(), sub_t_i.get()) )
{
std::string error_msg =
util::fmt("type clash for field \"%s\"", sub_r->FieldName(i));
std::string error_msg = util::fmt("type clash for field \"%s\"",
sub_r->FieldName(i));
Error(error_msg.c_str(), sub_t_i.get());
SetError();
break;
@ -4014,8 +4015,8 @@ RecordCoerceExpr::RecordCoerceExpr(ExprPtr arg_op, RecordTypePtr r)
{
if ( ! t_r->FieldDecl(i)->GetAttr(ATTR_OPTIONAL) )
{
std::string error_msg =
util::fmt("non-optional field \"%s\" missing", t_r->FieldName(i));
std::string error_msg = util::fmt("non-optional field \"%s\" missing",
t_r->FieldName(i));
Error(error_msg.c_str());
SetError();
break;
@ -4100,8 +4101,8 @@ RecordValPtr coerce_to_record(RecordTypePtr rt, Val* v, const std::vector<int>&
if ( rhs_type->Tag() == TYPE_RECORD && field_type->Tag() == TYPE_RECORD &&
! same_type(rhs_type, field_type) )
{
if ( auto new_val =
rhs->AsRecordVal()->CoerceTo(cast_intrusive<RecordType>(field_type)) )
if ( auto new_val = rhs->AsRecordVal()->CoerceTo(
cast_intrusive<RecordType>(field_type)) )
rhs = std::move(new_val);
}
else if ( BothArithmetic(rhs_type->Tag(), field_type->Tag()) &&
@ -4124,8 +4125,8 @@ RecordValPtr coerce_to_record(RecordTypePtr rt, Val* v, const std::vector<int>&
if ( def_type->Tag() == TYPE_RECORD && field_type->Tag() == TYPE_RECORD &&
! same_type(def_type, field_type) )
{
auto tmp =
def_val->AsRecordVal()->CoerceTo(cast_intrusive<RecordType>(field_type));
auto tmp = def_val->AsRecordVal()->CoerceTo(
cast_intrusive<RecordType>(field_type));
if ( tmp )
def_val = std::move(tmp);
@ -4566,9 +4567,9 @@ LambdaExpr::LambdaExpr(std::unique_ptr<function_ingredients> arg_ing, IDPList ar
// Install a dummy version of the function globally for use only
// when broker provides a closure.
auto dummy_func =
make_intrusive<ScriptFunc>(ingredients->id, ingredients->body, ingredients->inits,
ingredients->frame_size, ingredients->priority);
auto dummy_func = make_intrusive<ScriptFunc>(ingredients->id, ingredients->body,
ingredients->inits, ingredients->frame_size,
ingredients->priority);
dummy_func->SetOuterIDs(outer_ids);
@ -4879,8 +4880,8 @@ TypePtr ListExpr::InitType() const
// Collapse any embedded sets or lists.
if ( ti->IsSet() || ti->Tag() == TYPE_LIST )
{
TypeList* til =
ti->IsSet() ? ti->AsSetType()->GetIndices().get() : ti->AsTypeList();
TypeList* til = ti->IsSet() ? ti->AsSetType()->GetIndices().get()
: ti->AsTypeList();
if ( ! til->IsPure() || ! til->AllMatch(til->GetPureType(), true) )
tl->Append({NewRef{}, til});
@ -5163,8 +5164,8 @@ RecordAssignExpr::RecordAssignExpr(const ExprPtr& record, const ExprPtr& init_li
if ( field >= 0 && same_type(lhs->GetFieldType(field), t->GetFieldType(j)) )
{
auto fe_lhs = make_intrusive<FieldExpr>(record, field_name);
auto fe_rhs =
make_intrusive<FieldExpr>(IntrusivePtr{NewRef{}, init}, field_name);
auto fe_rhs = make_intrusive<FieldExpr>(IntrusivePtr{NewRef{}, init},
field_name);
Append(get_assign_expr(std::move(fe_lhs), std::move(fe_rhs), is_init));
}
}

4
src/File.cc
View file

@ -2,9 +2,9 @@
#include "zeek/File.h"
#include <sys/types.h>
#include "zeek/zeek-config.h"
#include <sys/types.h>
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>

3
src/Frag.cc
View file

@ -2,13 +2,14 @@
#include "zeek/Frag.h"
#include "zeek/zeek-config.h"
#include "zeek/Hash.h"
#include "zeek/IP.h"
#include "zeek/NetVar.h"
#include "zeek/Reporter.h"
#include "zeek/RunState.h"
#include "zeek/session/Manager.h"
#include "zeek/zeek-config.h"
constexpr uint32_t MIN_ACCEPTABLE_FRAG_SIZE = 64;
constexpr uint32_t MAX_ACCEPTABLE_FRAG_SIZE = 64000;

39
src/Func.cc
View file

@ -3,10 +3,10 @@
#include "zeek/Func.h"
#include "zeek/zeek-config.h"
#include <sys/stat.h>
#include <sys/types.h>
#include "zeek/zeek-config.h"
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
@ -272,26 +272,25 @@ void Func::CheckPluginResult(bool handled, const ValPtr& hook_result, FunctionFl
break;
case FUNC_FLAVOR_FUNCTION:
{
const auto& yt = GetType()->Yield();
if ( (! yt) || yt->Tag() == TYPE_VOID )
{
const auto& yt = GetType()->Yield();
if ( (! yt) || yt->Tag() == TYPE_VOID )
{
if ( hook_result )
reporter->InternalError(
"plugin returned non-void result for void method %s", this->Name());
}
else if ( hook_result && hook_result->GetType()->Tag() != yt->Tag() &&
yt->Tag() != TYPE_ANY )
{
reporter->InternalError(
"plugin returned wrong type (got %d, expecting %d) for %s",
hook_result->GetType()->Tag(), yt->Tag(), this->Name());
}
break;
if ( hook_result )
reporter->InternalError("plugin returned non-void result for void method %s",
this->Name());
}
else if ( hook_result && hook_result->GetType()->Tag() != yt->Tag() &&
yt->Tag() != TYPE_ANY )
{
reporter->InternalError("plugin returned wrong type (got %d, expecting %d) for %s",
hook_result->GetType()->Tag(), yt->Tag(), this->Name());
}
break;
}
}
}

3
src/Hash.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Hash.h"
#include "zeek/zeek-config.h"
#include <highwayhash/highwayhash_target.h>
#include <highwayhash/instruction_sets.h>
#include <highwayhash/sip_hash.h>
@ -12,7 +14,6 @@
#include "zeek/Val.h" // needed for const.bif
#include "zeek/ZeekString.h"
#include "zeek/digest.h"
#include "zeek/zeek-config.h"
#include "const.bif.netvar_h"

3
src/ID.cc
View file

@ -3,6 +3,8 @@
#include "zeek/ID.h"
#include "zeek/zeek-config.h"
#include "zeek/Attr.h"
#include "zeek/Desc.h"
#include "zeek/Dict.h"
@ -16,7 +18,6 @@
#include "zeek/Val.h"
#include "zeek/module_util.h"
#include "zeek/script_opt/IDOptInfo.h"
#include "zeek/zeek-config.h"
#include "zeek/zeekygen/IdentifierInfo.h"
#include "zeek/zeekygen/Manager.h"
#include "zeek/zeekygen/ScriptInfo.h"

