Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/timw/clang-format-fixes'

Browse source 
* origin/topic/timw/clang-format-fixes:
  clang-format: Set penalty for breaking after assignment operator
  clang-format: Set IndentCaseBlocks to false
  clang-format: Other minor formatting changes
  clang-format: Other include ordering changes
  clang-format: Enforce ordering of includes in ZBody
  clang-format: A few minor comment-spacing fixes
  clang-format: Force zeek-config.h to be earlier in the config ordering
This commit is contained in:
Tim Wojtulewicz 2021-09-27 12:06:27 -07:00
commit ff98515f2a
181 changed files with 5236 additions and 5157 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.clang-format
View file

@ -30,7 +30,7 @@ BreakBeforeBraces: Whitesmiths
# SplitEmptyNamespace: false # SplitEmptyNamespace: false
AccessModifierOffset: -4 AccessModifierOffset: -4
AlignAfterOpenBracket: true AlignAfterOpenBracket: Align
AlignTrailingComments: false AlignTrailingComments: false
AllowShortBlocksOnASingleLine: Empty AllowShortBlocksOnASingleLine: Empty
AllowShortEnumsOnASingleLine: true AllowShortEnumsOnASingleLine: true
@ -47,7 +47,7 @@ ColumnLimit: 100
ConstructorInitializerAllOnOneLineOrOnePerLine: false ConstructorInitializerAllOnOneLineOrOnePerLine: false
FixNamespaceComments: false FixNamespaceComments: false
IndentCaseLabels: true IndentCaseLabels: true
IndentCaseBlocks: true IndentCaseBlocks: false
IndentExternBlock: NoIndent IndentExternBlock: NoIndent
IndentPPDirectives: None IndentPPDirectives: None
IndentWidth: 4 IndentWidth: 4
@ -70,6 +70,10 @@ SpacesInParentheses: false
TabWidth: 4 TabWidth: 4
UseTab: AlignWithSpaces UseTab: AlignWithSpaces
# Setting this to a high number causes clang-format to prefer breaking somewhere else
# over breaking after the assignment operator in a line that's over the column limit
PenaltyBreakAssignment: 100
IncludeBlocks: Regroup IncludeBlocks: Regroup
# Include categories go like this: # Include categories go like this:
@ -81,11 +85,14 @@ IncludeBlocks: Regroup
# 5: everything else, which should catch any of the auto-generated code from the # 5: everything else, which should catch any of the auto-generated code from the
# build directory as well # build directory as well
# #
# Sections 0-1 and 2-3 get group together in their respective blocks # Sections 0-1 and 2-3 get grouped together in their respective blocks
IncludeCategories: IncludeCategories:
- Regex: '^"zeek-config\.h"' - Regex: '^"zeek-config\.h"'
Priority: 0 Priority: 1
SortPriority: 1 SortPriority: 1
- Regex: '^"zeek/zeek-config\.h"'
Priority: 1
SortPriority: 2
- Regex: '^<[[:print:]]+\.(h|hh)>' - Regex: '^<[[:print:]]+\.(h|hh)>'
Priority: 2 Priority: 2
SortPriority: 2 SortPriority: 2

3
CHANGES
View file

@ -1,3 +1,6 @@
4.2.0-dev.233 | 2021-09-27 12:06:27 -0700
* Fix a number of issues with the initial pass of clang-format (Tim Wojtulewicz, Corelight)
4.2.0-dev.224 | 2021-09-26 10:27:05 -0700 4.2.0-dev.224 | 2021-09-26 10:27:05 -0700

2
VERSION
View file

@ -1 +1 @@
4.2.0-dev.224 4.2.0-dev.233

562
src/Attr.cc
View file

@ -2,13 +2,14 @@
#include "zeek/Attr.h" #include "zeek/Attr.h"
#include "zeek/zeek-config.h"
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/Expr.h" #include "zeek/Expr.h"
#include "zeek/IntrusivePtr.h" #include "zeek/IntrusivePtr.h"
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/input/Manager.h" #include "zeek/input/Manager.h"
#include "zeek/threading/SerialTypes.h" #include "zeek/threading/SerialTypes.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {
@ -316,58 +317,96 @@ void Attributes::CheckAttr(Attr* a)
case ATTR_ADD_FUNC: case ATTR_ADD_FUNC:
case ATTR_DEL_FUNC: case ATTR_DEL_FUNC:
{
bool is_add = a->Tag() == ATTR_ADD_FUNC;
const auto& at = a->GetExpr()->GetType();
if ( at->Tag() != TYPE_FUNC )
{ {
bool is_add = a->Tag() == ATTR_ADD_FUNC; a->GetExpr()->Error(is_add ? "&add_func must be a function"
: "&delete_func must be a function");
const auto& at = a->GetExpr()->GetType(); break;
if ( at->Tag() != TYPE_FUNC )
{
a->GetExpr()->Error(is_add ? "&add_func must be a function"
: "&delete_func must be a function");
break;
}
FuncType* aft = at->AsFuncType();
if ( ! same_type(aft->Yield(), type) )
{
a->GetExpr()->Error(
is_add ? "&add_func function must yield same type as variable"
: "&delete_func function must yield same type as variable");
break;
}
} }
FuncType* aft = at->AsFuncType();
if ( ! same_type(aft->Yield(), type) )
{
a->GetExpr()->Error(is_add
? "&add_func function must yield same type as variable"
: "&delete_func function must yield same type as variable");
break;
}
}
break; break;
case ATTR_DEFAULT: case ATTR_DEFAULT:
{
// &default is allowed for global tables, since it's used in initialization
// of table fields. it's not allowed otherwise.
if ( global_var && ! type->IsTable() )
{ {
// &default is allowed for global tables, since it's used in initialization Error("&default is not valid for global variables except for tables");
// of table fields. it's not allowed otherwise. break;
if ( global_var && ! type->IsTable() ) }
const auto& atype = a->GetExpr()->GetType();
if ( type->Tag() != TYPE_TABLE || (type->IsSet() && ! in_record) )
{
if ( same_type(atype, type) )
// Ok.
break;
// Record defaults may be promotable.
if ( (type->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD &&
record_promotion_compatible(atype->AsRecordType(), type->AsRecordType())) )
// Ok.
break;
if ( type->Tag() == TYPE_TABLE && type->AsTableType()->IsUnspecifiedTable() )
// Ok.
break;
auto e = check_and_promote_expr(a->GetExpr(), type);
if ( e )
{ {
Error("&default is not valid for global variables except for tables"); a->SetAttrExpr(std::move(e));
// Ok.
break; break;
} }
const auto& atype = a->GetExpr()->GetType(); a->GetExpr()->Error("&default value has inconsistent type", type.get());
return;
}
if ( type->Tag() != TYPE_TABLE || (type->IsSet() && ! in_record) ) TableType* tt = type->AsTableType();
const auto& ytype = tt->Yield();
if ( ! in_record )
{
// &default applies to the type itself.
if ( ! same_type(atype, ytype) )
{ {
if ( same_type(atype, type) ) // It can still be a default function.
if ( atype->Tag() == TYPE_FUNC )
{
FuncType* f = atype->AsFuncType();
if ( ! f->CheckArgs(tt->GetIndexTypes()) || ! same_type(f->Yield(), ytype) )
Error("&default function type clash");
// Ok. // Ok.
break; break;
}
// Record defaults may be promotable. // Table defaults may be promotable.
if ( (type->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD && if ( (ytype->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD &&
record_promotion_compatible(atype->AsRecordType(), record_promotion_compatible(atype->AsRecordType(),
type->AsRecordType())) ) ytype->AsRecordType())) )
// Ok. // Ok.
break; break;
if ( type->Tag() == TYPE_TABLE && type->AsTableType()->IsUnspecifiedTable() ) auto e = check_and_promote_expr(a->GetExpr(), ytype);
// Ok.
break;
auto e = check_and_promote_expr(a->GetExpr(), type);
if ( e ) if ( e )
{ {
@ -376,120 +415,79 @@ void Attributes::CheckAttr(Attr* a)
break; break;
} }
a->GetExpr()->Error("&default value has inconsistent type", type.get()); Error("&default value has inconsistent type 2");
return;
} }
TableType* tt = type->AsTableType(); // Ok.
const auto& ytype = tt->Yield(); break;
}
if ( ! in_record ) else
{ {
// &default applies to the type itself. // &default applies to record field.
if ( ! same_type(atype, ytype) )
{
// It can still be a default function.
if ( atype->Tag() == TYPE_FUNC )
{
FuncType* f = atype->AsFuncType();
if ( ! f->CheckArgs(tt->GetIndexTypes()) ||
! same_type(f->Yield(), ytype) )
Error("&default function type clash");
// Ok.
break;
}
// Table defaults may be promotable.
if ( (ytype->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD &&
record_promotion_compatible(atype->AsRecordType(),
ytype->AsRecordType())) )
// Ok.
break;
auto e = check_and_promote_expr(a->GetExpr(), ytype);
if ( e )
{
a->SetAttrExpr(std::move(e));
// Ok.
break;
}
Error("&default value has inconsistent type 2");
}
if ( same_type(atype, type) )
// Ok. // Ok.
break; break;
}
else if ( (atype->Tag() == TYPE_TABLE && atype->AsTableType()->IsUnspecifiedTable()) )
{ {
// &default applies to record field. auto e = check_and_promote_expr(a->GetExpr(), type);
if ( same_type(atype, type) ) if ( e )
// Ok.
break;
if ( (atype->Tag() == TYPE_TABLE &&
atype->AsTableType()->IsUnspecifiedTable()) )
{ {
auto e = check_and_promote_expr(a->GetExpr(), type); a->SetAttrExpr(std::move(e));
if ( e )
{
a->SetAttrExpr(std::move(e));
break;
}
}
// Table defaults may be promotable.
if ( ytype && ytype->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD &&
record_promotion_compatible(atype->AsRecordType(), ytype->AsRecordType()) )
// Ok.
break; break;
}
Error("&default value has inconsistent type");
} }
// Table defaults may be promotable.
if ( ytype && ytype->Tag() == TYPE_RECORD && atype->Tag() == TYPE_RECORD &&
record_promotion_compatible(atype->AsRecordType(), ytype->AsRecordType()) )
// Ok.
break;
Error("&default value has inconsistent type");
} }
}
break; break;
case ATTR_EXPIRE_READ: case ATTR_EXPIRE_READ:
{ {
if ( Find(ATTR_BROKER_STORE) ) if ( Find(ATTR_BROKER_STORE) )
Error("&broker_store and &read_expire cannot be used simultaneously"); Error("&broker_store and &read_expire cannot be used simultaneously");
if ( Find(ATTR_BACKEND) ) if ( Find(ATTR_BACKEND) )
Error("&backend and &read_expire cannot be used simultaneously"); Error("&backend and &read_expire cannot be used simultaneously");
} }
// fallthrough // fallthrough
case ATTR_EXPIRE_WRITE: case ATTR_EXPIRE_WRITE:
case ATTR_EXPIRE_CREATE: case ATTR_EXPIRE_CREATE:
{
if ( type->Tag() != TYPE_TABLE )
{ {
if ( type->Tag() != TYPE_TABLE ) Error("expiration only applicable to sets/tables");
{ break;
Error("expiration only applicable to sets/tables");
break;
}
int num_expires = 0;
for ( const auto& a : attrs )
{
if ( a->Tag() == ATTR_EXPIRE_READ || a->Tag() == ATTR_EXPIRE_WRITE ||
a->Tag() == ATTR_EXPIRE_CREATE )
num_expires++;
}
if ( num_expires > 1 )
{
Error("set/table can only have one of &read_expire, &write_expire, "
"&create_expire");
break;
}
} }
int num_expires = 0;
for ( const auto& a : attrs )
{
if ( a->Tag() == ATTR_EXPIRE_READ || a->Tag() == ATTR_EXPIRE_WRITE ||
a->Tag() == ATTR_EXPIRE_CREATE )
num_expires++;
}
if ( num_expires > 1 )
{
Error("set/table can only have one of &read_expire, &write_expire, "
"&create_expire");
break;
}
}
#if 0 #if 0
//### not easy to test this w/o knowing the ID. //### not easy to test this w/o knowing the ID.
if ( ! global_var ) if ( ! global_var )
@ -499,172 +497,172 @@ void Attributes::CheckAttr(Attr* a)
break; break;
case ATTR_EXPIRE_FUNC: case ATTR_EXPIRE_FUNC:
{
if ( type->Tag() != TYPE_TABLE )
{ {
if ( type->Tag() != TYPE_TABLE ) Error("expiration only applicable to tables");
{
Error("expiration only applicable to tables");
break;
}
type->AsTableType()->CheckExpireFuncCompatibility({NewRef{}, a});
if ( Find(ATTR_BROKER_STORE) )
Error("&broker_store and &expire_func cannot be used simultaneously");
if ( Find(ATTR_BACKEND) )
Error("&backend and &expire_func cannot be used simultaneously");
break; break;
} }
type->AsTableType()->CheckExpireFuncCompatibility({NewRef{}, a});
if ( Find(ATTR_BROKER_STORE) )
Error("&broker_store and &expire_func cannot be used simultaneously");
if ( Find(ATTR_BACKEND) )
Error("&backend and &expire_func cannot be used simultaneously");
break;
}
case ATTR_ON_CHANGE: case ATTR_ON_CHANGE:
{
if ( type->Tag() != TYPE_TABLE )
{ {
if ( type->Tag() != TYPE_TABLE ) Error("&on_change only applicable to sets/tables");
{ break;
Error("&on_change only applicable to sets/tables");
break;
}
const auto& change_func = a->GetExpr();
if ( change_func->GetType()->Tag() != TYPE_FUNC ||
change_func->GetType()->AsFuncType()->Flavor() != FUNC_FLAVOR_FUNCTION )
Error("&on_change attribute is not a function");
const FuncType* c_ft = change_func->GetType()->AsFuncType();
if ( c_ft->Yield()->Tag() != TYPE_VOID )
{
Error("&on_change must not return a value");
break;
}
const TableType* the_table = type->AsTableType();
if ( the_table->IsUnspecifiedTable() )
break;
const auto& args = c_ft->ParamList()->GetTypes();
const auto& t_indexes = the_table->GetIndexTypes();
if ( args.size() != (type->IsSet() ? 2 : 3) + t_indexes.size() )
{
Error("&on_change function has incorrect number of arguments");
break;
}
if ( ! same_type(args[0], the_table->AsTableType()) )
{
Error("&on_change: first argument must be of same type as table");
break;
}
// can't check exact type here yet - the data structures don't exist yet.
if ( args[1]->Tag() != TYPE_ENUM )
{
Error("&on_change: second argument must be a TableChange enum");
break;
}
for ( size_t i = 0; i < t_indexes.size(); i++ )
{
if ( ! same_type(args[2 + i], t_indexes[i]) )
{
Error("&on_change: index types do not match table");
break;
}
}
if ( ! type->IsSet() )
if ( ! same_type(args[2 + t_indexes.size()], the_table->Yield()) )
{
Error("&on_change: value type does not match table");
break;
}
} }
const auto& change_func = a->GetExpr();
if ( change_func->GetType()->Tag() != TYPE_FUNC ||
change_func->GetType()->AsFuncType()->Flavor() != FUNC_FLAVOR_FUNCTION )
Error("&on_change attribute is not a function");
const FuncType* c_ft = change_func->GetType()->AsFuncType();
if ( c_ft->Yield()->Tag() != TYPE_VOID )
{
Error("&on_change must not return a value");
break;
}
const TableType* the_table = type->AsTableType();
if ( the_table->IsUnspecifiedTable() )
break;
const auto& args = c_ft->ParamList()->GetTypes();
const auto& t_indexes = the_table->GetIndexTypes();
if ( args.size() != (type->IsSet() ? 2 : 3) + t_indexes.size() )
{
Error("&on_change function has incorrect number of arguments");
break;
}
if ( ! same_type(args[0], the_table->AsTableType()) )
{
Error("&on_change: first argument must be of same type as table");
break;
}
// can't check exact type here yet - the data structures don't exist yet.
if ( args[1]->Tag() != TYPE_ENUM )
{
Error("&on_change: second argument must be a TableChange enum");
break;
}
for ( size_t i = 0; i < t_indexes.size(); i++ )
{
if ( ! same_type(args[2 + i], t_indexes[i]) )
{
Error("&on_change: index types do not match table");
break;
}
}
if ( ! type->IsSet() )
if ( ! same_type(args[2 + t_indexes.size()], the_table->Yield()) )
{
Error("&on_change: value type does not match table");
break;
}
}
break; break;
case ATTR_BACKEND: case ATTR_BACKEND:
{
if ( ! global_var || type->Tag() != TYPE_TABLE )
{ {
if ( ! global_var || type->Tag() != TYPE_TABLE ) Error("&backend only applicable to global sets/tables");
{
Error("&backend only applicable to global sets/tables");
break;
}
// cannot do better equality check - the Broker types are not
// actually existing yet when we are here. We will do that
// later - before actually attaching to a broker store
if ( a->GetExpr()->GetType()->Tag() != TYPE_ENUM )
{
Error("&backend must take an enum argument");
break;
}
// Only support atomic types for the moment, unless
// explicitly overriden
if ( ! type->AsTableType()->IsSet() &&
! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )
{
Error("&backend only supports atomic types as table value");
}
if ( Find(ATTR_EXPIRE_FUNC) )
Error("&backend and &expire_func cannot be used simultaneously");
if ( Find(ATTR_EXPIRE_READ) )
Error("&backend and &read_expire cannot be used simultaneously");
if ( Find(ATTR_BROKER_STORE) )
Error("&backend and &broker_store cannot be used simultaneously");
break; break;
} }
// cannot do better equality check - the Broker types are not
// actually existing yet when we are here. We will do that
// later - before actually attaching to a broker store
if ( a->GetExpr()->GetType()->Tag() != TYPE_ENUM )
{
Error("&backend must take an enum argument");
break;
}
// Only support atomic types for the moment, unless
// explicitly overriden
if ( ! type->AsTableType()->IsSet() &&
! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )
{
Error("&backend only supports atomic types as table value");
}
if ( Find(ATTR_EXPIRE_FUNC) )
Error("&backend and &expire_func cannot be used simultaneously");
if ( Find(ATTR_EXPIRE_READ) )
Error("&backend and &read_expire cannot be used simultaneously");
if ( Find(ATTR_BROKER_STORE) )
Error("&backend and &broker_store cannot be used simultaneously");
break;
}
case ATTR_BROKER_STORE: case ATTR_BROKER_STORE:
{
if ( type->Tag() != TYPE_TABLE )
{ {
if ( type->Tag() != TYPE_TABLE ) Error("&broker_store only applicable to sets/tables");
{
Error("&broker_store only applicable to sets/tables");
break;
}
if ( a->GetExpr()->GetType()->Tag() != TYPE_STRING )
{
Error("&broker_store must take a string argument");
break;
}
// Only support atomic types for the moment, unless
// explicitly overriden
if ( ! type->AsTableType()->IsSet() &&
! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )
{
Error("&broker_store only supports atomic types as table value");
}
if ( Find(ATTR_EXPIRE_FUNC) )
Error("&broker_store and &expire_func cannot be used simultaneously");
if ( Find(ATTR_EXPIRE_READ) )
Error("&broker_store and &read_expire cannot be used simultaneously");
if ( Find(ATTR_BACKEND) )
Error("&backend and &broker_store cannot be used simultaneously");
break; break;
} }
case ATTR_BROKER_STORE_ALLOW_COMPLEX: if ( a->GetExpr()->GetType()->Tag() != TYPE_STRING )
{ {
if ( type->Tag() != TYPE_TABLE ) Error("&broker_store must take a string argument");
{ break;
Error("&broker_allow_complex_type only applicable to sets/tables");
break;
}
} }
// Only support atomic types for the moment, unless
// explicitly overriden
if ( ! type->AsTableType()->IsSet() &&
! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )
{
Error("&broker_store only supports atomic types as table value");
}
if ( Find(ATTR_EXPIRE_FUNC) )
Error("&broker_store and &expire_func cannot be used simultaneously");
if ( Find(ATTR_EXPIRE_READ) )
Error("&broker_store and &read_expire cannot be used simultaneously");
if ( Find(ATTR_BACKEND) )
Error("&backend and &broker_store cannot be used simultaneously");
break;
}
case ATTR_BROKER_STORE_ALLOW_COMPLEX:
{
if ( type->Tag() != TYPE_TABLE )
{
Error("&broker_allow_complex_type only applicable to sets/tables");
break;
}
}
case ATTR_TRACKED: case ATTR_TRACKED:
// FIXME: Check here for global ID? // FIXME: Check here for global ID?
break; break;
@ -694,24 +692,24 @@ void Attributes::CheckAttr(Attr* a)
break; break;
case ATTR_TYPE_COLUMN: case ATTR_TYPE_COLUMN:
{
if ( type->Tag() != TYPE_PORT )
{ {
if ( type->Tag() != TYPE_PORT ) Error("type_column tag only applicable to ports");
{
Error("type_column tag only applicable to ports");
break;
}
const auto& atype = a->GetExpr()->GetType();
if ( atype->Tag() != TYPE_STRING )
{
Error("type column needs to have a string argument");
break;
}
break; break;
} }
const auto& atype = a->GetExpr()->GetType();
if ( atype->Tag() != TYPE_STRING )
{
Error("type column needs to have a string argument");
break;
}
break;
}
default: default:
BadTag("Attributes::CheckAttr", attr_name(a->Tag())); BadTag("Attributes::CheckAttr", attr_name(a->Tag()));
} }

3
src/Base64.cc
View file

@ -1,11 +1,12 @@
#include "zeek/Base64.h" #include "zeek/Base64.h"
#include "zeek/zeek-config.h"
#include <math.h> #include <math.h>
#include "zeek/Conn.h" #include "zeek/Conn.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {

4
src/Base64.h
View file

@ -1,9 +1,9 @@
#pragma once #pragma once
#include <string>
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
#include <string>
namespace zeek namespace zeek
{ {

3
src/BifReturnVal.h
View file

@ -2,9 +2,10 @@
#pragma once #pragma once
#include "zeek/IntrusivePtr.h"
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
#include "zeek/IntrusivePtr.h"
namespace zeek namespace zeek
{ {

3
src/CCL.cc
View file

@ -2,11 +2,12 @@
#include "zeek/CCL.h" #include "zeek/CCL.h"
#include "zeek/zeek-config.h"
#include <algorithm> #include <algorithm>
#include "zeek/DFA.h" #include "zeek/DFA.h"
#include "zeek/RE.h" #include "zeek/RE.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {

1102
src/CompHash.cc
View file

File diff suppressed because it is too large Load diff

3
src/Conn.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Conn.h" #include "zeek/Conn.h"
#include "zeek/zeek-config.h"
#include <binpac.h> #include <binpac.h>
#include <ctype.h> #include <ctype.h>
@ -19,7 +21,6 @@
#include "zeek/packet_analysis/protocol/ip/SessionAdapter.h" #include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
#include "zeek/packet_analysis/protocol/tcp/TCP.h" #include "zeek/packet_analysis/protocol/tcp/TCP.h"
#include "zeek/session/Manager.h" #include "zeek/session/Manager.h"
#include "zeek/zeek-config.h"
namespace zeek namespace zeek
{ {

3
src/DFA.cc
View file

@ -2,10 +2,11 @@
#include "zeek/DFA.h" #include "zeek/DFA.h"
#include "zeek/zeek-config.h"
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/EquivClass.h" #include "zeek/EquivClass.h"
#include "zeek/Hash.h" #include "zeek/Hash.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {

18
src/DNS_Mgr.cc
View file

@ -2,10 +2,10 @@
#include "zeek/DNS_Mgr.h" #include "zeek/DNS_Mgr.h"
#include "zeek/zeek-config.h"
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/types.h> #include <sys/types.h>
#include "zeek/zeek-config.h"
#ifdef TIME_WITH_SYS_TIME #ifdef TIME_WITH_SYS_TIME
#include <sys/time.h> #include <sys/time.h>
#include <time.h> #include <time.h>
@ -1167,16 +1167,16 @@ void DNS_Mgr::IssueAsyncRequests()
if ( req->IsAddrReq() ) if ( req->IsAddrReq() )
success = DoRequest(nb_dns, new DNS_Mgr_Request(req->host)); success = DoRequest(nb_dns, new DNS_Mgr_Request(req->host));
else if ( req->is_txt ) else if ( req->is_txt )
success = success = DoRequest(nb_dns,
DoRequest(nb_dns, new DNS_Mgr_Request(req->name.c_str(), AF_INET, req->is_txt)); new DNS_Mgr_Request(req->name.c_str(), AF_INET, req->is_txt));
else else
{ {
// If only one request type succeeds, don't consider it a failure. // If only one request type succeeds, don't consider it a failure.
success = success = DoRequest(nb_dns,
DoRequest(nb_dns, new DNS_Mgr_Request(req->name.c_str(), AF_INET, req->is_txt)); new DNS_Mgr_Request(req->name.c_str(), AF_INET, req->is_txt));
success = success = DoRequest(nb_dns,
DoRequest(nb_dns, new DNS_Mgr_Request(req->name.c_str(), AF_INET6, req->is_txt)) || new DNS_Mgr_Request(req->name.c_str(), AF_INET6, req->is_txt)) ||
success; success;
} }
if ( ! success ) if ( ! success )