600
src/IP.cc
View file

@ -58,249 +58,244 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
switch ( type )
{
case IPPROTO_IPV6:
{
static auto ip6_hdr_type = id::find_type<RecordType>("ip6_hdr");
rv = make_intrusive<RecordVal>(ip6_hdr_type);
const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data;
rv->Assign(0, (ntohl(ip6->ip6_flow) & 0x0ff00000) >> 20);
rv->Assign(1, ntohl(ip6->ip6_flow) & 0x000fffff);
rv->Assign(2, ntohs(ip6->ip6_plen));
rv->Assign(3, ip6->ip6_nxt);
rv->Assign(4, ip6->ip6_hlim);
rv->Assign(5, make_intrusive<AddrVal>(IPAddr(ip6->ip6_src)));
rv->Assign(6, make_intrusive<AddrVal>(IPAddr(ip6->ip6_dst)));
if ( ! chain )
chain =
make_intrusive<VectorVal>(id::find_type<VectorType>("ip6_ext_hdr_chain"));
rv->Assign(7, std::move(chain));
}
{
static auto ip6_hdr_type = id::find_type<RecordType>("ip6_hdr");
rv = make_intrusive<RecordVal>(ip6_hdr_type);
const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data;
rv->Assign(0, (ntohl(ip6->ip6_flow) & 0x0ff00000) >> 20);
rv->Assign(1, ntohl(ip6->ip6_flow) & 0x000fffff);
rv->Assign(2, ntohs(ip6->ip6_plen));
rv->Assign(3, ip6->ip6_nxt);
rv->Assign(4, ip6->ip6_hlim);
rv->Assign(5, make_intrusive<AddrVal>(IPAddr(ip6->ip6_src)));
rv->Assign(6, make_intrusive<AddrVal>(IPAddr(ip6->ip6_dst)));
if ( ! chain )
chain = make_intrusive<VectorVal>(id::find_type<VectorType>("ip6_ext_hdr_chain"));
rv->Assign(7, std::move(chain));
}
break;
case IPPROTO_HOPOPTS:
{
static auto ip6_hopopts_type = id::find_type<RecordType>("ip6_hopopts");
rv = make_intrusive<RecordVal>(ip6_hopopts_type);
const struct ip6_hbh* hbh = (const struct ip6_hbh*)data;
rv->Assign(0, hbh->ip6h_nxt);
rv->Assign(1, hbh->ip6h_len);
uint16_t off = 2 * sizeof(uint8_t);
rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
}
{
static auto ip6_hopopts_type = id::find_type<RecordType>("ip6_hopopts");
rv = make_intrusive<RecordVal>(ip6_hopopts_type);
const struct ip6_hbh* hbh = (const struct ip6_hbh*)data;
rv->Assign(0, hbh->ip6h_nxt);
rv->Assign(1, hbh->ip6h_len);
uint16_t off = 2 * sizeof(uint8_t);
rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
}
break;
case IPPROTO_DSTOPTS:
{
static auto ip6_dstopts_type = id::find_type<RecordType>("ip6_dstopts");
rv = make_intrusive<RecordVal>(ip6_dstopts_type);
const struct ip6_dest* dst = (const struct ip6_dest*)data;
rv->Assign(0, dst->ip6d_nxt);
rv->Assign(1, dst->ip6d_len);
uint16_t off = 2 * sizeof(uint8_t);
rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
}
{
static auto ip6_dstopts_type = id::find_type<RecordType>("ip6_dstopts");
rv = make_intrusive<RecordVal>(ip6_dstopts_type);
const struct ip6_dest* dst = (const struct ip6_dest*)data;
rv->Assign(0, dst->ip6d_nxt);
rv->Assign(1, dst->ip6d_len);
uint16_t off = 2 * sizeof(uint8_t);
rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
}
break;
case IPPROTO_ROUTING:
{
static auto ip6_routing_type = id::find_type<RecordType>("ip6_routing");
rv = make_intrusive<RecordVal>(ip6_routing_type);
const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data;
rv->Assign(0, rt->ip6r_nxt);
rv->Assign(1, rt->ip6r_len);
rv->Assign(2, rt->ip6r_type);
rv->Assign(3, rt->ip6r_segleft);
uint16_t off = 4 * sizeof(uint8_t);
rv->Assign(4, new String(data + off, Length() - off, true));
}
{
static auto ip6_routing_type = id::find_type<RecordType>("ip6_routing");
rv = make_intrusive<RecordVal>(ip6_routing_type);
const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data;
rv->Assign(0, rt->ip6r_nxt);
rv->Assign(1, rt->ip6r_len);
rv->Assign(2, rt->ip6r_type);
rv->Assign(3, rt->ip6r_segleft);
uint16_t off = 4 * sizeof(uint8_t);
rv->Assign(4, new String(data + off, Length() - off, true));
}
break;
case IPPROTO_FRAGMENT:
{
static auto ip6_fragment_type = id::find_type<RecordType>("ip6_fragment");
rv = make_intrusive<RecordVal>(ip6_fragment_type);
const struct ip6_frag* frag = (const struct ip6_frag*)data;
rv->Assign(0, frag->ip6f_nxt);
rv->Assign(1, frag->ip6f_reserved);
rv->Assign(2, (ntohs(frag->ip6f_offlg) & 0xfff8) >> 3);
rv->Assign(3, (ntohs(frag->ip6f_offlg) & 0x0006) >> 1);
rv->Assign(4, static_cast<bool>(ntohs(frag->ip6f_offlg) & 0x0001));
rv->Assign(5, ntohl(frag->ip6f_ident));
}
{
static auto ip6_fragment_type = id::find_type<RecordType>("ip6_fragment");
rv = make_intrusive<RecordVal>(ip6_fragment_type);
const struct ip6_frag* frag = (const struct ip6_frag*)data;
rv->Assign(0, frag->ip6f_nxt);
rv->Assign(1, frag->ip6f_reserved);
rv->Assign(2, (ntohs(frag->ip6f_offlg) & 0xfff8) >> 3);
rv->Assign(3, (ntohs(frag->ip6f_offlg) & 0x0006) >> 1);
rv->Assign(4, static_cast<bool>(ntohs(frag->ip6f_offlg) & 0x0001));
rv->Assign(5, ntohl(frag->ip6f_ident));
}
break;
case IPPROTO_AH:
{
static auto ip6_ah_type = id::find_type<RecordType>("ip6_ah");
rv = make_intrusive<RecordVal>(ip6_ah_type);
rv->Assign(0, ((ip6_ext*)data)->ip6e_nxt);
rv->Assign(1, ((ip6_ext*)data)->ip6e_len);
rv->Assign(2, ntohs(((uint16_t*)data)[1]));
rv->Assign(3, ntohl(((uint32_t*)data)[1]));
{
static auto ip6_ah_type = id::find_type<RecordType>("ip6_ah");
rv = make_intrusive<RecordVal>(ip6_ah_type);
rv->Assign(0, ((ip6_ext*)data)->ip6e_nxt);
rv->Assign(1, ((ip6_ext*)data)->ip6e_len);
rv->Assign(2, ntohs(((uint16_t*)data)[1]));
rv->Assign(3, ntohl(((uint32_t*)data)[1]));
if ( Length() >= 12 )
{
// Sequence Number and ICV fields can only be extracted if
// Payload Len was non-zero for this header.
rv->Assign(4, ntohl(((uint32_t*)data)[2]));
uint16_t off = 3 * sizeof(uint32_t);
rv->Assign(5, new String(data + off, Length() - off, true));
}
if ( Length() >= 12 )
{
// Sequence Number and ICV fields can only be extracted if
// Payload Len was non-zero for this header.
rv->Assign(4, ntohl(((uint32_t*)data)[2]));
uint16_t off = 3 * sizeof(uint32_t);
rv->Assign(5, new String(data + off, Length() - off, true));
}
}
break;
case IPPROTO_ESP:
{
static auto ip6_esp_type = id::find_type<RecordType>("ip6_esp");
rv = make_intrusive<RecordVal>(ip6_esp_type);
const uint32_t* esp = (const uint32_t*)data;
rv->Assign(0, ntohl(esp[0]));
rv->Assign(1, ntohl(esp[1]));
}
{
static auto ip6_esp_type = id::find_type<RecordType>("ip6_esp");
rv = make_intrusive<RecordVal>(ip6_esp_type);
const uint32_t* esp = (const uint32_t*)data;
rv->Assign(0, ntohl(esp[0]));
rv->Assign(1, ntohl(esp[1]));
}
break;
case IPPROTO_MOBILITY:
{
static auto ip6_mob_type = id::find_type<RecordType>("ip6_mobility_hdr");
rv = make_intrusive<RecordVal>(ip6_mob_type);
const struct ip6_mobility* mob = (const struct ip6_mobility*)data;
rv->Assign(0, mob->ip6mob_payload);
rv->Assign(1, mob->ip6mob_len);
rv->Assign(2, mob->ip6mob_type);
rv->Assign(3, mob->ip6mob_rsv);
rv->Assign(4, ntohs(mob->ip6mob_chksum));
static auto ip6_mob_msg_type = id::find_type<RecordType>("ip6_mobility_msg");
auto msg = make_intrusive<RecordVal>(ip6_mob_msg_type);
msg->Assign(0, mob->ip6mob_type);
uint16_t off = sizeof(ip6_mobility);
const u_char* msg_data = data + off;
static auto ip6_mob_brr_type = id::find_type<RecordType>("ip6_mobility_brr");
static auto ip6_mob_hoti_type = id::find_type<RecordType>("ip6_mobility_hoti");
static auto ip6_mob_coti_type = id::find_type<RecordType>("ip6_mobility_coti");
static auto ip6_mob_hot_type = id::find_type<RecordType>("ip6_mobility_hot");
static auto ip6_mob_cot_type = id::find_type<RecordType>("ip6_mobility_cot");
static auto ip6_mob_bu_type = id::find_type<RecordType>("ip6_mobility_bu");
static auto ip6_mob_back_type = id::find_type<RecordType>("ip6_mobility_back");
static auto ip6_mob_be_type = id::find_type<RecordType>("ip6_mobility_be");
switch ( mob->ip6mob_type )
{
static auto ip6_mob_type = id::find_type<RecordType>("ip6_mobility_hdr");
rv = make_intrusive<RecordVal>(ip6_mob_type);
const struct ip6_mobility* mob = (const struct ip6_mobility*)data;
rv->Assign(0, mob->ip6mob_payload);
rv->Assign(1, mob->ip6mob_len);
rv->Assign(2, mob->ip6mob_type);
rv->Assign(3, mob->ip6mob_rsv);
rv->Assign(4, ntohs(mob->ip6mob_chksum));
static auto ip6_mob_msg_type = id::find_type<RecordType>("ip6_mobility_msg");
auto msg = make_intrusive<RecordVal>(ip6_mob_msg_type);
msg->Assign(0, mob->ip6mob_type);
uint16_t off = sizeof(ip6_mobility);
const u_char* msg_data = data + off;
static auto ip6_mob_brr_type = id::find_type<RecordType>("ip6_mobility_brr");
static auto ip6_mob_hoti_type = id::find_type<RecordType>("ip6_mobility_hoti");
static auto ip6_mob_coti_type = id::find_type<RecordType>("ip6_mobility_coti");
static auto ip6_mob_hot_type = id::find_type<RecordType>("ip6_mobility_hot");
static auto ip6_mob_cot_type = id::find_type<RecordType>("ip6_mobility_cot");
static auto ip6_mob_bu_type = id::find_type<RecordType>("ip6_mobility_bu");
static auto ip6_mob_back_type = id::find_type<RecordType>("ip6_mobility_back");
static auto ip6_mob_be_type = id::find_type<RecordType>("ip6_mobility_be");
switch ( mob->ip6mob_type )
case 0:
{
case 0:
{
auto m = make_intrusive<RecordVal>(ip6_mob_brr_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
off += sizeof(uint16_t);
m->Assign(1, BuildOptionsVal(data + off, Length() - off));
msg->Assign(1, std::move(m));
}
break;
auto m = make_intrusive<RecordVal>(ip6_mob_brr_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
off += sizeof(uint16_t);
m->Assign(1, BuildOptionsVal(data + off, Length() - off));
msg->Assign(1, std::move(m));
}
break;
case 1:
{
auto m = make_intrusive<RecordVal>(ip6_mob_hoti_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
off += sizeof(uint16_t) + sizeof(uint64_t);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(2, std::move(m));
break;
}
case 2:
{
auto m = make_intrusive<RecordVal>(ip6_mob_coti_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
off += sizeof(uint16_t) + sizeof(uint64_t);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(3, std::move(m));
break;
}
case 3:
{
auto m = make_intrusive<RecordVal>(ip6_mob_hot_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) +
sizeof(uint64_t)))));
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
msg->Assign(4, std::move(m));
break;
}
case 4:
{
auto m = make_intrusive<RecordVal>(ip6_mob_cot_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) +
sizeof(uint64_t)))));
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
msg->Assign(5, std::move(m));
break;
}
case 5:
{
auto m = make_intrusive<RecordVal>(ip6_mob_bu_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) &
0x8000));
m->Assign(2, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) &
0x4000));
m->Assign(3, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) &
0x2000));
m->Assign(4, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) &
0x1000));
m->Assign(5, ntohs(*((uint16_t*)(msg_data + 2 * sizeof(uint16_t)))));
off += 3 * sizeof(uint16_t);
m->Assign(6, BuildOptionsVal(data + off, Length() - off));
msg->Assign(6, std::move(m));
break;
}
case 6:
{
auto m = make_intrusive<RecordVal>(ip6_mob_back_type);
m->Assign(0, *((uint8_t*)msg_data));
m->Assign(1, static_cast<bool>(
*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
m->Assign(2, ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(3, ntohs(*((uint16_t*)(msg_data + 2 * sizeof(uint16_t)))));
off += 3 * sizeof(uint16_t);
m->Assign(4, BuildOptionsVal(data + off, Length() - off));
msg->Assign(7, std::move(m));
break;
}
case 7:
{
auto m = make_intrusive<RecordVal>(ip6_mob_be_type);
m->Assign(0, *((uint8_t*)msg_data));
const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16_t));
m->Assign(1, make_intrusive<AddrVal>(IPAddr(*hoa)));
off += sizeof(uint16_t) + sizeof(in6_addr);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(8, std::move(m));
break;
}
default:
reporter->Weird("unknown_mobility_type", util::fmt("%d", mob->ip6mob_type));
break;
case 1:
{
auto m = make_intrusive<RecordVal>(ip6_mob_hoti_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
off += sizeof(uint16_t) + sizeof(uint64_t);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(2, std::move(m));
break;
}
rv->Assign(5, std::move(msg));
case 2:
{
auto m = make_intrusive<RecordVal>(ip6_mob_coti_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
off += sizeof(uint16_t) + sizeof(uint64_t);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(3, std::move(m));
break;
}
case 3:
{
auto m = make_intrusive<RecordVal>(ip6_mob_hot_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(
2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t)))));
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
msg->Assign(4, std::move(m));
break;
}
case 4:
{
auto m = make_intrusive<RecordVal>(ip6_mob_cot_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(
2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t)))));
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
msg->Assign(5, std::move(m));
break;
}
case 5:
{
auto m = make_intrusive<RecordVal>(ip6_mob_bu_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000));
m->Assign(2, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000));
m->Assign(3, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000));
m->Assign(4, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000));
m->Assign(5, ntohs(*((uint16_t*)(msg_data + 2 * sizeof(uint16_t)))));
off += 3 * sizeof(uint16_t);
m->Assign(6, BuildOptionsVal(data + off, Length() - off));
msg->Assign(6, std::move(m));
break;
}
case 6:
{
auto m = make_intrusive<RecordVal>(ip6_mob_back_type);
m->Assign(0, *((uint8_t*)msg_data));
m->Assign(1,
static_cast<bool>(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
m->Assign(2, ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(3, ntohs(*((uint16_t*)(msg_data + 2 * sizeof(uint16_t)))));
off += 3 * sizeof(uint16_t);
m->Assign(4, BuildOptionsVal(data + off, Length() - off));
msg->Assign(7, std::move(m));
break;
}
case 7:
{
auto m = make_intrusive<RecordVal>(ip6_mob_be_type);
m->Assign(0, *((uint8_t*)msg_data));
const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16_t));
m->Assign(1, make_intrusive<AddrVal>(IPAddr(*hoa)));
off += sizeof(uint16_t) + sizeof(in6_addr);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(8, std::move(m));
break;
}
default:
reporter->Weird("unknown_mobility_type", util::fmt("%d", mob->ip6mob_type));
break;
}
rv->Assign(5, std::move(msg));
}
break;
default:
@ -384,67 +379,67 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
switch ( proto )
{
case IPPROTO_TCP:
{
const struct tcphdr* tp = (const struct tcphdr*)data;
auto tcp_hdr = make_intrusive<RecordVal>(tcp_hdr_type);
{
const struct tcphdr* tp = (const struct tcphdr*)data;
auto tcp_hdr = make_intrusive<RecordVal>(tcp_hdr_type);
int tcp_hdr_len = tp->th_off * 4;
int data_len = PayloadLen() - tcp_hdr_len;
int tcp_hdr_len = tp->th_off * 4;
int data_len = PayloadLen() - tcp_hdr_len;
tcp_hdr->Assign(0, val_mgr->Port(ntohs(tp->th_sport), TRANSPORT_TCP));
tcp_hdr->Assign(1, val_mgr->Port(ntohs(tp->th_dport), TRANSPORT_TCP));
tcp_hdr->Assign(2, ntohl(tp->th_seq));
tcp_hdr->Assign(3, ntohl(tp->th_ack));
tcp_hdr->Assign(4, tcp_hdr_len);
tcp_hdr->Assign(5, data_len);
tcp_hdr->Assign(6, tp->th_x2);
tcp_hdr->Assign(7, tp->th_flags);
tcp_hdr->Assign(8, ntohs(tp->th_win));
tcp_hdr->Assign(0, val_mgr->Port(ntohs(tp->th_sport), TRANSPORT_TCP));
tcp_hdr->Assign(1, val_mgr->Port(ntohs(tp->th_dport), TRANSPORT_TCP));
tcp_hdr->Assign(2, ntohl(tp->th_seq));
tcp_hdr->Assign(3, ntohl(tp->th_ack));
tcp_hdr->Assign(4, tcp_hdr_len);
tcp_hdr->Assign(5, data_len);
tcp_hdr->Assign(6, tp->th_x2);
tcp_hdr->Assign(7, tp->th_flags);
tcp_hdr->Assign(8, ntohs(tp->th_win));
pkt_hdr->Assign(sindex + 2, std::move(tcp_hdr));
break;
}
pkt_hdr->Assign(sindex + 2, std::move(tcp_hdr));
break;
}
case IPPROTO_UDP:
{
const struct udphdr* up = (const struct udphdr*)data;
auto udp_hdr = make_intrusive<RecordVal>(udp_hdr_type);
{
const struct udphdr* up = (const struct udphdr*)data;
auto udp_hdr = make_intrusive<RecordVal>(udp_hdr_type);
udp_hdr->Assign(0, val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP));
udp_hdr->Assign(1, val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP));
udp_hdr->Assign(2, ntohs(up->uh_ulen));
udp_hdr->Assign(0, val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP));
udp_hdr->Assign(1, val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP));
udp_hdr->Assign(2, ntohs(up->uh_ulen));
pkt_hdr->Assign(sindex + 3, std::move(udp_hdr));
break;
}
pkt_hdr->Assign(sindex + 3, std::move(udp_hdr));
break;
}
case IPPROTO_ICMP:
{
const struct icmp* icmpp = (const struct icmp*)data;
auto icmp_hdr = make_intrusive<RecordVal>(icmp_hdr_type);
{
const struct icmp* icmpp = (const struct icmp*)data;
auto icmp_hdr = make_intrusive<RecordVal>(icmp_hdr_type);
icmp_hdr->Assign(0, icmpp->icmp_type);
icmp_hdr->Assign(0, icmpp->icmp_type);
pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr));
break;
}
pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr));
break;
}
case IPPROTO_ICMPV6:
{
const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*)data;
auto icmp_hdr = make_intrusive<RecordVal>(icmp_hdr_type);
{
const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*)data;
auto icmp_hdr = make_intrusive<RecordVal>(icmp_hdr_type);
icmp_hdr->Assign(0, icmpp->icmp6_type);
icmp_hdr->Assign(0, icmpp->icmp6_type);
pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr));
break;
}
pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr));
break;
}
default:
{
// This is not a protocol we understand.
break;
}
{
// This is not a protocol we understand.
break;
}
}
return pkt_hdr;
@ -585,30 +580,30 @@ void IPv6_Hdr_Chain::ProcessRoutingHeader(const struct ip6_rthdr* r, uint16_t le
switch ( r->ip6r_type )
{
case 0: // Defined by RFC 2460, deprecated by RFC 5095
{
if ( r->ip6r_segleft > 0 && r->ip6r_len >= 2 )
{
if ( r->ip6r_segleft > 0 && r->ip6r_len >= 2 )
{
if ( r->ip6r_len % 2 == 0 )
finalDst = new IPAddr(*addr);
else
reporter->Weird(SrcAddr(), DstAddr(), "odd_routing0_len");
}
// Always raise a weird since this type is deprecated.
reporter->Weird(SrcAddr(), DstAddr(), "routing0_hdr");
if ( r->ip6r_len % 2 == 0 )
finalDst = new IPAddr(*addr);
else
reporter->Weird(SrcAddr(), DstAddr(), "odd_routing0_len");
}
// Always raise a weird since this type is deprecated.
reporter->Weird(SrcAddr(), DstAddr(), "routing0_hdr");
}
break;
case 2: // Defined by Mobile IPv6 RFC 6275.
{
if ( r->ip6r_segleft > 0 )
{
if ( r->ip6r_segleft > 0 )
{
if ( r->ip6r_len == 2 )
finalDst = new IPAddr(*addr);
else
reporter->Weird(SrcAddr(), DstAddr(), "bad_routing2_len");
}
if ( r->ip6r_len == 2 )
finalDst = new IPAddr(*addr);
else
reporter->Weird(SrcAddr(), DstAddr(), "bad_routing2_len");
}
}
break;
default:
@ -642,36 +637,35 @@ void IPv6_Hdr_Chain::ProcessDstOpts(const struct ip6_dest* d, uint16_t len)
len -= sizeof(uint8_t);
break;
default:
{
// Double-check that the len can hold the whole option structure.
// Otherwise we get a buffer-overflow when we check the option_len.
// Also check that it holds everything for the option itself.
if ( len < sizeof(struct ip6_opt) || len < sizeof(struct ip6_opt) + opt->ip6o_len )
{
// Double-check that the len can hold the whole option structure.
// Otherwise we get a buffer-overflow when we check the option_len.
// Also check that it holds everything for the option itself.
if ( len < sizeof(struct ip6_opt) ||
len < sizeof(struct ip6_opt) + opt->ip6o_len )
{
reporter->Weird(SrcAddr(), DstAddr(), "bad_ipv6_dest_opt_len");
len = 0;
break;
}
if ( opt->ip6o_type ==
201 ) // Home Address Option, Mobile IPv6 RFC 6275 section 6.3
{
if ( opt->ip6o_len == sizeof(struct in6_addr) )
{
if ( homeAddr )
reporter->Weird(SrcAddr(), DstAddr(), "multiple_home_addr_opts");
else
homeAddr =
new IPAddr(*((const in6_addr*)(data + sizeof(struct ip6_opt))));
}
else
reporter->Weird(SrcAddr(), DstAddr(), "bad_home_addr_len");
}
data += sizeof(struct ip6_opt) + opt->ip6o_len;
len -= sizeof(struct ip6_opt) + opt->ip6o_len;
reporter->Weird(SrcAddr(), DstAddr(), "bad_ipv6_dest_opt_len");
len = 0;
break;
}
if ( opt->ip6o_type ==
201 ) // Home Address Option, Mobile IPv6 RFC 6275 section 6.3
{
if ( opt->ip6o_len == sizeof(struct in6_addr) )
{
if ( homeAddr )
reporter->Weird(SrcAddr(), DstAddr(), "multiple_home_addr_opts");
else
homeAddr = new IPAddr(
*((const in6_addr*)(data + sizeof(struct ip6_opt))));
}
else
reporter->Weird(SrcAddr(), DstAddr(), "bad_home_addr_len");
}
data += sizeof(struct ip6_opt) + opt->ip6o_len;
len -= sizeof(struct ip6_opt) + opt->ip6o_len;
}
break;
}
}

6
src/IP.h
View file

@ -2,11 +2,13 @@
#pragma once
#include "zeek/zeek-config.h"
// clang-format off
#include <sys/types.h> // for u_char
#include <netinet/in.h>
#include <netinet/ip.h>
#include "zeek/zeek-config.h"
// clang-format on
#ifdef HAVE_NETINET_IP6_H
#include <netinet/ip6.h>

3
src/NFA.cc
View file

@ -2,12 +2,13 @@
#include "zeek/NFA.h"
#include "zeek/zeek-config.h"
#include <algorithm>
#include "zeek/Desc.h"
#include "zeek/EquivClass.h"
#include "zeek/IntSet.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{

7
src/NetVar.cc
View file

@ -2,11 +2,12 @@
#include "zeek/NetVar.h"
#include "zeek/zeek-config.h"
#include "zeek/EventHandler.h"
#include "zeek/ID.h"
#include "zeek/Val.h"
#include "zeek/Var.h"
#include "zeek/zeek-config.h"
zeek::RecordType* conn_id;
zeek::RecordType* endpoint;
@ -291,8 +292,8 @@ void init_net_var()
udp_content_deliver_all_orig = bool(id::find_val("udp_content_deliver_all_orig")->AsBool());
udp_content_deliver_all_resp = bool(id::find_val("udp_content_deliver_all_resp")->AsBool());
udp_content_delivery_ports_use_resp =
bool(id::find_val("udp_content_delivery_ports_use_resp")->AsBool());
udp_content_delivery_ports_use_resp = bool(
id::find_val("udp_content_delivery_ports_use_resp")->AsBool());
dns_session_timeout = id::find_val("dns_session_timeout")->AsInterval();
rpc_timeout = id::find_val("rpc_timeout")->AsInterval();

3
src/Obj.cc
View file

@ -2,13 +2,14 @@
#include "zeek/Obj.h"
#include "zeek/zeek-config.h"
#include <stdlib.h>
#include "zeek/Desc.h"
#include "zeek/File.h"
#include "zeek/Func.h"
#include "zeek/plugin/Manager.h"
#include "zeek/zeek-config.h"
namespace zeek
{

4
src/Obj.h
View file

@ -2,10 +2,10 @@
#pragma once
#include <limits.h>
#include "zeek/zeek-config.h"
#include <limits.h>
namespace zeek
{

3
src/Options.cc
View file

@ -2,10 +2,11 @@
#include "zeek/Options.h"
#include "zeek/zeek-config.h"
#include <unistd.h>
#include "zeek/script_opt/ScriptOpt.h"
#include "zeek/zeek-config.h"
#ifdef HAVE_GETOPT_H
#include <getopt.h>

3
src/PolicyFile.cc
View file

@ -1,5 +1,7 @@
#include "zeek/PolicyFile.h"
#include "zeek/zeek-config.h"
#include <assert.h>
#include <errno.h>
#include <stdio.h>
@ -12,7 +14,6 @@
#include "zeek/Debug.h"
#include "zeek/Reporter.h"
#include "zeek/util.h"
#include "zeek/zeek-config.h"
using namespace std;

4
src/PrefixTable.cc
View file

@ -94,8 +94,8 @@ std::list<std::tuple<IPPrefix, void*>> PrefixTable::FindAll(const SubNetVal* val
void* PrefixTable::Lookup(const IPAddr& addr, int width, bool exact) const
{
prefix_t* prefix = MakePrefix(addr, width);
patricia_node_t* node =
exact ? patricia_search_exact(tree, prefix) : patricia_search_best(tree, prefix);
patricia_node_t* node = exact ? patricia_search_exact(tree, prefix)
: patricia_search_best(tree, prefix);
int elems = 0;
patricia_node_t** list = nullptr;

3
src/PriorityQueue.cc
View file

@ -2,12 +2,13 @@
#include "zeek/PriorityQueue.h"
#include "zeek/zeek-config.h"
#include <stdio.h>
#include <stdlib.h>
#include "zeek/Reporter.h"
#include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{

4
src/PriorityQueue.h
View file

@ -2,11 +2,11 @@
#pragma once
#include "zeek/zeek-config.h"
#include <math.h>
#include <stdint.h>
#include "zeek/zeek-config.h"
namespace zeek::detail
{

3
src/RE.cc
View file

@ -2,6 +2,8 @@
#include "zeek/RE.h"
#include "zeek/zeek-config.h"
#include <stdlib.h>
#include <utility>
@ -10,7 +12,6 @@
#include "zeek/EquivClass.h"
#include "zeek/Reporter.h"
#include "zeek/ZeekString.h"
#include "zeek/zeek-config.h"
zeek::detail::CCL* zeek::detail::curr_ccl = nullptr;
zeek::detail::Specific_RE_Matcher* zeek::detail::rem = nullptr;

4
src/RandTest.h
View file

@ -1,9 +1,9 @@
#pragma once
#include <stdint.h>
#include "zeek/zeek-config.h"
#include <stdint.h>
#define RT_MONTEN \
6 /* Bytes used as Monte Carlo \
co-ordinates. This should be no more \

3
src/Reassem.cc
View file

@ -2,10 +2,11 @@
#include "zeek/Reassem.h"
#include "zeek/zeek-config.h"
#include <algorithm>
#include "zeek/Desc.h"
#include "zeek/zeek-config.h"
using std::min;

13
src/Reporter.cc
View file

@ -4,6 +4,8 @@
#include "zeek/Reporter.h"
#include "zeek/zeek-config.h"
#include <syslog.h>
#include <unistd.h>
@ -20,7 +22,6 @@
#include "zeek/input.h"
#include "zeek/plugin/Manager.h"
#include "zeek/plugin/Plugin.h"
#include "zeek/zeek-config.h"
#ifdef SYSLOG_INT
extern "C"
@ -599,11 +600,11 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Conne
if ( locations.size() )
{
auto locs = locations.back();
raise_event =
PLUGIN_HOOK_WITH_RESULT(HOOK_REPORTER,
HookReporter(prefix, event, conn, addl, location,
locs.first, locs.second, time, buffer),
true);
raise_event = PLUGIN_HOOK_WITH_RESULT(HOOK_REPORTER,
HookReporter(prefix, event, conn, addl, location,
locs.first, locs.second, time,
buffer),
true);
}
else
raise_event = PLUGIN_HOOK_WITH_RESULT(

3
src/Rule.cc
View file

@ -1,9 +1,10 @@
#include "zeek/Rule.h"
#include "zeek/zeek-config.h"
#include "zeek/RuleAction.h"
#include "zeek/RuleCondition.h"
#include "zeek/RuleMatcher.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{

3
src/RuleAction.cc
View file

@ -1,5 +1,7 @@
#include "zeek/RuleAction.h"
#include "zeek/zeek-config.h"
#include <string>
#include "zeek/Conn.h"
@ -8,7 +10,6 @@
#include "zeek/RuleMatcher.h"
#include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/pia/PIA.h"
#include "zeek/zeek-config.h"
using std::string;

3
src/RuleCondition.cc
View file

@ -1,5 +1,7 @@
#include "zeek/RuleCondition.h"
#include "zeek/zeek-config.h"
#include "zeek/Func.h"
#include "zeek/ID.h"
#include "zeek/Reporter.h"
@ -7,7 +9,6 @@
#include "zeek/Scope.h"
#include "zeek/Val.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"
#include "zeek/zeek-config.h"
static inline bool is_established(const zeek::analyzer::tcp::TCP_Endpoint* e)
{

69
src/RuleMatcher.cc
View file

@ -1,6 +1,8 @@
#include "zeek/RuleMatcher.h"
#include "zeek/zeek-config.h"
#include <algorithm>
#include <functional>
@ -22,7 +24,6 @@
#include "zeek/ZeekString.h"
#include "zeek/analyzer/Analyzer.h"
#include "zeek/module_util.h"
#include "zeek/zeek-config.h"
using namespace std;
@ -662,8 +663,8 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state, const u
#ifdef DEBUG
if ( debug_logger.IsEnabled(DBG_RULES) )
{
const char* s =
util::fmt_bytes(reinterpret_cast<const char*>(data), min(40, static_cast<int>(len)));
const char* s = util::fmt_bytes(reinterpret_cast<const char*>(data),
min(40, static_cast<int>(len)));
DBG_LOG(DBG_RULES, "Matching %s rules on |%s%s|", Rule::TypeToString(Rule::FILE_MAGIC), s,
len > 40 ? "..." : "");
}
@ -805,8 +806,8 @@ RuleEndpointState* RuleMatcher::InitEndpoint(analyzer::Analyzer* analyzer, const
case RuleHdrTest::ICMPv6:
case RuleHdrTest::TCP:
case RuleHdrTest::UDP:
match =
compare(*h->vals, getval(ip->Payload() + h->offset, h->size), h->comp);
match = compare(*h->vals, getval(ip->Payload() + h->offset, h->size),
h->comp);
break;
case RuleHdrTest::IPSrc:
@ -1284,38 +1285,38 @@ static bool val_to_maskedval(Val* v, maskedvalue_list* append_to, vector<IPPrefi
break;
case TYPE_SUBNET:
{
if ( prefix_vector )
{
if ( prefix_vector )
prefix_vector->push_back(v->AsSubNet());
delete mval;
return true;
}
else
{
const uint32_t* n;
uint32_t m[4];
v->AsSubNet().Prefix().GetBytes(&n);
v->AsSubNetVal()->Mask().CopyIPv6(m);
for ( unsigned int i = 0; i < 4; ++i )
m[i] = ntohl(m[i]);
bool is_v4_mask = m[0] == 0xffffffff && m[1] == m[0] && m[2] == m[0];
if ( v->AsSubNet().Prefix().GetFamily() == IPv4 && is_v4_mask )
{
prefix_vector->push_back(v->AsSubNet());
delete mval;
return true;
mval->val = ntohl(*n);
mval->mask = m[3];
}
else
{
const uint32_t* n;
uint32_t m[4];
v->AsSubNet().Prefix().GetBytes(&n);
v->AsSubNetVal()->Mask().CopyIPv6(m);
for ( unsigned int i = 0; i < 4; ++i )
m[i] = ntohl(m[i]);
bool is_v4_mask = m[0] == 0xffffffff && m[1] == m[0] && m[2] == m[0];
if ( v->AsSubNet().Prefix().GetFamily() == IPv4 && is_v4_mask )
{
mval->val = ntohl(*n);
mval->mask = m[3];
}
else
{
rules_error("IPv6 subnets not supported");
mval->val = 0;
mval->mask = 0;
}
rules_error("IPv6 subnets not supported");
mval->val = 0;
mval->mask = 0;
}
}
}
break;
default:
@ -1404,8 +1405,8 @@ void RuleMatcherState::InitEndpointMatcher(analyzer::Analyzer* analyzer, const I
delete orig_match_state;
}
orig_match_state =
rule_matcher->InitEndpoint(analyzer, ip, caplen, resp_match_state, from_orig, pia);
orig_match_state = rule_matcher->InitEndpoint(analyzer, ip, caplen, resp_match_state,
from_orig, pia);
}
else
@ -1416,8 +1417,8 @@ void RuleMatcherState::InitEndpointMatcher(analyzer::Analyzer* analyzer, const I
delete resp_match_state;
}
resp_match_state =
rule_matcher->InitEndpoint(analyzer, ip, caplen, orig_match_state, from_orig, pia);
resp_match_state = rule_matcher->InitEndpoint(analyzer, ip, caplen, orig_match_state,
from_orig, pia);
}
}

11
src/RunState.cc
View file

@ -2,9 +2,9 @@
#include "zeek/RunState.h"
#include <sys/types.h>
#include "zeek/zeek-config.h"
#include <sys/types.h>
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
@ -386,9 +386,10 @@ void get_final_stats()
{
iosource::PktSrc::Stats s;
ps->Statistics(&s);
double dropped_pct =
s.dropped > 0.0 ? ((double)s.dropped / ((double)s.received + (double)s.dropped)) * 100.0
: 0.0;
double dropped_pct = s.dropped > 0.0
? ((double)s.dropped / ((double)s.received + (double)s.dropped)) *
100.0
: 0.0;
reporter->Info("%" PRIu64 " packets received on interface %s, %" PRIu64 " (%.2f%%) dropped",
s.received, ps->Path().c_str(), s.dropped, dropped_pct);
}

4
src/RunState.h
View file

@ -2,11 +2,11 @@
#pragma once
#include "zeek/zeek-config.h"
#include <optional>
#include <string>
#include "zeek/zeek-config.h"
namespace zeek
{

7
src/Scope.cc
View file

@ -2,13 +2,14 @@
#include "zeek/Scope.h"
#include "zeek/zeek-config.h"
#include "zeek/Desc.h"
#include "zeek/ID.h"
#include "zeek/IntrusivePtr.h"
#include "zeek/Reporter.h"
#include "zeek/Val.h"
#include "zeek/module_util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{
@ -110,8 +111,8 @@ const IDPtr& lookup_ID(const char* name, const char* curr_module, bool no_global
std::string fullname = make_full_var_name(curr_module, name);
std::string ID_module = extract_module_name(fullname.c_str());
bool need_export =
check_export && (ID_module != GLOBAL_MODULE_NAME && ID_module != curr_module);
bool need_export = check_export &&
(ID_module != GLOBAL_MODULE_NAME && ID_module != curr_module);
for ( auto s_i = scopes.rbegin(); s_i != scopes.rend(); ++s_i )
{

4
src/SerializationFormat.h
View file

@ -2,11 +2,11 @@
#pragma once
#include "zeek/zeek-config.h"
#include <stdint.h>
#include <string>
#include "zeek/zeek-config.h"
struct in_addr;
struct in6_addr;

3
src/SmithWaterman.cc
View file

@ -2,6 +2,8 @@
#include "zeek/SmithWaterman.h"
#include "zeek/zeek-config.h"
#include <ctype.h>
#include <algorithm>
@ -9,7 +11,6 @@
#include "zeek/Val.h"
#include "zeek/Var.h"
#include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{

14
src/Stats.cc
View file

@ -392,13 +392,15 @@ void SegmentProfiler::Report()
struct rusage final_rusage;
getrusage(RUSAGE_SELF, &final_rusage);
double start_time =
double(initial_rusage.ru_utime.tv_sec) + double(initial_rusage.ru_utime.tv_usec) / 1e6 +
double(initial_rusage.ru_stime.tv_sec) + double(initial_rusage.ru_stime.tv_usec) / 1e6;
double start_time = double(initial_rusage.ru_utime.tv_sec) +
double(initial_rusage.ru_utime.tv_usec) / 1e6 +
double(initial_rusage.ru_stime.tv_sec) +
double(initial_rusage.ru_stime.tv_usec) / 1e6;
double stop_time =
double(final_rusage.ru_utime.tv_sec) + double(final_rusage.ru_utime.tv_usec) / 1e6 +
double(final_rusage.ru_stime.tv_sec) + double(final_rusage.ru_stime.tv_usec) / 1e6;
double stop_time = double(final_rusage.ru_utime.tv_sec) +
double(final_rusage.ru_utime.tv_usec) / 1e6 +
double(final_rusage.ru_stime.tv_sec) +
double(final_rusage.ru_stime.tv_usec) / 1e6;
int start_mem = initial_rusage.ru_maxrss * 1024;
int stop_mem = initial_rusage.ru_maxrss * 1024;

4
src/Stats.h
View file

@ -2,13 +2,13 @@
#pragma once
#include "zeek/zeek-config.h"
#include <stdint.h>
#include <sys/resource.h>
#include <sys/time.h>
#include <sys/types.h>
#include "zeek/zeek-config.h"
namespace zeek
{

51
src/Stmt.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Stmt.h"
#include "zeek/zeek-config.h"
#include "zeek/CompHash.h"
#include "zeek/Debug.h"
#include "zeek/Desc.h"
@ -19,7 +21,6 @@
#include "zeek/logging/Manager.h"
#include "zeek/logging/logging.bif.h"
#include "zeek/script_opt/StmtOptInfo.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{
@ -344,18 +345,18 @@ void do_print_stmt(const std::vector<ValPtr>& vals)
++offset;
}
static auto print_log_type =
static_cast<BifEnum::Log::PrintLogType>(id::find_val("Log::print_to_log")->AsEnum());
static auto print_log_type = static_cast<BifEnum::Log::PrintLogType>(
id::find_val("Log::print_to_log")->AsEnum());
switch ( print_log_type )
{
case BifEnum::Log::REDIRECT_NONE:
break;
case BifEnum::Log::REDIRECT_ALL:
{
print_log(vals);
return;
}
{
print_log(vals);
return;
}
case BifEnum::Log::REDIRECT_STDOUT:
if ( f->FileHandle() == stdout )
{
@ -764,35 +765,35 @@ SwitchStmt::SwitchStmt(ExprPtr index, case_list* arg_cases)
{
// Simplify trivial unary plus/minus expressions on consts.
case EXPR_NEGATE:
{
NegExpr* ne = (NegExpr*)(expr);
{
NegExpr* ne = (NegExpr*)(expr);
if ( ne->Op()->IsConst() )
Unref(exprs.replace(j, new ConstExpr(ne->Eval(nullptr))));
}
if ( ne->Op()->IsConst() )
Unref(exprs.replace(j, new ConstExpr(ne->Eval(nullptr))));
}
break;
case EXPR_POSITIVE:
{
PosExpr* pe = (PosExpr*)(expr);
{
PosExpr* pe = (PosExpr*)(expr);
if ( pe->Op()->IsConst() )
Unref(exprs.replace(j, new ConstExpr(pe->Eval(nullptr))));
}
if ( pe->Op()->IsConst() )
Unref(exprs.replace(j, new ConstExpr(pe->Eval(nullptr))));
}
break;
case EXPR_NAME:
{
NameExpr* ne = (NameExpr*)(expr);
if ( ne->Id()->IsConst() )
{
NameExpr* ne = (NameExpr*)(expr);
auto v = ne->Eval(nullptr);
if ( ne->Id()->IsConst() )
{
auto v = ne->Eval(nullptr);
if ( v )
Unref(exprs.replace(j, new ConstExpr(std::move(v))));
}
if ( v )
Unref(exprs.replace(j, new ConstExpr(std::move(v))));
}
}
break;
default:

3
src/Tag.h
View file

@ -2,12 +2,13 @@
#pragma once
#include "zeek/zeek-config.h"
#include <stdint.h>
#include <string>
#include "zeek/IntrusivePtr.h"
#include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek
{

7
src/Timer.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Timer.h"
#include "zeek/zeek-config.h"
#include "zeek/Desc.h"
#include "zeek/NetVar.h"
#include "zeek/RunState.h"
@ -9,7 +11,6 @@
#include "zeek/iosource/Manager.h"
#include "zeek/iosource/PktSrc.h"
#include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{
@ -102,8 +103,8 @@ void TimerMgr::Process()
// Just advance the timer manager based on the current network time. This won't actually
// change the time, but will dispatch any timers that need dispatching.
run_state::current_dispatched +=
Advance(run_state::network_time, max_timer_expires - run_state::current_dispatched);
run_state::current_dispatched += Advance(run_state::network_time,
max_timer_expires - run_state::current_dispatched);
}
void TimerMgr::InitPostScript()

18
src/Trigger.cc
View file

@ -48,17 +48,17 @@ TraversalCode trigger::TriggerTraversalCallback::PreExpr(const Expr* expr)
switch ( expr->Tag() )
{
case EXPR_NAME:
{
const auto* e = static_cast<const NameExpr*>(expr);
if ( e->Id()->IsGlobal() )
trigger->Register(e->Id());
{
const auto* e = static_cast<const NameExpr*>(expr);
if ( e->Id()->IsGlobal() )
trigger->Register(e->Id());
Val* v = e->Id()->GetVal().get();
Val* v = e->Id()->GetVal().get();
if ( v && v->Modifiable() )
trigger->Register(v);
break;
};
if ( v && v->Modifiable() )
trigger->Register(v);
break;
};
default:
// All others are uninteresting.

3
src/TunnelEncapsulation.h
View file

@ -2,13 +2,14 @@
#pragma once
#include "zeek/zeek-config.h"
#include <vector>
#include "zeek/ID.h"
#include "zeek/IPAddr.h"
#include "zeek/NetVar.h"
#include "zeek/UID.h"
#include "zeek/zeek-config.h"
namespace zeek
{