23
src/DbgBreakpoint.cc
View file

@ -2,6 +2,8 @@
#include "zeek/DbgBreakpoint.h" #include "zeek/DbgBreakpoint.h"
#include "zeek/zeek-config.h"
#include <assert.h> #include <assert.h>
#include "zeek/Debug.h" #include "zeek/Debug.h"
@ -15,7 +17,6 @@
#include "zeek/Timer.h" #include "zeek/Timer.h"
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/module_util.h" #include "zeek/module_util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {
@ -347,19 +348,19 @@ void DbgBreakpoint::PrintHitMsg()
case BP_STMT: case BP_STMT:
case BP_FUNC: case BP_FUNC:
case BP_LINE: case BP_LINE:
{ {
ODesc d; ODesc d;
Frame* f = g_frame_stack.back(); Frame* f = g_frame_stack.back();
const ScriptFunc* func = f->GetFunction(); const ScriptFunc* func = f->GetFunction();
if ( func ) if ( func )
func->DescribeDebug(&d, f->GetFuncArgs()); func->DescribeDebug(&d, f->GetFuncArgs());
const Location* loc = at_stmt->GetLocationInfo(); const Location* loc = at_stmt->GetLocationInfo();
debug_msg("Breakpoint %d, %s at %s:%d\n", GetID(), d.Description(), loc->filename, debug_msg("Breakpoint %d, %s at %s:%d\n", GetID(), d.Description(), loc->filename,
loc->first_line); loc->first_line);
} }
return; return;
case BP_TIME: case BP_TIME:

3
src/DbgHelp.cc
View file

@ -1,4 +1,5 @@
// Bro Debugger Help // Bro Debugger Help
#include "zeek/Debug.h"
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
#include "zeek/Debug.h"

3
src/DbgWatch.cc
View file

@ -2,9 +2,10 @@
#include "zeek/DbgWatch.h" #include "zeek/DbgWatch.h"
#include "zeek/zeek-config.h"
#include "zeek/Debug.h" #include "zeek/Debug.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {

4
src/Debug.cc
View file

@ -2,14 +2,14 @@
#include "zeek/Debug.h" #include "zeek/Debug.h"
#include "zeek/zeek-config.h"
#include <ctype.h> #include <ctype.h>
#include <signal.h> #include <signal.h>
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <stdio.h>
#include <string> #include <string>
#include "zeek/zeek-config.h"
#ifdef HAVE_READLINE #ifdef HAVE_READLINE
#include <readline/history.h> #include <readline/history.h>
#include <readline/readline.h> #include <readline/readline.h>

3
src/DebugCmds.cc
View file

@ -3,6 +3,8 @@
#include "zeek/DebugCmds.h" #include "zeek/DebugCmds.h"
#include "zeek/zeek-config.h"
#include <assert.h> #include <assert.h>
#include <regex.h> #include <regex.h>
#include <string.h> #include <string.h>
@ -21,7 +23,6 @@
#include "zeek/Stmt.h" #include "zeek/Stmt.h"
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/util.h" #include "zeek/util.h"
#include "zeek/zeek-config.h"
using namespace std; using namespace std;

4
src/DebugLogger.h
View file

@ -5,12 +5,12 @@
#ifdef DEBUG #ifdef DEBUG
#include "zeek/zeek-config.h"
#include <stdio.h> #include <stdio.h>
#include <set> #include <set>
#include <string> #include <string>
#include "zeek/zeek-config.h"
#define DBG_LOG(stream, args...) \ #define DBG_LOG(stream, args...) \
if ( ::zeek::detail::debug_logger.IsEnabled(stream) ) \ if ( ::zeek::detail::debug_logger.IsEnabled(stream) ) \
::zeek::detail::debug_logger.Log(stream, args) ::zeek::detail::debug_logger.Log(stream, args)

3
src/Desc.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/zeek-config.h"
#include <errno.h> #include <errno.h>
#include <math.h> #include <math.h>
#include <stdlib.h> #include <stdlib.h>
@ -11,7 +13,6 @@
#include "zeek/File.h" #include "zeek/File.h"
#include "zeek/IPAddr.h" #include "zeek/IPAddr.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/zeek-config.h"
#define DEFAULT_SIZE 128 #define DEFAULT_SIZE 128
#define SLOP 10 #define SLOP 10

8
src/Dict.cc
View file

@ -1060,8 +1060,8 @@ int Dictionary::LookupIndex(const void* key, int key_size, detail::hash_t hash,
#ifdef DEBUG #ifdef DEBUG
int linear_position = LinearLookupIndex(key, key_size, hash); int linear_position = LinearLookupIndex(key, key_size, hash);
#endif // DEBUG #endif // DEBUG
int position = int position = LookupIndex(key, key_size, hash, bucket, Capacity(), insert_position,
LookupIndex(key, key_size, hash, bucket, Capacity(), insert_position, insert_distance); insert_distance);
if ( position >= 0 ) if ( position >= 0 )
{ {
ASSERT(position == linear_position); // same as linearLookup ASSERT(position == linear_position); // same as linearLookup
@ -1239,7 +1239,7 @@ void Dictionary::InsertRelocateAndAdjust(detail::DictEntry& entry, int insert_po
// range if the changed range straddles over remap_end. // range if the changed range straddles over remap_end.
if ( Remapping() && insert_position <= remap_end && remap_end < last_affected_position ) if ( Remapping() && insert_position <= remap_end && remap_end < last_affected_position )
{ //[i,j] range changed. if map_end in between. then possibly old entry pushed down across { //[i,j] range changed. if map_end in between. then possibly old entry pushed down across
//map_end. // map_end.
remap_end = last_affected_position; // adjust to j on the conservative side. remap_end = last_affected_position; // adjust to j on the conservative side.
} }
@ -1498,7 +1498,7 @@ void Dictionary::Remap()
if ( ! table[remap_end].Empty() && Remap(remap_end) ) if ( ! table[remap_end].Empty() && Remap(remap_end) )
left--; left--;
else //< successful Remap may increase remap_end in the case of SizeUp due to insert. if so, else //< successful Remap may increase remap_end in the case of SizeUp due to insert. if so,
//remap_end need to be worked on again. // remap_end need to be worked on again.
remap_end--; remap_end--;
} }
if ( remap_end < 0 ) if ( remap_end < 0 )

7
src/Discard.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Discard.h" #include "zeek/Discard.h"
#include "zeek/zeek-config.h"
#include <algorithm> #include <algorithm>
#include "zeek/Func.h" #include "zeek/Func.h"
@ -11,7 +13,6 @@
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/Var.h" #include "zeek/Var.h"
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {
@ -71,8 +72,8 @@ bool Discarder::NextPacket(const std::unique_ptr<IP_Hdr>& ip, int len, int caple
bool is_tcp = (proto == IPPROTO_TCP); bool is_tcp = (proto == IPPROTO_TCP);
bool is_udp = (proto == IPPROTO_UDP); bool is_udp = (proto == IPPROTO_UDP);
int min_hdr_len = int min_hdr_len = is_tcp ? sizeof(struct tcphdr)
is_tcp ? sizeof(struct tcphdr) : (is_udp ? sizeof(struct udphdr) : sizeof(struct icmp)); : (is_udp ? sizeof(struct udphdr) : sizeof(struct icmp));
if ( len < min_hdr_len || caplen < min_hdr_len ) if ( len < min_hdr_len || caplen < min_hdr_len )
// we don't have a complete protocol header // we don't have a complete protocol header

3
src/EquivClass.cc
View file

@ -2,9 +2,10 @@
#include "zeek/EquivClass.h" #include "zeek/EquivClass.h"
#include "zeek/zeek-config.h"
#include "zeek/CCL.h" #include "zeek/CCL.h"
#include "zeek/util.h" #include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {

3
src/Event.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Event.h" #include "zeek/Event.h"
#include "zeek/zeek-config.h"
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/Func.h" #include "zeek/Func.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
@ -11,7 +13,6 @@
#include "zeek/iosource/Manager.h" #include "zeek/iosource/Manager.h"
#include "zeek/iosource/PktSrc.h" #include "zeek/iosource/PktSrc.h"
#include "zeek/plugin/Manager.h" #include "zeek/plugin/Manager.h"
#include "zeek/zeek-config.h"
zeek::EventMgr zeek::event_mgr; zeek::EventMgr zeek::event_mgr;
zeek::EventMgr& mgr = zeek::event_mgr; zeek::EventMgr& mgr = zeek::event_mgr;

4
src/EventHandler.cc
View file

@ -32,8 +32,8 @@ const FuncTypePtr& EventHandler::GetType(bool check_export)
if ( type ) if ( type )
return type; return type;
const auto& id = const auto& id = detail::lookup_ID(name.data(), detail::current_module.c_str(), false, false,
detail::lookup_ID(name.data(), detail::current_module.c_str(), false, false, check_export); check_export);
if ( ! id ) if ( ! id )
return FuncType::nil; return FuncType::nil;

4
src/EventRegistry.h
View file

@ -2,14 +2,14 @@
#pragma once #pragma once
#include "zeek/zeek-config.h"
#include <map> #include <map>
#include <memory> #include <memory>
#include <string> #include <string>
#include <string_view> #include <string_view>
#include <vector> #include <vector>
#include "zeek/zeek-config.h"
namespace zeek namespace zeek
{ {

291
src/Expr.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Expr.h" #include "zeek/Expr.h"
#include "zeek/zeek-config.h"
#include "zeek/DebugLogger.h" #include "zeek/DebugLogger.h"
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/Event.h" #include "zeek/Event.h"
@ -20,7 +22,6 @@
#include "zeek/digest.h" #include "zeek/digest.h"
#include "zeek/module_util.h" #include "zeek/module_util.h"
#include "zeek/script_opt/ExprOptInfo.h" #include "zeek/script_opt/ExprOptInfo.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {
@ -276,8 +277,8 @@ void Expr::AssignToIndex(ValPtr v1, ValPtr v2, ValPtr v3) const
{ {
bool iterators_invalidated; bool iterators_invalidated;
auto error_msg = auto error_msg = assign_to_index(std::move(v1), std::move(v2), std::move(v3),
assign_to_index(std::move(v1), std::move(v2), std::move(v3), iterators_invalidated); iterators_invalidated);
if ( iterators_invalidated ) if ( iterators_invalidated )
{ {
@ -319,75 +320,75 @@ const char* assign_to_index(ValPtr v1, ValPtr v2, ValPtr v3, bool& iterators_inv
switch ( v1->GetType()->Tag() ) switch ( v1->GetType()->Tag() )
{ {
case TYPE_VECTOR: case TYPE_VECTOR:
{
const ListVal* lv = v2->AsListVal();
VectorVal* v1_vect = v1->AsVectorVal();
if ( lv->Length() > 1 )
{ {
const ListVal* lv = v2->AsListVal(); auto len = v1_vect->Size();
VectorVal* v1_vect = v1->AsVectorVal(); bro_int_t first = get_slice_index(lv->Idx(0)->CoerceToInt(), len);
bro_int_t last = get_slice_index(lv->Idx(1)->CoerceToInt(), len);
if ( lv->Length() > 1 ) // Remove the elements from the vector within the slice.
{ for ( auto idx = first; idx < last; idx++ )
auto len = v1_vect->Size(); v1_vect->Remove(first);
bro_int_t first = get_slice_index(lv->Idx(0)->CoerceToInt(), len);
bro_int_t last = get_slice_index(lv->Idx(1)->CoerceToInt(), len);
// Remove the elements from the vector within the slice. // Insert the new elements starting at the first
for ( auto idx = first; idx < last; idx++ ) // position.
v1_vect->Remove(first);
// Insert the new elements starting at the first VectorVal* v_vect = v3->AsVectorVal();
// position.
VectorVal* v_vect = v3->AsVectorVal(); for ( auto idx = 0u; idx < v_vect->Size(); idx++, first++ )
v1_vect->Insert(first, v_vect->ValAt(idx));
for ( auto idx = 0u; idx < v_vect->Size(); idx++, first++ )
v1_vect->Insert(first, v_vect->ValAt(idx));
}
else if ( ! v1_vect->Assign(lv->Idx(0)->CoerceToUnsigned(), std::move(v3)) )
{
v3 = std::move(v_extra);
if ( v3 )
{
ODesc d;
v3->Describe(&d);
const auto& vt = v3->GetType();
auto vtt = vt->Tag();
std::string tn = vtt == TYPE_RECORD ? vt->GetName() : type_name(vtt);
return util::fmt(
"vector index assignment failed for invalid type '%s', value: %s",
tn.data(), d.Description());
}
else
return "assignment failed with null value";
}
break;
} }
else if ( ! v1_vect->Assign(lv->Idx(0)->CoerceToUnsigned(), std::move(v3)) )
{
v3 = std::move(v_extra);
if ( v3 )
{
ODesc d;
v3->Describe(&d);
const auto& vt = v3->GetType();
auto vtt = vt->Tag();
std::string tn = vtt == TYPE_RECORD ? vt->GetName() : type_name(vtt);
return util::fmt(
"vector index assignment failed for invalid type '%s', value: %s",
tn.data(), d.Description());
}
else
return "assignment failed with null value";
}
break;
}
case TYPE_TABLE: case TYPE_TABLE:
{
if ( ! v1->AsTableVal()->Assign(std::move(v2), std::move(v3), true,
&iterators_invalidated) )
{ {
if ( ! v1->AsTableVal()->Assign(std::move(v2), std::move(v3), true, v3 = std::move(v_extra);
&iterators_invalidated) )
if ( v3 )
{ {
v3 = std::move(v_extra); ODesc d;
v3->Describe(&d);
if ( v3 ) const auto& vt = v3->GetType();
{ auto vtt = vt->Tag();
ODesc d; std::string tn = vtt == TYPE_RECORD ? vt->GetName() : type_name(vtt);
v3->Describe(&d); return util::fmt(
const auto& vt = v3->GetType(); "table index assignment failed for invalid type '%s', value: %s", tn.data(),
auto vtt = vt->Tag(); d.Description());
std::string tn = vtt == TYPE_RECORD ? vt->GetName() : type_name(vtt);
return util::fmt(
"table index assignment failed for invalid type '%s', value: %s",
tn.data(), d.Description());
}
else
return "assignment failed with null value";
} }
else
break; return "assignment failed with null value";
} }
break;
}
case TYPE_STRING: case TYPE_STRING:
return "assignment via string index accessor not allowed"; return "assignment via string index accessor not allowed";
break; break;
@ -717,8 +718,8 @@ ValPtr UnaryExpr::Fold(Val* v) const
void UnaryExpr::ExprDescribe(ODesc* d) const void UnaryExpr::ExprDescribe(ODesc* d) const
{ {
bool is_coerce = bool is_coerce = Tag() == EXPR_ARITH_COERCE || Tag() == EXPR_RECORD_COERCE ||
Tag() == EXPR_ARITH_COERCE || Tag() == EXPR_RECORD_COERCE || Tag() == EXPR_TABLE_COERCE; Tag() == EXPR_TABLE_COERCE;
if ( d->IsReadable() ) if ( d->IsReadable() )
{ {
@ -924,54 +925,54 @@ ValPtr BinaryExpr::Fold(Val* v1, Val* v2) const
DO_FOLD(*); DO_FOLD(*);
break; break;
case EXPR_DIVIDE: case EXPR_DIVIDE:
{
if ( is_integral )
{ {
if ( is_integral ) if ( i2 == 0 )
{ RuntimeError("division by zero");
if ( i2 == 0 )
RuntimeError("division by zero");
i3 = i1 / i2; i3 = i1 / i2;
}
else if ( is_unsigned )
{
if ( u2 == 0 )
RuntimeError("division by zero");
u3 = u1 / u2;
}
else
{
if ( d2 == 0 )
RuntimeError("division by zero");
d3 = d1 / d2;
}
} }
else if ( is_unsigned )
{
if ( u2 == 0 )
RuntimeError("division by zero");
u3 = u1 / u2;
}
else
{
if ( d2 == 0 )
RuntimeError("division by zero");
d3 = d1 / d2;
}
}
break; break;
case EXPR_MOD: case EXPR_MOD:
{
if ( is_integral )
{ {
if ( is_integral ) if ( i2 == 0 )
{ RuntimeError("modulo by zero");
if ( i2 == 0 )
RuntimeError("modulo by zero");
i3 = i1 % i2; i3 = i1 % i2;
}
else if ( is_unsigned )
{
if ( u2 == 0 )
RuntimeError("modulo by zero");
u3 = u1 % u2;
}
else
RuntimeErrorWithCallStack("bad type in BinaryExpr::Fold");
} }
else if ( is_unsigned )
{
if ( u2 == 0 )
RuntimeError("modulo by zero");
u3 = u1 % u2;
}
else
RuntimeErrorWithCallStack("bad type in BinaryExpr::Fold");
}
break; break;
case EXPR_AND: case EXPR_AND:
@ -1060,13 +1061,13 @@ ValPtr BinaryExpr::StringFold(Val* v1, Val* v2) const
case EXPR_ADD: case EXPR_ADD:
case EXPR_ADD_TO: case EXPR_ADD_TO:
{ {
std::vector<const String*> strings; std::vector<const String*> strings;
strings.push_back(s1); strings.push_back(s1);
strings.push_back(s2); strings.push_back(s2);
return make_intrusive<StringVal>(concatenate(strings)); return make_intrusive<StringVal>(concatenate(strings));
} }
default: default:
BadTag("BinaryExpr::StringFold", expr_name(tag)); BadTag("BinaryExpr::StringFold", expr_name(tag));
@ -1083,8 +1084,8 @@ ValPtr BinaryExpr::PatternFold(Val* v1, Val* v2) const
if ( tag != EXPR_AND && tag != EXPR_OR ) if ( tag != EXPR_AND && tag != EXPR_OR )
BadTag("BinaryExpr::PatternFold"); BadTag("BinaryExpr::PatternFold");
RE_Matcher* res = RE_Matcher* res = tag == EXPR_AND ? RE_Matcher_conjunction(re1, re2)
tag == EXPR_AND ? RE_Matcher_conjunction(re1, re2) : RE_Matcher_disjunction(re1, re2); : RE_Matcher_disjunction(re1, re2);
return make_intrusive<PatternVal>(res); return make_intrusive<PatternVal>(res);
} }
@ -1101,24 +1102,24 @@ ValPtr BinaryExpr::SetFold(Val* v1, Val* v2) const
return tv1->Intersection(*tv2); return tv1->Intersection(*tv2);
case EXPR_OR: case EXPR_OR:
{ {
auto rval = v1->Clone(); auto rval = v1->Clone();
if ( ! tv2->AddTo(rval.get(), false, false) ) if ( ! tv2->AddTo(rval.get(), false, false) )
reporter->InternalError("set union failed to type check"); reporter->InternalError("set union failed to type check");
return rval; return rval;
} }
case EXPR_SUB: case EXPR_SUB:
{ {
auto rval = v1->Clone(); auto rval = v1->Clone();
if ( ! tv2->RemoveFrom(rval.get()) ) if ( ! tv2->RemoveFrom(rval.get()) )
reporter->InternalError("set difference failed to type check"); reporter->InternalError("set difference failed to type check");
return rval; return rval;
} }
case EXPR_EQ: case EXPR_EQ:
res = tv1->EqualTo(*tv2); res = tv1->EqualTo(*tv2);
@ -2859,9 +2860,9 @@ IndexExpr::IndexExpr(ExprPtr arg_op1, ListExprPtr arg_op2, bool arg_is_slice)
if ( match_type == DOES_NOT_MATCH_INDEX ) if ( match_type == DOES_NOT_MATCH_INDEX )
{ {
std::string error_msg = std::string error_msg = util::fmt(
util::fmt("expression with type '%s' is not a type that can be indexed", "expression with type '%s' is not a type that can be indexed",
type_name(op1->GetType()->Tag())); type_name(op1->GetType()->Tag()));
SetError(error_msg.data()); SetError(error_msg.data());
} }
@ -3019,15 +3020,15 @@ ValPtr IndexExpr::Fold(Val* v1, Val* v2) const
switch ( v1->GetType()->Tag() ) switch ( v1->GetType()->Tag() )
{ {
case TYPE_VECTOR: case TYPE_VECTOR:
{ {
VectorVal* vect = v1->AsVectorVal(); VectorVal* vect = v1->AsVectorVal();
const ListVal* lv = v2->AsListVal(); const ListVal* lv = v2->AsListVal();
if ( lv->Length() == 1 ) if ( lv->Length() == 1 )
v = vect->ValAt(lv->Idx(0)->CoerceToUnsigned()); v = vect->ValAt(lv->Idx(0)->CoerceToUnsigned());
else else
return index_slice(vect, lv); return index_slice(vect, lv);
} }
break; break;
case TYPE_TABLE: case TYPE_TABLE:
@ -3994,8 +3995,8 @@ RecordCoerceExpr::RecordCoerceExpr(ExprPtr arg_op, RecordTypePtr r)
if ( ! is_arithmetic_promotable(sup_t_i.get(), sub_t_i.get()) && if ( ! is_arithmetic_promotable(sup_t_i.get(), sub_t_i.get()) &&
! is_record_promotable(sup_t_i.get(), sub_t_i.get()) ) ! is_record_promotable(sup_t_i.get(), sub_t_i.get()) )
{ {
std::string error_msg = std::string error_msg = util::fmt("type clash for field \"%s\"",
util::fmt("type clash for field \"%s\"", sub_r->FieldName(i)); sub_r->FieldName(i));
Error(error_msg.c_str(), sub_t_i.get()); Error(error_msg.c_str(), sub_t_i.get());
SetError(); SetError();
break; break;
@ -4014,8 +4015,8 @@ RecordCoerceExpr::RecordCoerceExpr(ExprPtr arg_op, RecordTypePtr r)
{ {
if ( ! t_r->FieldDecl(i)->GetAttr(ATTR_OPTIONAL) ) if ( ! t_r->FieldDecl(i)->GetAttr(ATTR_OPTIONAL) )
{ {
std::string error_msg = std::string error_msg = util::fmt("non-optional field \"%s\" missing",
util::fmt("non-optional field \"%s\" missing", t_r->FieldName(i)); t_r->FieldName(i));
Error(error_msg.c_str()); Error(error_msg.c_str());
SetError(); SetError();
break; break;
@ -4100,8 +4101,8 @@ RecordValPtr coerce_to_record(RecordTypePtr rt, Val* v, const std::vector<int>&
if ( rhs_type->Tag() == TYPE_RECORD && field_type->Tag() == TYPE_RECORD && if ( rhs_type->Tag() == TYPE_RECORD && field_type->Tag() == TYPE_RECORD &&
! same_type(rhs_type, field_type) ) ! same_type(rhs_type, field_type) )
{ {
if ( auto new_val = if ( auto new_val = rhs->AsRecordVal()->CoerceTo(
rhs->AsRecordVal()->CoerceTo(cast_intrusive<RecordType>(field_type)) ) cast_intrusive<RecordType>(field_type)) )
rhs = std::move(new_val); rhs = std::move(new_val);
} }
else if ( BothArithmetic(rhs_type->Tag(), field_type->Tag()) && else if ( BothArithmetic(rhs_type->Tag(), field_type->Tag()) &&
@ -4124,8 +4125,8 @@ RecordValPtr coerce_to_record(RecordTypePtr rt, Val* v, const std::vector<int>&
if ( def_type->Tag() == TYPE_RECORD && field_type->Tag() == TYPE_RECORD && if ( def_type->Tag() == TYPE_RECORD && field_type->Tag() == TYPE_RECORD &&
! same_type(def_type, field_type) ) ! same_type(def_type, field_type) )
{ {
auto tmp = auto tmp = def_val->AsRecordVal()->CoerceTo(
def_val->AsRecordVal()->CoerceTo(cast_intrusive<RecordType>(field_type)); cast_intrusive<RecordType>(field_type));
if ( tmp ) if ( tmp )
def_val = std::move(tmp); def_val = std::move(tmp);
@ -4566,9 +4567,9 @@ LambdaExpr::LambdaExpr(std::unique_ptr<function_ingredients> arg_ing, IDPList ar
// Install a dummy version of the function globally for use only // Install a dummy version of the function globally for use only
// when broker provides a closure. // when broker provides a closure.
auto dummy_func = auto dummy_func = make_intrusive<ScriptFunc>(ingredients->id, ingredients->body,
make_intrusive<ScriptFunc>(ingredients->id, ingredients->body, ingredients->inits, ingredients->inits, ingredients->frame_size,
ingredients->frame_size, ingredients->priority); ingredients->priority);
dummy_func->SetOuterIDs(outer_ids); dummy_func->SetOuterIDs(outer_ids);
@ -4879,8 +4880,8 @@ TypePtr ListExpr::InitType() const
// Collapse any embedded sets or lists. // Collapse any embedded sets or lists.
if ( ti->IsSet() || ti->Tag() == TYPE_LIST ) if ( ti->IsSet() || ti->Tag() == TYPE_LIST )
{ {
TypeList* til = TypeList* til = ti->IsSet() ? ti->AsSetType()->GetIndices().get()
ti->IsSet() ? ti->AsSetType()->GetIndices().get() : ti->AsTypeList(); : ti->AsTypeList();
if ( ! til->IsPure() || ! til->AllMatch(til->GetPureType(), true) ) if ( ! til->IsPure() || ! til->AllMatch(til->GetPureType(), true) )
tl->Append({NewRef{}, til}); tl->Append({NewRef{}, til});
@ -5163,8 +5164,8 @@ RecordAssignExpr::RecordAssignExpr(const ExprPtr& record, const ExprPtr& init_li
if ( field >= 0 && same_type(lhs->GetFieldType(field), t->GetFieldType(j)) ) if ( field >= 0 && same_type(lhs->GetFieldType(field), t->GetFieldType(j)) )
{ {
auto fe_lhs = make_intrusive<FieldExpr>(record, field_name); auto fe_lhs = make_intrusive<FieldExpr>(record, field_name);
auto fe_rhs = auto fe_rhs = make_intrusive<FieldExpr>(IntrusivePtr{NewRef{}, init},
make_intrusive<FieldExpr>(IntrusivePtr{NewRef{}, init}, field_name); field_name);
Append(get_assign_expr(std::move(fe_lhs), std::move(fe_rhs), is_init)); Append(get_assign_expr(std::move(fe_lhs), std::move(fe_rhs), is_init));
} }
} }