594
src/Type.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Type.h"
#include "zeek/zeek-config.h"
#include <list>
#include <map>
#include <string>
@ -14,7 +16,6 @@
#include "zeek/Val.h"
#include "zeek/Var.h"
#include "zeek/module_util.h"
#include "zeek/zeek-config.h"
#include "zeek/zeekygen/IdentifierInfo.h"
#include "zeek/zeekygen/Manager.h"
#include "zeek/zeekygen/ScriptInfo.h"
@ -458,39 +459,39 @@ static bool is_supported_index_type(const TypePtr& t, const char** tname)
return true;
case TYPE_RECORD:
{
auto rt = t->AsRecordType();
{
auto rt = t->AsRecordType();
for ( auto i = 0; i < rt->NumFields(); ++i )
if ( ! is_supported_index_type(rt->GetFieldType(i), tname) )
return false;
return true;
}
case TYPE_LIST:
{
for ( const auto& type : t->AsTypeList()->GetTypes() )
if ( ! is_supported_index_type(type, tname) )
return false;
return true;
}
case TYPE_TABLE:
{
auto tt = t->AsTableType();
if ( ! is_supported_index_type(tt->GetIndices(), tname) )
for ( auto i = 0; i < rt->NumFields(); ++i )
if ( ! is_supported_index_type(rt->GetFieldType(i), tname) )
return false;
const auto& yt = tt->Yield();
return true;
}
if ( ! yt )
return true;
case TYPE_LIST:
{
for ( const auto& type : t->AsTypeList()->GetTypes() )
if ( ! is_supported_index_type(type, tname) )
return false;
return is_supported_index_type(yt, tname);
}
return true;
}
case TYPE_TABLE:
{
auto tt = t->AsTableType();
if ( ! is_supported_index_type(tt->GetIndices(), tname) )
return false;
const auto& yt = tt->Yield();
if ( ! yt )
return true;
return is_supported_index_type(yt, tname);
}
case TYPE_VECTOR:
return is_supported_index_type(t->AsVectorType()->Yield(), tname);
@ -519,8 +520,8 @@ TableType::TableType(TypeListPtr ind, TypePtr yield)
if ( ! is_supported_index_type(tli, &unsupported_type_name) )
{
auto msg =
util::fmt("index type containing '%s' is not supported", unsupported_type_name);
auto msg = util::fmt("index type containing '%s' is not supported",
unsupported_type_name);
Error(msg, tli.get());
SetError();
break;
@ -1253,23 +1254,23 @@ void RecordType::Create(std::vector<std::optional<ZVal>>& r) const
break;
case FieldInit::R_INIT_DEF:
{
auto v = init->def_expr->Eval(nullptr);
if ( v )
{
auto v = init->def_expr->Eval(nullptr);
if ( v )
const auto& t = init->def_type;
if ( init->def_coerce )
{
const auto& t = init->def_type;
if ( init->def_coerce )
{
auto rt = cast_intrusive<RecordType>(t);
v = v->AsRecordVal()->CoerceTo(rt);
}
r_i = ZVal(v, t);
auto rt = cast_intrusive<RecordType>(t);
v = v->AsRecordVal()->CoerceTo(rt);
}
else
reporter->Error("failed &default in record creation");
r_i = ZVal(v, t);
}
else
reporter->Error("failed &default in record creation");
}
break;
case FieldInit::R_INIT_RECORD:
@ -1719,8 +1720,8 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const
if ( doc->GetDeclaringScript() )
enum_from_script = doc->GetDeclaringScript()->Name();
zeekygen::detail::IdentifierInfo* type_doc =
detail::zeekygen_mgr->GetIdentifierInfo(GetName());
zeekygen::detail::IdentifierInfo* type_doc = detail::zeekygen_mgr->GetIdentifierInfo(
GetName());
if ( type_doc && type_doc->GetDeclaringScript() )
type_from_script = type_doc->GetDeclaringScript()->Name();
@ -1903,81 +1904,81 @@ bool same_type(const Type& arg_t1, const Type& arg_t2, bool is_init, bool match_
return true;
case TYPE_OPAQUE:
{
const OpaqueType* ot1 = (const OpaqueType*)t1;
const OpaqueType* ot2 = (const OpaqueType*)t2;
return ot1->Name() == ot2->Name();
}
{
const OpaqueType* ot1 = (const OpaqueType*)t1;
const OpaqueType* ot2 = (const OpaqueType*)t2;
return ot1->Name() == ot2->Name();
}
case TYPE_TABLE:
{
const IndexType* it1 = (const IndexType*)t1;
const IndexType* it2 = (const IndexType*)t2;
{
const IndexType* it1 = (const IndexType*)t1;
const IndexType* it2 = (const IndexType*)t2;
const auto& tl1 = it1->GetIndices();
const auto& tl2 = it2->GetIndices();
const auto& tl1 = it1->GetIndices();
const auto& tl2 = it2->GetIndices();
if ( (tl1 || tl2) && ! (tl1 && tl2) )
return false;
if ( (tl1 || tl2) && ! (tl1 && tl2) )
return false;
const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield();
const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield();
if ( (y1 || y2) && ! (y1 && y2) )
return false;
if ( (y1 || y2) && ! (y1 && y2) )
return false;
break;
}
break;
}
case TYPE_FUNC:
{
const FuncType* ft1 = (const FuncType*)t1;
const FuncType* ft2 = (const FuncType*)t2;
{
const FuncType* ft1 = (const FuncType*)t1;
const FuncType* ft2 = (const FuncType*)t2;
if ( ft1->Flavor() != ft2->Flavor() )
return false;
if ( ft1->Flavor() != ft2->Flavor() )
return false;
const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield();
if ( (y1 || y2) && ! (y1 && y2) )
return false;
const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield();
if ( (y1 || y2) && ! (y1 && y2) )
return false;
break;
}
break;
}
case TYPE_RECORD:
{
const RecordType* rt1 = (const RecordType*)t1;
const RecordType* rt2 = (const RecordType*)t2;
{
const RecordType* rt1 = (const RecordType*)t1;
const RecordType* rt2 = (const RecordType*)t2;
if ( rt1->NumFields() != rt2->NumFields() )
if ( rt1->NumFields() != rt2->NumFields() )
return false;
for ( int i = 0; i < rt1->NumFields(); ++i )
{
const TypeDecl* td1 = rt1->FieldDecl(i);
const TypeDecl* td2 = rt2->FieldDecl(i);
if ( match_record_field_names && ! util::streq(td1->id, td2->id) )
return false;
for ( int i = 0; i < rt1->NumFields(); ++i )
{
const TypeDecl* td1 = rt1->FieldDecl(i);
const TypeDecl* td2 = rt2->FieldDecl(i);
if ( match_record_field_names && ! util::streq(td1->id, td2->id) )
return false;
if ( ! same_attrs(td1->attrs.get(), td2->attrs.get()) )
return false;
}
break;
if ( ! same_attrs(td1->attrs.get(), td2->attrs.get()) )
return false;
}
break;
}
case TYPE_LIST:
{
const auto& tl1 = t1->AsTypeList()->GetTypes();
const auto& tl2 = t2->AsTypeList()->GetTypes();
{
const auto& tl1 = t1->AsTypeList()->GetTypes();
const auto& tl2 = t2->AsTypeList()->GetTypes();
if ( tl1.size() != tl2.size() )
return false;
if ( tl1.size() != tl2.size() )
return false;
break;
}
break;
}
case TYPE_VECTOR:
case TYPE_FILE:
@ -2023,73 +2024,73 @@ bool same_type(const Type& arg_t1, const Type& arg_t2, bool is_init, bool match_
switch ( t1->Tag() )
{
case TYPE_TABLE:
{
const IndexType* it1 = (const IndexType*)t1;
const IndexType* it2 = (const IndexType*)t2;
const auto& tl1 = it1->GetIndices();
const auto& tl2 = it2->GetIndices();
if ( ! same_type(tl1, tl2, is_init, match_record_field_names) )
result = false;
else
{
const IndexType* it1 = (const IndexType*)t1;
const IndexType* it2 = (const IndexType*)t2;
const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield();
const auto& tl1 = it1->GetIndices();
const auto& tl2 = it2->GetIndices();
if ( ! same_type(tl1, tl2, is_init, match_record_field_names) )
result = false;
else
{
const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield();
result = same_type(y1, y2, is_init, match_record_field_names);
}
break;
result = same_type(y1, y2, is_init, match_record_field_names);
}
break;
}
case TYPE_FUNC:
{
const FuncType* ft1 = (const FuncType*)t1;
const FuncType* ft2 = (const FuncType*)t2;
{
const FuncType* ft1 = (const FuncType*)t1;
const FuncType* ft2 = (const FuncType*)t2;
if ( ! same_type(t1->Yield(), t2->Yield(), is_init, match_record_field_names) )
result = false;
else
result = ft1->CheckArgs(ft2->ParamList()->GetTypes(), is_init, false);
break;
}
if ( ! same_type(t1->Yield(), t2->Yield(), is_init, match_record_field_names) )
result = false;
else
result = ft1->CheckArgs(ft2->ParamList()->GetTypes(), is_init, false);
break;
}
case TYPE_RECORD:
{
const RecordType* rt1 = (const RecordType*)t1;
const RecordType* rt2 = (const RecordType*)t2;
result = true;
for ( int i = 0; i < rt1->NumFields(); ++i )
{
const RecordType* rt1 = (const RecordType*)t1;
const RecordType* rt2 = (const RecordType*)t2;
const TypeDecl* td1 = rt1->FieldDecl(i);
const TypeDecl* td2 = rt2->FieldDecl(i);
result = true;
for ( int i = 0; i < rt1->NumFields(); ++i )
if ( ! same_type(td1->type, td2->type, is_init, match_record_field_names) )
{
const TypeDecl* td1 = rt1->FieldDecl(i);
const TypeDecl* td2 = rt2->FieldDecl(i);
if ( ! same_type(td1->type, td2->type, is_init, match_record_field_names) )
{
result = false;
break;
}
result = false;
break;
}
break;
}
break;
}
case TYPE_LIST:
{
const auto& tl1 = t1->AsTypeList()->GetTypes();
const auto& tl2 = t2->AsTypeList()->GetTypes();
{
const auto& tl1 = t1->AsTypeList()->GetTypes();
const auto& tl2 = t2->AsTypeList()->GetTypes();
result = true;
result = true;
for ( auto i = 0u; i < tl1.size(); ++i )
if ( ! same_type(tl1[i], tl2[i], is_init, match_record_field_names) )
{
result = false;
break;
}
break;
}
for ( auto i = 0u; i < tl1.size(); ++i )
if ( ! same_type(tl1[i], tl2[i], is_init, match_record_field_names) )
{
result = false;
break;
}
break;
}
case TYPE_VECTOR:
case TYPE_FILE:
@ -2097,13 +2098,12 @@ bool same_type(const Type& arg_t1, const Type& arg_t2, bool is_init, bool match_
break;
case TYPE_TYPE:
{
auto tt1 = t1->AsTypeType();
auto tt2 = t2->AsTypeType();
result =
same_type(tt1->GetType(), tt1->GetType(), is_init, match_record_field_names);
break;
}
{
auto tt1 = t1->AsTypeType();
auto tt2 = t2->AsTypeType();
result = same_type(tt1->GetType(), tt1->GetType(), is_init, match_record_field_names);
break;
}
default:
result = false;
@ -2286,180 +2286,180 @@ TypePtr merge_types(const TypePtr& arg_t1, const TypePtr& arg_t2)
return base_type(tg1);
case TYPE_ENUM:
{
// Could compare pointers t1 == t2, but maybe there's someone out
// there creating clones of the type, so safer to compare name.
if ( t1->GetName() != t2->GetName() )
{
// Could compare pointers t1 == t2, but maybe there's someone out
// there creating clones of the type, so safer to compare name.
if ( t1->GetName() != t2->GetName() )
{
std::string msg = util::fmt("incompatible enum types: '%s' and '%s'",
t1->GetName().data(), t2->GetName().data());
std::string msg = util::fmt("incompatible enum types: '%s' and '%s'",
t1->GetName().data(), t2->GetName().data());
t1->Error(msg.data(), t2);
return nullptr;
}
// Doing a lookup here as a roundabout way of ref-ing t1, without
// changing the function params which has t1 as const and also
// (potentially) avoiding a pitfall mentioned earlier about clones.
const auto& id = detail::global_scope()->Find(t1->GetName());
if ( id && id->IsType() && id->GetType()->Tag() == TYPE_ENUM )
// It should make most sense to return the real type here rather
// than a copy since it may be redef'd later in parsing. If we
// return a copy, then whoever is using this return value won't
// actually see those changes from the redef.
return id->GetType();
std::string msg =
util::fmt("incompatible enum types: '%s' and '%s'"
" ('%s' enum type ID is invalid)",
t1->GetName().data(), t2->GetName().data(), t1->GetName().data());
t1->Error(msg.data(), t2);
return nullptr;
}
// Doing a lookup here as a roundabout way of ref-ing t1, without
// changing the function params which has t1 as const and also
// (potentially) avoiding a pitfall mentioned earlier about clones.
const auto& id = detail::global_scope()->Find(t1->GetName());
if ( id && id->IsType() && id->GetType()->Tag() == TYPE_ENUM )
// It should make most sense to return the real type here rather
// than a copy since it may be redef'd later in parsing. If we
// return a copy, then whoever is using this return value won't
// actually see those changes from the redef.
return id->GetType();
std::string msg = util::fmt("incompatible enum types: '%s' and '%s'"
" ('%s' enum type ID is invalid)",
t1->GetName().data(), t2->GetName().data(),
t1->GetName().data());
t1->Error(msg.data(), t2);
return nullptr;
}
case TYPE_TABLE:
{
const IndexType* it1 = (const IndexType*)t1;
const IndexType* it2 = (const IndexType*)t2;
const auto& tl1 = it1->GetIndexTypes();
const auto& tl2 = it2->GetIndexTypes();
TypeListPtr tl3;
if ( tl1.size() != tl2.size() )
{
const IndexType* it1 = (const IndexType*)t1;
const IndexType* it2 = (const IndexType*)t2;
t1->Error("incompatible types", t2);
return nullptr;
}
const auto& tl1 = it1->GetIndexTypes();
const auto& tl2 = it2->GetIndexTypes();
TypeListPtr tl3;
tl3 = make_intrusive<TypeList>();
if ( tl1.size() != tl2.size() )
for ( auto i = 0u; i < tl1.size(); ++i )
{
auto tl3_i = merge_types(tl1[i], tl2[i]);
if ( ! tl3_i )
return nullptr;
tl3->Append(std::move(tl3_i));
}
const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield();
TypePtr y3;
if ( y1 || y2 )
{
if ( ! y1 || ! y2 )
{
t1->Error("incompatible types", t2);
return nullptr;
}
tl3 = make_intrusive<TypeList>();
for ( auto i = 0u; i < tl1.size(); ++i )
{
auto tl3_i = merge_types(tl1[i], tl2[i]);
if ( ! tl3_i )
return nullptr;
tl3->Append(std::move(tl3_i));
}
const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield();
TypePtr y3;
if ( y1 || y2 )
{
if ( ! y1 || ! y2 )
{
t1->Error("incompatible types", t2);
return nullptr;
}
y3 = merge_types(y1, y2);
if ( ! y3 )
return nullptr;
}
if ( t1->IsSet() )
return make_intrusive<SetType>(std::move(tl3), nullptr);
else
return make_intrusive<TableType>(std::move(tl3), std::move(y3));
y3 = merge_types(y1, y2);
if ( ! y3 )
return nullptr;
}
if ( t1->IsSet() )
return make_intrusive<SetType>(std::move(tl3), nullptr);
else
return make_intrusive<TableType>(std::move(tl3), std::move(y3));
}
case TYPE_FUNC:
{
if ( ! same_type(t1, t2) )
{
if ( ! same_type(t1, t2) )
{
t1->Error("incompatible types", t2);
return nullptr;
}
const FuncType* ft1 = (const FuncType*)t1;
const FuncType* ft2 = (const FuncType*)t1;
auto args = cast_intrusive<RecordType>(merge_types(ft1->Params(), ft2->Params()));
auto yield = t1->Yield() ? merge_types(t1->Yield(), t2->Yield()) : nullptr;
return make_intrusive<FuncType>(std::move(args), std::move(yield), ft1->Flavor());
t1->Error("incompatible types", t2);
return nullptr;
}
const FuncType* ft1 = (const FuncType*)t1;
const FuncType* ft2 = (const FuncType*)t1;
auto args = cast_intrusive<RecordType>(merge_types(ft1->Params(), ft2->Params()));
auto yield = t1->Yield() ? merge_types(t1->Yield(), t2->Yield()) : nullptr;
return make_intrusive<FuncType>(std::move(args), std::move(yield), ft1->Flavor());
}
case TYPE_RECORD:
{
const RecordType* rt1 = (const RecordType*)t1;
const RecordType* rt2 = (const RecordType*)t2;
if ( rt1->NumFields() != rt2->NumFields() )
return nullptr;
type_decl_list* tdl3 = new type_decl_list(rt1->NumFields());
for ( int i = 0; i < rt1->NumFields(); ++i )
{
const RecordType* rt1 = (const RecordType*)t1;
const RecordType* rt2 = (const RecordType*)t2;
const TypeDecl* td1 = rt1->FieldDecl(i);
const TypeDecl* td2 = rt2->FieldDecl(i);
auto tdl3_i = merge_types(td1->type, td2->type);
if ( rt1->NumFields() != rt2->NumFields() )
return nullptr;
type_decl_list* tdl3 = new type_decl_list(rt1->NumFields());
for ( int i = 0; i < rt1->NumFields(); ++i )
if ( ! util::streq(td1->id, td2->id) || ! tdl3_i )
{
const TypeDecl* td1 = rt1->FieldDecl(i);
const TypeDecl* td2 = rt2->FieldDecl(i);
auto tdl3_i = merge_types(td1->type, td2->type);
if ( ! util::streq(td1->id, td2->id) || ! tdl3_i )
{
t1->Error("incompatible record fields", t2);
delete tdl3;
return nullptr;
}
tdl3->push_back(new TypeDecl(util::copy_string(td1->id), std::move(tdl3_i)));
t1->Error("incompatible record fields", t2);
delete tdl3;
return nullptr;
}
return make_intrusive<RecordType>(tdl3);
tdl3->push_back(new TypeDecl(util::copy_string(td1->id), std::move(tdl3_i)));
}
return make_intrusive<RecordType>(tdl3);
}
case TYPE_LIST:
{
const TypeList* tl1 = t1->AsTypeList();
const TypeList* tl2 = t2->AsTypeList();
if ( tl1->IsPure() != tl2->IsPure() )
{
const TypeList* tl1 = t1->AsTypeList();
const TypeList* tl2 = t2->AsTypeList();
if ( tl1->IsPure() != tl2->IsPure() )
{
tl1->Error("incompatible lists", tl2);
return nullptr;
}
const auto& l1 = tl1->GetTypes();
const auto& l2 = tl2->GetTypes();
if ( l1.size() == 0 || l2.size() == 0 )
{
if ( l1.size() == 0 )
tl1->Error("empty list");
else
tl2->Error("empty list");
return nullptr;
}
if ( tl1->IsPure() )
{
// We will be expanding the pure list when converting
// the initialization expression into a set of values.
// So the merge type of the list is the type of one
// of the elements, providing they're consistent.
return merge_types(l1[0], l2[0]);
}
// Impure lists - must have the same size and match element
// by element.
if ( l1.size() != l2.size() )
{
tl1->Error("different number of indices", tl2);
return nullptr;
}
auto tl3 = make_intrusive<TypeList>();
for ( auto i = 0u; i < l1.size(); ++i )
tl3->Append(merge_types(l1[i], l2[i]));
return tl3;
tl1->Error("incompatible lists", tl2);
return nullptr;
}
const auto& l1 = tl1->GetTypes();
const auto& l2 = tl2->GetTypes();
if ( l1.size() == 0 || l2.size() == 0 )
{
if ( l1.size() == 0 )
tl1->Error("empty list");
else
tl2->Error("empty list");
return nullptr;
}
if ( tl1->IsPure() )
{
// We will be expanding the pure list when converting
// the initialization expression into a set of values.
// So the merge type of the list is the type of one
// of the elements, providing they're consistent.
return merge_types(l1[0], l2[0]);
}
// Impure lists - must have the same size and match element
// by element.
if ( l1.size() != l2.size() )
{
tl1->Error("different number of indices", tl2);
return nullptr;
}
auto tl3 = make_intrusive<TypeList>();
for ( auto i = 0u; i < l1.size(); ++i )
tl3->Append(merge_types(l1[i], l2[i]));
return tl3;
}
case TYPE_VECTOR:
if ( ! same_type(t1->Yield(), t2->Yield()) )
{