4
src/File.cc
View file

@ -2,9 +2,9 @@
#include "zeek/File.h" #include "zeek/File.h"
#include <sys/types.h>
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
#include <sys/types.h>
#ifdef TIME_WITH_SYS_TIME #ifdef TIME_WITH_SYS_TIME
#include <sys/time.h> #include <sys/time.h>
#include <time.h> #include <time.h>

3
src/Frag.cc
View file

@ -2,13 +2,14 @@
#include "zeek/Frag.h" #include "zeek/Frag.h"
#include "zeek/zeek-config.h"
#include "zeek/Hash.h" #include "zeek/Hash.h"
#include "zeek/IP.h" #include "zeek/IP.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/RunState.h" #include "zeek/RunState.h"
#include "zeek/session/Manager.h" #include "zeek/session/Manager.h"
#include "zeek/zeek-config.h"
constexpr uint32_t MIN_ACCEPTABLE_FRAG_SIZE = 64; constexpr uint32_t MIN_ACCEPTABLE_FRAG_SIZE = 64;
constexpr uint32_t MAX_ACCEPTABLE_FRAG_SIZE = 64000; constexpr uint32_t MAX_ACCEPTABLE_FRAG_SIZE = 64000;

39
src/Func.cc
View file

@ -3,10 +3,10 @@
#include "zeek/Func.h" #include "zeek/Func.h"
#include "zeek/zeek-config.h"
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
#include "zeek/zeek-config.h"
#ifdef TIME_WITH_SYS_TIME #ifdef TIME_WITH_SYS_TIME
#include <sys/time.h> #include <sys/time.h>
#include <time.h> #include <time.h>
@ -272,26 +272,25 @@ void Func::CheckPluginResult(bool handled, const ValPtr& hook_result, FunctionFl
break; break;
case FUNC_FLAVOR_FUNCTION: case FUNC_FLAVOR_FUNCTION:
{
const auto& yt = GetType()->Yield();
if ( (! yt) || yt->Tag() == TYPE_VOID )
{ {
const auto& yt = GetType()->Yield(); if ( hook_result )
reporter->InternalError("plugin returned non-void result for void method %s",
if ( (! yt) || yt->Tag() == TYPE_VOID ) this->Name());
{
if ( hook_result )
reporter->InternalError(
"plugin returned non-void result for void method %s", this->Name());
}
else if ( hook_result && hook_result->GetType()->Tag() != yt->Tag() &&
yt->Tag() != TYPE_ANY )
{
reporter->InternalError(
"plugin returned wrong type (got %d, expecting %d) for %s",
hook_result->GetType()->Tag(), yt->Tag(), this->Name());
}
break;
} }
else if ( hook_result && hook_result->GetType()->Tag() != yt->Tag() &&
yt->Tag() != TYPE_ANY )
{
reporter->InternalError("plugin returned wrong type (got %d, expecting %d) for %s",
hook_result->GetType()->Tag(), yt->Tag(), this->Name());
}
break;
}
} }
} }

3
src/Hash.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Hash.h" #include "zeek/Hash.h"
#include "zeek/zeek-config.h"
#include <highwayhash/highwayhash_target.h> #include <highwayhash/highwayhash_target.h>
#include <highwayhash/instruction_sets.h> #include <highwayhash/instruction_sets.h>
#include <highwayhash/sip_hash.h> #include <highwayhash/sip_hash.h>
@ -12,7 +14,6 @@
#include "zeek/Val.h" // needed for const.bif #include "zeek/Val.h" // needed for const.bif
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/digest.h" #include "zeek/digest.h"
#include "zeek/zeek-config.h"
#include "const.bif.netvar_h" #include "const.bif.netvar_h"

3
src/ID.cc
View file

@ -3,6 +3,8 @@
#include "zeek/ID.h" #include "zeek/ID.h"
#include "zeek/zeek-config.h"
#include "zeek/Attr.h" #include "zeek/Attr.h"
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/Dict.h" #include "zeek/Dict.h"
@ -16,7 +18,6 @@
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/module_util.h" #include "zeek/module_util.h"
#include "zeek/script_opt/IDOptInfo.h" #include "zeek/script_opt/IDOptInfo.h"
#include "zeek/zeek-config.h"
#include "zeek/zeekygen/IdentifierInfo.h" #include "zeek/zeekygen/IdentifierInfo.h"
#include "zeek/zeekygen/Manager.h" #include "zeek/zeekygen/Manager.h"
#include "zeek/zeekygen/ScriptInfo.h" #include "zeek/zeekygen/ScriptInfo.h"

600
src/IP.cc
View file

@ -58,249 +58,244 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
switch ( type ) switch ( type )
{ {
case IPPROTO_IPV6: case IPPROTO_IPV6:
{ {
static auto ip6_hdr_type = id::find_type<RecordType>("ip6_hdr"); static auto ip6_hdr_type = id::find_type<RecordType>("ip6_hdr");
rv = make_intrusive<RecordVal>(ip6_hdr_type); rv = make_intrusive<RecordVal>(ip6_hdr_type);
const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data; const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data;
rv->Assign(0, (ntohl(ip6->ip6_flow) & 0x0ff00000) >> 20); rv->Assign(0, (ntohl(ip6->ip6_flow) & 0x0ff00000) >> 20);
rv->Assign(1, ntohl(ip6->ip6_flow) & 0x000fffff); rv->Assign(1, ntohl(ip6->ip6_flow) & 0x000fffff);
rv->Assign(2, ntohs(ip6->ip6_plen)); rv->Assign(2, ntohs(ip6->ip6_plen));
rv->Assign(3, ip6->ip6_nxt); rv->Assign(3, ip6->ip6_nxt);
rv->Assign(4, ip6->ip6_hlim); rv->Assign(4, ip6->ip6_hlim);
rv->Assign(5, make_intrusive<AddrVal>(IPAddr(ip6->ip6_src))); rv->Assign(5, make_intrusive<AddrVal>(IPAddr(ip6->ip6_src)));
rv->Assign(6, make_intrusive<AddrVal>(IPAddr(ip6->ip6_dst))); rv->Assign(6, make_intrusive<AddrVal>(IPAddr(ip6->ip6_dst)));
if ( ! chain ) if ( ! chain )
chain = chain = make_intrusive<VectorVal>(id::find_type<VectorType>("ip6_ext_hdr_chain"));
make_intrusive<VectorVal>(id::find_type<VectorType>("ip6_ext_hdr_chain")); rv->Assign(7, std::move(chain));
rv->Assign(7, std::move(chain)); }
}
break; break;
case IPPROTO_HOPOPTS: case IPPROTO_HOPOPTS:
{ {
static auto ip6_hopopts_type = id::find_type<RecordType>("ip6_hopopts"); static auto ip6_hopopts_type = id::find_type<RecordType>("ip6_hopopts");
rv = make_intrusive<RecordVal>(ip6_hopopts_type); rv = make_intrusive<RecordVal>(ip6_hopopts_type);
const struct ip6_hbh* hbh = (const struct ip6_hbh*)data; const struct ip6_hbh* hbh = (const struct ip6_hbh*)data;
rv->Assign(0, hbh->ip6h_nxt); rv->Assign(0, hbh->ip6h_nxt);
rv->Assign(1, hbh->ip6h_len); rv->Assign(1, hbh->ip6h_len);
uint16_t off = 2 * sizeof(uint8_t); uint16_t off = 2 * sizeof(uint8_t);
rv->Assign(2, BuildOptionsVal(data + off, Length() - off)); rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
} }
break; break;
case IPPROTO_DSTOPTS: case IPPROTO_DSTOPTS:
{ {
static auto ip6_dstopts_type = id::find_type<RecordType>("ip6_dstopts"); static auto ip6_dstopts_type = id::find_type<RecordType>("ip6_dstopts");
rv = make_intrusive<RecordVal>(ip6_dstopts_type); rv = make_intrusive<RecordVal>(ip6_dstopts_type);
const struct ip6_dest* dst = (const struct ip6_dest*)data; const struct ip6_dest* dst = (const struct ip6_dest*)data;
rv->Assign(0, dst->ip6d_nxt); rv->Assign(0, dst->ip6d_nxt);
rv->Assign(1, dst->ip6d_len); rv->Assign(1, dst->ip6d_len);
uint16_t off = 2 * sizeof(uint8_t); uint16_t off = 2 * sizeof(uint8_t);
rv->Assign(2, BuildOptionsVal(data + off, Length() - off)); rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
} }
break; break;
case IPPROTO_ROUTING: case IPPROTO_ROUTING:
{ {
static auto ip6_routing_type = id::find_type<RecordType>("ip6_routing"); static auto ip6_routing_type = id::find_type<RecordType>("ip6_routing");
rv = make_intrusive<RecordVal>(ip6_routing_type); rv = make_intrusive<RecordVal>(ip6_routing_type);
const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data; const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data;
rv->Assign(0, rt->ip6r_nxt); rv->Assign(0, rt->ip6r_nxt);
rv->Assign(1, rt->ip6r_len); rv->Assign(1, rt->ip6r_len);
rv->Assign(2, rt->ip6r_type); rv->Assign(2, rt->ip6r_type);
rv->Assign(3, rt->ip6r_segleft); rv->Assign(3, rt->ip6r_segleft);
uint16_t off = 4 * sizeof(uint8_t); uint16_t off = 4 * sizeof(uint8_t);
rv->Assign(4, new String(data + off, Length() - off, true)); rv->Assign(4, new String(data + off, Length() - off, true));
} }
break; break;
case IPPROTO_FRAGMENT: case IPPROTO_FRAGMENT:
{ {
static auto ip6_fragment_type = id::find_type<RecordType>("ip6_fragment"); static auto ip6_fragment_type = id::find_type<RecordType>("ip6_fragment");
rv = make_intrusive<RecordVal>(ip6_fragment_type); rv = make_intrusive<RecordVal>(ip6_fragment_type);
const struct ip6_frag* frag = (const struct ip6_frag*)data; const struct ip6_frag* frag = (const struct ip6_frag*)data;
rv->Assign(0, frag->ip6f_nxt); rv->Assign(0, frag->ip6f_nxt);
rv->Assign(1, frag->ip6f_reserved); rv->Assign(1, frag->ip6f_reserved);
rv->Assign(2, (ntohs(frag->ip6f_offlg) & 0xfff8) >> 3); rv->Assign(2, (ntohs(frag->ip6f_offlg) & 0xfff8) >> 3);
rv->Assign(3, (ntohs(frag->ip6f_offlg) & 0x0006) >> 1); rv->Assign(3, (ntohs(frag->ip6f_offlg) & 0x0006) >> 1);
rv->Assign(4, static_cast<bool>(ntohs(frag->ip6f_offlg) & 0x0001)); rv->Assign(4, static_cast<bool>(ntohs(frag->ip6f_offlg) & 0x0001));
rv->Assign(5, ntohl(frag->ip6f_ident)); rv->Assign(5, ntohl(frag->ip6f_ident));
} }
break; break;
case IPPROTO_AH: case IPPROTO_AH:
{ {
static auto ip6_ah_type = id::find_type<RecordType>("ip6_ah"); static auto ip6_ah_type = id::find_type<RecordType>("ip6_ah");
rv = make_intrusive<RecordVal>(ip6_ah_type); rv = make_intrusive<RecordVal>(ip6_ah_type);
rv->Assign(0, ((ip6_ext*)data)->ip6e_nxt); rv->Assign(0, ((ip6_ext*)data)->ip6e_nxt);
rv->Assign(1, ((ip6_ext*)data)->ip6e_len); rv->Assign(1, ((ip6_ext*)data)->ip6e_len);
rv->Assign(2, ntohs(((uint16_t*)data)[1])); rv->Assign(2, ntohs(((uint16_t*)data)[1]));
rv->Assign(3, ntohl(((uint32_t*)data)[1])); rv->Assign(3, ntohl(((uint32_t*)data)[1]));
if ( Length() >= 12 ) if ( Length() >= 12 )
{ {
// Sequence Number and ICV fields can only be extracted if // Sequence Number and ICV fields can only be extracted if
// Payload Len was non-zero for this header. // Payload Len was non-zero for this header.
rv->Assign(4, ntohl(((uint32_t*)data)[2])); rv->Assign(4, ntohl(((uint32_t*)data)[2]));
uint16_t off = 3 * sizeof(uint32_t); uint16_t off = 3 * sizeof(uint32_t);
rv->Assign(5, new String(data + off, Length() - off, true)); rv->Assign(5, new String(data + off, Length() - off, true));
}
} }
}
break; break;
case IPPROTO_ESP: case IPPROTO_ESP:
{ {
static auto ip6_esp_type = id::find_type<RecordType>("ip6_esp"); static auto ip6_esp_type = id::find_type<RecordType>("ip6_esp");
rv = make_intrusive<RecordVal>(ip6_esp_type); rv = make_intrusive<RecordVal>(ip6_esp_type);
const uint32_t* esp = (const uint32_t*)data; const uint32_t* esp = (const uint32_t*)data;
rv->Assign(0, ntohl(esp[0])); rv->Assign(0, ntohl(esp[0]));
rv->Assign(1, ntohl(esp[1])); rv->Assign(1, ntohl(esp[1]));
} }
break; break;
case IPPROTO_MOBILITY: case IPPROTO_MOBILITY:
{
static auto ip6_mob_type = id::find_type<RecordType>("ip6_mobility_hdr");
rv = make_intrusive<RecordVal>(ip6_mob_type);
const struct ip6_mobility* mob = (const struct ip6_mobility*)data;
rv->Assign(0, mob->ip6mob_payload);
rv->Assign(1, mob->ip6mob_len);
rv->Assign(2, mob->ip6mob_type);
rv->Assign(3, mob->ip6mob_rsv);
rv->Assign(4, ntohs(mob->ip6mob_chksum));
static auto ip6_mob_msg_type = id::find_type<RecordType>("ip6_mobility_msg");
auto msg = make_intrusive<RecordVal>(ip6_mob_msg_type);
msg->Assign(0, mob->ip6mob_type);
uint16_t off = sizeof(ip6_mobility);
const u_char* msg_data = data + off;
static auto ip6_mob_brr_type = id::find_type<RecordType>("ip6_mobility_brr");
static auto ip6_mob_hoti_type = id::find_type<RecordType>("ip6_mobility_hoti");
static auto ip6_mob_coti_type = id::find_type<RecordType>("ip6_mobility_coti");
static auto ip6_mob_hot_type = id::find_type<RecordType>("ip6_mobility_hot");
static auto ip6_mob_cot_type = id::find_type<RecordType>("ip6_mobility_cot");
static auto ip6_mob_bu_type = id::find_type<RecordType>("ip6_mobility_bu");
static auto ip6_mob_back_type = id::find_type<RecordType>("ip6_mobility_back");
static auto ip6_mob_be_type = id::find_type<RecordType>("ip6_mobility_be");
switch ( mob->ip6mob_type )
{ {
static auto ip6_mob_type = id::find_type<RecordType>("ip6_mobility_hdr"); case 0:
rv = make_intrusive<RecordVal>(ip6_mob_type);
const struct ip6_mobility* mob = (const struct ip6_mobility*)data;
rv->Assign(0, mob->ip6mob_payload);
rv->Assign(1, mob->ip6mob_len);
rv->Assign(2, mob->ip6mob_type);
rv->Assign(3, mob->ip6mob_rsv);
rv->Assign(4, ntohs(mob->ip6mob_chksum));
static auto ip6_mob_msg_type = id::find_type<RecordType>("ip6_mobility_msg");
auto msg = make_intrusive<RecordVal>(ip6_mob_msg_type);
msg->Assign(0, mob->ip6mob_type);
uint16_t off = sizeof(ip6_mobility);
const u_char* msg_data = data + off;
static auto ip6_mob_brr_type = id::find_type<RecordType>("ip6_mobility_brr");
static auto ip6_mob_hoti_type = id::find_type<RecordType>("ip6_mobility_hoti");
static auto ip6_mob_coti_type = id::find_type<RecordType>("ip6_mobility_coti");
static auto ip6_mob_hot_type = id::find_type<RecordType>("ip6_mobility_hot");
static auto ip6_mob_cot_type = id::find_type<RecordType>("ip6_mobility_cot");
static auto ip6_mob_bu_type = id::find_type<RecordType>("ip6_mobility_bu");
static auto ip6_mob_back_type = id::find_type<RecordType>("ip6_mobility_back");
static auto ip6_mob_be_type = id::find_type<RecordType>("ip6_mobility_be");
switch ( mob->ip6mob_type )
{ {
case 0: auto m = make_intrusive<RecordVal>(ip6_mob_brr_type);
{ m->Assign(0, ntohs(*((uint16_t*)msg_data)));
auto m = make_intrusive<RecordVal>(ip6_mob_brr_type); off += sizeof(uint16_t);
m->Assign(0, ntohs(*((uint16_t*)msg_data))); m->Assign(1, BuildOptionsVal(data + off, Length() - off));
off += sizeof(uint16_t); msg->Assign(1, std::move(m));
m->Assign(1, BuildOptionsVal(data + off, Length() - off)); }
msg->Assign(1, std::move(m)); break;
}
break;
case 1: case 1:
{ {
auto m = make_intrusive<RecordVal>(ip6_mob_hoti_type); auto m = make_intrusive<RecordVal>(ip6_mob_hoti_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data))); m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))); m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
off += sizeof(uint16_t) + sizeof(uint64_t); off += sizeof(uint16_t) + sizeof(uint64_t);
m->Assign(2, BuildOptionsVal(data + off, Length() - off)); m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(2, std::move(m)); msg->Assign(2, std::move(m));
break; break;
}
case 2:
{
auto m = make_intrusive<RecordVal>(ip6_mob_coti_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
off += sizeof(uint16_t) + sizeof(uint64_t);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(3, std::move(m));
break;
}
case 3:
{
auto m = make_intrusive<RecordVal>(ip6_mob_hot_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) +
sizeof(uint64_t)))));
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
msg->Assign(4, std::move(m));
break;
}
case 4:
{
auto m = make_intrusive<RecordVal>(ip6_mob_cot_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) +
sizeof(uint64_t)))));
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
msg->Assign(5, std::move(m));
break;
}
case 5:
{
auto m = make_intrusive<RecordVal>(ip6_mob_bu_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) &
0x8000));
m->Assign(2, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) &
0x4000));
m->Assign(3, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) &
0x2000));
m->Assign(4, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) &
0x1000));
m->Assign(5, ntohs(*((uint16_t*)(msg_data + 2 * sizeof(uint16_t)))));
off += 3 * sizeof(uint16_t);
m->Assign(6, BuildOptionsVal(data + off, Length() - off));
msg->Assign(6, std::move(m));
break;
}
case 6:
{
auto m = make_intrusive<RecordVal>(ip6_mob_back_type);
m->Assign(0, *((uint8_t*)msg_data));
m->Assign(1, static_cast<bool>(
*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
m->Assign(2, ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(3, ntohs(*((uint16_t*)(msg_data + 2 * sizeof(uint16_t)))));
off += 3 * sizeof(uint16_t);
m->Assign(4, BuildOptionsVal(data + off, Length() - off));
msg->Assign(7, std::move(m));
break;
}
case 7:
{
auto m = make_intrusive<RecordVal>(ip6_mob_be_type);
m->Assign(0, *((uint8_t*)msg_data));
const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16_t));
m->Assign(1, make_intrusive<AddrVal>(IPAddr(*hoa)));
off += sizeof(uint16_t) + sizeof(in6_addr);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(8, std::move(m));
break;
}
default:
reporter->Weird("unknown_mobility_type", util::fmt("%d", mob->ip6mob_type));
break;
} }
rv->Assign(5, std::move(msg)); case 2:
{
auto m = make_intrusive<RecordVal>(ip6_mob_coti_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
off += sizeof(uint16_t) + sizeof(uint64_t);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(3, std::move(m));
break;
}
case 3:
{
auto m = make_intrusive<RecordVal>(ip6_mob_hot_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(
2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t)))));
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
msg->Assign(4, std::move(m));
break;
}
case 4:
{
auto m = make_intrusive<RecordVal>(ip6_mob_cot_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(
2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t)))));
off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
m->Assign(3, BuildOptionsVal(data + off, Length() - off));
msg->Assign(5, std::move(m));
break;
}
case 5:
{
auto m = make_intrusive<RecordVal>(ip6_mob_bu_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)));
m->Assign(1, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000));
m->Assign(2, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000));
m->Assign(3, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000));
m->Assign(4, static_cast<bool>(
ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000));
m->Assign(5, ntohs(*((uint16_t*)(msg_data + 2 * sizeof(uint16_t)))));
off += 3 * sizeof(uint16_t);
m->Assign(6, BuildOptionsVal(data + off, Length() - off));
msg->Assign(6, std::move(m));
break;
}
case 6:
{
auto m = make_intrusive<RecordVal>(ip6_mob_back_type);
m->Assign(0, *((uint8_t*)msg_data));
m->Assign(1,
static_cast<bool>(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
m->Assign(2, ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(3, ntohs(*((uint16_t*)(msg_data + 2 * sizeof(uint16_t)))));
off += 3 * sizeof(uint16_t);
m->Assign(4, BuildOptionsVal(data + off, Length() - off));
msg->Assign(7, std::move(m));
break;
}
case 7:
{
auto m = make_intrusive<RecordVal>(ip6_mob_be_type);
m->Assign(0, *((uint8_t*)msg_data));
const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16_t));
m->Assign(1, make_intrusive<AddrVal>(IPAddr(*hoa)));
off += sizeof(uint16_t) + sizeof(in6_addr);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(8, std::move(m));
break;
}
default:
reporter->Weird("unknown_mobility_type", util::fmt("%d", mob->ip6mob_type));
break;
} }
rv->Assign(5, std::move(msg));
}
break; break;
default: default:
@ -384,67 +379,67 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
switch ( proto ) switch ( proto )
{ {
case IPPROTO_TCP: case IPPROTO_TCP:
{ {
const struct tcphdr* tp = (const struct tcphdr*)data; const struct tcphdr* tp = (const struct tcphdr*)data;
auto tcp_hdr = make_intrusive<RecordVal>(tcp_hdr_type); auto tcp_hdr = make_intrusive<RecordVal>(tcp_hdr_type);
int tcp_hdr_len = tp->th_off * 4; int tcp_hdr_len = tp->th_off * 4;
int data_len = PayloadLen() - tcp_hdr_len; int data_len = PayloadLen() - tcp_hdr_len;
tcp_hdr->Assign(0, val_mgr->Port(ntohs(tp->th_sport), TRANSPORT_TCP)); tcp_hdr->Assign(0, val_mgr->Port(ntohs(tp->th_sport), TRANSPORT_TCP));
tcp_hdr->Assign(1, val_mgr->Port(ntohs(tp->th_dport), TRANSPORT_TCP)); tcp_hdr->Assign(1, val_mgr->Port(ntohs(tp->th_dport), TRANSPORT_TCP));
tcp_hdr->Assign(2, ntohl(tp->th_seq)); tcp_hdr->Assign(2, ntohl(tp->th_seq));
tcp_hdr->Assign(3, ntohl(tp->th_ack)); tcp_hdr->Assign(3, ntohl(tp->th_ack));
tcp_hdr->Assign(4, tcp_hdr_len); tcp_hdr->Assign(4, tcp_hdr_len);
tcp_hdr->Assign(5, data_len); tcp_hdr->Assign(5, data_len);
tcp_hdr->Assign(6, tp->th_x2); tcp_hdr->Assign(6, tp->th_x2);
tcp_hdr->Assign(7, tp->th_flags); tcp_hdr->Assign(7, tp->th_flags);
tcp_hdr->Assign(8, ntohs(tp->th_win)); tcp_hdr->Assign(8, ntohs(tp->th_win));
pkt_hdr->Assign(sindex + 2, std::move(tcp_hdr)); pkt_hdr->Assign(sindex + 2, std::move(tcp_hdr));
break; break;
} }
case IPPROTO_UDP: case IPPROTO_UDP:
{ {
const struct udphdr* up = (const struct udphdr*)data; const struct udphdr* up = (const struct udphdr*)data;
auto udp_hdr = make_intrusive<RecordVal>(udp_hdr_type); auto udp_hdr = make_intrusive<RecordVal>(udp_hdr_type);
udp_hdr->Assign(0, val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP)); udp_hdr->Assign(0, val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP));
udp_hdr->Assign(1, val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP)); udp_hdr->Assign(1, val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP));
udp_hdr->Assign(2, ntohs(up->uh_ulen)); udp_hdr->Assign(2, ntohs(up->uh_ulen));
pkt_hdr->Assign(sindex + 3, std::move(udp_hdr)); pkt_hdr->Assign(sindex + 3, std::move(udp_hdr));
break; break;
} }
case IPPROTO_ICMP: case IPPROTO_ICMP:
{ {
const struct icmp* icmpp = (const struct icmp*)data; const struct icmp* icmpp = (const struct icmp*)data;
auto icmp_hdr = make_intrusive<RecordVal>(icmp_hdr_type); auto icmp_hdr = make_intrusive<RecordVal>(icmp_hdr_type);
icmp_hdr->Assign(0, icmpp->icmp_type); icmp_hdr->Assign(0, icmpp->icmp_type);
pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr)); pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr));
break; break;
} }
case IPPROTO_ICMPV6: case IPPROTO_ICMPV6:
{ {
const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*)data; const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*)data;
auto icmp_hdr = make_intrusive<RecordVal>(icmp_hdr_type); auto icmp_hdr = make_intrusive<RecordVal>(icmp_hdr_type);
icmp_hdr->Assign(0, icmpp->icmp6_type); icmp_hdr->Assign(0, icmpp->icmp6_type);
pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr)); pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr));
break; break;
} }
default: default:
{ {
// This is not a protocol we understand. // This is not a protocol we understand.
break; break;
} }
} }
return pkt_hdr; return pkt_hdr;
@ -585,30 +580,30 @@ void IPv6_Hdr_Chain::ProcessRoutingHeader(const struct ip6_rthdr* r, uint16_t le
switch ( r->ip6r_type ) switch ( r->ip6r_type )
{ {
case 0: // Defined by RFC 2460, deprecated by RFC 5095 case 0: // Defined by RFC 2460, deprecated by RFC 5095
{
if ( r->ip6r_segleft > 0 && r->ip6r_len >= 2 )
{ {
if ( r->ip6r_segleft > 0 && r->ip6r_len >= 2 ) if ( r->ip6r_len % 2 == 0 )
{ finalDst = new IPAddr(*addr);
if ( r->ip6r_len % 2 == 0 ) else
finalDst = new IPAddr(*addr); reporter->Weird(SrcAddr(), DstAddr(), "odd_routing0_len");
else
reporter->Weird(SrcAddr(), DstAddr(), "odd_routing0_len");
}
// Always raise a weird since this type is deprecated.
reporter->Weird(SrcAddr(), DstAddr(), "routing0_hdr");
} }
// Always raise a weird since this type is deprecated.
reporter->Weird(SrcAddr(), DstAddr(), "routing0_hdr");
}
break; break;
case 2: // Defined by Mobile IPv6 RFC 6275. case 2: // Defined by Mobile IPv6 RFC 6275.
{
if ( r->ip6r_segleft > 0 )
{ {
if ( r->ip6r_segleft > 0 ) if ( r->ip6r_len == 2 )
{ finalDst = new IPAddr(*addr);
if ( r->ip6r_len == 2 ) else
finalDst = new IPAddr(*addr); reporter->Weird(SrcAddr(), DstAddr(), "bad_routing2_len");
else
reporter->Weird(SrcAddr(), DstAddr(), "bad_routing2_len");
}
} }
}
break; break;
default: default:
@ -642,36 +637,35 @@ void IPv6_Hdr_Chain::ProcessDstOpts(const struct ip6_dest* d, uint16_t len)
len -= sizeof(uint8_t); len -= sizeof(uint8_t);
break; break;
default: default:
{
// Double-check that the len can hold the whole option structure.
// Otherwise we get a buffer-overflow when we check the option_len.
// Also check that it holds everything for the option itself.
if ( len < sizeof(struct ip6_opt) || len < sizeof(struct ip6_opt) + opt->ip6o_len )
{ {
// Double-check that the len can hold the whole option structure. reporter->Weird(SrcAddr(), DstAddr(), "bad_ipv6_dest_opt_len");
// Otherwise we get a buffer-overflow when we check the option_len. len = 0;
// Also check that it holds everything for the option itself. break;
if ( len < sizeof(struct ip6_opt) ||
len < sizeof(struct ip6_opt) + opt->ip6o_len )
{
reporter->Weird(SrcAddr(), DstAddr(), "bad_ipv6_dest_opt_len");
len = 0;
break;
}
if ( opt->ip6o_type ==
201 ) // Home Address Option, Mobile IPv6 RFC 6275 section 6.3
{
if ( opt->ip6o_len == sizeof(struct in6_addr) )
{
if ( homeAddr )
reporter->Weird(SrcAddr(), DstAddr(), "multiple_home_addr_opts");
else
homeAddr =
new IPAddr(*((const in6_addr*)(data + sizeof(struct ip6_opt))));
}
else
reporter->Weird(SrcAddr(), DstAddr(), "bad_home_addr_len");
}
data += sizeof(struct ip6_opt) + opt->ip6o_len;
len -= sizeof(struct ip6_opt) + opt->ip6o_len;
} }
if ( opt->ip6o_type ==
201 ) // Home Address Option, Mobile IPv6 RFC 6275 section 6.3
{
if ( opt->ip6o_len == sizeof(struct in6_addr) )
{
if ( homeAddr )
reporter->Weird(SrcAddr(), DstAddr(), "multiple_home_addr_opts");
else
homeAddr = new IPAddr(
*((const in6_addr*)(data + sizeof(struct ip6_opt))));
}
else
reporter->Weird(SrcAddr(), DstAddr(), "bad_home_addr_len");
}
data += sizeof(struct ip6_opt) + opt->ip6o_len;
len -= sizeof(struct ip6_opt) + opt->ip6o_len;
}
break; break;
} }
} }