343
src/Val.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Val.h"
#include "zeek/zeek-config.h"
#include <netdb.h>
#include <netinet/in.h>
#include <stdio.h>
@ -35,7 +37,6 @@
#include "zeek/broker/Manager.h"
#include "zeek/broker/Store.h"
#include "zeek/threading/formatters/JSON.h"
#include "zeek/zeek-config.h"
using namespace std;
@ -443,161 +444,161 @@ static void BuildJSON(threading::formatter::JSON::NullDoubleWriter& writer, Val*
break;
case TYPE_PORT:
{
auto* pval = val->AsPortVal();
writer.StartObject();
writer.Key("port");
writer.Int64(pval->Port());
writer.Key("proto");
writer.String(pval->Protocol());
writer.EndObject();
break;
}
{
auto* pval = val->AsPortVal();
writer.StartObject();
writer.Key("port");
writer.Int64(pval->Port());
writer.Key("proto");
writer.String(pval->Protocol());
writer.EndObject();
break;
}
case TYPE_PATTERN:
case TYPE_INTERVAL:
case TYPE_ADDR:
case TYPE_SUBNET:
{
ODesc d;
d.SetStyle(RAW_STYLE);
val->Describe(&d);
writer.String(reinterpret_cast<const char*>(d.Bytes()), d.Len());
break;
}
{
ODesc d;
d.SetStyle(RAW_STYLE);
val->Describe(&d);
writer.String(reinterpret_cast<const char*>(d.Bytes()), d.Len());
break;
}
case TYPE_FILE:
case TYPE_FUNC:
case TYPE_ENUM:
case TYPE_STRING:
{
ODesc d;
d.SetStyle(RAW_STYLE);
val->Describe(&d);
writer.String(util::json_escape_utf8(
std::string(reinterpret_cast<const char*>(d.Bytes()), d.Len())));
break;
}
{
ODesc d;
d.SetStyle(RAW_STYLE);
val->Describe(&d);
writer.String(util::json_escape_utf8(
std::string(reinterpret_cast<const char*>(d.Bytes()), d.Len())));
break;
}
case TYPE_TABLE:
{
auto* table = val->AsTable();
auto* tval = val->AsTableVal();
if ( tval->GetType()->IsSet() )
writer.StartArray();
else
writer.StartObject();
std::unique_ptr<detail::HashKey> k;
TableEntryVal* entry;
for ( const auto& te : *table )
{
auto* table = val->AsTable();
auto* tval = val->AsTableVal();
entry = te.GetValue<TableEntryVal*>();
k = te.GetHashKey();
auto lv = tval->RecreateIndex(*k);
Val* entry_key = lv->Length() == 1 ? lv->Idx(0).get() : lv.get();
if ( tval->GetType()->IsSet() )
writer.StartArray();
BuildJSON(writer, entry_key, only_loggable, re);
else
writer.StartObject();
std::unique_ptr<detail::HashKey> k;
TableEntryVal* entry;
for ( const auto& te : *table )
{
entry = te.GetValue<TableEntryVal*>();
k = te.GetHashKey();
rapidjson::StringBuffer buffer;
threading::formatter::JSON::NullDoubleWriter key_writer(buffer);
BuildJSON(key_writer, entry_key, only_loggable, re);
string key_str = buffer.GetString();
auto lv = tval->RecreateIndex(*k);
Val* entry_key = lv->Length() == 1 ? lv->Idx(0).get() : lv.get();
if ( key_str.length() >= 2 && key_str[0] == '"' &&
key_str[key_str.length() - 1] == '"' )
// Strip quotes.
key_str = key_str.substr(1, key_str.length() - 2);
if ( tval->GetType()->IsSet() )
BuildJSON(writer, entry_key, only_loggable, re);
else
{
rapidjson::StringBuffer buffer;
threading::formatter::JSON::NullDoubleWriter key_writer(buffer);
BuildJSON(key_writer, entry_key, only_loggable, re);
string key_str = buffer.GetString();
if ( key_str.length() >= 2 && key_str[0] == '"' &&
key_str[key_str.length() - 1] == '"' )
// Strip quotes.
key_str = key_str.substr(1, key_str.length() - 2);
BuildJSON(writer, entry->GetVal().get(), only_loggable, re, key_str);
}
BuildJSON(writer, entry->GetVal().get(), only_loggable, re, key_str);
}
if ( tval->GetType()->IsSet() )
writer.EndArray();
else
writer.EndObject();
break;
}
if ( tval->GetType()->IsSet() )
writer.EndArray();
else
writer.EndObject();
break;
}
case TYPE_RECORD:
{
writer.StartObject();
auto* rval = val->AsRecordVal();
auto rt = rval->GetType()->AsRecordType();
for ( auto i = 0; i < rt->NumFields(); ++i )
{
writer.StartObject();
auto value = rval->GetFieldOrDefault(i);
auto* rval = val->AsRecordVal();
auto rt = rval->GetType()->AsRecordType();
for ( auto i = 0; i < rt->NumFields(); ++i )
if ( value && (! only_loggable || rt->FieldHasAttr(i, detail::ATTR_LOG)) )
{
auto value = rval->GetFieldOrDefault(i);
string key_str;
auto field_name = rt->FieldName(i);
if ( value && (! only_loggable || rt->FieldHasAttr(i, detail::ATTR_LOG)) )
if ( re && re->MatchAnywhere(field_name) != 0 )
{
string key_str;
auto field_name = rt->FieldName(i);
if ( re && re->MatchAnywhere(field_name) != 0 )
{
auto blank = make_intrusive<StringVal>("");
auto fn_val = make_intrusive<StringVal>(field_name);
const auto& bs = *blank->AsString();
auto key_val = fn_val->Replace(re, bs, false);
key_str = key_val->ToStdString();
}
else
key_str = field_name;
BuildJSON(writer, value.get(), only_loggable, re, key_str);
auto blank = make_intrusive<StringVal>("");
auto fn_val = make_intrusive<StringVal>(field_name);
const auto& bs = *blank->AsString();
auto key_val = fn_val->Replace(re, bs, false);
key_str = key_val->ToStdString();
}
}
else
key_str = field_name;
writer.EndObject();
break;
BuildJSON(writer, value.get(), only_loggable, re, key_str);
}
}
writer.EndObject();
break;
}
case TYPE_LIST:
{
writer.StartArray();
{
writer.StartArray();
auto* lval = val->AsListVal();
size_t size = lval->Length();
for ( size_t i = 0; i < size; i++ )
BuildJSON(writer, lval->Idx(i).get(), only_loggable, re);
auto* lval = val->AsListVal();
size_t size = lval->Length();
for ( size_t i = 0; i < size; i++ )
BuildJSON(writer, lval->Idx(i).get(), only_loggable, re);
writer.EndArray();
break;
}
writer.EndArray();
break;
}
case TYPE_VECTOR:
{
writer.StartArray();
{
writer.StartArray();
auto* vval = val->AsVectorVal();
size_t size = vval->SizeVal()->AsCount();
for ( size_t i = 0; i < size; i++ )
BuildJSON(writer, vval->ValAt(i).get(), only_loggable, re);
auto* vval = val->AsVectorVal();
size_t size = vval->SizeVal()->AsCount();
for ( size_t i = 0; i < size; i++ )
BuildJSON(writer, vval->ValAt(i).get(), only_loggable, re);
writer.EndArray();
break;
}
writer.EndArray();
break;
}
case TYPE_OPAQUE:
{
writer.StartObject();
{
writer.StartObject();
writer.Key("opaque_type");
auto* oval = val->AsOpaqueVal();
writer.String(OpaqueMgr::mgr()->TypeID(oval));
writer.Key("opaque_type");
auto* oval = val->AsOpaqueVal();
writer.String(OpaqueMgr::mgr()->TypeID(oval));
writer.EndObject();
break;
}
writer.EndObject();
break;
}
default:
writer.Null();
@ -1368,23 +1369,23 @@ static void find_nested_record_types(const TypePtr& t, std::set<RecordType*>* fo
switch ( t->Tag() )
{
case TYPE_RECORD:
{
auto rt = t->AsRecordType();
found->emplace(rt);
{
auto rt = t->AsRecordType();
found->emplace(rt);
for ( auto i = 0; i < rt->NumFields(); ++i )
find_nested_record_types(rt->FieldDecl(i)->type, found);
}
for ( auto i = 0; i < rt->NumFields(); ++i )
find_nested_record_types(rt->FieldDecl(i)->type, found);
}
return;
case TYPE_TABLE:
find_nested_record_types(t->AsTableType()->GetIndices(), found);
find_nested_record_types(t->AsTableType()->Yield(), found);
return;
case TYPE_LIST:
{
for ( const auto& type : t->AsTypeList()->GetTypes() )
find_nested_record_types(type, found);
}
{
for ( const auto& type : t->AsTypeList()->GetTypes() )
find_nested_record_types(type, found);
}
return;
case TYPE_FUNC:
find_nested_record_types(t->AsFuncType()->Params(), found);
@ -1838,8 +1839,8 @@ ValPtr TableVal::Default(const ValPtr& index)
record_promotion_compatible(dtype->AsRecordType(), ytype->AsRecordType()) )
{
auto rt = cast_intrusive<RecordType>(ytype);
auto coerce =
make_intrusive<detail::RecordCoerceExpr>(def_attr->GetExpr(), std::move(rt));
auto coerce = make_intrusive<detail::RecordCoerceExpr>(def_attr->GetExpr(),
std::move(rt));
def_val = coerce->Eval(nullptr);
}
@ -2144,63 +2145,63 @@ void TableVal::SendToStore(const Val* index, const TableEntryVal* new_entry_val,
{
case ELEMENT_NEW:
case ELEMENT_CHANGED:
{
{
#ifndef __clang__
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
#endif
broker::optional<broker::timespan> expiry;
broker::optional<broker::timespan> expiry;
#ifndef __clang__
#pragma GCC diagnostic pop
#endif
auto expire_time = GetExpireTime();
if ( expire_time == 0 )
// Entry is set to immediately expire. Let's not forward it.
break;
if ( expire_time > 0 )
{
if ( attrs->Find(detail::ATTR_EXPIRE_CREATE) )
{
// for create expiry, we have to substract the already elapsed time from
// the expiry.
auto e = expire_time -
(run_state::network_time - new_entry_val->ExpireAccessTime());
if ( e <= 0 )
// element already expired? Let's not insert it.
break;
expiry = Broker::detail::convert_expiry(e);
}
else
expiry = Broker::detail::convert_expiry(expire_time);
}
if ( table_type->IsSet() )
handle->store.put(std::move(*broker_index), broker::data(), expiry);
else
{
if ( ! new_entry_val )
{
emit_builtin_error(
"did not receive new value for Broker datastore send operation");
return;
}
auto new_value = new_entry_val->GetVal().get();
auto broker_val = Broker::detail::val_to_data(new_value);
if ( ! broker_val )
{
emit_builtin_error("invalid Broker data conversation for table value");
return;
}
handle->store.put(std::move(*broker_index), std::move(*broker_val), expiry);
}
auto expire_time = GetExpireTime();
if ( expire_time == 0 )
// Entry is set to immediately expire. Let's not forward it.
break;
if ( expire_time > 0 )
{
if ( attrs->Find(detail::ATTR_EXPIRE_CREATE) )
{
// for create expiry, we have to substract the already elapsed time from
// the expiry.
auto e = expire_time -
(run_state::network_time - new_entry_val->ExpireAccessTime());
if ( e <= 0 )
// element already expired? Let's not insert it.
break;
expiry = Broker::detail::convert_expiry(e);
}
else
expiry = Broker::detail::convert_expiry(expire_time);
}
if ( table_type->IsSet() )
handle->store.put(std::move(*broker_index), broker::data(), expiry);
else
{
if ( ! new_entry_val )
{
emit_builtin_error(
"did not receive new value for Broker datastore send operation");
return;
}
auto new_value = new_entry_val->GetVal().get();
auto broker_val = Broker::detail::val_to_data(new_value);
if ( ! broker_val )
{
emit_builtin_error("invalid Broker data conversation for table value");
return;
}
handle->store.put(std::move(*broker_index), std::move(*broker_val), expiry);
}
break;
}
case ELEMENT_REMOVED:
handle->store.erase(std::move(*broker_index));
break;

4
src/Val.h
View file

@ -271,8 +271,8 @@ public:
static constexpr bro_uint_t PREALLOCATED_COUNTS = 4096;
static constexpr bro_uint_t PREALLOCATED_INTS = 512;
static constexpr bro_int_t PREALLOCATED_INT_LOWEST = -255;
static constexpr bro_int_t PREALLOCATED_INT_HIGHEST =
PREALLOCATED_INT_LOWEST + PREALLOCATED_INTS - 1;
static constexpr bro_int_t PREALLOCATED_INT_HIGHEST = PREALLOCATED_INT_LOWEST +
PREALLOCATED_INTS - 1;
ValManager();

23
src/Var.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Var.h"
#include "zeek/zeek-config.h"
#include <memory>
#include "zeek/EventRegistry.h"
@ -16,7 +18,6 @@
#include "zeek/Val.h"
#include "zeek/module_util.h"
#include "zeek/script_opt/ScriptOpt.h"
#include "zeek/zeek-config.h"
namespace zeek::detail
{
@ -222,19 +223,19 @@ static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init,
switch ( init->Tag() )
{
case EXPR_TABLE_CONSTRUCTOR:
{
auto* ctor = static_cast<TableConstructorExpr*>(init.get());
if ( ctor->GetAttrs() )
id->AddAttrs(ctor->GetAttrs());
}
{
auto* ctor = static_cast<TableConstructorExpr*>(init.get());
if ( ctor->GetAttrs() )
id->AddAttrs(ctor->GetAttrs());
}
break;
case EXPR_SET_CONSTRUCTOR:
{
auto* ctor = static_cast<SetConstructorExpr*>(init.get());
if ( ctor->GetAttrs() )
id->AddAttrs(ctor->GetAttrs());
}
{
auto* ctor = static_cast<SetConstructorExpr*>(init.get());
if ( ctor->GetAttrs() )
id->AddAttrs(ctor->GetAttrs());
}
break;
default:

3
src/ZeekString.cc
View file

@ -2,6 +2,8 @@
#include "zeek/ZeekString.h"
#include "zeek/zeek-config.h"
#include <ctype.h>
#include <algorithm>
#include <iostream>
@ -12,7 +14,6 @@
#include "zeek/Reporter.h"
#include "zeek/Val.h"
#include "zeek/util.h"
#include "zeek/zeek-config.h"
#ifdef DEBUG
#define DEBUG_STR(msg) DBG_LOG(zeek::DBG_STRING, msg)

4
src/ZeekString.h
View file

@ -2,13 +2,13 @@
#pragma once
#include "zeek/zeek-config.h"
#include <sys/types.h>
#include <iosfwd>
#include <string>
#include <vector>
#include "zeek/zeek-config.h"
namespace zeek
{

3
src/analyzer/Component.h
View file

@ -2,11 +2,12 @@
#pragma once
#include "zeek/zeek-config.h"
#include "zeek/analyzer/Tag.h"
#include "zeek/plugin/Component.h"
#include "zeek/plugin/TaggedComponent.h"
#include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek
{

3
src/analyzer/Tag.h
View file

@ -3,9 +3,10 @@
#pragma once
#include "zeek/Tag.h"
#include "zeek/zeek-config.h"
#include "zeek/Tag.h"
namespace zeek
{

319
src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
View file

@ -256,55 +256,55 @@ bool BitTorrentTracker_Analyzer::ParseRequest(char* line)
switch ( req_state )
{
case detail::BTT_REQ_GET:
{
regmatch_t match[1];
if ( regexec(&r_get, line, 1, match, 0) )
{
regmatch_t match[1];
if ( regexec(&r_get, line, 1, match, 0) )
ProtocolViolation("BitTorrentTracker: invalid HTTP GET");
stop_orig = true;
return false;
}
regmatch_t match_end[1];
if ( ! regexec(&r_get_end, line, 1, match_end, 0) )
{
if ( match_end[0].rm_so <= match[0].rm_eo )
{
ProtocolViolation("BitTorrentTracker: invalid HTTP GET");
stop_orig = true;
return false;
}
regmatch_t match_end[1];
if ( ! regexec(&r_get_end, line, 1, match_end, 0) )
{
if ( match_end[0].rm_so <= match[0].rm_eo )
{
ProtocolViolation("BitTorrentTracker: invalid HTTP GET");
stop_orig = true;
return false;
}
keep_alive = (line[match_end[0].rm_eo - 1] == '1');
line[match_end[0].rm_so] = 0;
}
RequestGet(&line[match[0].rm_eo]);
req_state = detail::BTT_REQ_HEADER;
keep_alive = (line[match_end[0].rm_eo - 1] == '1');
line[match_end[0].rm_so] = 0;
}
RequestGet(&line[match[0].rm_eo]);
req_state = detail::BTT_REQ_HEADER;
}
break;
case detail::BTT_REQ_HEADER:
{
if ( ! *line )
{
if ( ! *line )
{
EmitRequest();
req_state = detail::BTT_REQ_DONE;
break;
}
regmatch_t match[1];
if ( regexec(&r_hdr, line, 1, match, 0) )
{
ProtocolViolation("BitTorrentTracker: invalid HTTP request header");
stop_orig = true;
return false;
}
*strchr(line, ':') = 0; // this cannot fail - see regex_hdr
RequestHeader(line, &line[match[0].rm_eo]);
EmitRequest();
req_state = detail::BTT_REQ_DONE;
break;
}
regmatch_t match[1];
if ( regexec(&r_hdr, line, 1, match, 0) )
{
ProtocolViolation("BitTorrentTracker: invalid HTTP request header");
stop_orig = true;
return false;
}
*strchr(line, ':') = 0; // this cannot fail - see regex_hdr
RequestHeader(line, &line[match[0].rm_eo]);
}
break;
case detail::BTT_REQ_DONE:
@ -356,27 +356,27 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line)
switch ( res_state )
{
case detail::BTT_RES_STATUS:
{
if ( res_allow_blank_line && ! *line )
{
if ( res_allow_blank_line && ! *line )
{
// There may be an empty line after the bencoded
// directory, if this is a keep-alive connection.
// Ignore it.
res_allow_blank_line = false;
break;
}
regmatch_t match[1];
if ( regexec(&r_stat, line, 1, match, 0) )
{
ProtocolViolation("BitTorrentTracker: invalid HTTP status");
stop_resp = true;
return false;
}
ResponseStatus(&line[match[0].rm_eo]);
res_state = detail::BTT_RES_HEADER;
// There may be an empty line after the bencoded
// directory, if this is a keep-alive connection.
// Ignore it.
res_allow_blank_line = false;
break;
}
regmatch_t match[1];
if ( regexec(&r_stat, line, 1, match, 0) )
{
ProtocolViolation("BitTorrentTracker: invalid HTTP status");
stop_resp = true;
return false;
}
ResponseStatus(&line[match[0].rm_eo]);
res_state = detail::BTT_RES_HEADER;
}
break;
case detail::BTT_RES_HEADER:
@ -523,127 +523,122 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void)
switch ( benc_state )
{
case detail::BENC_STATE_EMPTY:
{
switch ( res_buf_pos[0] )
{
switch ( res_buf_pos[0] )
{
case 'd':
switch ( benc_stack.size() )
{
case 0:
break;
case 1:
benc_raw = res_buf_pos;
benc_raw_type = detail::BENC_TYPE_DIR;
/* fall through */
default:
VIOLATION_IF(benc_stack.back() == 'd' &&
! (benc_count.back() % 2),
"BitTorrentTracker: directory key is not a string "
"but a directory")
++benc_raw_len;
}
benc_stack.push_back('d');
benc_count.push_back(0);
break;
case 'l':
switch ( benc_stack.size() )
{
case 0:
VIOLATION_IF(1, "BitTorrentTracker: not a bencoded directory "
"(first char: l)")
/* fall through */
case 1:
benc_raw = res_buf_pos;
benc_raw_type = detail::BENC_TYPE_LIST;
/* fall through */
default:
VIOLATION_IF(benc_stack.back() == 'd' &&
! (benc_count.back() % 2),
"BitTorrentTracker: directory key is not a string "
"but a list")
++benc_raw_len;
}
benc_stack.push_back('l');
benc_count.push_back(0);
break;
case 'i':
VIOLATION_IF(
! benc_stack.size(),
"BitTorrentTracker: not a bencoded directory (first char: i)")
VIOLATION_IF(
benc_stack.back() == 'd' && ! (benc_count.back() % 2),
"BitTorrentTracker: directory key is not a string but an int")
if ( benc_raw_type != detail::BENC_TYPE_NONE )
case 'd':
switch ( benc_stack.size() )
{
case 0:
break;
case 1:
benc_raw = res_buf_pos;
benc_raw_type = detail::BENC_TYPE_DIR;
/* fall through */
default:
VIOLATION_IF(benc_stack.back() == 'd' && ! (benc_count.back() % 2),
"BitTorrentTracker: directory key is not a string "
"but a directory")
++benc_raw_len;
}
benc_state = detail::BENC_STATE_INT1;
break;
benc_stack.push_back('d');
benc_count.push_back(0);
break;
case 'e':
VIOLATION_IF(
! benc_stack.size(),
"BitTorrentTracker: not a bencoded directory (first char: e)")
VIOLATION_IF(benc_stack.back() == 'd' && benc_count.back() % 2,
"BitTorrentTracker: directory has an odd count of members")
case 'l':
switch ( benc_stack.size() )
{
case 0:
VIOLATION_IF(1, "BitTorrentTracker: not a bencoded directory "
"(first char: l)")
/* fall through */
if ( benc_raw_type != detail::BENC_TYPE_NONE )
case 1:
benc_raw = res_buf_pos;
benc_raw_type = detail::BENC_TYPE_LIST;
/* fall through */
default:
VIOLATION_IF(benc_stack.back() == 'd' && ! (benc_count.back() % 2),
"BitTorrentTracker: directory key is not a string "
"but a list")
++benc_raw_len;
}
if ( benc_stack.size() == 2 )
{ // coming back to level 1
ResponseBenc(benc_key_len, benc_key, benc_raw_type, benc_raw_len,
benc_raw);
benc_key = nullptr;
benc_key_len = 0;
benc_raw = nullptr;
benc_raw_len = 0;
benc_raw_type = detail::BENC_TYPE_NONE;
}
benc_stack.push_back('l');
benc_count.push_back(0);
break;
benc_stack.pop_back();
benc_count.pop_back();
case 'i':
VIOLATION_IF(! benc_stack.size(),
"BitTorrentTracker: not a bencoded directory (first char: i)")
VIOLATION_IF(benc_stack.back() == 'd' && ! (benc_count.back() % 2),
"BitTorrentTracker: directory key is not a string but an int")
if ( benc_stack.size() )
INC_COUNT
else
{ // benc parsing successful
++res_buf_pos;
return 0;
}
break;
if ( benc_raw_type != detail::BENC_TYPE_NONE )
++benc_raw_len;
case '0':
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
VIOLATION_IF(
! benc_stack.size(),
"BitTorrentTracker: not a bencoded directory (first char: [0-9])")
benc_state = detail::BENC_STATE_INT1;
break;
if ( benc_raw_type != detail::BENC_TYPE_NONE )
++benc_raw_len;
case 'e':
VIOLATION_IF(! benc_stack.size(),
"BitTorrentTracker: not a bencoded directory (first char: e)")
VIOLATION_IF(benc_stack.back() == 'd' && benc_count.back() % 2,
"BitTorrentTracker: directory has an odd count of members")
benc_strlen = res_buf_pos;
benc_state = detail::BENC_STATE_STR1;
break;
if ( benc_raw_type != detail::BENC_TYPE_NONE )
++benc_raw_len;
default:
VIOLATION_IF(1, "BitTorrentTracker: no valid bencoding")
}
if ( benc_stack.size() == 2 )
{ // coming back to level 1
ResponseBenc(benc_key_len, benc_key, benc_raw_type, benc_raw_len,
benc_raw);
benc_key = nullptr;
benc_key_len = 0;
benc_raw = nullptr;
benc_raw_len = 0;
benc_raw_type = detail::BENC_TYPE_NONE;
}
benc_stack.pop_back();
benc_count.pop_back();
if ( benc_stack.size() )
INC_COUNT
else
{ // benc parsing successful
++res_buf_pos;
return 0;
}
break;
case '0':
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
VIOLATION_IF(
! benc_stack.size(),
"BitTorrentTracker: not a bencoded directory (first char: [0-9])")
if ( benc_raw_type != detail::BENC_TYPE_NONE )
++benc_raw_len;
benc_strlen = res_buf_pos;
benc_state = detail::BENC_STATE_STR1;
break;
default:
VIOLATION_IF(1, "BitTorrentTracker: no valid bencoding")
}
}
break;
case detail::BENC_STATE_INT1:

4
src/analyzer/protocol/dce-rpc/DCE_RPC.cc
View file

@ -2,12 +2,12 @@
#include "zeek/analyzer/protocol/dce-rpc/DCE_RPC.h"
#include "zeek/zeek-config.h"
#include <stdlib.h>
#include <map>
#include <string>
#include "zeek/zeek-config.h"
using namespace std;
namespace zeek::analyzer::dce_rpc

361
src/analyzer/protocol/dns/DNS.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/dns/DNS.h"
#include "zeek/zeek-config.h"
#include <arpa/inet.h>
#include <ctype.h>
#include <netinet/in.h>
@ -14,7 +16,6 @@
#include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/dns/events.bif.h"
#include "zeek/session/Manager.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::dns
{
@ -697,190 +698,188 @@ bool DNS_Interpreter::ParseRR_EDNS(detail::DNS_MsgInfo* msg, const u_char*& data
switch ( option_code )
{
case detail::TYPE_ECS:
{
// must be 4 bytes + variable number of octets for address
if ( option_len <= 4 )
{
// must be 4 bytes + variable number of octets for address
if ( option_len <= 4 )
{
analyzer->Weird("EDNS_ECS_invalid_option_len");
data += option_len;
break;
}
detail::EDNS_ECS opt{};
uint16_t ecs_family = ExtractShort(data, option_len);
uint16_t source_scope = ExtractShort(data, option_len);
opt.ecs_src_pfx_len = (source_scope >> 8) & 0xff;
opt.ecs_scp_pfx_len = source_scope & 0xff;
// ADDRESS, variable number of octets, contains either an IPv4 or
// IPv6 address, depending on FAMILY, which MUST be truncated to the
// number of bits indicated by the SOURCE PREFIX-LENGTH field,
// padding with 0 bits to pad to the end of the last octet needed.
if ( ecs_family == L3_IPV4 )
{
if ( opt.ecs_src_pfx_len > 32 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v4_prefix",
util::fmt("%" PRIu16 " bits", opt.ecs_src_pfx_len));
data += option_len;
break;
}
if ( opt.ecs_src_pfx_len > option_len * 8 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v4",
util::fmt("need %" PRIu16 " bits, have %d bits",
opt.ecs_src_pfx_len, option_len * 8));
data += option_len;
break;
}
opt.ecs_family = make_intrusive<StringVal>("v4");
uint32_t addr = 0;
uint16_t shift_factor = 3;
int bits_left = opt.ecs_src_pfx_len;
while ( bits_left > 0 )
{
addr |= data[0] << (shift_factor * 8);
data++;
shift_factor--;
option_len--;
bits_left -= 8;
}
addr = htonl(addr);
opt.ecs_addr = make_intrusive<AddrVal>(addr);
}
else if ( ecs_family == L3_IPV6 )
{
if ( opt.ecs_src_pfx_len > 128 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v6_prefix",
util::fmt("%" PRIu16 " bits", opt.ecs_src_pfx_len));
data += option_len;
break;
}
if ( opt.ecs_src_pfx_len > option_len * 8 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v6",
util::fmt("need %" PRIu16 " bits, have %d bits",
opt.ecs_src_pfx_len, option_len * 8));
data += option_len;
break;
}
opt.ecs_family = make_intrusive<StringVal>("v6");
uint32_t addr[4] = {0};
uint16_t shift_factor = 15;
int bits_left = opt.ecs_src_pfx_len;
int i = 0;
while ( bits_left > 0 )
{
addr[i / 4] |= data[0] << ((shift_factor % 4) * 8);
data++;
i++;
shift_factor--;
option_len--;
bits_left -= 8;
}
for ( uint8_t i = 0; i < 4; i++ )
{
addr[i] = htonl(addr[i]);
}
opt.ecs_addr = make_intrusive<AddrVal>(addr);
}
else
{
// non ipv4/ipv6 family address
data += option_len;
break;
}
analyzer->EnqueueConnEvent(dns_EDNS_ecs, analyzer->ConnVal(),
msg->BuildHdrVal(), msg->BuildEDNS_ECS_Val(&opt));
data += option_len;
break;
} // END EDNS ECS
case TYPE_TCP_KA:
{
EDNS_TCP_KEEPALIVE edns_tcp_keepalive{.keepalive_timeout_omitted = true,
.keepalive_timeout = 0};
if ( option_len == 0 || option_len == 2 )
{
// 0 bytes is permitted by RFC 7828, showing that the timeout value is
// omitted.
if ( option_len == 2 )
{
edns_tcp_keepalive.keepalive_timeout = ExtractShort(data, option_len);
edns_tcp_keepalive.keepalive_timeout_omitted = false;
}
if ( analyzer->Conn()->ConnTransport() == TRANSPORT_UDP )
{
/*
* Based on RFC 7828 (3.2.1/3.2.2), clients and servers MUST NOT
* negotiate TCP Keepalive timeout in DNS-over-UDP.
*/
analyzer->Weird("EDNS_TCP_Keepalive_In_UDP");
}
analyzer->EnqueueConnEvent(dns_EDNS_tcp_keepalive, analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildEDNS_TCP_KA_Val(&edns_tcp_keepalive));
}
else
{
// error. MUST BE 0 or 2 bytes. skip
data += option_len;
}
break;
} // END EDNS TCP KEEPALIVE
case TYPE_COOKIE:
{
EDNS_COOKIE cookie{};
if ( option_len != 8 && ! (option_len >= 16 && option_len <= 40) )
{
/*
* option length for DNS Cookie must be 8 bytes (with client cookie only)
* OR
* between 16 bytes to 40 bytes (with an 8 bytes client and an 8 to 32 bytes
* server cookie)
*/
data += option_len;
break;
}
int client_cookie_len = 8;
int server_cookie_len = option_len - client_cookie_len;
cookie.client_cookie =
ExtractStream(data, client_cookie_len, client_cookie_len);
cookie.server_cookie = nullptr;
if ( server_cookie_len >= 8 )
{
cookie.server_cookie =
ExtractStream(data, server_cookie_len, server_cookie_len);
}
analyzer->EnqueueConnEvent(dns_EDNS_cookie, analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildEDNS_COOKIE_Val(&cookie));
break;
} // END EDNS COOKIE
default:
{
analyzer->Weird("EDNS_ECS_invalid_option_len");
data += option_len;
break;
}
detail::EDNS_ECS opt{};
uint16_t ecs_family = ExtractShort(data, option_len);
uint16_t source_scope = ExtractShort(data, option_len);
opt.ecs_src_pfx_len = (source_scope >> 8) & 0xff;
opt.ecs_scp_pfx_len = source_scope & 0xff;
// ADDRESS, variable number of octets, contains either an IPv4 or
// IPv6 address, depending on FAMILY, which MUST be truncated to the
// number of bits indicated by the SOURCE PREFIX-LENGTH field,
// padding with 0 bits to pad to the end of the last octet needed.
if ( ecs_family == L3_IPV4 )
{
if ( opt.ecs_src_pfx_len > 32 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v4_prefix",
util::fmt("%" PRIu16 " bits", opt.ecs_src_pfx_len));
data += option_len;
break;
}
if ( opt.ecs_src_pfx_len > option_len * 8 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v4",
util::fmt("need %" PRIu16 " bits, have %d bits",
opt.ecs_src_pfx_len, option_len * 8));
data += option_len;
break;
}
opt.ecs_family = make_intrusive<StringVal>("v4");
uint32_t addr = 0;
uint16_t shift_factor = 3;
int bits_left = opt.ecs_src_pfx_len;
while ( bits_left > 0 )
{
addr |= data[0] << (shift_factor * 8);
data++;
shift_factor--;
option_len--;
bits_left -= 8;
}
addr = htonl(addr);
opt.ecs_addr = make_intrusive<AddrVal>(addr);
}
else if ( ecs_family == L3_IPV6 )
{
if ( opt.ecs_src_pfx_len > 128 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v6_prefix",
util::fmt("%" PRIu16 " bits", opt.ecs_src_pfx_len));
data += option_len;
break;
}
if ( opt.ecs_src_pfx_len > option_len * 8 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v6",
util::fmt("need %" PRIu16 " bits, have %d bits",
opt.ecs_src_pfx_len, option_len * 8));
data += option_len;
break;
}
opt.ecs_family = make_intrusive<StringVal>("v6");
uint32_t addr[4] = {0};
uint16_t shift_factor = 15;
int bits_left = opt.ecs_src_pfx_len;
int i = 0;
while ( bits_left > 0 )
{
addr[i / 4] |= data[0] << ((shift_factor % 4) * 8);
data++;
i++;
shift_factor--;
option_len--;
bits_left -= 8;
}
for ( uint8_t i = 0; i < 4; i++ )
{
addr[i] = htonl(addr[i]);
}
opt.ecs_addr = make_intrusive<AddrVal>(addr);
}
else
{
// non ipv4/ipv6 family address
data += option_len;
break;
}
analyzer->EnqueueConnEvent(dns_EDNS_ecs, analyzer->ConnVal(), msg->BuildHdrVal(),
msg->BuildEDNS_ECS_Val(&opt));
data += option_len;
break;
} // END EDNS ECS
case TYPE_TCP_KA:
{
EDNS_TCP_KEEPALIVE edns_tcp_keepalive{.keepalive_timeout_omitted = true,
.keepalive_timeout = 0};
if ( option_len == 0 || option_len == 2 )
{
// 0 bytes is permitted by RFC 7828, showing that the timeout value is
// omitted.
if ( option_len == 2 )
{
edns_tcp_keepalive.keepalive_timeout = ExtractShort(data, option_len);
edns_tcp_keepalive.keepalive_timeout_omitted = false;
}
if ( analyzer->Conn()->ConnTransport() == TRANSPORT_UDP )
{
/*
* Based on RFC 7828 (3.2.1/3.2.2), clients and servers MUST NOT
* negotiate TCP Keepalive timeout in DNS-over-UDP.
*/
analyzer->Weird("EDNS_TCP_Keepalive_In_UDP");
}
analyzer->EnqueueConnEvent(dns_EDNS_tcp_keepalive, analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildEDNS_TCP_KA_Val(&edns_tcp_keepalive));
}
else
{
// error. MUST BE 0 or 2 bytes. skip
data += option_len;
}
break;
} // END EDNS TCP KEEPALIVE
case TYPE_COOKIE:
{
EDNS_COOKIE cookie{};
if ( option_len != 8 && ! (option_len >= 16 && option_len <= 40) )
{
/*
* option length for DNS Cookie must be 8 bytes (with client cookie only)
* OR
* between 16 bytes to 40 bytes (with an 8 bytes client and an 8 to 32 bytes
* server cookie)
*/
data += option_len;
break;
}
int client_cookie_len = 8;
int server_cookie_len = option_len - client_cookie_len;
cookie.client_cookie = ExtractStream(data, client_cookie_len, client_cookie_len);
cookie.server_cookie = nullptr;
if ( server_cookie_len >= 8 )
{
cookie.server_cookie = ExtractStream(data, server_cookie_len,
server_cookie_len);
}
analyzer->EnqueueConnEvent(dns_EDNS_cookie, analyzer->ConnVal(), msg->BuildHdrVal(),
msg->BuildEDNS_COOKIE_Val(&cookie));
break;
} // END EDNS COOKIE
default:
{
data += option_len;
break;
}
}
}

3
src/analyzer/protocol/finger/Finger.cc
View file

@ -2,13 +2,14 @@
#include "zeek/analyzer/protocol/finger/Finger.h"
#include "zeek/zeek-config.h"
#include <ctype.h>
#include "zeek/Event.h"
#include "zeek/NetVar.h"
#include "zeek/analyzer/protocol/finger/events.bif.h"
#include "zeek/analyzer/protocol/tcp/ContentLine.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::finger
{

3
src/analyzer/protocol/ftp/FTP.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/ftp/FTP.h"
#include "zeek/zeek-config.h"
#include <stdlib.h>
#include "zeek/Base64.h"
@ -12,7 +14,6 @@
#include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/ftp/events.bif.h"
#include "zeek/analyzer/protocol/login/NVT.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::ftp
{

3
src/analyzer/protocol/gnutella/Gnutella.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/gnutella/Gnutella.h"
#include "zeek/zeek-config.h"
#include <ctype.h>
#include <algorithm>
@ -10,7 +12,6 @@
#include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/gnutella/events.bif.h"
#include "zeek/analyzer/protocol/pia/PIA.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::gnutella
{

88
src/analyzer/protocol/http/HTTP.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/http/HTTP.h"
#include "zeek/zeek-config.h"
#include <ctype.h>
#include <math.h>
#include <stdlib.h>
@ -13,7 +15,6 @@
#include "zeek/analyzer/protocol/http/events.bif.h"
#include "zeek/analyzer/protocol/mime/MIME.h"
#include "zeek/file_analysis/Manager.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::http
{
@ -329,10 +330,10 @@ void HTTP_Entity::SubmitData(int len, const char* buf)
else
{
if ( send_size && content_length > 0 )
precomputed_file_id =
file_mgr->SetSize(content_length, http_message->MyHTTP_Analyzer()->GetAnalyzerTag(),
http_message->MyHTTP_Analyzer()->Conn(), http_message->IsOrig(),
precomputed_file_id);
precomputed_file_id = file_mgr->SetSize(
content_length, http_message->MyHTTP_Analyzer()->GetAnalyzerTag(),
http_message->MyHTTP_Analyzer()->Conn(), http_message->IsOrig(),
precomputed_file_id);
precomputed_file_id = file_mgr->DataIn(reinterpret_cast<const u_char*>(buf), len,
http_message->MyHTTP_Analyzer()->GetAnalyzerTag(),
@ -893,8 +894,8 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
const char* line = reinterpret_cast<const char*>(data);
const char* end_of_line = line + len;
analyzer::tcp::ContentLine_Analyzer* content_line =
is_orig ? content_line_orig : content_line_resp;
analyzer::tcp::ContentLine_Analyzer* content_line = is_orig ? content_line_orig
: content_line_resp;
if ( content_line->IsPlainDelivery() )
{
@ -924,52 +925,51 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
switch ( request_state )
{
case EXPECT_REQUEST_LINE:
{
int res = HTTP_RequestLine(line, end_of_line);
if ( res < 0 )
return;
else if ( res > 0 )
{
int res = HTTP_RequestLine(line, end_of_line);
++num_requests;
if ( res < 0 )
return;
if ( ! keep_alive && num_requests > 1 )
Weird("unexpected_multiple_HTTP_requests");
else if ( res > 0 )
{
++num_requests;
if ( ! keep_alive && num_requests > 1 )
Weird("unexpected_multiple_HTTP_requests");
request_state = EXPECT_REQUEST_MESSAGE;
request_ongoing = 1;
unanswered_requests.push(request_method);
HTTP_Request();
InitHTTPMessage(content_line, request_message, is_orig, HTTP_BODY_MAYBE,
len);
}
request_state = EXPECT_REQUEST_MESSAGE;
request_ongoing = 1;
unanswered_requests.push(request_method);
HTTP_Request();
InitHTTPMessage(content_line, request_message, is_orig, HTTP_BODY_MAYBE, len);
}
else
{
if ( ! RequestExpected() )
HTTP_Event("crud_trailing_HTTP_request",
analyzer::mime::to_string_val(line, end_of_line));
else
{
if ( ! RequestExpected() )
HTTP_Event("crud_trailing_HTTP_request",
analyzer::mime::to_string_val(line, end_of_line));
// We do see HTTP requests with a
// trailing EOL that's not accounted
// for by the content-length. This
// will lead to a call to this method
// with len==0 while we are expecting
// a new request. Since HTTP servers
// handle such requests gracefully,
// we should do so as well.
if ( len == 0 )
Weird("empty_http_request");
else
{
// We do see HTTP requests with a
// trailing EOL that's not accounted
// for by the content-length. This
// will lead to a call to this method
// with len==0 while we are expecting
// a new request. Since HTTP servers
// handle such requests gracefully,
// we should do so as well.
if ( len == 0 )
Weird("empty_http_request");
else
{
ProtocolViolation("not a http request line");
request_state = EXPECT_REQUEST_NOTHING;
}
ProtocolViolation("not a http request line");
request_state = EXPECT_REQUEST_NOTHING;
}
}
}
}
break;
case EXPECT_REQUEST_MESSAGE:
@ -1063,8 +1063,8 @@ void HTTP_Analyzer::Undelivered(uint64_t seq, int len, bool is_orig)
HTTP_Message* msg = is_orig ? request_message : reply_message;
analyzer::tcp::ContentLine_Analyzer* content_line =
is_orig ? content_line_orig : content_line_resp;
analyzer::tcp::ContentLine_Analyzer* content_line = is_orig ? content_line_orig
: content_line_resp;
if ( ! content_line->IsSkippedContents(seq, len) )
{