6
src/IP.h
View file

@ -2,11 +2,13 @@
#pragma once #pragma once
#include "zeek/zeek-config.h"
// clang-format off
#include <sys/types.h> // for u_char #include <sys/types.h> // for u_char
#include <netinet/in.h> #include <netinet/in.h>
#include <netinet/ip.h> #include <netinet/ip.h>
// clang-format on
#include "zeek/zeek-config.h"
#ifdef HAVE_NETINET_IP6_H #ifdef HAVE_NETINET_IP6_H
#include <netinet/ip6.h> #include <netinet/ip6.h>

3
src/NFA.cc
View file

@ -2,12 +2,13 @@
#include "zeek/NFA.h" #include "zeek/NFA.h"
#include "zeek/zeek-config.h"
#include <algorithm> #include <algorithm>
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/EquivClass.h" #include "zeek/EquivClass.h"
#include "zeek/IntSet.h" #include "zeek/IntSet.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {

7
src/NetVar.cc
View file

@ -2,11 +2,12 @@
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
#include "zeek/zeek-config.h"
#include "zeek/EventHandler.h" #include "zeek/EventHandler.h"
#include "zeek/ID.h" #include "zeek/ID.h"
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/Var.h" #include "zeek/Var.h"
#include "zeek/zeek-config.h"
zeek::RecordType* conn_id; zeek::RecordType* conn_id;
zeek::RecordType* endpoint; zeek::RecordType* endpoint;
@ -291,8 +292,8 @@ void init_net_var()
udp_content_deliver_all_orig = bool(id::find_val("udp_content_deliver_all_orig")->AsBool()); udp_content_deliver_all_orig = bool(id::find_val("udp_content_deliver_all_orig")->AsBool());
udp_content_deliver_all_resp = bool(id::find_val("udp_content_deliver_all_resp")->AsBool()); udp_content_deliver_all_resp = bool(id::find_val("udp_content_deliver_all_resp")->AsBool());
udp_content_delivery_ports_use_resp = udp_content_delivery_ports_use_resp = bool(
bool(id::find_val("udp_content_delivery_ports_use_resp")->AsBool()); id::find_val("udp_content_delivery_ports_use_resp")->AsBool());
dns_session_timeout = id::find_val("dns_session_timeout")->AsInterval(); dns_session_timeout = id::find_val("dns_session_timeout")->AsInterval();
rpc_timeout = id::find_val("rpc_timeout")->AsInterval(); rpc_timeout = id::find_val("rpc_timeout")->AsInterval();

3
src/Obj.cc
View file

@ -2,13 +2,14 @@
#include "zeek/Obj.h" #include "zeek/Obj.h"
#include "zeek/zeek-config.h"
#include <stdlib.h> #include <stdlib.h>
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/File.h" #include "zeek/File.h"
#include "zeek/Func.h" #include "zeek/Func.h"
#include "zeek/plugin/Manager.h" #include "zeek/plugin/Manager.h"
#include "zeek/zeek-config.h"
namespace zeek namespace zeek
{ {

4
src/Obj.h
View file

@ -2,10 +2,10 @@
#pragma once #pragma once
#include <limits.h>
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
#include <limits.h>
namespace zeek namespace zeek
{ {

3
src/Options.cc
View file

@ -2,10 +2,11 @@
#include "zeek/Options.h" #include "zeek/Options.h"
#include "zeek/zeek-config.h"
#include <unistd.h> #include <unistd.h>
#include "zeek/script_opt/ScriptOpt.h" #include "zeek/script_opt/ScriptOpt.h"
#include "zeek/zeek-config.h"
#ifdef HAVE_GETOPT_H #ifdef HAVE_GETOPT_H
#include <getopt.h> #include <getopt.h>

3
src/PolicyFile.cc
View file

@ -1,5 +1,7 @@
#include "zeek/PolicyFile.h" #include "zeek/PolicyFile.h"
#include "zeek/zeek-config.h"
#include <assert.h> #include <assert.h>
#include <errno.h> #include <errno.h>
#include <stdio.h> #include <stdio.h>
@ -12,7 +14,6 @@
#include "zeek/Debug.h" #include "zeek/Debug.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/util.h" #include "zeek/util.h"
#include "zeek/zeek-config.h"
using namespace std; using namespace std;

4
src/PrefixTable.cc
View file

@ -94,8 +94,8 @@ std::list<std::tuple<IPPrefix, void*>> PrefixTable::FindAll(const SubNetVal* val
void* PrefixTable::Lookup(const IPAddr& addr, int width, bool exact) const void* PrefixTable::Lookup(const IPAddr& addr, int width, bool exact) const
{ {
prefix_t* prefix = MakePrefix(addr, width); prefix_t* prefix = MakePrefix(addr, width);
patricia_node_t* node = patricia_node_t* node = exact ? patricia_search_exact(tree, prefix)
exact ? patricia_search_exact(tree, prefix) : patricia_search_best(tree, prefix); : patricia_search_best(tree, prefix);
int elems = 0; int elems = 0;
patricia_node_t** list = nullptr; patricia_node_t** list = nullptr;

3
src/PriorityQueue.cc
View file

@ -2,12 +2,13 @@
#include "zeek/PriorityQueue.h" #include "zeek/PriorityQueue.h"
#include "zeek/zeek-config.h"
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/util.h" #include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {

4
src/PriorityQueue.h
View file

@ -2,11 +2,11 @@
#pragma once #pragma once
#include "zeek/zeek-config.h"
#include <math.h> #include <math.h>
#include <stdint.h> #include <stdint.h>
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {

3
src/RE.cc
View file

@ -2,6 +2,8 @@
#include "zeek/RE.h" #include "zeek/RE.h"
#include "zeek/zeek-config.h"
#include <stdlib.h> #include <stdlib.h>
#include <utility> #include <utility>
@ -10,7 +12,6 @@
#include "zeek/EquivClass.h" #include "zeek/EquivClass.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/zeek-config.h"
zeek::detail::CCL* zeek::detail::curr_ccl = nullptr; zeek::detail::CCL* zeek::detail::curr_ccl = nullptr;
zeek::detail::Specific_RE_Matcher* zeek::detail::rem = nullptr; zeek::detail::Specific_RE_Matcher* zeek::detail::rem = nullptr;

4
src/RandTest.h
View file

@ -1,9 +1,9 @@
#pragma once #pragma once
#include <stdint.h>
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
#include <stdint.h>
#define RT_MONTEN \ #define RT_MONTEN \
6 /* Bytes used as Monte Carlo \ 6 /* Bytes used as Monte Carlo \
co-ordinates. This should be no more \ co-ordinates. This should be no more \

3
src/Reassem.cc
View file

@ -2,10 +2,11 @@
#include "zeek/Reassem.h" #include "zeek/Reassem.h"
#include "zeek/zeek-config.h"
#include <algorithm> #include <algorithm>
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/zeek-config.h"
using std::min; using std::min;

13
src/Reporter.cc
View file

@ -4,6 +4,8 @@
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/zeek-config.h"
#include <syslog.h> #include <syslog.h>
#include <unistd.h> #include <unistd.h>
@ -20,7 +22,6 @@
#include "zeek/input.h" #include "zeek/input.h"
#include "zeek/plugin/Manager.h" #include "zeek/plugin/Manager.h"
#include "zeek/plugin/Plugin.h" #include "zeek/plugin/Plugin.h"
#include "zeek/zeek-config.h"
#ifdef SYSLOG_INT #ifdef SYSLOG_INT
extern "C" extern "C"
@ -599,11 +600,11 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Conne
if ( locations.size() ) if ( locations.size() )
{ {
auto locs = locations.back(); auto locs = locations.back();
raise_event = raise_event = PLUGIN_HOOK_WITH_RESULT(HOOK_REPORTER,
PLUGIN_HOOK_WITH_RESULT(HOOK_REPORTER, HookReporter(prefix, event, conn, addl, location,
HookReporter(prefix, event, conn, addl, location, locs.first, locs.second, time,
locs.first, locs.second, time, buffer), buffer),
true); true);
} }
else else
raise_event = PLUGIN_HOOK_WITH_RESULT( raise_event = PLUGIN_HOOK_WITH_RESULT(

3
src/Rule.cc
View file

@ -1,9 +1,10 @@
#include "zeek/Rule.h" #include "zeek/Rule.h"
#include "zeek/zeek-config.h"
#include "zeek/RuleAction.h" #include "zeek/RuleAction.h"
#include "zeek/RuleCondition.h" #include "zeek/RuleCondition.h"
#include "zeek/RuleMatcher.h" #include "zeek/RuleMatcher.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {

3
src/RuleAction.cc
View file

@ -1,5 +1,7 @@
#include "zeek/RuleAction.h" #include "zeek/RuleAction.h"
#include "zeek/zeek-config.h"
#include <string> #include <string>
#include "zeek/Conn.h" #include "zeek/Conn.h"
@ -8,7 +10,6 @@
#include "zeek/RuleMatcher.h" #include "zeek/RuleMatcher.h"
#include "zeek/analyzer/Manager.h" #include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/pia/PIA.h" #include "zeek/analyzer/protocol/pia/PIA.h"
#include "zeek/zeek-config.h"
using std::string; using std::string;

3
src/RuleCondition.cc
View file

@ -1,5 +1,7 @@
#include "zeek/RuleCondition.h" #include "zeek/RuleCondition.h"
#include "zeek/zeek-config.h"
#include "zeek/Func.h" #include "zeek/Func.h"
#include "zeek/ID.h" #include "zeek/ID.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
@ -7,7 +9,6 @@
#include "zeek/Scope.h" #include "zeek/Scope.h"
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/analyzer/protocol/tcp/TCP.h" #include "zeek/analyzer/protocol/tcp/TCP.h"
#include "zeek/zeek-config.h"
static inline bool is_established(const zeek::analyzer::tcp::TCP_Endpoint* e) static inline bool is_established(const zeek::analyzer::tcp::TCP_Endpoint* e)
{ {

69
src/RuleMatcher.cc
View file

@ -1,6 +1,8 @@
#include "zeek/RuleMatcher.h" #include "zeek/RuleMatcher.h"
#include "zeek/zeek-config.h"
#include <algorithm> #include <algorithm>
#include <functional> #include <functional>
@ -22,7 +24,6 @@
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/analyzer/Analyzer.h" #include "zeek/analyzer/Analyzer.h"
#include "zeek/module_util.h" #include "zeek/module_util.h"
#include "zeek/zeek-config.h"
using namespace std; using namespace std;
@ -662,8 +663,8 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state, const u
#ifdef DEBUG #ifdef DEBUG
if ( debug_logger.IsEnabled(DBG_RULES) ) if ( debug_logger.IsEnabled(DBG_RULES) )
{ {
const char* s = const char* s = util::fmt_bytes(reinterpret_cast<const char*>(data),
util::fmt_bytes(reinterpret_cast<const char*>(data), min(40, static_cast<int>(len))); min(40, static_cast<int>(len)));
DBG_LOG(DBG_RULES, "Matching %s rules on |%s%s|", Rule::TypeToString(Rule::FILE_MAGIC), s, DBG_LOG(DBG_RULES, "Matching %s rules on |%s%s|", Rule::TypeToString(Rule::FILE_MAGIC), s,
len > 40 ? "..." : ""); len > 40 ? "..." : "");
} }
@ -805,8 +806,8 @@ RuleEndpointState* RuleMatcher::InitEndpoint(analyzer::Analyzer* analyzer, const
case RuleHdrTest::ICMPv6: case RuleHdrTest::ICMPv6:
case RuleHdrTest::TCP: case RuleHdrTest::TCP:
case RuleHdrTest::UDP: case RuleHdrTest::UDP:
match = match = compare(*h->vals, getval(ip->Payload() + h->offset, h->size),
compare(*h->vals, getval(ip->Payload() + h->offset, h->size), h->comp); h->comp);
break; break;
case RuleHdrTest::IPSrc: case RuleHdrTest::IPSrc:
@ -1284,38 +1285,38 @@ static bool val_to_maskedval(Val* v, maskedvalue_list* append_to, vector<IPPrefi
break; break;
case TYPE_SUBNET: case TYPE_SUBNET:
{
if ( prefix_vector )
{ {
if ( prefix_vector ) prefix_vector->push_back(v->AsSubNet());
delete mval;
return true;
}
else
{
const uint32_t* n;
uint32_t m[4];
v->AsSubNet().Prefix().GetBytes(&n);
v->AsSubNetVal()->Mask().CopyIPv6(m);
for ( unsigned int i = 0; i < 4; ++i )
m[i] = ntohl(m[i]);
bool is_v4_mask = m[0] == 0xffffffff && m[1] == m[0] && m[2] == m[0];
if ( v->AsSubNet().Prefix().GetFamily() == IPv4 && is_v4_mask )
{ {
prefix_vector->push_back(v->AsSubNet()); mval->val = ntohl(*n);
delete mval; mval->mask = m[3];
return true;
} }
else else
{ {
const uint32_t* n; rules_error("IPv6 subnets not supported");
uint32_t m[4]; mval->val = 0;
v->AsSubNet().Prefix().GetBytes(&n); mval->mask = 0;
v->AsSubNetVal()->Mask().CopyIPv6(m);
for ( unsigned int i = 0; i < 4; ++i )
m[i] = ntohl(m[i]);
bool is_v4_mask = m[0] == 0xffffffff && m[1] == m[0] && m[2] == m[0];
if ( v->AsSubNet().Prefix().GetFamily() == IPv4 && is_v4_mask )
{
mval->val = ntohl(*n);
mval->mask = m[3];
}
else
{
rules_error("IPv6 subnets not supported");
mval->val = 0;
mval->mask = 0;
}
} }
} }
}
break; break;
default: default:
@ -1404,8 +1405,8 @@ void RuleMatcherState::InitEndpointMatcher(analyzer::Analyzer* analyzer, const I
delete orig_match_state; delete orig_match_state;
} }
orig_match_state = orig_match_state = rule_matcher->InitEndpoint(analyzer, ip, caplen, resp_match_state,
rule_matcher->InitEndpoint(analyzer, ip, caplen, resp_match_state, from_orig, pia); from_orig, pia);
} }
else else
@ -1416,8 +1417,8 @@ void RuleMatcherState::InitEndpointMatcher(analyzer::Analyzer* analyzer, const I
delete resp_match_state; delete resp_match_state;
} }
resp_match_state = resp_match_state = rule_matcher->InitEndpoint(analyzer, ip, caplen, orig_match_state,
rule_matcher->InitEndpoint(analyzer, ip, caplen, orig_match_state, from_orig, pia); from_orig, pia);
} }
} }

11
src/RunState.cc
View file

@ -2,9 +2,9 @@
#include "zeek/RunState.h" #include "zeek/RunState.h"
#include <sys/types.h>
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
#include <sys/types.h>
#ifdef TIME_WITH_SYS_TIME #ifdef TIME_WITH_SYS_TIME
#include <sys/time.h> #include <sys/time.h>
#include <time.h> #include <time.h>
@ -386,9 +386,10 @@ void get_final_stats()
{ {
iosource::PktSrc::Stats s; iosource::PktSrc::Stats s;
ps->Statistics(&s); ps->Statistics(&s);
double dropped_pct = double dropped_pct = s.dropped > 0.0
s.dropped > 0.0 ? ((double)s.dropped / ((double)s.received + (double)s.dropped)) * 100.0 ? ((double)s.dropped / ((double)s.received + (double)s.dropped)) *
: 0.0; 100.0
: 0.0;
reporter->Info("%" PRIu64 " packets received on interface %s, %" PRIu64 " (%.2f%%) dropped", reporter->Info("%" PRIu64 " packets received on interface %s, %" PRIu64 " (%.2f%%) dropped",
s.received, ps->Path().c_str(), s.dropped, dropped_pct); s.received, ps->Path().c_str(), s.dropped, dropped_pct);
} }

4
src/RunState.h
View file

@ -2,11 +2,11 @@
#pragma once #pragma once
#include "zeek/zeek-config.h"
#include <optional> #include <optional>
#include <string> #include <string>
#include "zeek/zeek-config.h"
namespace zeek namespace zeek
{ {

7
src/Scope.cc
View file

@ -2,13 +2,14 @@
#include "zeek/Scope.h" #include "zeek/Scope.h"
#include "zeek/zeek-config.h"
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/ID.h" #include "zeek/ID.h"
#include "zeek/IntrusivePtr.h" #include "zeek/IntrusivePtr.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/module_util.h" #include "zeek/module_util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {
@ -110,8 +111,8 @@ const IDPtr& lookup_ID(const char* name, const char* curr_module, bool no_global
std::string fullname = make_full_var_name(curr_module, name); std::string fullname = make_full_var_name(curr_module, name);
std::string ID_module = extract_module_name(fullname.c_str()); std::string ID_module = extract_module_name(fullname.c_str());
bool need_export = bool need_export = check_export &&
check_export && (ID_module != GLOBAL_MODULE_NAME && ID_module != curr_module); (ID_module != GLOBAL_MODULE_NAME && ID_module != curr_module);
for ( auto s_i = scopes.rbegin(); s_i != scopes.rend(); ++s_i ) for ( auto s_i = scopes.rbegin(); s_i != scopes.rend(); ++s_i )
{ {

4
src/SerializationFormat.h
View file

@ -2,11 +2,11 @@
#pragma once #pragma once
#include "zeek/zeek-config.h"
#include <stdint.h> #include <stdint.h>
#include <string> #include <string>
#include "zeek/zeek-config.h"
struct in_addr; struct in_addr;
struct in6_addr; struct in6_addr;

3
src/SmithWaterman.cc
View file

@ -2,6 +2,8 @@
#include "zeek/SmithWaterman.h" #include "zeek/SmithWaterman.h"
#include "zeek/zeek-config.h"
#include <ctype.h> #include <ctype.h>
#include <algorithm> #include <algorithm>
@ -9,7 +11,6 @@
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/Var.h" #include "zeek/Var.h"
#include "zeek/util.h" #include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {

14
src/Stats.cc
View file

@ -392,13 +392,15 @@ void SegmentProfiler::Report()
struct rusage final_rusage; struct rusage final_rusage;
getrusage(RUSAGE_SELF, &final_rusage); getrusage(RUSAGE_SELF, &final_rusage);
double start_time = double start_time = double(initial_rusage.ru_utime.tv_sec) +
double(initial_rusage.ru_utime.tv_sec) + double(initial_rusage.ru_utime.tv_usec) / 1e6 + double(initial_rusage.ru_utime.tv_usec) / 1e6 +
double(initial_rusage.ru_stime.tv_sec) + double(initial_rusage.ru_stime.tv_usec) / 1e6; double(initial_rusage.ru_stime.tv_sec) +
double(initial_rusage.ru_stime.tv_usec) / 1e6;
double stop_time = double stop_time = double(final_rusage.ru_utime.tv_sec) +
double(final_rusage.ru_utime.tv_sec) + double(final_rusage.ru_utime.tv_usec) / 1e6 + double(final_rusage.ru_utime.tv_usec) / 1e6 +
double(final_rusage.ru_stime.tv_sec) + double(final_rusage.ru_stime.tv_usec) / 1e6; double(final_rusage.ru_stime.tv_sec) +
double(final_rusage.ru_stime.tv_usec) / 1e6;
int start_mem = initial_rusage.ru_maxrss * 1024; int start_mem = initial_rusage.ru_maxrss * 1024;
int stop_mem = initial_rusage.ru_maxrss * 1024; int stop_mem = initial_rusage.ru_maxrss * 1024;

4
src/Stats.h
View file

@ -2,13 +2,13 @@
#pragma once #pragma once
#include "zeek/zeek-config.h"
#include <stdint.h> #include <stdint.h>
#include <sys/resource.h> #include <sys/resource.h>
#include <sys/time.h> #include <sys/time.h>
#include <sys/types.h> #include <sys/types.h>
#include "zeek/zeek-config.h"
namespace zeek namespace zeek
{ {

51
src/Stmt.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Stmt.h" #include "zeek/Stmt.h"
#include "zeek/zeek-config.h"
#include "zeek/CompHash.h" #include "zeek/CompHash.h"
#include "zeek/Debug.h" #include "zeek/Debug.h"
#include "zeek/Desc.h" #include "zeek/Desc.h"
@ -19,7 +21,6 @@
#include "zeek/logging/Manager.h" #include "zeek/logging/Manager.h"
#include "zeek/logging/logging.bif.h" #include "zeek/logging/logging.bif.h"
#include "zeek/script_opt/StmtOptInfo.h" #include "zeek/script_opt/StmtOptInfo.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {
@ -344,18 +345,18 @@ void do_print_stmt(const std::vector<ValPtr>& vals)
++offset; ++offset;
} }
static auto print_log_type = static auto print_log_type = static_cast<BifEnum::Log::PrintLogType>(
static_cast<BifEnum::Log::PrintLogType>(id::find_val("Log::print_to_log")->AsEnum()); id::find_val("Log::print_to_log")->AsEnum());
switch ( print_log_type ) switch ( print_log_type )
{ {
case BifEnum::Log::REDIRECT_NONE: case BifEnum::Log::REDIRECT_NONE:
break; break;
case BifEnum::Log::REDIRECT_ALL: case BifEnum::Log::REDIRECT_ALL:
{ {
print_log(vals); print_log(vals);
return; return;
} }
case BifEnum::Log::REDIRECT_STDOUT: case BifEnum::Log::REDIRECT_STDOUT:
if ( f->FileHandle() == stdout ) if ( f->FileHandle() == stdout )
{ {
@ -764,35 +765,35 @@ SwitchStmt::SwitchStmt(ExprPtr index, case_list* arg_cases)
{ {
// Simplify trivial unary plus/minus expressions on consts. // Simplify trivial unary plus/minus expressions on consts.
case EXPR_NEGATE: case EXPR_NEGATE:
{ {
NegExpr* ne = (NegExpr*)(expr); NegExpr* ne = (NegExpr*)(expr);
if ( ne->Op()->IsConst() ) if ( ne->Op()->IsConst() )
Unref(exprs.replace(j, new ConstExpr(ne->Eval(nullptr)))); Unref(exprs.replace(j, new ConstExpr(ne->Eval(nullptr))));
} }
break; break;
case EXPR_POSITIVE: case EXPR_POSITIVE:
{ {
PosExpr* pe = (PosExpr*)(expr); PosExpr* pe = (PosExpr*)(expr);
if ( pe->Op()->IsConst() ) if ( pe->Op()->IsConst() )
Unref(exprs.replace(j, new ConstExpr(pe->Eval(nullptr)))); Unref(exprs.replace(j, new ConstExpr(pe->Eval(nullptr))));
} }
break; break;
case EXPR_NAME: case EXPR_NAME:
{
NameExpr* ne = (NameExpr*)(expr);
if ( ne->Id()->IsConst() )
{ {
NameExpr* ne = (NameExpr*)(expr); auto v = ne->Eval(nullptr);
if ( ne->Id()->IsConst() ) if ( v )
{ Unref(exprs.replace(j, new ConstExpr(std::move(v))));
auto v = ne->Eval(nullptr);
if ( v )
Unref(exprs.replace(j, new ConstExpr(std::move(v))));
}
} }
}
break; break;
default: default:

3
src/Tag.h
View file

@ -2,12 +2,13 @@
#pragma once #pragma once
#include "zeek/zeek-config.h"
#include <stdint.h> #include <stdint.h>
#include <string> #include <string>
#include "zeek/IntrusivePtr.h" #include "zeek/IntrusivePtr.h"
#include "zeek/util.h" #include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek namespace zeek
{ {

7
src/Timer.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Timer.h" #include "zeek/Timer.h"
#include "zeek/zeek-config.h"
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
#include "zeek/RunState.h" #include "zeek/RunState.h"
@ -9,7 +11,6 @@
#include "zeek/iosource/Manager.h" #include "zeek/iosource/Manager.h"
#include "zeek/iosource/PktSrc.h" #include "zeek/iosource/PktSrc.h"
#include "zeek/util.h" #include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {
@ -102,8 +103,8 @@ void TimerMgr::Process()
// Just advance the timer manager based on the current network time. This won't actually // Just advance the timer manager based on the current network time. This won't actually
// change the time, but will dispatch any timers that need dispatching. // change the time, but will dispatch any timers that need dispatching.
run_state::current_dispatched += run_state::current_dispatched += Advance(run_state::network_time,
Advance(run_state::network_time, max_timer_expires - run_state::current_dispatched); max_timer_expires - run_state::current_dispatched);
} }
void TimerMgr::InitPostScript() void TimerMgr::InitPostScript()

18
src/Trigger.cc
View file

@ -48,17 +48,17 @@ TraversalCode trigger::TriggerTraversalCallback::PreExpr(const Expr* expr)
switch ( expr->Tag() ) switch ( expr->Tag() )
{ {
case EXPR_NAME: case EXPR_NAME:
{ {
const auto* e = static_cast<const NameExpr*>(expr); const auto* e = static_cast<const NameExpr*>(expr);
if ( e->Id()->IsGlobal() ) if ( e->Id()->IsGlobal() )
trigger->Register(e->Id()); trigger->Register(e->Id());
Val* v = e->Id()->GetVal().get(); Val* v = e->Id()->GetVal().get();
if ( v && v->Modifiable() ) if ( v && v->Modifiable() )
trigger->Register(v); trigger->Register(v);
break; break;
}; };
default: default:
// All others are uninteresting. // All others are uninteresting.

3
src/TunnelEncapsulation.h
View file

@ -2,13 +2,14 @@
#pragma once #pragma once
#include "zeek/zeek-config.h"
#include <vector> #include <vector>
#include "zeek/ID.h" #include "zeek/ID.h"
#include "zeek/IPAddr.h" #include "zeek/IPAddr.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
#include "zeek/UID.h" #include "zeek/UID.h"
#include "zeek/zeek-config.h"
namespace zeek namespace zeek
{ {

594
src/Type.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Type.h" #include "zeek/Type.h"
#include "zeek/zeek-config.h"
#include <list> #include <list>
#include <map> #include <map>
#include <string> #include <string>
@ -14,7 +16,6 @@
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/Var.h" #include "zeek/Var.h"
#include "zeek/module_util.h" #include "zeek/module_util.h"
#include "zeek/zeek-config.h"
#include "zeek/zeekygen/IdentifierInfo.h" #include "zeek/zeekygen/IdentifierInfo.h"
#include "zeek/zeekygen/Manager.h" #include "zeek/zeekygen/Manager.h"
#include "zeek/zeekygen/ScriptInfo.h" #include "zeek/zeekygen/ScriptInfo.h"
@ -458,39 +459,39 @@ static bool is_supported_index_type(const TypePtr& t, const char** tname)
return true; return true;
case TYPE_RECORD: case TYPE_RECORD:
{ {
auto rt = t->AsRecordType(); auto rt = t->AsRecordType();
for ( auto i = 0; i < rt->NumFields(); ++i ) for ( auto i = 0; i < rt->NumFields(); ++i )
if ( ! is_supported_index_type(rt->GetFieldType(i), tname) ) if ( ! is_supported_index_type(rt->GetFieldType(i), tname) )
return false;
return true;
}
case TYPE_LIST:
{
for ( const auto& type : t->AsTypeList()->GetTypes() )
if ( ! is_supported_index_type(type, tname) )
return false;
return true;
}
case TYPE_TABLE:
{
auto tt = t->AsTableType();
if ( ! is_supported_index_type(tt->GetIndices(), tname) )
return false; return false;
const auto& yt = tt->Yield(); return true;
}
if ( ! yt ) case TYPE_LIST:
return true; {
for ( const auto& type : t->AsTypeList()->GetTypes() )
if ( ! is_supported_index_type(type, tname) )
return false;
return is_supported_index_type(yt, tname); return true;
} }
case TYPE_TABLE:
{
auto tt = t->AsTableType();
if ( ! is_supported_index_type(tt->GetIndices(), tname) )
return false;
const auto& yt = tt->Yield();
if ( ! yt )
return true;
return is_supported_index_type(yt, tname);
}
case TYPE_VECTOR: case TYPE_VECTOR:
return is_supported_index_type(t->AsVectorType()->Yield(), tname); return is_supported_index_type(t->AsVectorType()->Yield(), tname);
@ -519,8 +520,8 @@ TableType::TableType(TypeListPtr ind, TypePtr yield)
if ( ! is_supported_index_type(tli, &unsupported_type_name) ) if ( ! is_supported_index_type(tli, &unsupported_type_name) )
{ {
auto msg = auto msg = util::fmt("index type containing '%s' is not supported",
util::fmt("index type containing '%s' is not supported", unsupported_type_name); unsupported_type_name);
Error(msg, tli.get()); Error(msg, tli.get());
SetError(); SetError();
break; break;
@ -1253,23 +1254,23 @@ void RecordType::Create(std::vector<std::optional<ZVal>>& r) const
break; break;
case FieldInit::R_INIT_DEF: case FieldInit::R_INIT_DEF:
{
auto v = init->def_expr->Eval(nullptr);
if ( v )
{ {
auto v = init->def_expr->Eval(nullptr); const auto& t = init->def_type;
if ( v )
if ( init->def_coerce )
{ {
const auto& t = init->def_type; auto rt = cast_intrusive<RecordType>(t);
v = v->AsRecordVal()->CoerceTo(rt);
if ( init->def_coerce )
{
auto rt = cast_intrusive<RecordType>(t);
v = v->AsRecordVal()->CoerceTo(rt);
}
r_i = ZVal(v, t);
} }
else
reporter->Error("failed &default in record creation"); r_i = ZVal(v, t);
} }
else
reporter->Error("failed &default in record creation");
}
break; break;
case FieldInit::R_INIT_RECORD: case FieldInit::R_INIT_RECORD:
@ -1719,8 +1720,8 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const
if ( doc->GetDeclaringScript() ) if ( doc->GetDeclaringScript() )
enum_from_script = doc->GetDeclaringScript()->Name(); enum_from_script = doc->GetDeclaringScript()->Name();
zeekygen::detail::IdentifierInfo* type_doc = zeekygen::detail::IdentifierInfo* type_doc = detail::zeekygen_mgr->GetIdentifierInfo(
detail::zeekygen_mgr->GetIdentifierInfo(GetName()); GetName());
if ( type_doc && type_doc->GetDeclaringScript() ) if ( type_doc && type_doc->GetDeclaringScript() )
type_from_script = type_doc->GetDeclaringScript()->Name(); type_from_script = type_doc->GetDeclaringScript()->Name();
@ -1903,81 +1904,81 @@ bool same_type(const Type& arg_t1, const Type& arg_t2, bool is_init, bool match_
return true; return true;
case TYPE_OPAQUE: case TYPE_OPAQUE:
{ {
const OpaqueType* ot1 = (const OpaqueType*)t1; const OpaqueType* ot1 = (const OpaqueType*)t1;
const OpaqueType* ot2 = (const OpaqueType*)t2; const OpaqueType* ot2 = (const OpaqueType*)t2;
return ot1->Name() == ot2->Name(); return ot1->Name() == ot2->Name();
} }
case TYPE_TABLE: case TYPE_TABLE:
{ {
const IndexType* it1 = (const IndexType*)t1; const IndexType* it1 = (const IndexType*)t1;
const IndexType* it2 = (const IndexType*)t2; const IndexType* it2 = (const IndexType*)t2;
const auto& tl1 = it1->GetIndices(); const auto& tl1 = it1->GetIndices();
const auto& tl2 = it2->GetIndices(); const auto& tl2 = it2->GetIndices();
if ( (tl1 || tl2) && ! (tl1 && tl2) ) if ( (tl1 || tl2) && ! (tl1 && tl2) )
return false; return false;
const auto& y1 = t1->Yield(); const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield(); const auto& y2 = t2->Yield();
if ( (y1 || y2) && ! (y1 && y2) ) if ( (y1 || y2) && ! (y1 && y2) )
return false; return false;
break; break;
} }
case TYPE_FUNC: case TYPE_FUNC:
{ {
const FuncType* ft1 = (const FuncType*)t1; const FuncType* ft1 = (const FuncType*)t1;
const FuncType* ft2 = (const FuncType*)t2; const FuncType* ft2 = (const FuncType*)t2;
if ( ft1->Flavor() != ft2->Flavor() ) if ( ft1->Flavor() != ft2->Flavor() )
return false; return false;
const auto& y1 = t1->Yield(); const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield(); const auto& y2 = t2->Yield();
if ( (y1 || y2) && ! (y1 && y2) ) if ( (y1 || y2) && ! (y1 && y2) )
return false; return false;
break; break;
} }
case TYPE_RECORD: case TYPE_RECORD:
{ {
const RecordType* rt1 = (const RecordType*)t1; const RecordType* rt1 = (const RecordType*)t1;
const RecordType* rt2 = (const RecordType*)t2; const RecordType* rt2 = (const RecordType*)t2;
if ( rt1->NumFields() != rt2->NumFields() ) if ( rt1->NumFields() != rt2->NumFields() )
return false;
for ( int i = 0; i < rt1->NumFields(); ++i )
{
const TypeDecl* td1 = rt1->FieldDecl(i);
const TypeDecl* td2 = rt2->FieldDecl(i);
if ( match_record_field_names && ! util::streq(td1->id, td2->id) )
return false; return false;
for ( int i = 0; i < rt1->NumFields(); ++i ) if ( ! same_attrs(td1->attrs.get(), td2->attrs.get()) )
{ return false;
const TypeDecl* td1 = rt1->FieldDecl(i);
const TypeDecl* td2 = rt2->FieldDecl(i);
if ( match_record_field_names && ! util::streq(td1->id, td2->id) )
return false;
if ( ! same_attrs(td1->attrs.get(), td2->attrs.get()) )
return false;
}
break;
} }
break;
}
case TYPE_LIST: case TYPE_LIST:
{ {
const auto& tl1 = t1->AsTypeList()->GetTypes(); const auto& tl1 = t1->AsTypeList()->GetTypes();
const auto& tl2 = t2->AsTypeList()->GetTypes(); const auto& tl2 = t2->AsTypeList()->GetTypes();
if ( tl1.size() != tl2.size() ) if ( tl1.size() != tl2.size() )
return false; return false;
break; break;
} }
case TYPE_VECTOR: case TYPE_VECTOR:
case TYPE_FILE: case TYPE_FILE:
@ -2023,73 +2024,73 @@ bool same_type(const Type& arg_t1, const Type& arg_t2, bool is_init, bool match_
switch ( t1->Tag() ) switch ( t1->Tag() )
{ {
case TYPE_TABLE: case TYPE_TABLE:
{
const IndexType* it1 = (const IndexType*)t1;
const IndexType* it2 = (const IndexType*)t2;
const auto& tl1 = it1->GetIndices();
const auto& tl2 = it2->GetIndices();
if ( ! same_type(tl1, tl2, is_init, match_record_field_names) )
result = false;
else
{ {
const IndexType* it1 = (const IndexType*)t1; const auto& y1 = t1->Yield();
const IndexType* it2 = (const IndexType*)t2; const auto& y2 = t2->Yield();
const auto& tl1 = it1->GetIndices(); result = same_type(y1, y2, is_init, match_record_field_names);
const auto& tl2 = it2->GetIndices();
if ( ! same_type(tl1, tl2, is_init, match_record_field_names) )
result = false;
else
{
const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield();
result = same_type(y1, y2, is_init, match_record_field_names);
}
break;
} }
break;
}
case TYPE_FUNC: case TYPE_FUNC:
{ {
const FuncType* ft1 = (const FuncType*)t1; const FuncType* ft1 = (const FuncType*)t1;
const FuncType* ft2 = (const FuncType*)t2; const FuncType* ft2 = (const FuncType*)t2;
if ( ! same_type(t1->Yield(), t2->Yield(), is_init, match_record_field_names) ) if ( ! same_type(t1->Yield(), t2->Yield(), is_init, match_record_field_names) )
result = false; result = false;
else else
result = ft1->CheckArgs(ft2->ParamList()->GetTypes(), is_init, false); result = ft1->CheckArgs(ft2->ParamList()->GetTypes(), is_init, false);
break; break;
} }
case TYPE_RECORD: case TYPE_RECORD:
{
const RecordType* rt1 = (const RecordType*)t1;
const RecordType* rt2 = (const RecordType*)t2;
result = true;
for ( int i = 0; i < rt1->NumFields(); ++i )
{ {
const RecordType* rt1 = (const RecordType*)t1; const TypeDecl* td1 = rt1->FieldDecl(i);
const RecordType* rt2 = (const RecordType*)t2; const TypeDecl* td2 = rt2->FieldDecl(i);
result = true; if ( ! same_type(td1->type, td2->type, is_init, match_record_field_names) )
for ( int i = 0; i < rt1->NumFields(); ++i )
{ {
const TypeDecl* td1 = rt1->FieldDecl(i); result = false;
const TypeDecl* td2 = rt2->FieldDecl(i); break;
if ( ! same_type(td1->type, td2->type, is_init, match_record_field_names) )
{
result = false;
break;
}
} }
break;
} }
break;
}
case TYPE_LIST: case TYPE_LIST:
{ {
const auto& tl1 = t1->AsTypeList()->GetTypes(); const auto& tl1 = t1->AsTypeList()->GetTypes();
const auto& tl2 = t2->AsTypeList()->GetTypes(); const auto& tl2 = t2->AsTypeList()->GetTypes();
result = true; result = true;
for ( auto i = 0u; i < tl1.size(); ++i ) for ( auto i = 0u; i < tl1.size(); ++i )
if ( ! same_type(tl1[i], tl2[i], is_init, match_record_field_names) ) if ( ! same_type(tl1[i], tl2[i], is_init, match_record_field_names) )
{ {
result = false; result = false;
break; break;
} }
break; break;
} }
case TYPE_VECTOR: case TYPE_VECTOR:
case TYPE_FILE: case TYPE_FILE:
@ -2097,13 +2098,12 @@ bool same_type(const Type& arg_t1, const Type& arg_t2, bool is_init, bool match_
break; break;
case TYPE_TYPE: case TYPE_TYPE:
{ {
auto tt1 = t1->AsTypeType(); auto tt1 = t1->AsTypeType();
auto tt2 = t2->AsTypeType(); auto tt2 = t2->AsTypeType();
result = result = same_type(tt1->GetType(), tt1->GetType(), is_init, match_record_field_names);
same_type(tt1->GetType(), tt1->GetType(), is_init, match_record_field_names); break;
break; }
}
default: default:
result = false; result = false;
@ -2286,180 +2286,180 @@ TypePtr merge_types(const TypePtr& arg_t1, const TypePtr& arg_t2)
return base_type(tg1); return base_type(tg1);
case TYPE_ENUM: case TYPE_ENUM:
{
// Could compare pointers t1 == t2, but maybe there's someone out
// there creating clones of the type, so safer to compare name.
if ( t1->GetName() != t2->GetName() )
{ {
// Could compare pointers t1 == t2, but maybe there's someone out std::string msg = util::fmt("incompatible enum types: '%s' and '%s'",
// there creating clones of the type, so safer to compare name. t1->GetName().data(), t2->GetName().data());
if ( t1->GetName() != t2->GetName() )
{
std::string msg = util::fmt("incompatible enum types: '%s' and '%s'",
t1->GetName().data(), t2->GetName().data());
t1->Error(msg.data(), t2);
return nullptr;
}
// Doing a lookup here as a roundabout way of ref-ing t1, without
// changing the function params which has t1 as const and also
// (potentially) avoiding a pitfall mentioned earlier about clones.
const auto& id = detail::global_scope()->Find(t1->GetName());
if ( id && id->IsType() && id->GetType()->Tag() == TYPE_ENUM )
// It should make most sense to return the real type here rather
// than a copy since it may be redef'd later in parsing. If we
// return a copy, then whoever is using this return value won't
// actually see those changes from the redef.
return id->GetType();
std::string msg =
util::fmt("incompatible enum types: '%s' and '%s'"
" ('%s' enum type ID is invalid)",
t1->GetName().data(), t2->GetName().data(), t1->GetName().data());
t1->Error(msg.data(), t2); t1->Error(msg.data(), t2);
return nullptr; return nullptr;
} }
// Doing a lookup here as a roundabout way of ref-ing t1, without
// changing the function params which has t1 as const and also
// (potentially) avoiding a pitfall mentioned earlier about clones.
const auto& id = detail::global_scope()->Find(t1->GetName());
if ( id && id->IsType() && id->GetType()->Tag() == TYPE_ENUM )
// It should make most sense to return the real type here rather
// than a copy since it may be redef'd later in parsing. If we
// return a copy, then whoever is using this return value won't
// actually see those changes from the redef.
return id->GetType();
std::string msg = util::fmt("incompatible enum types: '%s' and '%s'"
" ('%s' enum type ID is invalid)",
t1->GetName().data(), t2->GetName().data(),
t1->GetName().data());
t1->Error(msg.data(), t2);
return nullptr;
}
case TYPE_TABLE: case TYPE_TABLE:
{
const IndexType* it1 = (const IndexType*)t1;
const IndexType* it2 = (const IndexType*)t2;
const auto& tl1 = it1->GetIndexTypes();
const auto& tl2 = it2->GetIndexTypes();
TypeListPtr tl3;
if ( tl1.size() != tl2.size() )
{ {
const IndexType* it1 = (const IndexType*)t1; t1->Error("incompatible types", t2);
const IndexType* it2 = (const IndexType*)t2; return nullptr;
}
const auto& tl1 = it1->GetIndexTypes(); tl3 = make_intrusive<TypeList>();
const auto& tl2 = it2->GetIndexTypes();
TypeListPtr tl3;
if ( tl1.size() != tl2.size() ) for ( auto i = 0u; i < tl1.size(); ++i )
{
auto tl3_i = merge_types(tl1[i], tl2[i]);
if ( ! tl3_i )
return nullptr;
tl3->Append(std::move(tl3_i));
}
const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield();
TypePtr y3;
if ( y1 || y2 )
{
if ( ! y1 || ! y2 )
{ {
t1->Error("incompatible types", t2); t1->Error("incompatible types", t2);
return nullptr; return nullptr;
} }
tl3 = make_intrusive<TypeList>(); y3 = merge_types(y1, y2);
if ( ! y3 )
for ( auto i = 0u; i < tl1.size(); ++i ) return nullptr;
{
auto tl3_i = merge_types(tl1[i], tl2[i]);
if ( ! tl3_i )
return nullptr;
tl3->Append(std::move(tl3_i));
}
const auto& y1 = t1->Yield();
const auto& y2 = t2->Yield();
TypePtr y3;
if ( y1 || y2 )
{
if ( ! y1 || ! y2 )
{
t1->Error("incompatible types", t2);
return nullptr;
}
y3 = merge_types(y1, y2);
if ( ! y3 )
return nullptr;
}
if ( t1->IsSet() )
return make_intrusive<SetType>(std::move(tl3), nullptr);
else
return make_intrusive<TableType>(std::move(tl3), std::move(y3));
} }
if ( t1->IsSet() )
return make_intrusive<SetType>(std::move(tl3), nullptr);
else
return make_intrusive<TableType>(std::move(tl3), std::move(y3));
}
case TYPE_FUNC: case TYPE_FUNC:
{
if ( ! same_type(t1, t2) )
{ {
if ( ! same_type(t1, t2) ) t1->Error("incompatible types", t2);
{ return nullptr;
t1->Error("incompatible types", t2);
return nullptr;
}
const FuncType* ft1 = (const FuncType*)t1;
const FuncType* ft2 = (const FuncType*)t1;
auto args = cast_intrusive<RecordType>(merge_types(ft1->Params(), ft2->Params()));
auto yield = t1->Yield() ? merge_types(t1->Yield(), t2->Yield()) : nullptr;
return make_intrusive<FuncType>(std::move(args), std::move(yield), ft1->Flavor());
} }
const FuncType* ft1 = (const FuncType*)t1;
const FuncType* ft2 = (const FuncType*)t1;
auto args = cast_intrusive<RecordType>(merge_types(ft1->Params(), ft2->Params()));
auto yield = t1->Yield() ? merge_types(t1->Yield(), t2->Yield()) : nullptr;
return make_intrusive<FuncType>(std::move(args), std::move(yield), ft1->Flavor());
}
case TYPE_RECORD: case TYPE_RECORD:
{
const RecordType* rt1 = (const RecordType*)t1;
const RecordType* rt2 = (const RecordType*)t2;
if ( rt1->NumFields() != rt2->NumFields() )
return nullptr;
type_decl_list* tdl3 = new type_decl_list(rt1->NumFields());
for ( int i = 0; i < rt1->NumFields(); ++i )
{ {
const RecordType* rt1 = (const RecordType*)t1; const TypeDecl* td1 = rt1->FieldDecl(i);
const RecordType* rt2 = (const RecordType*)t2; const TypeDecl* td2 = rt2->FieldDecl(i);
auto tdl3_i = merge_types(td1->type, td2->type);
if ( rt1->NumFields() != rt2->NumFields() ) if ( ! util::streq(td1->id, td2->id) || ! tdl3_i )
return nullptr;
type_decl_list* tdl3 = new type_decl_list(rt1->NumFields());
for ( int i = 0; i < rt1->NumFields(); ++i )
{ {
const TypeDecl* td1 = rt1->FieldDecl(i); t1->Error("incompatible record fields", t2);
const TypeDecl* td2 = rt2->FieldDecl(i); delete tdl3;
auto tdl3_i = merge_types(td1->type, td2->type); return nullptr;
if ( ! util::streq(td1->id, td2->id) || ! tdl3_i )
{
t1->Error("incompatible record fields", t2);
delete tdl3;
return nullptr;
}
tdl3->push_back(new TypeDecl(util::copy_string(td1->id), std::move(tdl3_i)));
} }
return make_intrusive<RecordType>(tdl3); tdl3->push_back(new TypeDecl(util::copy_string(td1->id), std::move(tdl3_i)));
} }
return make_intrusive<RecordType>(tdl3);
}
case TYPE_LIST: case TYPE_LIST:
{
const TypeList* tl1 = t1->AsTypeList();
const TypeList* tl2 = t2->AsTypeList();
if ( tl1->IsPure() != tl2->IsPure() )
{ {
const TypeList* tl1 = t1->AsTypeList(); tl1->Error("incompatible lists", tl2);
const TypeList* tl2 = t2->AsTypeList(); return nullptr;
if ( tl1->IsPure() != tl2->IsPure() )
{
tl1->Error("incompatible lists", tl2);
return nullptr;
}
const auto& l1 = tl1->GetTypes();
const auto& l2 = tl2->GetTypes();
if ( l1.size() == 0 || l2.size() == 0 )
{
if ( l1.size() == 0 )
tl1->Error("empty list");
else
tl2->Error("empty list");
return nullptr;
}
if ( tl1->IsPure() )
{
// We will be expanding the pure list when converting
// the initialization expression into a set of values.
// So the merge type of the list is the type of one
// of the elements, providing they're consistent.
return merge_types(l1[0], l2[0]);
}
// Impure lists - must have the same size and match element
// by element.
if ( l1.size() != l2.size() )
{
tl1->Error("different number of indices", tl2);
return nullptr;
}
auto tl3 = make_intrusive<TypeList>();
for ( auto i = 0u; i < l1.size(); ++i )
tl3->Append(merge_types(l1[i], l2[i]));
return tl3;
} }
const auto& l1 = tl1->GetTypes();
const auto& l2 = tl2->GetTypes();
if ( l1.size() == 0 || l2.size() == 0 )
{
if ( l1.size() == 0 )
tl1->Error("empty list");
else
tl2->Error("empty list");
return nullptr;
}
if ( tl1->IsPure() )
{
// We will be expanding the pure list when converting
// the initialization expression into a set of values.
// So the merge type of the list is the type of one
// of the elements, providing they're consistent.
return merge_types(l1[0], l2[0]);
}
// Impure lists - must have the same size and match element
// by element.
if ( l1.size() != l2.size() )
{
tl1->Error("different number of indices", tl2);
return nullptr;
}
auto tl3 = make_intrusive<TypeList>();
for ( auto i = 0u; i < l1.size(); ++i )
tl3->Append(merge_types(l1[i], l2[i]));
return tl3;
}
case TYPE_VECTOR: case TYPE_VECTOR:
if ( ! same_type(t1->Yield(), t2->Yield()) ) if ( ! same_type(t1->Yield(), t2->Yield()) )
{ {