3
src/analyzer/protocol/ident/Ident.cc
View file

@ -2,13 +2,14 @@
#include "zeek/analyzer/protocol/ident/Ident.h"
#include "zeek/zeek-config.h"
#include <ctype.h>
#include "zeek/Event.h"
#include "zeek/NetVar.h"
#include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/ident/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::ident
{

62
src/analyzer/protocol/irc/IRC.cc
View file

@ -279,7 +279,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
make_intrusive<StringVal>(type.c_str()),
make_intrusive<StringVal>(channel.c_str()), std::move(set));
}
break;
break;
// Count of users and services on this server.
case 255:
@ -456,38 +456,38 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
// RPL_TOPIC reply.
case 332:
{
if ( ! irc_channel_topic )
break;
vector<string> parts = SplitWords(params, ' ');
if ( parts.size() < 4 )
{
Weird("irc_invalid_topic_reply");
return;
}
unsigned int pos = params.find(':');
if ( pos < params.size() )
{
string topic = params.substr(pos + 1);
const char* t = topic.c_str();
if ( *t == ':' )
++t;
EnqueueConnEvent(irc_channel_topic, ConnVal(), val_mgr->Bool(orig),
make_intrusive<StringVal>(parts[1].c_str()),
make_intrusive<StringVal>(t));
}
else
{
Weird("irc_invalid_topic_reply");
return;
}
}
{
if ( ! irc_channel_topic )
break;
vector<string> parts = SplitWords(params, ' ');
if ( parts.size() < 4 )
{
Weird("irc_invalid_topic_reply");
return;
}
unsigned int pos = params.find(':');
if ( pos < params.size() )
{
string topic = params.substr(pos + 1);
const char* t = topic.c_str();
if ( *t == ':' )
++t;
EnqueueConnEvent(irc_channel_topic, ConnVal(), val_mgr->Bool(orig),
make_intrusive<StringVal>(parts[1].c_str()),
make_intrusive<StringVal>(t));
}
else
{
Weird("irc_invalid_topic_reply");
return;
}
}
break;
// WHO reply line.
case 352:
{

4
src/analyzer/protocol/krb/KRB.h
View file

@ -2,10 +2,10 @@
#pragma once
#include <mutex>
#include "zeek/zeek-config.h"
#include <mutex>
#ifdef USE_KRB5
#include <krb5.h>
#endif

3
src/analyzer/protocol/login/Login.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/login/Login.h"
#include "zeek/zeek-config.h"
#include <ctype.h>
#include <stdlib.h>
@ -12,7 +14,6 @@
#include "zeek/Var.h"
#include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/login/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::login
{

36
src/analyzer/protocol/login/NVT.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/login/NVT.h"
#include "zeek/zeek-config.h"
#include <stdlib.h>
#include "zeek/Event.h"
@ -10,7 +12,6 @@
#include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/login/events.bif.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"
#include "zeek/zeek-config.h"
#define IS_3_BYTE_OPTION(c) (c >= 251 && c <= 254)
@ -207,20 +208,19 @@ void TelnetAuthenticateOption::RecvSubOption(u_char* data, int len)
switch ( data[0] )
{
case HERE_IS_AUTHENTICATION:
{
TelnetAuthenticateOption* peer = (TelnetAuthenticateOption*)endp->FindPeerOption(code);
if ( ! peer )
{
TelnetAuthenticateOption* peer =
(TelnetAuthenticateOption*)endp->FindPeerOption(code);
if ( ! peer )
{
reporter->AnalyzerError(
endp, "option peer missing in TelnetAuthenticateOption::RecvSubOption");
return;
}
if ( ! peer->DidRequestAuthentication() )
InconsistentOption(0);
reporter->AnalyzerError(
endp, "option peer missing in TelnetAuthenticateOption::RecvSubOption");
return;
}
if ( ! peer->DidRequestAuthentication() )
InconsistentOption(0);
}
break;
case SEND_ME_AUTHENTICATION:
@ -246,11 +246,11 @@ void TelnetAuthenticateOption::RecvSubOption(u_char* data, int len)
break;
case AUTHENTICATION_NAME:
{
char* auth_name = new char[len];
util::safe_strncpy(auth_name, (char*)data + 1, len);
endp->SetAuthName(auth_name);
}
{
char* auth_name = new char[len];
util::safe_strncpy(auth_name, (char*)data + 1, len);
endp->SetAuthName(auth_name);
}
break;
default:

3
src/analyzer/protocol/login/RSH.cc
View file

@ -2,11 +2,12 @@
#include "zeek/analyzer/protocol/login/RSH.h"
#include "zeek/zeek-config.h"
#include "zeek/Event.h"
#include "zeek/NetVar.h"
#include "zeek/Reporter.h"
#include "zeek/analyzer/protocol/login/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::login
{

3
src/analyzer/protocol/login/Rlogin.cc
View file

@ -2,11 +2,12 @@
#include "zeek/analyzer/protocol/login/Rlogin.h"
#include "zeek/zeek-config.h"
#include "zeek/Event.h"
#include "zeek/NetVar.h"
#include "zeek/Reporter.h"
#include "zeek/analyzer/protocol/login/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::login
{

3
src/analyzer/protocol/login/Telnet.cc
View file

@ -2,9 +2,10 @@
#include "zeek/analyzer/protocol/login/Telnet.h"
#include "zeek/zeek-config.h"
#include "zeek/analyzer/protocol/login/NVT.h"
#include "zeek/analyzer/protocol/login/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::login
{

9
src/analyzer/protocol/mime/MIME.cc
View file

@ -1,12 +1,13 @@
#include "zeek/analyzer/protocol/mime/MIME.h"
#include "zeek/zeek-config.h"
#include "zeek/Base64.h"
#include "zeek/NetVar.h"
#include "zeek/Reporter.h"
#include "zeek/analyzer/protocol/mime/events.bif.h"
#include "zeek/digest.h"
#include "zeek/file_analysis/Manager.h"
#include "zeek/zeek-config.h"
// Here are a few things to do:
//
@ -1460,9 +1461,9 @@ void MIME_Mail::SubmitData(int len, const char* buf)
make_intrusive<StringVal>(data_len, data));
}
cur_entity_id =
file_mgr->DataIn(reinterpret_cast<const u_char*>(buf), len, analyzer->GetAnalyzerTag(),
analyzer->Conn(), is_orig, cur_entity_id);
cur_entity_id = file_mgr->DataIn(reinterpret_cast<const u_char*>(buf), len,
analyzer->GetAnalyzerTag(), analyzer->Conn(), is_orig,
cur_entity_id);
cur_entity_len += len;
buffer_start = (buf + len) - (char*)data_buffer->Bytes();

3
src/analyzer/protocol/ncp/NCP.cc
View file

@ -2,13 +2,14 @@
#include "zeek/analyzer/protocol/ncp/NCP.h"
#include "zeek/zeek-config.h"
#include <stdlib.h>
#include <map>
#include <string>
#include "zeek/analyzer/protocol/ncp/consts.bif.h"
#include "zeek/analyzer/protocol/ncp/events.bif.h"
#include "zeek/zeek-config.h"
using namespace std;

3
src/analyzer/protocol/netbios/NetbiosSSN.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/netbios/NetbiosSSN.h"
#include "zeek/zeek-config.h"
#include <ctype.h>
#include "zeek/Event.h"
@ -10,7 +12,6 @@
#include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/netbios/events.bif.h"
#include "zeek/session/Manager.h"
#include "zeek/zeek-config.h"
constexpr double netbios_ssn_session_timeout = 15.0;

20
src/analyzer/protocol/pia/PIA.cc
View file

@ -106,9 +106,9 @@ void PIA::PIA_DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t
if ( (pkt_buffer.state == BUFFERING || new_state == BUFFERING) && len > 0 )
{
AddToBuffer(&pkt_buffer, seq, len, data, is_orig, ip);
if ( pkt_buffer.size > zeek::detail::dpd_buffer_size || ++pkt_buffer.chunks > zeek::detail::dpd_max_packets )
new_state = zeek::detail::dpd_match_only_beginning ?
SKIPPING : MATCHING_ONLY;
if ( pkt_buffer.size > zeek::detail::dpd_buffer_size ||
++pkt_buffer.chunks > zeek::detail::dpd_max_packets )
new_state = zeek::detail::dpd_match_only_beginning ? SKIPPING : MATCHING_ONLY;
}
// FIXME: I'm not sure why it does not work with eol=true...
@ -280,9 +280,9 @@ void PIA_TCP::DeliverStream(int len, const u_char* data, bool is_orig)
if ( stream_buffer.state == BUFFERING || new_state == BUFFERING )
{
AddToBuffer(&stream_buffer, len, data, is_orig);
if ( stream_buffer.size > zeek::detail::dpd_buffer_size || ++stream_buffer.chunks > zeek::detail::dpd_max_packets )
new_state = zeek::detail::dpd_match_only_beginning ?
SKIPPING : MATCHING_ONLY;
if ( stream_buffer.size > zeek::detail::dpd_buffer_size ||
++stream_buffer.chunks > zeek::detail::dpd_max_packets )
new_state = zeek::detail::dpd_match_only_beginning ? SKIPPING : MATCHING_ONLY;
}
DoMatch(data, len, is_orig, false, false, false, nullptr);
@ -382,11 +382,11 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule
auto* tcp = static_cast<packet_analysis::TCP::TCPSessionAdapter*>(Parent());
auto* reass_orig =
new tcp::TCP_Reassembler(this, tcp, tcp::TCP_Reassembler::Direct, tcp->Orig());
auto* reass_orig = new tcp::TCP_Reassembler(this, tcp, tcp::TCP_Reassembler::Direct,
tcp->Orig());
auto* reass_resp =
new tcp::TCP_Reassembler(this, tcp, tcp::TCP_Reassembler::Direct, tcp->Resp());
auto* reass_resp = new tcp::TCP_Reassembler(this, tcp, tcp::TCP_Reassembler::Direct,
tcp->Resp());
uint64_t orig_seq = 0;
uint64_t resp_seq = 0;

119
src/analyzer/protocol/pop3/POP3.cc
View file

@ -3,6 +3,8 @@
#include "zeek/analyzer/protocol/pop3/POP3.h"
#include "zeek/zeek-config.h"
#include <ctype.h>
#include <string>
#include <vector>
@ -11,7 +13,6 @@
#include "zeek/Reporter.h"
#include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/pop3/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::pop3
{
@ -154,57 +155,57 @@ void POP3_Analyzer::ProcessRequest(int length, const char* line)
break;
case detail::AUTH_PLAIN:
{
// Format: "authorization identity<NUL>authentication
// identity<NUL>password"
char* str = (char*)decoded->Bytes();
int len = decoded->Len();
char* end = str + len;
char* s;
char* e;
for ( s = str; s < end && *s; ++s )
;
++s;
for ( e = s; e < end && *e; ++e )
;
if ( e >= end )
{
// Format: "authorization identity<NUL>authentication
// identity<NUL>password"
char* str = (char*)decoded->Bytes();
int len = decoded->Len();
char* end = str + len;
char* s;
char* e;
for ( s = str; s < end && *s; ++s )
;
++s;
for ( e = s; e < end && *e; ++e )
;
if ( e >= end )
{
Weird("pop3_malformed_auth_plain");
delete decoded;
return;
}
user = s;
s = e + 1;
if ( s >= end )
{
Weird("pop3_malformed_auth_plain");
delete decoded;
return;
}
password.assign(s, len - (s - str));
break;
Weird("pop3_malformed_auth_plain");
delete decoded;
return;
}
user = s;
s = e + 1;
if ( s >= end )
{
Weird("pop3_malformed_auth_plain");
delete decoded;
return;
}
password.assign(s, len - (s - str));
break;
}
case detail::AUTH_CRAM_MD5:
{ // Format: "user<space>password-hash"
const char* s;
const char* str = (char*)decoded->CheckString();
{ // Format: "user<space>password-hash"
const char* s;
const char* str = (char*)decoded->CheckString();
for ( s = str; *s && *s != '\t' && *s != ' '; ++s )
;
for ( s = str; *s && *s != '\t' && *s != ' '; ++s )
;
user = std::string(str, s);
password = "";
user = std::string(str, s);
password = "";
break;
}
break;
}
case detail::AUTH:
break;
@ -584,10 +585,10 @@ void POP3_Analyzer::ProcessReply(int length, const char* line)
if ( multiLine == true )
{
bool terminator =
line[0] == '.' &&
(length == 1 || (length > 1 && (line[1] == '\n' ||
(length > 2 && line[1] == '\r' && line[2] == '\n'))));
bool terminator = line[0] == '.' &&
(length == 1 ||
(length > 1 && (line[1] == '\n' ||
(length > 2 && line[1] == '\r' && line[2] == '\n'))));
if ( terminator )
{
@ -693,16 +694,16 @@ void POP3_Analyzer::ProcessReply(int length, const char* line)
case detail::TOP:
case detail::RETR:
{
int data_len = end_of_line - line;
if ( ! mail )
// ProcessReply is only called if orig == false
BeginData(false);
ProcessData(data_len, line);
if ( requestForMultiLine == true )
multiLine = true;
break;
}
{
int data_len = end_of_line - line;
if ( ! mail )
// ProcessReply is only called if orig == false
BeginData(false);
ProcessData(data_len, line);
if ( requestForMultiLine == true )
multiLine = true;
break;
}
case detail::CAPA:
ProtocolConfirmation();

3
src/analyzer/protocol/rpc/MOUNT.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/rpc/MOUNT.h"
#include "zeek/zeek-config.h"
#include <algorithm>
#include <vector>
@ -10,7 +12,6 @@
#include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/rpc/XDR.h"
#include "zeek/analyzer/protocol/rpc/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::rpc
{

3
src/analyzer/protocol/rpc/NFS.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/rpc/NFS.h"
#include "zeek/zeek-config.h"
#include <utility>
#include <vector>
@ -10,7 +12,6 @@
#include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/rpc/XDR.h"
#include "zeek/analyzer/protocol/rpc/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::rpc
{

51
src/analyzer/protocol/rpc/Portmap.cc
View file

@ -2,11 +2,12 @@
#include "zeek/analyzer/protocol/rpc/Portmap.h"
#include "zeek/zeek-config.h"
#include "zeek/Event.h"
#include "zeek/NetVar.h"
#include "zeek/analyzer/protocol/rpc/XDR.h"
#include "zeek/analyzer/protocol/rpc/events.bif.h"
#include "zeek/zeek-config.h"
#define PMAPPROC_NULL 0
#define PMAPPROC_SET 1
@ -31,42 +32,42 @@ bool PortmapperInterp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n
break;
case PMAPPROC_SET:
{
auto m = ExtractMapping(buf, n);
if ( ! m )
return false;
c->AddVal(std::move(m));
}
{
auto m = ExtractMapping(buf, n);
if ( ! m )
return false;
c->AddVal(std::move(m));
}
break;
case PMAPPROC_UNSET:
{
auto m = ExtractMapping(buf, n);
if ( ! m )
return false;
c->AddVal(std::move(m));
}
{
auto m = ExtractMapping(buf, n);
if ( ! m )
return false;
c->AddVal(std::move(m));
}
break;
case PMAPPROC_GETPORT:
{
auto pr = ExtractPortRequest(buf, n);
if ( ! pr )
return false;
c->AddVal(std::move(pr));
}
{
auto pr = ExtractPortRequest(buf, n);
if ( ! pr )
return false;
c->AddVal(std::move(pr));
}
break;
case PMAPPROC_DUMP:
break;
case PMAPPROC_CALLIT:
{
auto call_it = ExtractCallItRequest(buf, n);
if ( ! call_it )
return false;
c->AddVal(std::move(call_it));
}
{
auto call_it = ExtractCallItRequest(buf, n);
if ( ! call_it )
return false;
c->AddVal(std::move(call_it));
}
break;
default:

108
src/analyzer/protocol/rpc/RPC.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/rpc/RPC.h"
#include "zeek/zeek-config.h"
#include <stdlib.h>
#include <string>
@ -11,7 +13,6 @@
#include "zeek/analyzer/protocol/rpc/XDR.h"
#include "zeek/analyzer/protocol/rpc/events.bif.h"
#include "zeek/session/Manager.h"
#include "zeek/zeek-config.h"
namespace
{ // local namespace
@ -68,8 +69,8 @@ RPC_CallInfo::RPC_CallInfo(uint32_t arg_xid, const u_char*& buf, int& n, double
stamp = extract_XDR_uint32(cred_opaque, cred_opaque_n);
int machinename_n;
constexpr auto max_machinename_len = 255;
auto mnp =
extract_XDR_opaque(cred_opaque, cred_opaque_n, machinename_n, max_machinename_len);
auto mnp = extract_XDR_opaque(cred_opaque, cred_opaque_n, machinename_n,
max_machinename_len);
if ( ! mnp )
{
@ -635,74 +636,73 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig)
// no break. fall through
case WAIT_FOR_MARKER:
{
bool got_marker = marker_buf.ConsumeChunk(data, len);
if ( got_marker )
{
bool got_marker = marker_buf.ConsumeChunk(data, len);
const u_char* dummy_p = marker_buf.GetBuf();
int dummy_len = (int)marker_buf.GetFill();
if ( got_marker )
// have full marker
marker = extract_XDR_uint32(dummy_p, dummy_len);
marker_buf.Init(4, 4);
if ( ! dummy_p )
{
const u_char* dummy_p = marker_buf.GetBuf();
int dummy_len = (int)marker_buf.GetFill();
// have full marker
marker = extract_XDR_uint32(dummy_p, dummy_len);
marker_buf.Init(4, 4);
if ( ! dummy_p )
{
reporter->AnalyzerError(this,
"inconsistent RPC record marker extraction");
return;
}
last_frag = (marker & 0x80000000) != 0;
marker &= 0x7fffffff;
// printf("%.6f %d marker= %u <> last_frag= %d <> expected=%llu <>
// processed= %llu <> len = %d\n", run_state::network_time, IsOrig(), marker,
//last_frag, msg_buf.GetExpected(), msg_buf.GetProcessed(), len);
if ( ! msg_buf.AddToExpected(marker) )
Conn()->Weird("RPC_message_too_long",
util::fmt("%" PRId64, msg_buf.GetExpected()));
if ( last_frag )
state = WAIT_FOR_LAST_DATA;
else
state = WAIT_FOR_DATA;
reporter->AnalyzerError(this, "inconsistent RPC record marker extraction");
return;
}
last_frag = (marker & 0x80000000) != 0;
marker &= 0x7fffffff;
// printf("%.6f %d marker= %u <> last_frag= %d <> expected=%llu <>
// processed= %llu <> len = %d\n", run_state::network_time, IsOrig(),
// marker,
// last_frag, msg_buf.GetExpected(), msg_buf.GetProcessed(), len);
if ( ! msg_buf.AddToExpected(marker) )
Conn()->Weird("RPC_message_too_long",
util::fmt("%" PRId64, msg_buf.GetExpected()));
if ( last_frag )
state = WAIT_FOR_LAST_DATA;
else
state = WAIT_FOR_DATA;
}
}
// Else remain in state. Haven't got the full 4 bytes
// for the marker yet.
break;
case WAIT_FOR_DATA:
case WAIT_FOR_LAST_DATA:
{
bool got_all_data = msg_buf.ConsumeChunk(data, len);
if ( got_all_data )
{
bool got_all_data = msg_buf.ConsumeChunk(data, len);
if ( got_all_data )
// Got all the data we expected. Now let's
// see whether there is another fragment
// coming or whether we just finished the
// last fragment.
if ( state == WAIT_FOR_LAST_DATA )
{
// Got all the data we expected. Now let's
// see whether there is another fragment
// coming or whether we just finished the
// last fragment.
if ( state == WAIT_FOR_LAST_DATA )
{
const u_char* dummy_p = msg_buf.GetBuf();
int dummy_len = (int)msg_buf.GetFill();
const u_char* dummy_p = msg_buf.GetBuf();
int dummy_len = (int)msg_buf.GetFill();
if ( ! interp->DeliverRPC(dummy_p, dummy_len,
(int)msg_buf.GetExpected(), IsOrig(),
start_time, last_time) )
Conn()->Weird("partial_RPC");
if ( ! interp->DeliverRPC(dummy_p, dummy_len, (int)msg_buf.GetExpected(),
IsOrig(), start_time, last_time) )
Conn()->Weird("partial_RPC");
state = WAIT_FOR_MESSAGE;
}
else
state = WAIT_FOR_MARKER;
state = WAIT_FOR_MESSAGE;
}
// Else remain in state. Haven't read all the data
// yet.
else
state = WAIT_FOR_MARKER;
}
// Else remain in state. Haven't read all the data
// yet.
}
break;
} // end switch
} // end while