343
src/Val.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/zeek-config.h"
#include <netdb.h> #include <netdb.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <stdio.h> #include <stdio.h>
@ -35,7 +37,6 @@
#include "zeek/broker/Manager.h" #include "zeek/broker/Manager.h"
#include "zeek/broker/Store.h" #include "zeek/broker/Store.h"
#include "zeek/threading/formatters/JSON.h" #include "zeek/threading/formatters/JSON.h"
#include "zeek/zeek-config.h"
using namespace std; using namespace std;
@ -443,161 +444,161 @@ static void BuildJSON(threading::formatter::JSON::NullDoubleWriter& writer, Val*
break; break;
case TYPE_PORT: case TYPE_PORT:
{ {
auto* pval = val->AsPortVal(); auto* pval = val->AsPortVal();
writer.StartObject(); writer.StartObject();
writer.Key("port"); writer.Key("port");
writer.Int64(pval->Port()); writer.Int64(pval->Port());
writer.Key("proto"); writer.Key("proto");
writer.String(pval->Protocol()); writer.String(pval->Protocol());
writer.EndObject(); writer.EndObject();
break; break;
} }
case TYPE_PATTERN: case TYPE_PATTERN:
case TYPE_INTERVAL: case TYPE_INTERVAL:
case TYPE_ADDR: case TYPE_ADDR:
case TYPE_SUBNET: case TYPE_SUBNET:
{ {
ODesc d; ODesc d;
d.SetStyle(RAW_STYLE); d.SetStyle(RAW_STYLE);
val->Describe(&d); val->Describe(&d);
writer.String(reinterpret_cast<const char*>(d.Bytes()), d.Len()); writer.String(reinterpret_cast<const char*>(d.Bytes()), d.Len());
break; break;
} }
case TYPE_FILE: case TYPE_FILE:
case TYPE_FUNC: case TYPE_FUNC:
case TYPE_ENUM: case TYPE_ENUM:
case TYPE_STRING: case TYPE_STRING:
{ {
ODesc d; ODesc d;
d.SetStyle(RAW_STYLE); d.SetStyle(RAW_STYLE);
val->Describe(&d); val->Describe(&d);
writer.String(util::json_escape_utf8( writer.String(util::json_escape_utf8(
std::string(reinterpret_cast<const char*>(d.Bytes()), d.Len()))); std::string(reinterpret_cast<const char*>(d.Bytes()), d.Len())));
break; break;
} }
case TYPE_TABLE: case TYPE_TABLE:
{
auto* table = val->AsTable();
auto* tval = val->AsTableVal();
if ( tval->GetType()->IsSet() )
writer.StartArray();
else
writer.StartObject();
std::unique_ptr<detail::HashKey> k;
TableEntryVal* entry;
for ( const auto& te : *table )
{ {
auto* table = val->AsTable(); entry = te.GetValue<TableEntryVal*>();
auto* tval = val->AsTableVal(); k = te.GetHashKey();
auto lv = tval->RecreateIndex(*k);
Val* entry_key = lv->Length() == 1 ? lv->Idx(0).get() : lv.get();
if ( tval->GetType()->IsSet() ) if ( tval->GetType()->IsSet() )
writer.StartArray(); BuildJSON(writer, entry_key, only_loggable, re);
else else
writer.StartObject();
std::unique_ptr<detail::HashKey> k;
TableEntryVal* entry;
for ( const auto& te : *table )
{ {
entry = te.GetValue<TableEntryVal*>(); rapidjson::StringBuffer buffer;
k = te.GetHashKey(); threading::formatter::JSON::NullDoubleWriter key_writer(buffer);
BuildJSON(key_writer, entry_key, only_loggable, re);
string key_str = buffer.GetString();
auto lv = tval->RecreateIndex(*k); if ( key_str.length() >= 2 && key_str[0] == '"' &&
Val* entry_key = lv->Length() == 1 ? lv->Idx(0).get() : lv.get(); key_str[key_str.length() - 1] == '"' )
// Strip quotes.
key_str = key_str.substr(1, key_str.length() - 2);
if ( tval->GetType()->IsSet() ) BuildJSON(writer, entry->GetVal().get(), only_loggable, re, key_str);
BuildJSON(writer, entry_key, only_loggable, re);
else
{
rapidjson::StringBuffer buffer;
threading::formatter::JSON::NullDoubleWriter key_writer(buffer);
BuildJSON(key_writer, entry_key, only_loggable, re);
string key_str = buffer.GetString();
if ( key_str.length() >= 2 && key_str[0] == '"' &&
key_str[key_str.length() - 1] == '"' )
// Strip quotes.
key_str = key_str.substr(1, key_str.length() - 2);
BuildJSON(writer, entry->GetVal().get(), only_loggable, re, key_str);
}
} }
if ( tval->GetType()->IsSet() )
writer.EndArray();
else
writer.EndObject();
break;
} }
if ( tval->GetType()->IsSet() )
writer.EndArray();
else
writer.EndObject();
break;
}
case TYPE_RECORD: case TYPE_RECORD:
{
writer.StartObject();
auto* rval = val->AsRecordVal();
auto rt = rval->GetType()->AsRecordType();
for ( auto i = 0; i < rt->NumFields(); ++i )
{ {
writer.StartObject(); auto value = rval->GetFieldOrDefault(i);
auto* rval = val->AsRecordVal(); if ( value && (! only_loggable || rt->FieldHasAttr(i, detail::ATTR_LOG)) )
auto rt = rval->GetType()->AsRecordType();
for ( auto i = 0; i < rt->NumFields(); ++i )
{ {
auto value = rval->GetFieldOrDefault(i); string key_str;
auto field_name = rt->FieldName(i);
if ( value && (! only_loggable || rt->FieldHasAttr(i, detail::ATTR_LOG)) ) if ( re && re->MatchAnywhere(field_name) != 0 )
{ {
string key_str; auto blank = make_intrusive<StringVal>("");
auto field_name = rt->FieldName(i); auto fn_val = make_intrusive<StringVal>(field_name);
const auto& bs = *blank->AsString();
if ( re && re->MatchAnywhere(field_name) != 0 ) auto key_val = fn_val->Replace(re, bs, false);
{ key_str = key_val->ToStdString();
auto blank = make_intrusive<StringVal>("");
auto fn_val = make_intrusive<StringVal>(field_name);
const auto& bs = *blank->AsString();
auto key_val = fn_val->Replace(re, bs, false);
key_str = key_val->ToStdString();
}
else
key_str = field_name;
BuildJSON(writer, value.get(), only_loggable, re, key_str);
} }
} else
key_str = field_name;
writer.EndObject(); BuildJSON(writer, value.get(), only_loggable, re, key_str);
break; }
} }
writer.EndObject();
break;
}
case TYPE_LIST: case TYPE_LIST:
{ {
writer.StartArray(); writer.StartArray();
auto* lval = val->AsListVal(); auto* lval = val->AsListVal();
size_t size = lval->Length(); size_t size = lval->Length();
for ( size_t i = 0; i < size; i++ ) for ( size_t i = 0; i < size; i++ )
BuildJSON(writer, lval->Idx(i).get(), only_loggable, re); BuildJSON(writer, lval->Idx(i).get(), only_loggable, re);
writer.EndArray(); writer.EndArray();
break; break;
} }
case TYPE_VECTOR: case TYPE_VECTOR:
{ {
writer.StartArray(); writer.StartArray();
auto* vval = val->AsVectorVal(); auto* vval = val->AsVectorVal();
size_t size = vval->SizeVal()->AsCount(); size_t size = vval->SizeVal()->AsCount();
for ( size_t i = 0; i < size; i++ ) for ( size_t i = 0; i < size; i++ )
BuildJSON(writer, vval->ValAt(i).get(), only_loggable, re); BuildJSON(writer, vval->ValAt(i).get(), only_loggable, re);
writer.EndArray(); writer.EndArray();
break; break;
} }
case TYPE_OPAQUE: case TYPE_OPAQUE:
{ {
writer.StartObject(); writer.StartObject();
writer.Key("opaque_type"); writer.Key("opaque_type");
auto* oval = val->AsOpaqueVal(); auto* oval = val->AsOpaqueVal();
writer.String(OpaqueMgr::mgr()->TypeID(oval)); writer.String(OpaqueMgr::mgr()->TypeID(oval));
writer.EndObject(); writer.EndObject();
break; break;
} }
default: default:
writer.Null(); writer.Null();
@ -1368,23 +1369,23 @@ static void find_nested_record_types(const TypePtr& t, std::set<RecordType*>* fo
switch ( t->Tag() ) switch ( t->Tag() )
{ {
case TYPE_RECORD: case TYPE_RECORD:
{ {
auto rt = t->AsRecordType(); auto rt = t->AsRecordType();
found->emplace(rt); found->emplace(rt);
for ( auto i = 0; i < rt->NumFields(); ++i ) for ( auto i = 0; i < rt->NumFields(); ++i )
find_nested_record_types(rt->FieldDecl(i)->type, found); find_nested_record_types(rt->FieldDecl(i)->type, found);
} }
return; return;
case TYPE_TABLE: case TYPE_TABLE:
find_nested_record_types(t->AsTableType()->GetIndices(), found); find_nested_record_types(t->AsTableType()->GetIndices(), found);
find_nested_record_types(t->AsTableType()->Yield(), found); find_nested_record_types(t->AsTableType()->Yield(), found);
return; return;
case TYPE_LIST: case TYPE_LIST:
{ {
for ( const auto& type : t->AsTypeList()->GetTypes() ) for ( const auto& type : t->AsTypeList()->GetTypes() )
find_nested_record_types(type, found); find_nested_record_types(type, found);
} }
return; return;
case TYPE_FUNC: case TYPE_FUNC:
find_nested_record_types(t->AsFuncType()->Params(), found); find_nested_record_types(t->AsFuncType()->Params(), found);
@ -1838,8 +1839,8 @@ ValPtr TableVal::Default(const ValPtr& index)
record_promotion_compatible(dtype->AsRecordType(), ytype->AsRecordType()) ) record_promotion_compatible(dtype->AsRecordType(), ytype->AsRecordType()) )
{ {
auto rt = cast_intrusive<RecordType>(ytype); auto rt = cast_intrusive<RecordType>(ytype);
auto coerce = auto coerce = make_intrusive<detail::RecordCoerceExpr>(def_attr->GetExpr(),
make_intrusive<detail::RecordCoerceExpr>(def_attr->GetExpr(), std::move(rt)); std::move(rt));
def_val = coerce->Eval(nullptr); def_val = coerce->Eval(nullptr);
} }
@ -2144,63 +2145,63 @@ void TableVal::SendToStore(const Val* index, const TableEntryVal* new_entry_val,
{ {
case ELEMENT_NEW: case ELEMENT_NEW:
case ELEMENT_CHANGED: case ELEMENT_CHANGED:
{ {
#ifndef __clang__ #ifndef __clang__
#pragma GCC diagnostic push #pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized" #pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
#endif #endif
broker::optional<broker::timespan> expiry; broker::optional<broker::timespan> expiry;
#ifndef __clang__ #ifndef __clang__
#pragma GCC diagnostic pop #pragma GCC diagnostic pop
#endif #endif
auto expire_time = GetExpireTime(); auto expire_time = GetExpireTime();
if ( expire_time == 0 ) if ( expire_time == 0 )
// Entry is set to immediately expire. Let's not forward it. // Entry is set to immediately expire. Let's not forward it.
break;
if ( expire_time > 0 )
{
if ( attrs->Find(detail::ATTR_EXPIRE_CREATE) )
{
// for create expiry, we have to substract the already elapsed time from
// the expiry.
auto e = expire_time -
(run_state::network_time - new_entry_val->ExpireAccessTime());
if ( e <= 0 )
// element already expired? Let's not insert it.
break;
expiry = Broker::detail::convert_expiry(e);
}
else
expiry = Broker::detail::convert_expiry(expire_time);
}
if ( table_type->IsSet() )
handle->store.put(std::move(*broker_index), broker::data(), expiry);
else
{
if ( ! new_entry_val )
{
emit_builtin_error(
"did not receive new value for Broker datastore send operation");
return;
}
auto new_value = new_entry_val->GetVal().get();
auto broker_val = Broker::detail::val_to_data(new_value);
if ( ! broker_val )
{
emit_builtin_error("invalid Broker data conversation for table value");
return;
}
handle->store.put(std::move(*broker_index), std::move(*broker_val), expiry);
}
break; break;
if ( expire_time > 0 )
{
if ( attrs->Find(detail::ATTR_EXPIRE_CREATE) )
{
// for create expiry, we have to substract the already elapsed time from
// the expiry.
auto e = expire_time -
(run_state::network_time - new_entry_val->ExpireAccessTime());
if ( e <= 0 )
// element already expired? Let's not insert it.
break;
expiry = Broker::detail::convert_expiry(e);
}
else
expiry = Broker::detail::convert_expiry(expire_time);
} }
if ( table_type->IsSet() )
handle->store.put(std::move(*broker_index), broker::data(), expiry);
else
{
if ( ! new_entry_val )
{
emit_builtin_error(
"did not receive new value for Broker datastore send operation");
return;
}
auto new_value = new_entry_val->GetVal().get();
auto broker_val = Broker::detail::val_to_data(new_value);
if ( ! broker_val )
{
emit_builtin_error("invalid Broker data conversation for table value");
return;
}
handle->store.put(std::move(*broker_index), std::move(*broker_val), expiry);
}
break;
}
case ELEMENT_REMOVED: case ELEMENT_REMOVED:
handle->store.erase(std::move(*broker_index)); handle->store.erase(std::move(*broker_index));
break; break;

4
src/Val.h
View file

@ -271,8 +271,8 @@ public:
static constexpr bro_uint_t PREALLOCATED_COUNTS = 4096; static constexpr bro_uint_t PREALLOCATED_COUNTS = 4096;
static constexpr bro_uint_t PREALLOCATED_INTS = 512; static constexpr bro_uint_t PREALLOCATED_INTS = 512;
static constexpr bro_int_t PREALLOCATED_INT_LOWEST = -255; static constexpr bro_int_t PREALLOCATED_INT_LOWEST = -255;
static constexpr bro_int_t PREALLOCATED_INT_HIGHEST = static constexpr bro_int_t PREALLOCATED_INT_HIGHEST = PREALLOCATED_INT_LOWEST +
PREALLOCATED_INT_LOWEST + PREALLOCATED_INTS - 1; PREALLOCATED_INTS - 1;
ValManager(); ValManager();

23
src/Var.cc
View file

@ -2,6 +2,8 @@
#include "zeek/Var.h" #include "zeek/Var.h"
#include "zeek/zeek-config.h"
#include <memory> #include <memory>
#include "zeek/EventRegistry.h" #include "zeek/EventRegistry.h"
@ -16,7 +18,6 @@
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/module_util.h" #include "zeek/module_util.h"
#include "zeek/script_opt/ScriptOpt.h" #include "zeek/script_opt/ScriptOpt.h"
#include "zeek/zeek-config.h"
namespace zeek::detail namespace zeek::detail
{ {
@ -222,19 +223,19 @@ static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init,
switch ( init->Tag() ) switch ( init->Tag() )
{ {
case EXPR_TABLE_CONSTRUCTOR: case EXPR_TABLE_CONSTRUCTOR:
{ {
auto* ctor = static_cast<TableConstructorExpr*>(init.get()); auto* ctor = static_cast<TableConstructorExpr*>(init.get());
if ( ctor->GetAttrs() ) if ( ctor->GetAttrs() )
id->AddAttrs(ctor->GetAttrs()); id->AddAttrs(ctor->GetAttrs());
} }
break; break;
case EXPR_SET_CONSTRUCTOR: case EXPR_SET_CONSTRUCTOR:
{ {
auto* ctor = static_cast<SetConstructorExpr*>(init.get()); auto* ctor = static_cast<SetConstructorExpr*>(init.get());
if ( ctor->GetAttrs() ) if ( ctor->GetAttrs() )
id->AddAttrs(ctor->GetAttrs()); id->AddAttrs(ctor->GetAttrs());
} }
break; break;
default: default:

3
src/ZeekString.cc
View file

@ -2,6 +2,8 @@
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/zeek-config.h"
#include <ctype.h> #include <ctype.h>
#include <algorithm> #include <algorithm>
#include <iostream> #include <iostream>
@ -12,7 +14,6 @@
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/Val.h" #include "zeek/Val.h"
#include "zeek/util.h" #include "zeek/util.h"
#include "zeek/zeek-config.h"
#ifdef DEBUG #ifdef DEBUG
#define DEBUG_STR(msg) DBG_LOG(zeek::DBG_STRING, msg) #define DEBUG_STR(msg) DBG_LOG(zeek::DBG_STRING, msg)

4
src/ZeekString.h
View file

@ -2,13 +2,13 @@
#pragma once #pragma once
#include "zeek/zeek-config.h"
#include <sys/types.h> #include <sys/types.h>
#include <iosfwd> #include <iosfwd>
#include <string> #include <string>
#include <vector> #include <vector>
#include "zeek/zeek-config.h"
namespace zeek namespace zeek
{ {

3
src/analyzer/Component.h
View file

@ -2,11 +2,12 @@
#pragma once #pragma once
#include "zeek/zeek-config.h"
#include "zeek/analyzer/Tag.h" #include "zeek/analyzer/Tag.h"
#include "zeek/plugin/Component.h" #include "zeek/plugin/Component.h"
#include "zeek/plugin/TaggedComponent.h" #include "zeek/plugin/TaggedComponent.h"
#include "zeek/util.h" #include "zeek/util.h"
#include "zeek/zeek-config.h"
namespace zeek namespace zeek
{ {

3
src/analyzer/Tag.h
View file

@ -3,9 +3,10 @@
#pragma once #pragma once
#include "zeek/Tag.h"
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
#include "zeek/Tag.h"
namespace zeek namespace zeek
{ {

319
src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
View file

@ -256,55 +256,55 @@ bool BitTorrentTracker_Analyzer::ParseRequest(char* line)
switch ( req_state ) switch ( req_state )
{ {
case detail::BTT_REQ_GET: case detail::BTT_REQ_GET:
{
regmatch_t match[1];
if ( regexec(&r_get, line, 1, match, 0) )
{ {
regmatch_t match[1]; ProtocolViolation("BitTorrentTracker: invalid HTTP GET");
if ( regexec(&r_get, line, 1, match, 0) ) stop_orig = true;
return false;
}
regmatch_t match_end[1];
if ( ! regexec(&r_get_end, line, 1, match_end, 0) )
{
if ( match_end[0].rm_so <= match[0].rm_eo )
{ {
ProtocolViolation("BitTorrentTracker: invalid HTTP GET"); ProtocolViolation("BitTorrentTracker: invalid HTTP GET");
stop_orig = true; stop_orig = true;
return false; return false;
} }
regmatch_t match_end[1]; keep_alive = (line[match_end[0].rm_eo - 1] == '1');
if ( ! regexec(&r_get_end, line, 1, match_end, 0) ) line[match_end[0].rm_so] = 0;
{
if ( match_end[0].rm_so <= match[0].rm_eo )
{
ProtocolViolation("BitTorrentTracker: invalid HTTP GET");
stop_orig = true;
return false;
}
keep_alive = (line[match_end[0].rm_eo - 1] == '1');
line[match_end[0].rm_so] = 0;
}
RequestGet(&line[match[0].rm_eo]);
req_state = detail::BTT_REQ_HEADER;
} }
RequestGet(&line[match[0].rm_eo]);
req_state = detail::BTT_REQ_HEADER;
}
break; break;
case detail::BTT_REQ_HEADER: case detail::BTT_REQ_HEADER:
{
if ( ! *line )
{ {
if ( ! *line ) EmitRequest();
{ req_state = detail::BTT_REQ_DONE;
EmitRequest(); break;
req_state = detail::BTT_REQ_DONE;
break;
}
regmatch_t match[1];
if ( regexec(&r_hdr, line, 1, match, 0) )
{
ProtocolViolation("BitTorrentTracker: invalid HTTP request header");
stop_orig = true;
return false;
}
*strchr(line, ':') = 0; // this cannot fail - see regex_hdr
RequestHeader(line, &line[match[0].rm_eo]);
} }
regmatch_t match[1];
if ( regexec(&r_hdr, line, 1, match, 0) )
{
ProtocolViolation("BitTorrentTracker: invalid HTTP request header");
stop_orig = true;
return false;
}
*strchr(line, ':') = 0; // this cannot fail - see regex_hdr
RequestHeader(line, &line[match[0].rm_eo]);
}
break; break;
case detail::BTT_REQ_DONE: case detail::BTT_REQ_DONE:
@ -356,27 +356,27 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line)
switch ( res_state ) switch ( res_state )
{ {
case detail::BTT_RES_STATUS: case detail::BTT_RES_STATUS:
{
if ( res_allow_blank_line && ! *line )
{ {
if ( res_allow_blank_line && ! *line ) // There may be an empty line after the bencoded
{ // directory, if this is a keep-alive connection.
// There may be an empty line after the bencoded // Ignore it.
// directory, if this is a keep-alive connection. res_allow_blank_line = false;
// Ignore it. break;
res_allow_blank_line = false;
break;
}
regmatch_t match[1];
if ( regexec(&r_stat, line, 1, match, 0) )
{
ProtocolViolation("BitTorrentTracker: invalid HTTP status");
stop_resp = true;
return false;
}
ResponseStatus(&line[match[0].rm_eo]);
res_state = detail::BTT_RES_HEADER;
} }
regmatch_t match[1];
if ( regexec(&r_stat, line, 1, match, 0) )
{
ProtocolViolation("BitTorrentTracker: invalid HTTP status");
stop_resp = true;
return false;
}
ResponseStatus(&line[match[0].rm_eo]);
res_state = detail::BTT_RES_HEADER;
}
break; break;
case detail::BTT_RES_HEADER: case detail::BTT_RES_HEADER:
@ -523,127 +523,122 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void)
switch ( benc_state ) switch ( benc_state )
{ {
case detail::BENC_STATE_EMPTY: case detail::BENC_STATE_EMPTY:
{
switch ( res_buf_pos[0] )
{ {
switch ( res_buf_pos[0] ) case 'd':
{ switch ( benc_stack.size() )
case 'd': {
switch ( benc_stack.size() ) case 0:
{ break;
case 0: case 1:
break; benc_raw = res_buf_pos;
case 1: benc_raw_type = detail::BENC_TYPE_DIR;
benc_raw = res_buf_pos; /* fall through */
benc_raw_type = detail::BENC_TYPE_DIR; default:
/* fall through */ VIOLATION_IF(benc_stack.back() == 'd' && ! (benc_count.back() % 2),
default: "BitTorrentTracker: directory key is not a string "
VIOLATION_IF(benc_stack.back() == 'd' && "but a directory")
! (benc_count.back() % 2),
"BitTorrentTracker: directory key is not a string "
"but a directory")
++benc_raw_len;
}
benc_stack.push_back('d');
benc_count.push_back(0);
break;
case 'l':
switch ( benc_stack.size() )
{
case 0:
VIOLATION_IF(1, "BitTorrentTracker: not a bencoded directory "
"(first char: l)")
/* fall through */
case 1:
benc_raw = res_buf_pos;
benc_raw_type = detail::BENC_TYPE_LIST;
/* fall through */
default:
VIOLATION_IF(benc_stack.back() == 'd' &&
! (benc_count.back() % 2),
"BitTorrentTracker: directory key is not a string "
"but a list")
++benc_raw_len;
}
benc_stack.push_back('l');
benc_count.push_back(0);
break;
case 'i':
VIOLATION_IF(
! benc_stack.size(),
"BitTorrentTracker: not a bencoded directory (first char: i)")
VIOLATION_IF(
benc_stack.back() == 'd' && ! (benc_count.back() % 2),
"BitTorrentTracker: directory key is not a string but an int")
if ( benc_raw_type != detail::BENC_TYPE_NONE )
++benc_raw_len; ++benc_raw_len;
}
benc_state = detail::BENC_STATE_INT1; benc_stack.push_back('d');
break; benc_count.push_back(0);
break;
case 'e': case 'l':
VIOLATION_IF( switch ( benc_stack.size() )
! benc_stack.size(), {
"BitTorrentTracker: not a bencoded directory (first char: e)") case 0:
VIOLATION_IF(benc_stack.back() == 'd' && benc_count.back() % 2, VIOLATION_IF(1, "BitTorrentTracker: not a bencoded directory "
"BitTorrentTracker: directory has an odd count of members") "(first char: l)")
/* fall through */
if ( benc_raw_type != detail::BENC_TYPE_NONE ) case 1:
benc_raw = res_buf_pos;
benc_raw_type = detail::BENC_TYPE_LIST;
/* fall through */
default:
VIOLATION_IF(benc_stack.back() == 'd' && ! (benc_count.back() % 2),
"BitTorrentTracker: directory key is not a string "
"but a list")
++benc_raw_len; ++benc_raw_len;
}
if ( benc_stack.size() == 2 ) benc_stack.push_back('l');
{ // coming back to level 1 benc_count.push_back(0);
ResponseBenc(benc_key_len, benc_key, benc_raw_type, benc_raw_len, break;
benc_raw);
benc_key = nullptr;
benc_key_len = 0;
benc_raw = nullptr;
benc_raw_len = 0;
benc_raw_type = detail::BENC_TYPE_NONE;
}
benc_stack.pop_back(); case 'i':
benc_count.pop_back(); VIOLATION_IF(! benc_stack.size(),
"BitTorrentTracker: not a bencoded directory (first char: i)")
VIOLATION_IF(benc_stack.back() == 'd' && ! (benc_count.back() % 2),
"BitTorrentTracker: directory key is not a string but an int")
if ( benc_stack.size() ) if ( benc_raw_type != detail::BENC_TYPE_NONE )
INC_COUNT ++benc_raw_len;
else
{ // benc parsing successful
++res_buf_pos;
return 0;
}
break;
case '0': benc_state = detail::BENC_STATE_INT1;
case '1': break;
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
VIOLATION_IF(
! benc_stack.size(),
"BitTorrentTracker: not a bencoded directory (first char: [0-9])")
if ( benc_raw_type != detail::BENC_TYPE_NONE ) case 'e':
++benc_raw_len; VIOLATION_IF(! benc_stack.size(),
"BitTorrentTracker: not a bencoded directory (first char: e)")
VIOLATION_IF(benc_stack.back() == 'd' && benc_count.back() % 2,
"BitTorrentTracker: directory has an odd count of members")
benc_strlen = res_buf_pos; if ( benc_raw_type != detail::BENC_TYPE_NONE )
benc_state = detail::BENC_STATE_STR1; ++benc_raw_len;
break;
default: if ( benc_stack.size() == 2 )
VIOLATION_IF(1, "BitTorrentTracker: no valid bencoding") { // coming back to level 1
} ResponseBenc(benc_key_len, benc_key, benc_raw_type, benc_raw_len,
benc_raw);
benc_key = nullptr;
benc_key_len = 0;
benc_raw = nullptr;
benc_raw_len = 0;
benc_raw_type = detail::BENC_TYPE_NONE;
}
benc_stack.pop_back();
benc_count.pop_back();
if ( benc_stack.size() )
INC_COUNT
else
{ // benc parsing successful
++res_buf_pos;
return 0;
}
break;
case '0':
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
VIOLATION_IF(
! benc_stack.size(),
"BitTorrentTracker: not a bencoded directory (first char: [0-9])")
if ( benc_raw_type != detail::BENC_TYPE_NONE )
++benc_raw_len;
benc_strlen = res_buf_pos;
benc_state = detail::BENC_STATE_STR1;
break;
default:
VIOLATION_IF(1, "BitTorrentTracker: no valid bencoding")
} }
}
break; break;
case detail::BENC_STATE_INT1: case detail::BENC_STATE_INT1:

4
src/analyzer/protocol/dce-rpc/DCE_RPC.cc
View file

@ -2,12 +2,12 @@
#include "zeek/analyzer/protocol/dce-rpc/DCE_RPC.h" #include "zeek/analyzer/protocol/dce-rpc/DCE_RPC.h"
#include "zeek/zeek-config.h"
#include <stdlib.h> #include <stdlib.h>
#include <map> #include <map>
#include <string> #include <string>
#include "zeek/zeek-config.h"
using namespace std; using namespace std;
namespace zeek::analyzer::dce_rpc namespace zeek::analyzer::dce_rpc

361
src/analyzer/protocol/dns/DNS.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/dns/DNS.h" #include "zeek/analyzer/protocol/dns/DNS.h"
#include "zeek/zeek-config.h"
#include <arpa/inet.h> #include <arpa/inet.h>
#include <ctype.h> #include <ctype.h>
#include <netinet/in.h> #include <netinet/in.h>
@ -14,7 +16,6 @@
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/dns/events.bif.h" #include "zeek/analyzer/protocol/dns/events.bif.h"
#include "zeek/session/Manager.h" #include "zeek/session/Manager.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::dns namespace zeek::analyzer::dns
{ {
@ -697,190 +698,188 @@ bool DNS_Interpreter::ParseRR_EDNS(detail::DNS_MsgInfo* msg, const u_char*& data
switch ( option_code ) switch ( option_code )
{ {
case detail::TYPE_ECS: case detail::TYPE_ECS:
{
// must be 4 bytes + variable number of octets for address
if ( option_len <= 4 )
{ {
// must be 4 bytes + variable number of octets for address analyzer->Weird("EDNS_ECS_invalid_option_len");
if ( option_len <= 4 )
{
analyzer->Weird("EDNS_ECS_invalid_option_len");
data += option_len;
break;
}
detail::EDNS_ECS opt{};
uint16_t ecs_family = ExtractShort(data, option_len);
uint16_t source_scope = ExtractShort(data, option_len);
opt.ecs_src_pfx_len = (source_scope >> 8) & 0xff;
opt.ecs_scp_pfx_len = source_scope & 0xff;
// ADDRESS, variable number of octets, contains either an IPv4 or
// IPv6 address, depending on FAMILY, which MUST be truncated to the
// number of bits indicated by the SOURCE PREFIX-LENGTH field,
// padding with 0 bits to pad to the end of the last octet needed.
if ( ecs_family == L3_IPV4 )
{
if ( opt.ecs_src_pfx_len > 32 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v4_prefix",
util::fmt("%" PRIu16 " bits", opt.ecs_src_pfx_len));
data += option_len;
break;
}
if ( opt.ecs_src_pfx_len > option_len * 8 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v4",
util::fmt("need %" PRIu16 " bits, have %d bits",
opt.ecs_src_pfx_len, option_len * 8));
data += option_len;
break;
}
opt.ecs_family = make_intrusive<StringVal>("v4");
uint32_t addr = 0;
uint16_t shift_factor = 3;
int bits_left = opt.ecs_src_pfx_len;
while ( bits_left > 0 )
{
addr |= data[0] << (shift_factor * 8);
data++;
shift_factor--;
option_len--;
bits_left -= 8;
}
addr = htonl(addr);
opt.ecs_addr = make_intrusive<AddrVal>(addr);
}
else if ( ecs_family == L3_IPV6 )
{
if ( opt.ecs_src_pfx_len > 128 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v6_prefix",
util::fmt("%" PRIu16 " bits", opt.ecs_src_pfx_len));
data += option_len;
break;
}
if ( opt.ecs_src_pfx_len > option_len * 8 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v6",
util::fmt("need %" PRIu16 " bits, have %d bits",
opt.ecs_src_pfx_len, option_len * 8));
data += option_len;
break;
}
opt.ecs_family = make_intrusive<StringVal>("v6");
uint32_t addr[4] = {0};
uint16_t shift_factor = 15;
int bits_left = opt.ecs_src_pfx_len;
int i = 0;
while ( bits_left > 0 )
{
addr[i / 4] |= data[0] << ((shift_factor % 4) * 8);
data++;
i++;
shift_factor--;
option_len--;
bits_left -= 8;
}
for ( uint8_t i = 0; i < 4; i++ )
{
addr[i] = htonl(addr[i]);
}
opt.ecs_addr = make_intrusive<AddrVal>(addr);
}
else
{
// non ipv4/ipv6 family address
data += option_len;
break;
}
analyzer->EnqueueConnEvent(dns_EDNS_ecs, analyzer->ConnVal(),
msg->BuildHdrVal(), msg->BuildEDNS_ECS_Val(&opt));
data += option_len;
break;
} // END EDNS ECS
case TYPE_TCP_KA:
{
EDNS_TCP_KEEPALIVE edns_tcp_keepalive{.keepalive_timeout_omitted = true,
.keepalive_timeout = 0};
if ( option_len == 0 || option_len == 2 )
{
// 0 bytes is permitted by RFC 7828, showing that the timeout value is
// omitted.
if ( option_len == 2 )
{
edns_tcp_keepalive.keepalive_timeout = ExtractShort(data, option_len);
edns_tcp_keepalive.keepalive_timeout_omitted = false;
}
if ( analyzer->Conn()->ConnTransport() == TRANSPORT_UDP )
{
/*
* Based on RFC 7828 (3.2.1/3.2.2), clients and servers MUST NOT
* negotiate TCP Keepalive timeout in DNS-over-UDP.
*/
analyzer->Weird("EDNS_TCP_Keepalive_In_UDP");
}
analyzer->EnqueueConnEvent(dns_EDNS_tcp_keepalive, analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildEDNS_TCP_KA_Val(&edns_tcp_keepalive));
}
else
{
// error. MUST BE 0 or 2 bytes. skip
data += option_len;
}
break;
} // END EDNS TCP KEEPALIVE
case TYPE_COOKIE:
{
EDNS_COOKIE cookie{};
if ( option_len != 8 && ! (option_len >= 16 && option_len <= 40) )
{
/*
* option length for DNS Cookie must be 8 bytes (with client cookie only)
* OR
* between 16 bytes to 40 bytes (with an 8 bytes client and an 8 to 32 bytes
* server cookie)
*/
data += option_len;
break;
}
int client_cookie_len = 8;
int server_cookie_len = option_len - client_cookie_len;
cookie.client_cookie =
ExtractStream(data, client_cookie_len, client_cookie_len);
cookie.server_cookie = nullptr;
if ( server_cookie_len >= 8 )
{
cookie.server_cookie =
ExtractStream(data, server_cookie_len, server_cookie_len);
}
analyzer->EnqueueConnEvent(dns_EDNS_cookie, analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildEDNS_COOKIE_Val(&cookie));
break;
} // END EDNS COOKIE
default:
{
data += option_len; data += option_len;
break; break;
} }
detail::EDNS_ECS opt{};
uint16_t ecs_family = ExtractShort(data, option_len);
uint16_t source_scope = ExtractShort(data, option_len);
opt.ecs_src_pfx_len = (source_scope >> 8) & 0xff;
opt.ecs_scp_pfx_len = source_scope & 0xff;
// ADDRESS, variable number of octets, contains either an IPv4 or
// IPv6 address, depending on FAMILY, which MUST be truncated to the
// number of bits indicated by the SOURCE PREFIX-LENGTH field,
// padding with 0 bits to pad to the end of the last octet needed.
if ( ecs_family == L3_IPV4 )
{
if ( opt.ecs_src_pfx_len > 32 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v4_prefix",
util::fmt("%" PRIu16 " bits", opt.ecs_src_pfx_len));
data += option_len;
break;
}
if ( opt.ecs_src_pfx_len > option_len * 8 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v4",
util::fmt("need %" PRIu16 " bits, have %d bits",
opt.ecs_src_pfx_len, option_len * 8));
data += option_len;
break;
}
opt.ecs_family = make_intrusive<StringVal>("v4");
uint32_t addr = 0;
uint16_t shift_factor = 3;
int bits_left = opt.ecs_src_pfx_len;
while ( bits_left > 0 )
{
addr |= data[0] << (shift_factor * 8);
data++;
shift_factor--;
option_len--;
bits_left -= 8;
}
addr = htonl(addr);
opt.ecs_addr = make_intrusive<AddrVal>(addr);
}
else if ( ecs_family == L3_IPV6 )
{
if ( opt.ecs_src_pfx_len > 128 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v6_prefix",
util::fmt("%" PRIu16 " bits", opt.ecs_src_pfx_len));
data += option_len;
break;
}
if ( opt.ecs_src_pfx_len > option_len * 8 )
{
analyzer->Weird("EDNS_ECS_invalid_addr_v6",
util::fmt("need %" PRIu16 " bits, have %d bits",
opt.ecs_src_pfx_len, option_len * 8));
data += option_len;
break;
}
opt.ecs_family = make_intrusive<StringVal>("v6");
uint32_t addr[4] = {0};
uint16_t shift_factor = 15;
int bits_left = opt.ecs_src_pfx_len;
int i = 0;
while ( bits_left > 0 )
{
addr[i / 4] |= data[0] << ((shift_factor % 4) * 8);
data++;
i++;
shift_factor--;
option_len--;
bits_left -= 8;
}
for ( uint8_t i = 0; i < 4; i++ )
{
addr[i] = htonl(addr[i]);
}
opt.ecs_addr = make_intrusive<AddrVal>(addr);
}
else
{
// non ipv4/ipv6 family address
data += option_len;
break;
}
analyzer->EnqueueConnEvent(dns_EDNS_ecs, analyzer->ConnVal(), msg->BuildHdrVal(),
msg->BuildEDNS_ECS_Val(&opt));
data += option_len;
break;
} // END EDNS ECS
case TYPE_TCP_KA:
{
EDNS_TCP_KEEPALIVE edns_tcp_keepalive{.keepalive_timeout_omitted = true,
.keepalive_timeout = 0};
if ( option_len == 0 || option_len == 2 )
{
// 0 bytes is permitted by RFC 7828, showing that the timeout value is
// omitted.
if ( option_len == 2 )
{
edns_tcp_keepalive.keepalive_timeout = ExtractShort(data, option_len);
edns_tcp_keepalive.keepalive_timeout_omitted = false;
}
if ( analyzer->Conn()->ConnTransport() == TRANSPORT_UDP )
{
/*
* Based on RFC 7828 (3.2.1/3.2.2), clients and servers MUST NOT
* negotiate TCP Keepalive timeout in DNS-over-UDP.
*/
analyzer->Weird("EDNS_TCP_Keepalive_In_UDP");
}
analyzer->EnqueueConnEvent(dns_EDNS_tcp_keepalive, analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildEDNS_TCP_KA_Val(&edns_tcp_keepalive));
}
else
{
// error. MUST BE 0 or 2 bytes. skip
data += option_len;
}
break;
} // END EDNS TCP KEEPALIVE
case TYPE_COOKIE:
{
EDNS_COOKIE cookie{};
if ( option_len != 8 && ! (option_len >= 16 && option_len <= 40) )
{
/*
* option length for DNS Cookie must be 8 bytes (with client cookie only)
* OR
* between 16 bytes to 40 bytes (with an 8 bytes client and an 8 to 32 bytes
* server cookie)
*/
data += option_len;
break;
}
int client_cookie_len = 8;
int server_cookie_len = option_len - client_cookie_len;
cookie.client_cookie = ExtractStream(data, client_cookie_len, client_cookie_len);
cookie.server_cookie = nullptr;
if ( server_cookie_len >= 8 )
{
cookie.server_cookie = ExtractStream(data, server_cookie_len,
server_cookie_len);
}
analyzer->EnqueueConnEvent(dns_EDNS_cookie, analyzer->ConnVal(), msg->BuildHdrVal(),
msg->BuildEDNS_COOKIE_Val(&cookie));
break;
} // END EDNS COOKIE
default:
{
data += option_len;
break;
}
} }
} }

3
src/analyzer/protocol/finger/Finger.cc
View file

@ -2,13 +2,14 @@
#include "zeek/analyzer/protocol/finger/Finger.h" #include "zeek/analyzer/protocol/finger/Finger.h"
#include "zeek/zeek-config.h"
#include <ctype.h> #include <ctype.h>
#include "zeek/Event.h" #include "zeek/Event.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
#include "zeek/analyzer/protocol/finger/events.bif.h" #include "zeek/analyzer/protocol/finger/events.bif.h"
#include "zeek/analyzer/protocol/tcp/ContentLine.h" #include "zeek/analyzer/protocol/tcp/ContentLine.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::finger namespace zeek::analyzer::finger
{ {

3
src/analyzer/protocol/ftp/FTP.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/ftp/FTP.h" #include "zeek/analyzer/protocol/ftp/FTP.h"
#include "zeek/zeek-config.h"
#include <stdlib.h> #include <stdlib.h>
#include "zeek/Base64.h" #include "zeek/Base64.h"
@ -12,7 +14,6 @@
#include "zeek/analyzer/Manager.h" #include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/ftp/events.bif.h" #include "zeek/analyzer/protocol/ftp/events.bif.h"
#include "zeek/analyzer/protocol/login/NVT.h" #include "zeek/analyzer/protocol/login/NVT.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::ftp namespace zeek::analyzer::ftp
{ {

3
src/analyzer/protocol/gnutella/Gnutella.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/gnutella/Gnutella.h" #include "zeek/analyzer/protocol/gnutella/Gnutella.h"
#include "zeek/zeek-config.h"
#include <ctype.h> #include <ctype.h>
#include <algorithm> #include <algorithm>
@ -10,7 +12,6 @@
#include "zeek/analyzer/Manager.h" #include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/gnutella/events.bif.h" #include "zeek/analyzer/protocol/gnutella/events.bif.h"
#include "zeek/analyzer/protocol/pia/PIA.h" #include "zeek/analyzer/protocol/pia/PIA.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::gnutella namespace zeek::analyzer::gnutella
{ {

88
src/analyzer/protocol/http/HTTP.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/http/HTTP.h" #include "zeek/analyzer/protocol/http/HTTP.h"
#include "zeek/zeek-config.h"
#include <ctype.h> #include <ctype.h>
#include <math.h> #include <math.h>
#include <stdlib.h> #include <stdlib.h>
@ -13,7 +15,6 @@
#include "zeek/analyzer/protocol/http/events.bif.h" #include "zeek/analyzer/protocol/http/events.bif.h"
#include "zeek/analyzer/protocol/mime/MIME.h" #include "zeek/analyzer/protocol/mime/MIME.h"
#include "zeek/file_analysis/Manager.h" #include "zeek/file_analysis/Manager.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::http namespace zeek::analyzer::http
{ {
@ -329,10 +330,10 @@ void HTTP_Entity::SubmitData(int len, const char* buf)
else else
{ {
if ( send_size && content_length > 0 ) if ( send_size && content_length > 0 )
precomputed_file_id = precomputed_file_id = file_mgr->SetSize(
file_mgr->SetSize(content_length, http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), content_length, http_message->MyHTTP_Analyzer()->GetAnalyzerTag(),
http_message->MyHTTP_Analyzer()->Conn(), http_message->IsOrig(), http_message->MyHTTP_Analyzer()->Conn(), http_message->IsOrig(),
precomputed_file_id); precomputed_file_id);
precomputed_file_id = file_mgr->DataIn(reinterpret_cast<const u_char*>(buf), len, precomputed_file_id = file_mgr->DataIn(reinterpret_cast<const u_char*>(buf), len,
http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), http_message->MyHTTP_Analyzer()->GetAnalyzerTag(),
@ -893,8 +894,8 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
const char* line = reinterpret_cast<const char*>(data); const char* line = reinterpret_cast<const char*>(data);
const char* end_of_line = line + len; const char* end_of_line = line + len;
analyzer::tcp::ContentLine_Analyzer* content_line = analyzer::tcp::ContentLine_Analyzer* content_line = is_orig ? content_line_orig
is_orig ? content_line_orig : content_line_resp; : content_line_resp;
if ( content_line->IsPlainDelivery() ) if ( content_line->IsPlainDelivery() )
{ {
@ -924,52 +925,51 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
switch ( request_state ) switch ( request_state )
{ {
case EXPECT_REQUEST_LINE: case EXPECT_REQUEST_LINE:
{
int res = HTTP_RequestLine(line, end_of_line);
if ( res < 0 )
return;
else if ( res > 0 )
{ {
int res = HTTP_RequestLine(line, end_of_line); ++num_requests;
if ( res < 0 ) if ( ! keep_alive && num_requests > 1 )
return; Weird("unexpected_multiple_HTTP_requests");
else if ( res > 0 ) request_state = EXPECT_REQUEST_MESSAGE;
{ request_ongoing = 1;
++num_requests; unanswered_requests.push(request_method);
HTTP_Request();
if ( ! keep_alive && num_requests > 1 ) InitHTTPMessage(content_line, request_message, is_orig, HTTP_BODY_MAYBE, len);
Weird("unexpected_multiple_HTTP_requests"); }
request_state = EXPECT_REQUEST_MESSAGE;
request_ongoing = 1;
unanswered_requests.push(request_method);
HTTP_Request();
InitHTTPMessage(content_line, request_message, is_orig, HTTP_BODY_MAYBE,
len);
}
else
{
if ( ! RequestExpected() )
HTTP_Event("crud_trailing_HTTP_request",
analyzer::mime::to_string_val(line, end_of_line));
else else
{ {
if ( ! RequestExpected() ) // We do see HTTP requests with a
HTTP_Event("crud_trailing_HTTP_request", // trailing EOL that's not accounted
analyzer::mime::to_string_val(line, end_of_line)); // for by the content-length. This
// will lead to a call to this method
// with len==0 while we are expecting
// a new request. Since HTTP servers
// handle such requests gracefully,
// we should do so as well.
if ( len == 0 )
Weird("empty_http_request");
else else
{ {
// We do see HTTP requests with a ProtocolViolation("not a http request line");
// trailing EOL that's not accounted request_state = EXPECT_REQUEST_NOTHING;
// for by the content-length. This
// will lead to a call to this method
// with len==0 while we are expecting
// a new request. Since HTTP servers
// handle such requests gracefully,
// we should do so as well.
if ( len == 0 )
Weird("empty_http_request");
else
{
ProtocolViolation("not a http request line");
request_state = EXPECT_REQUEST_NOTHING;
}
} }
} }
} }
}
break; break;
case EXPECT_REQUEST_MESSAGE: case EXPECT_REQUEST_MESSAGE:
@ -1063,8 +1063,8 @@ void HTTP_Analyzer::Undelivered(uint64_t seq, int len, bool is_orig)
HTTP_Message* msg = is_orig ? request_message : reply_message; HTTP_Message* msg = is_orig ? request_message : reply_message;
analyzer::tcp::ContentLine_Analyzer* content_line = analyzer::tcp::ContentLine_Analyzer* content_line = is_orig ? content_line_orig
is_orig ? content_line_orig : content_line_resp; : content_line_resp;
if ( ! content_line->IsSkippedContents(seq, len) ) if ( ! content_line->IsSkippedContents(seq, len) )
{ {

3
src/analyzer/protocol/ident/Ident.cc
View file

@ -2,13 +2,14 @@
#include "zeek/analyzer/protocol/ident/Ident.h" #include "zeek/analyzer/protocol/ident/Ident.h"
#include "zeek/zeek-config.h"
#include <ctype.h> #include <ctype.h>
#include "zeek/Event.h" #include "zeek/Event.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/ident/events.bif.h" #include "zeek/analyzer/protocol/ident/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::ident namespace zeek::analyzer::ident
{ {