3
src/analyzer/protocol/rpc/XDR.cc
View file

@ -2,11 +2,12 @@
#include "zeek/analyzer/protocol/rpc/XDR.h"
#include "zeek/zeek-config.h"
#include <string.h>
#include <algorithm>
#include "zeek/analyzer/protocol/rpc/events.bif.h"
#include "zeek/zeek-config.h"
uint32_t zeek::analyzer::rpc::extract_XDR_uint32(const u_char*& buf, int& len)
{

3
src/analyzer/protocol/smtp/SMTP.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/smtp/SMTP.h"
#include "zeek/zeek-config.h"
#include <stdlib.h>
#include "zeek/Event.h"
@ -9,7 +11,6 @@
#include "zeek/Reporter.h"
#include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/smtp/events.bif.h"
#include "zeek/zeek-config.h"
#undef SMTP_CMD_DEF
#define SMTP_CMD_DEF(cmd) #cmd,

24
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -42,14 +42,14 @@ TCP_Reassembler::TCP_Reassembler(analyzer::Analyzer* arg_dst_analyzer,
if ( ::tcp_contents )
{
static auto tcp_content_delivery_ports_orig =
id::find_val<TableVal>("tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp =
id::find_val<TableVal>("tcp_content_delivery_ports_resp");
const auto& dst_port_val =
val_mgr->Port(ntohs(tcp_analyzer->Conn()->RespPort()), TRANSPORT_TCP);
const auto& ports =
IsOrig() ? tcp_content_delivery_ports_orig : tcp_content_delivery_ports_resp;
static auto tcp_content_delivery_ports_orig = id::find_val<TableVal>(
"tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp = id::find_val<TableVal>(
"tcp_content_delivery_ports_resp");
const auto& dst_port_val = val_mgr->Port(ntohs(tcp_analyzer->Conn()->RespPort()),
TRANSPORT_TCP);
const auto& ports = IsOrig() ? tcp_content_delivery_ports_orig
: tcp_content_delivery_ports_resp;
auto result = ports->FindOrDefault(dst_port_val);
if ( (IsOrig() && zeek::detail::tcp_content_deliver_all_orig) ||
@ -519,10 +519,10 @@ void TCP_Reassembler::AckReceived(uint64_t seq)
// Nothing to do.
return;
bool test_active =
! skip_deliveries && ! tcp_analyzer->Skipping() &&
(BifConst::report_gaps_for_partial || (endp->state == TCP_ENDPOINT_ESTABLISHED &&
endp->peer->state == TCP_ENDPOINT_ESTABLISHED));
bool test_active = ! skip_deliveries && ! tcp_analyzer->Skipping() &&
(BifConst::report_gaps_for_partial ||
(endp->state == TCP_ENDPOINT_ESTABLISHED &&
endp->peer->state == TCP_ENDPOINT_ESTABLISHED));
uint64_t num_missing = TrimToSeq(seq);

3
src/analyzer/protocol/zip/ZIP.h
View file

@ -2,10 +2,11 @@
#pragma once
#include "zeek/zeek-config.h"
#include <zlib.h>
#include "zeek/analyzer/protocol/tcp/TCP.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::zip
{

364
src/broker/Data.cc
View file

@ -134,14 +134,14 @@ struct val_converter
case TYPE_STRING:
return make_intrusive<StringVal>(a.size(), a.data());
case TYPE_FILE:
{
auto file = File::Get(a.data());
{
auto file = File::Get(a.data());
if ( file )
return make_intrusive<FileVal>(std::move(file));
if ( file )
return make_intrusive<FileVal>(std::move(file));
return nullptr;
}
return nullptr;
}
default:
return nullptr;
}
@ -364,8 +364,8 @@ struct val_converter
unsigned int pos = 0;
for ( auto& item : a )
{
auto item_val =
data_to_val(move(item), pure ? lt->GetPureType().get() : types[pos].get());
auto item_val = data_to_val(move(item),
pure ? lt->GetPureType().get() : types[pos].get());
pos++;
if ( ! item_val )
@ -842,231 +842,231 @@ broker::expected<broker::data> val_to_data(const Val* v)
case TYPE_COUNT:
return {v->AsCount()};
case TYPE_PORT:
{
auto p = v->AsPortVal();
return {broker::port(p->Port(), to_broker_port_proto(p->PortType()))};
}
{
auto p = v->AsPortVal();
return {broker::port(p->Port(), to_broker_port_proto(p->PortType()))};
}
case TYPE_ADDR:
{
auto a = v->AsAddr();
in6_addr tmp;
a.CopyIPv6(&tmp);
return {broker::address(reinterpret_cast<const uint32_t*>(&tmp),
broker::address::family::ipv6,
broker::address::byte_order::network)};
}
{
auto a = v->AsAddr();
in6_addr tmp;
a.CopyIPv6(&tmp);
return {broker::address(reinterpret_cast<const uint32_t*>(&tmp),
broker::address::family::ipv6,
broker::address::byte_order::network)};
}
break;
case TYPE_SUBNET:
{
auto s = v->AsSubNet();
in6_addr tmp;
s.Prefix().CopyIPv6(&tmp);
auto a = broker::address(reinterpret_cast<const uint32_t*>(&tmp),
broker::address::family::ipv6,
broker::address::byte_order::network);
return {broker::subnet(std::move(a), s.Length())};
}
{
auto s = v->AsSubNet();
in6_addr tmp;
s.Prefix().CopyIPv6(&tmp);
auto a = broker::address(reinterpret_cast<const uint32_t*>(&tmp),
broker::address::family::ipv6,
broker::address::byte_order::network);
return {broker::subnet(std::move(a), s.Length())};
}
break;
case TYPE_DOUBLE:
return {v->AsDouble()};
case TYPE_TIME:
{
auto secs = broker::fractional_seconds{v->AsTime()};
auto since_epoch = std::chrono::duration_cast<broker::timespan>(secs);
return {broker::timestamp{since_epoch}};
}
{
auto secs = broker::fractional_seconds{v->AsTime()};
auto since_epoch = std::chrono::duration_cast<broker::timespan>(secs);
return {broker::timestamp{since_epoch}};
}
case TYPE_INTERVAL:
{
auto secs = broker::fractional_seconds{v->AsInterval()};
return {std::chrono::duration_cast<broker::timespan>(secs)};
}
{
auto secs = broker::fractional_seconds{v->AsInterval()};
return {std::chrono::duration_cast<broker::timespan>(secs)};
}
case TYPE_ENUM:
{
auto enum_type = v->GetType()->AsEnumType();
auto enum_name = enum_type->Lookup(v->AsEnum());
return {broker::enum_value(enum_name ? enum_name : "<unknown enum>")};
}
{
auto enum_type = v->GetType()->AsEnumType();
auto enum_name = enum_type->Lookup(v->AsEnum());
return {broker::enum_value(enum_name ? enum_name : "<unknown enum>")};
}
case TYPE_STRING:
{
auto s = v->AsString();
return {string(reinterpret_cast<const char*>(s->Bytes()), s->Len())};
}
{
auto s = v->AsString();
return {string(reinterpret_cast<const char*>(s->Bytes()), s->Len())};
}
case TYPE_FILE:
return {string(v->AsFile()->Name())};
case TYPE_FUNC:
{
const Func* f = v->AsFunc();
std::string name(f->Name());
broker::vector rval;
rval.push_back(name);
if ( name.find("lambda_<") == 0 )
{
const Func* f = v->AsFunc();
std::string name(f->Name());
broker::vector rval;
rval.push_back(name);
if ( name.find("lambda_<") == 0 )
// Only ScriptFuncs have closures.
if ( auto b = dynamic_cast<const zeek::detail::ScriptFunc*>(f) )
{
// Only ScriptFuncs have closures.
if ( auto b = dynamic_cast<const zeek::detail::ScriptFunc*>(f) )
{
auto bc = b->SerializeClosure();
if ( ! bc )
return broker::ec::invalid_data;
rval.emplace_back(std::move(*bc));
}
else
{
reporter->InternalWarning("Closure with non-ScriptFunc");
auto bc = b->SerializeClosure();
if ( ! bc )
return broker::ec::invalid_data;
}
rval.emplace_back(std::move(*bc));
}
else
{
reporter->InternalWarning("Closure with non-ScriptFunc");
return broker::ec::invalid_data;
}
}
return {std::move(rval)};
}
case TYPE_TABLE:
{
auto is_set = v->GetType()->IsSet();
auto table = v->AsTable();
auto table_val = v->AsTableVal();
broker::data rval;
if ( is_set )
rval = broker::set();
else
rval = broker::table();
for ( const auto& te : *table )
{
auto hk = te.GetHashKey();
auto* entry = te.GetValue<TableEntryVal*>();
auto vl = table_val->RecreateIndex(*hk);
broker::vector composite_key;
composite_key.reserve(vl->Length());
for ( auto k = 0; k < vl->Length(); ++k )
{
auto key_part = val_to_data(vl->Idx(k).get());
if ( ! key_part )
return broker::ec::invalid_data;
composite_key.emplace_back(move(*key_part));
}
return {std::move(rval)};
}
case TYPE_TABLE:
{
auto is_set = v->GetType()->IsSet();
auto table = v->AsTable();
auto table_val = v->AsTableVal();
broker::data rval;
broker::data key;
if ( composite_key.size() == 1 )
key = move(composite_key[0]);
else
key = move(composite_key);
if ( is_set )
rval = broker::set();
caf::get<broker::set>(rval).emplace(move(key));
else
rval = broker::table();
for ( const auto& te : *table )
{
auto hk = te.GetHashKey();
auto* entry = te.GetValue<TableEntryVal*>();
auto val = val_to_data(entry->GetVal().get());
auto vl = table_val->RecreateIndex(*hk);
if ( ! val )
return broker::ec::invalid_data;
broker::vector composite_key;
composite_key.reserve(vl->Length());
for ( auto k = 0; k < vl->Length(); ++k )
{
auto key_part = val_to_data(vl->Idx(k).get());
if ( ! key_part )
return broker::ec::invalid_data;
composite_key.emplace_back(move(*key_part));
}
broker::data key;
if ( composite_key.size() == 1 )
key = move(composite_key[0]);
else
key = move(composite_key);
if ( is_set )
caf::get<broker::set>(rval).emplace(move(key));
else
{
auto val = val_to_data(entry->GetVal().get());
if ( ! val )
return broker::ec::invalid_data;
caf::get<broker::table>(rval).emplace(move(key), move(*val));
}
caf::get<broker::table>(rval).emplace(move(key), move(*val));
}
return {std::move(rval)};
}
return {std::move(rval)};
}
case TYPE_VECTOR:
{
auto vec = v->AsVectorVal();
broker::vector rval;
rval.reserve(vec->Size());
for ( auto i = 0u; i < vec->Size(); ++i )
{
auto vec = v->AsVectorVal();
broker::vector rval;
rval.reserve(vec->Size());
auto item_val = vec->ValAt(i);
for ( auto i = 0u; i < vec->Size(); ++i )
{
auto item_val = vec->ValAt(i);
if ( ! item_val )
continue;
if ( ! item_val )
continue;
auto item = val_to_data(item_val.get());
auto item = val_to_data(item_val.get());
if ( ! item )
return broker::ec::invalid_data;
if ( ! item )
return broker::ec::invalid_data;
rval.emplace_back(move(*item));
}
return {std::move(rval)};
rval.emplace_back(move(*item));
}
return {std::move(rval)};
}
case TYPE_LIST:
{
// We don't really support lists on the broker side.
// So we just pretend that it is a vector instead.
auto list = v->AsListVal();
broker::vector rval;
rval.reserve(list->Length());
for ( auto i = 0; i < list->Length(); ++i )
{
// We don't really support lists on the broker side.
// So we just pretend that it is a vector instead.
auto list = v->AsListVal();
broker::vector rval;
rval.reserve(list->Length());
const auto& item_val = list->Idx(i);
for ( auto i = 0; i < list->Length(); ++i )
{
const auto& item_val = list->Idx(i);
if ( ! item_val )
continue;
if ( ! item_val )
continue;
auto item = val_to_data(item_val.get());
auto item = val_to_data(item_val.get());
if ( ! item )
return broker::ec::invalid_data;
if ( ! item )
return broker::ec::invalid_data;
rval.emplace_back(move(*item));
}
return {std::move(rval)};
rval.emplace_back(move(*item));
}
return {std::move(rval)};
}
case TYPE_RECORD:
{
auto rec = v->AsRecordVal();
broker::vector rval;
size_t num_fields = v->GetType()->AsRecordType()->NumFields();
rval.reserve(num_fields);
for ( size_t i = 0; i < num_fields; ++i )
{
auto rec = v->AsRecordVal();
broker::vector rval;
size_t num_fields = v->GetType()->AsRecordType()->NumFields();
rval.reserve(num_fields);
auto item_val = rec->GetFieldOrDefault(i);
for ( size_t i = 0; i < num_fields; ++i )
if ( ! item_val )
{
auto item_val = rec->GetFieldOrDefault(i);
if ( ! item_val )
{
rval.emplace_back(broker::nil);
continue;
}
auto item = val_to_data(item_val.get());
if ( ! item )
return broker::ec::invalid_data;
rval.emplace_back(move(*item));
rval.emplace_back(broker::nil);
continue;
}
return {std::move(rval)};
auto item = val_to_data(item_val.get());
if ( ! item )
return broker::ec::invalid_data;
rval.emplace_back(move(*item));
}
return {std::move(rval)};
}
case TYPE_PATTERN:
{
const RE_Matcher* p = v->AsPattern();
broker::vector rval = {p->PatternText(), p->AnywherePatternText()};
return {std::move(rval)};
}
{
const RE_Matcher* p = v->AsPattern();
broker::vector rval = {p->PatternText(), p->AnywherePatternText()};
return {std::move(rval)};
}
case TYPE_OPAQUE:
{
auto c = v->AsOpaqueVal()->Serialize();
if ( ! c )
{
auto c = v->AsOpaqueVal()->Serialize();
if ( ! c )
{
reporter->Error("unsupported opaque type for serialization");
break;
}
return {c};
reporter->Error("unsupported opaque type for serialization");
break;
}
return {c};
}
default:
reporter->Error("unsupported Broker::Data type: %s", type_name(v->GetType()->Tag()));
break;

40
src/broker/Manager.cc
View file

@ -376,8 +376,8 @@ void Manager::InitializeBrokerStoreForwarding()
if ( id->HasVal() && id->GetAttr(zeek::detail::ATTR_BACKEND) )
{
const auto& attr = id->GetAttr(zeek::detail::ATTR_BACKEND);
auto e =
static_cast<BifEnum::Broker::BackendType>(attr->GetExpr()->Eval(nullptr)->AsEnum());
auto e = static_cast<BifEnum::Broker::BackendType>(
attr->GetExpr()->Eval(nullptr)->AsEnum());
auto storename = std::string("___sync_store_") + global.first;
id->GetVal()->AsTableVal()->SetBrokerStore(storename);
AddForwardedStore(storename, cast_intrusive<TableVal>(id->GetVal()));
@ -739,8 +739,8 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int
std::string serial_data(data, len);
free(data);
auto v =
log_topic_func->Invoke(IntrusivePtr{NewRef{}, stream}, make_intrusive<StringVal>(path));
auto v = log_topic_func->Invoke(IntrusivePtr{NewRef{}, stream},
make_intrusive<StringVal>(path));
if ( ! v )
{
@ -1024,22 +1024,22 @@ void Manager::DispatchMessage(const broker::topic& topic, broker::data msg)
break;
case broker::zeek::Message::Type::Batch:
{
broker::zeek::Batch batch(std::move(msg));
if ( ! batch.valid() )
{
broker::zeek::Batch batch(std::move(msg));
if ( ! batch.valid() )
{
reporter->Warning("received invalid broker Batch: %s",
broker::to_string(batch).data());
return;
}
for ( auto& i : batch.batch() )
DispatchMessage(topic, std::move(i));
break;
reporter->Warning("received invalid broker Batch: %s",
broker::to_string(batch).data());
return;
}
for ( auto& i : batch.batch() )
DispatchMessage(topic, std::move(i));
break;
}
default:
// We ignore unknown types so that we could add more in the
// future if we had too.
@ -1176,7 +1176,7 @@ void Manager::ProcessStoreEventInsertUpdate(const TableValPtr& table, const std:
{
reporter->Error(
"ProcessStoreEvent %s: could not convert key \"%s\" for store \"%s\" while receiving "
"remote data. This probably means the tables have different types on different nodes.",
"remote data. This probably means the tables have different types on different nodes.",
type, to_string(key).c_str(), store_id.c_str());
return;
}
@ -1797,8 +1797,8 @@ void Manager::BrokerStoreToZeekTable(const std::string& name, const detail::Stor
if ( its.size() == 1 )
zeek_key = detail::data_to_val(key, its[0].get());
else
zeek_key =
detail::data_to_val(key, table->GetType()->AsTableType()->GetIndices().get());
zeek_key = detail::data_to_val(key,
table->GetType()->AsTableType()->GetIndices().get());
if ( ! zeek_key )
{

Some files were not shown because too many files have changed in this diff Show more