62
src/analyzer/protocol/irc/IRC.cc
View file

@ -279,7 +279,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
make_intrusive<StringVal>(type.c_str()), make_intrusive<StringVal>(type.c_str()),
make_intrusive<StringVal>(channel.c_str()), std::move(set)); make_intrusive<StringVal>(channel.c_str()), std::move(set));
} }
break; break;
// Count of users and services on this server. // Count of users and services on this server.
case 255: case 255:
@ -456,38 +456,38 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
// RPL_TOPIC reply. // RPL_TOPIC reply.
case 332: case 332:
{ {
if ( ! irc_channel_topic ) if ( ! irc_channel_topic )
break;
vector<string> parts = SplitWords(params, ' ');
if ( parts.size() < 4 )
{
Weird("irc_invalid_topic_reply");
return;
}
unsigned int pos = params.find(':');
if ( pos < params.size() )
{
string topic = params.substr(pos + 1);
const char* t = topic.c_str();
if ( *t == ':' )
++t;
EnqueueConnEvent(irc_channel_topic, ConnVal(), val_mgr->Bool(orig),
make_intrusive<StringVal>(parts[1].c_str()),
make_intrusive<StringVal>(t));
}
else
{
Weird("irc_invalid_topic_reply");
return;
}
}
break; break;
vector<string> parts = SplitWords(params, ' ');
if ( parts.size() < 4 )
{
Weird("irc_invalid_topic_reply");
return;
}
unsigned int pos = params.find(':');
if ( pos < params.size() )
{
string topic = params.substr(pos + 1);
const char* t = topic.c_str();
if ( *t == ':' )
++t;
EnqueueConnEvent(irc_channel_topic, ConnVal(), val_mgr->Bool(orig),
make_intrusive<StringVal>(parts[1].c_str()),
make_intrusive<StringVal>(t));
}
else
{
Weird("irc_invalid_topic_reply");
return;
}
}
break;
// WHO reply line. // WHO reply line.
case 352: case 352:
{ {

4
src/analyzer/protocol/krb/KRB.h
View file

@ -2,10 +2,10 @@
#pragma once #pragma once
#include <mutex>
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
#include <mutex>
#ifdef USE_KRB5 #ifdef USE_KRB5
#include <krb5.h> #include <krb5.h>
#endif #endif

3
src/analyzer/protocol/login/Login.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/login/Login.h" #include "zeek/analyzer/protocol/login/Login.h"
#include "zeek/zeek-config.h"
#include <ctype.h> #include <ctype.h>
#include <stdlib.h> #include <stdlib.h>
@ -12,7 +14,6 @@
#include "zeek/Var.h" #include "zeek/Var.h"
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/login/events.bif.h" #include "zeek/analyzer/protocol/login/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::login namespace zeek::analyzer::login
{ {

36
src/analyzer/protocol/login/NVT.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/login/NVT.h" #include "zeek/analyzer/protocol/login/NVT.h"
#include "zeek/zeek-config.h"
#include <stdlib.h> #include <stdlib.h>
#include "zeek/Event.h" #include "zeek/Event.h"
@ -10,7 +12,6 @@
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/login/events.bif.h" #include "zeek/analyzer/protocol/login/events.bif.h"
#include "zeek/analyzer/protocol/tcp/TCP.h" #include "zeek/analyzer/protocol/tcp/TCP.h"
#include "zeek/zeek-config.h"
#define IS_3_BYTE_OPTION(c) (c >= 251 && c <= 254) #define IS_3_BYTE_OPTION(c) (c >= 251 && c <= 254)
@ -207,20 +208,19 @@ void TelnetAuthenticateOption::RecvSubOption(u_char* data, int len)
switch ( data[0] ) switch ( data[0] )
{ {
case HERE_IS_AUTHENTICATION: case HERE_IS_AUTHENTICATION:
{
TelnetAuthenticateOption* peer = (TelnetAuthenticateOption*)endp->FindPeerOption(code);
if ( ! peer )
{ {
TelnetAuthenticateOption* peer = reporter->AnalyzerError(
(TelnetAuthenticateOption*)endp->FindPeerOption(code); endp, "option peer missing in TelnetAuthenticateOption::RecvSubOption");
return;
if ( ! peer )
{
reporter->AnalyzerError(
endp, "option peer missing in TelnetAuthenticateOption::RecvSubOption");
return;
}
if ( ! peer->DidRequestAuthentication() )
InconsistentOption(0);
} }
if ( ! peer->DidRequestAuthentication() )
InconsistentOption(0);
}
break; break;
case SEND_ME_AUTHENTICATION: case SEND_ME_AUTHENTICATION:
@ -246,11 +246,11 @@ void TelnetAuthenticateOption::RecvSubOption(u_char* data, int len)
break; break;
case AUTHENTICATION_NAME: case AUTHENTICATION_NAME:
{ {
char* auth_name = new char[len]; char* auth_name = new char[len];
util::safe_strncpy(auth_name, (char*)data + 1, len); util::safe_strncpy(auth_name, (char*)data + 1, len);
endp->SetAuthName(auth_name); endp->SetAuthName(auth_name);
} }
break; break;
default: default:

3
src/analyzer/protocol/login/RSH.cc
View file

@ -2,11 +2,12 @@
#include "zeek/analyzer/protocol/login/RSH.h" #include "zeek/analyzer/protocol/login/RSH.h"
#include "zeek/zeek-config.h"
#include "zeek/Event.h" #include "zeek/Event.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/analyzer/protocol/login/events.bif.h" #include "zeek/analyzer/protocol/login/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::login namespace zeek::analyzer::login
{ {

3
src/analyzer/protocol/login/Rlogin.cc
View file

@ -2,11 +2,12 @@
#include "zeek/analyzer/protocol/login/Rlogin.h" #include "zeek/analyzer/protocol/login/Rlogin.h"
#include "zeek/zeek-config.h"
#include "zeek/Event.h" #include "zeek/Event.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/analyzer/protocol/login/events.bif.h" #include "zeek/analyzer/protocol/login/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::login namespace zeek::analyzer::login
{ {

3
src/analyzer/protocol/login/Telnet.cc
View file

@ -2,9 +2,10 @@
#include "zeek/analyzer/protocol/login/Telnet.h" #include "zeek/analyzer/protocol/login/Telnet.h"
#include "zeek/zeek-config.h"
#include "zeek/analyzer/protocol/login/NVT.h" #include "zeek/analyzer/protocol/login/NVT.h"
#include "zeek/analyzer/protocol/login/events.bif.h" #include "zeek/analyzer/protocol/login/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::login namespace zeek::analyzer::login
{ {

9
src/analyzer/protocol/mime/MIME.cc
View file

@ -1,12 +1,13 @@
#include "zeek/analyzer/protocol/mime/MIME.h" #include "zeek/analyzer/protocol/mime/MIME.h"
#include "zeek/zeek-config.h"
#include "zeek/Base64.h" #include "zeek/Base64.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/analyzer/protocol/mime/events.bif.h" #include "zeek/analyzer/protocol/mime/events.bif.h"
#include "zeek/digest.h" #include "zeek/digest.h"
#include "zeek/file_analysis/Manager.h" #include "zeek/file_analysis/Manager.h"
#include "zeek/zeek-config.h"
// Here are a few things to do: // Here are a few things to do:
// //
@ -1460,9 +1461,9 @@ void MIME_Mail::SubmitData(int len, const char* buf)
make_intrusive<StringVal>(data_len, data)); make_intrusive<StringVal>(data_len, data));
} }
cur_entity_id = cur_entity_id = file_mgr->DataIn(reinterpret_cast<const u_char*>(buf), len,
file_mgr->DataIn(reinterpret_cast<const u_char*>(buf), len, analyzer->GetAnalyzerTag(), analyzer->GetAnalyzerTag(), analyzer->Conn(), is_orig,
analyzer->Conn(), is_orig, cur_entity_id); cur_entity_id);
cur_entity_len += len; cur_entity_len += len;
buffer_start = (buf + len) - (char*)data_buffer->Bytes(); buffer_start = (buf + len) - (char*)data_buffer->Bytes();

3
src/analyzer/protocol/ncp/NCP.cc
View file

@ -2,13 +2,14 @@
#include "zeek/analyzer/protocol/ncp/NCP.h" #include "zeek/analyzer/protocol/ncp/NCP.h"
#include "zeek/zeek-config.h"
#include <stdlib.h> #include <stdlib.h>
#include <map> #include <map>
#include <string> #include <string>
#include "zeek/analyzer/protocol/ncp/consts.bif.h" #include "zeek/analyzer/protocol/ncp/consts.bif.h"
#include "zeek/analyzer/protocol/ncp/events.bif.h" #include "zeek/analyzer/protocol/ncp/events.bif.h"
#include "zeek/zeek-config.h"
using namespace std; using namespace std;

3
src/analyzer/protocol/netbios/NetbiosSSN.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/netbios/NetbiosSSN.h" #include "zeek/analyzer/protocol/netbios/NetbiosSSN.h"
#include "zeek/zeek-config.h"
#include <ctype.h> #include <ctype.h>
#include "zeek/Event.h" #include "zeek/Event.h"
@ -10,7 +12,6 @@
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/netbios/events.bif.h" #include "zeek/analyzer/protocol/netbios/events.bif.h"
#include "zeek/session/Manager.h" #include "zeek/session/Manager.h"
#include "zeek/zeek-config.h"
constexpr double netbios_ssn_session_timeout = 15.0; constexpr double netbios_ssn_session_timeout = 15.0;

20
src/analyzer/protocol/pia/PIA.cc
View file

@ -106,9 +106,9 @@ void PIA::PIA_DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t
if ( (pkt_buffer.state == BUFFERING || new_state == BUFFERING) && len > 0 ) if ( (pkt_buffer.state == BUFFERING || new_state == BUFFERING) && len > 0 )
{ {
AddToBuffer(&pkt_buffer, seq, len, data, is_orig, ip); AddToBuffer(&pkt_buffer, seq, len, data, is_orig, ip);
if ( pkt_buffer.size > zeek::detail::dpd_buffer_size || ++pkt_buffer.chunks > zeek::detail::dpd_max_packets ) if ( pkt_buffer.size > zeek::detail::dpd_buffer_size ||
new_state = zeek::detail::dpd_match_only_beginning ? ++pkt_buffer.chunks > zeek::detail::dpd_max_packets )
SKIPPING : MATCHING_ONLY; new_state = zeek::detail::dpd_match_only_beginning ? SKIPPING : MATCHING_ONLY;
} }
// FIXME: I'm not sure why it does not work with eol=true... // FIXME: I'm not sure why it does not work with eol=true...
@ -280,9 +280,9 @@ void PIA_TCP::DeliverStream(int len, const u_char* data, bool is_orig)
if ( stream_buffer.state == BUFFERING || new_state == BUFFERING ) if ( stream_buffer.state == BUFFERING || new_state == BUFFERING )
{ {
AddToBuffer(&stream_buffer, len, data, is_orig); AddToBuffer(&stream_buffer, len, data, is_orig);
if ( stream_buffer.size > zeek::detail::dpd_buffer_size || ++stream_buffer.chunks > zeek::detail::dpd_max_packets ) if ( stream_buffer.size > zeek::detail::dpd_buffer_size ||
new_state = zeek::detail::dpd_match_only_beginning ? ++stream_buffer.chunks > zeek::detail::dpd_max_packets )
SKIPPING : MATCHING_ONLY; new_state = zeek::detail::dpd_match_only_beginning ? SKIPPING : MATCHING_ONLY;
} }
DoMatch(data, len, is_orig, false, false, false, nullptr); DoMatch(data, len, is_orig, false, false, false, nullptr);
@ -382,11 +382,11 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const zeek::detail::Rule* rule
auto* tcp = static_cast<packet_analysis::TCP::TCPSessionAdapter*>(Parent()); auto* tcp = static_cast<packet_analysis::TCP::TCPSessionAdapter*>(Parent());
auto* reass_orig = auto* reass_orig = new tcp::TCP_Reassembler(this, tcp, tcp::TCP_Reassembler::Direct,
new tcp::TCP_Reassembler(this, tcp, tcp::TCP_Reassembler::Direct, tcp->Orig()); tcp->Orig());
auto* reass_resp = auto* reass_resp = new tcp::TCP_Reassembler(this, tcp, tcp::TCP_Reassembler::Direct,
new tcp::TCP_Reassembler(this, tcp, tcp::TCP_Reassembler::Direct, tcp->Resp()); tcp->Resp());
uint64_t orig_seq = 0; uint64_t orig_seq = 0;
uint64_t resp_seq = 0; uint64_t resp_seq = 0;

119
src/analyzer/protocol/pop3/POP3.cc
View file

@ -3,6 +3,8 @@
#include "zeek/analyzer/protocol/pop3/POP3.h" #include "zeek/analyzer/protocol/pop3/POP3.h"
#include "zeek/zeek-config.h"
#include <ctype.h> #include <ctype.h>
#include <string> #include <string>
#include <vector> #include <vector>
@ -11,7 +13,6 @@
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/analyzer/Manager.h" #include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/pop3/events.bif.h" #include "zeek/analyzer/protocol/pop3/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::pop3 namespace zeek::analyzer::pop3
{ {
@ -154,57 +155,57 @@ void POP3_Analyzer::ProcessRequest(int length, const char* line)
break; break;
case detail::AUTH_PLAIN: case detail::AUTH_PLAIN:
{
// Format: "authorization identity<NUL>authentication
// identity<NUL>password"
char* str = (char*)decoded->Bytes();
int len = decoded->Len();
char* end = str + len;
char* s;
char* e;
for ( s = str; s < end && *s; ++s )
;
++s;
for ( e = s; e < end && *e; ++e )
;
if ( e >= end )
{ {
// Format: "authorization identity<NUL>authentication Weird("pop3_malformed_auth_plain");
// identity<NUL>password" delete decoded;
char* str = (char*)decoded->Bytes(); return;
int len = decoded->Len();
char* end = str + len;
char* s;
char* e;
for ( s = str; s < end && *s; ++s )
;
++s;
for ( e = s; e < end && *e; ++e )
;
if ( e >= end )
{
Weird("pop3_malformed_auth_plain");
delete decoded;
return;
}
user = s;
s = e + 1;
if ( s >= end )
{
Weird("pop3_malformed_auth_plain");
delete decoded;
return;
}
password.assign(s, len - (s - str));
break;
} }
user = s;
s = e + 1;
if ( s >= end )
{
Weird("pop3_malformed_auth_plain");
delete decoded;
return;
}
password.assign(s, len - (s - str));
break;
}
case detail::AUTH_CRAM_MD5: case detail::AUTH_CRAM_MD5:
{ // Format: "user<space>password-hash" { // Format: "user<space>password-hash"
const char* s; const char* s;
const char* str = (char*)decoded->CheckString(); const char* str = (char*)decoded->CheckString();
for ( s = str; *s && *s != '\t' && *s != ' '; ++s ) for ( s = str; *s && *s != '\t' && *s != ' '; ++s )
; ;
user = std::string(str, s); user = std::string(str, s);
password = ""; password = "";
break; break;
} }
case detail::AUTH: case detail::AUTH:
break; break;
@ -584,10 +585,10 @@ void POP3_Analyzer::ProcessReply(int length, const char* line)
if ( multiLine == true ) if ( multiLine == true )
{ {
bool terminator = bool terminator = line[0] == '.' &&
line[0] == '.' && (length == 1 ||
(length == 1 || (length > 1 && (line[1] == '\n' || (length > 1 && (line[1] == '\n' ||
(length > 2 && line[1] == '\r' && line[2] == '\n')))); (length > 2 && line[1] == '\r' && line[2] == '\n'))));
if ( terminator ) if ( terminator )
{ {
@ -693,16 +694,16 @@ void POP3_Analyzer::ProcessReply(int length, const char* line)
case detail::TOP: case detail::TOP:
case detail::RETR: case detail::RETR:
{ {
int data_len = end_of_line - line; int data_len = end_of_line - line;
if ( ! mail ) if ( ! mail )
// ProcessReply is only called if orig == false // ProcessReply is only called if orig == false
BeginData(false); BeginData(false);
ProcessData(data_len, line); ProcessData(data_len, line);
if ( requestForMultiLine == true ) if ( requestForMultiLine == true )
multiLine = true; multiLine = true;
break; break;
} }
case detail::CAPA: case detail::CAPA:
ProtocolConfirmation(); ProtocolConfirmation();

3
src/analyzer/protocol/rpc/MOUNT.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/rpc/MOUNT.h" #include "zeek/analyzer/protocol/rpc/MOUNT.h"
#include "zeek/zeek-config.h"
#include <algorithm> #include <algorithm>
#include <vector> #include <vector>
@ -10,7 +12,6 @@
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/rpc/XDR.h" #include "zeek/analyzer/protocol/rpc/XDR.h"
#include "zeek/analyzer/protocol/rpc/events.bif.h" #include "zeek/analyzer/protocol/rpc/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::rpc namespace zeek::analyzer::rpc
{ {

3
src/analyzer/protocol/rpc/NFS.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/rpc/NFS.h" #include "zeek/analyzer/protocol/rpc/NFS.h"
#include "zeek/zeek-config.h"
#include <utility> #include <utility>
#include <vector> #include <vector>
@ -10,7 +12,6 @@
#include "zeek/ZeekString.h" #include "zeek/ZeekString.h"
#include "zeek/analyzer/protocol/rpc/XDR.h" #include "zeek/analyzer/protocol/rpc/XDR.h"
#include "zeek/analyzer/protocol/rpc/events.bif.h" #include "zeek/analyzer/protocol/rpc/events.bif.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::rpc namespace zeek::analyzer::rpc
{ {

51
src/analyzer/protocol/rpc/Portmap.cc
View file

@ -2,11 +2,12 @@
#include "zeek/analyzer/protocol/rpc/Portmap.h" #include "zeek/analyzer/protocol/rpc/Portmap.h"
#include "zeek/zeek-config.h"
#include "zeek/Event.h" #include "zeek/Event.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
#include "zeek/analyzer/protocol/rpc/XDR.h" #include "zeek/analyzer/protocol/rpc/XDR.h"
#include "zeek/analyzer/protocol/rpc/events.bif.h" #include "zeek/analyzer/protocol/rpc/events.bif.h"
#include "zeek/zeek-config.h"
#define PMAPPROC_NULL 0 #define PMAPPROC_NULL 0
#define PMAPPROC_SET 1 #define PMAPPROC_SET 1
@ -31,42 +32,42 @@ bool PortmapperInterp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n
break; break;
case PMAPPROC_SET: case PMAPPROC_SET:
{ {
auto m = ExtractMapping(buf, n); auto m = ExtractMapping(buf, n);
if ( ! m ) if ( ! m )
return false; return false;
c->AddVal(std::move(m)); c->AddVal(std::move(m));
} }
break; break;
case PMAPPROC_UNSET: case PMAPPROC_UNSET:
{ {
auto m = ExtractMapping(buf, n); auto m = ExtractMapping(buf, n);
if ( ! m ) if ( ! m )
return false; return false;
c->AddVal(std::move(m)); c->AddVal(std::move(m));
} }
break; break;
case PMAPPROC_GETPORT: case PMAPPROC_GETPORT:
{ {
auto pr = ExtractPortRequest(buf, n); auto pr = ExtractPortRequest(buf, n);
if ( ! pr ) if ( ! pr )
return false; return false;
c->AddVal(std::move(pr)); c->AddVal(std::move(pr));
} }
break; break;
case PMAPPROC_DUMP: case PMAPPROC_DUMP:
break; break;
case PMAPPROC_CALLIT: case PMAPPROC_CALLIT:
{ {
auto call_it = ExtractCallItRequest(buf, n); auto call_it = ExtractCallItRequest(buf, n);
if ( ! call_it ) if ( ! call_it )
return false; return false;
c->AddVal(std::move(call_it)); c->AddVal(std::move(call_it));
} }
break; break;
default: default:

108
src/analyzer/protocol/rpc/RPC.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/rpc/RPC.h" #include "zeek/analyzer/protocol/rpc/RPC.h"
#include "zeek/zeek-config.h"
#include <stdlib.h> #include <stdlib.h>
#include <string> #include <string>
@ -11,7 +13,6 @@
#include "zeek/analyzer/protocol/rpc/XDR.h" #include "zeek/analyzer/protocol/rpc/XDR.h"
#include "zeek/analyzer/protocol/rpc/events.bif.h" #include "zeek/analyzer/protocol/rpc/events.bif.h"
#include "zeek/session/Manager.h" #include "zeek/session/Manager.h"
#include "zeek/zeek-config.h"
namespace namespace
{ // local namespace { // local namespace
@ -68,8 +69,8 @@ RPC_CallInfo::RPC_CallInfo(uint32_t arg_xid, const u_char*& buf, int& n, double
stamp = extract_XDR_uint32(cred_opaque, cred_opaque_n); stamp = extract_XDR_uint32(cred_opaque, cred_opaque_n);
int machinename_n; int machinename_n;
constexpr auto max_machinename_len = 255; constexpr auto max_machinename_len = 255;
auto mnp = auto mnp = extract_XDR_opaque(cred_opaque, cred_opaque_n, machinename_n,
extract_XDR_opaque(cred_opaque, cred_opaque_n, machinename_n, max_machinename_len); max_machinename_len);
if ( ! mnp ) if ( ! mnp )
{ {
@ -635,74 +636,73 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig)
// no break. fall through // no break. fall through
case WAIT_FOR_MARKER: case WAIT_FOR_MARKER:
{
bool got_marker = marker_buf.ConsumeChunk(data, len);
if ( got_marker )
{ {
bool got_marker = marker_buf.ConsumeChunk(data, len); const u_char* dummy_p = marker_buf.GetBuf();
int dummy_len = (int)marker_buf.GetFill();
if ( got_marker ) // have full marker
marker = extract_XDR_uint32(dummy_p, dummy_len);
marker_buf.Init(4, 4);
if ( ! dummy_p )
{ {
const u_char* dummy_p = marker_buf.GetBuf(); reporter->AnalyzerError(this, "inconsistent RPC record marker extraction");
int dummy_len = (int)marker_buf.GetFill(); return;
// have full marker
marker = extract_XDR_uint32(dummy_p, dummy_len);
marker_buf.Init(4, 4);
if ( ! dummy_p )
{
reporter->AnalyzerError(this,
"inconsistent RPC record marker extraction");
return;
}
last_frag = (marker & 0x80000000) != 0;
marker &= 0x7fffffff;
// printf("%.6f %d marker= %u <> last_frag= %d <> expected=%llu <>
// processed= %llu <> len = %d\n", run_state::network_time, IsOrig(), marker,
//last_frag, msg_buf.GetExpected(), msg_buf.GetProcessed(), len);
if ( ! msg_buf.AddToExpected(marker) )
Conn()->Weird("RPC_message_too_long",
util::fmt("%" PRId64, msg_buf.GetExpected()));
if ( last_frag )
state = WAIT_FOR_LAST_DATA;
else
state = WAIT_FOR_DATA;
} }
last_frag = (marker & 0x80000000) != 0;
marker &= 0x7fffffff;
// printf("%.6f %d marker= %u <> last_frag= %d <> expected=%llu <>
// processed= %llu <> len = %d\n", run_state::network_time, IsOrig(),
// marker,
// last_frag, msg_buf.GetExpected(), msg_buf.GetProcessed(), len);
if ( ! msg_buf.AddToExpected(marker) )
Conn()->Weird("RPC_message_too_long",
util::fmt("%" PRId64, msg_buf.GetExpected()));
if ( last_frag )
state = WAIT_FOR_LAST_DATA;
else
state = WAIT_FOR_DATA;
} }
}
// Else remain in state. Haven't got the full 4 bytes // Else remain in state. Haven't got the full 4 bytes
// for the marker yet. // for the marker yet.
break; break;
case WAIT_FOR_DATA: case WAIT_FOR_DATA:
case WAIT_FOR_LAST_DATA: case WAIT_FOR_LAST_DATA:
{
bool got_all_data = msg_buf.ConsumeChunk(data, len);
if ( got_all_data )
{ {
bool got_all_data = msg_buf.ConsumeChunk(data, len); // Got all the data we expected. Now let's
// see whether there is another fragment
if ( got_all_data ) // coming or whether we just finished the
// last fragment.
if ( state == WAIT_FOR_LAST_DATA )
{ {
// Got all the data we expected. Now let's const u_char* dummy_p = msg_buf.GetBuf();
// see whether there is another fragment int dummy_len = (int)msg_buf.GetFill();
// coming or whether we just finished the
// last fragment.
if ( state == WAIT_FOR_LAST_DATA )
{
const u_char* dummy_p = msg_buf.GetBuf();
int dummy_len = (int)msg_buf.GetFill();
if ( ! interp->DeliverRPC(dummy_p, dummy_len, if ( ! interp->DeliverRPC(dummy_p, dummy_len, (int)msg_buf.GetExpected(),
(int)msg_buf.GetExpected(), IsOrig(), IsOrig(), start_time, last_time) )
start_time, last_time) ) Conn()->Weird("partial_RPC");
Conn()->Weird("partial_RPC");
state = WAIT_FOR_MESSAGE; state = WAIT_FOR_MESSAGE;
}
else
state = WAIT_FOR_MARKER;
} }
// Else remain in state. Haven't read all the data else
// yet. state = WAIT_FOR_MARKER;
} }
// Else remain in state. Haven't read all the data
// yet.
}
break; break;
} // end switch } // end switch
} // end while } // end while

3
src/analyzer/protocol/rpc/XDR.cc
View file

@ -2,11 +2,12 @@
#include "zeek/analyzer/protocol/rpc/XDR.h" #include "zeek/analyzer/protocol/rpc/XDR.h"
#include "zeek/zeek-config.h"
#include <string.h> #include <string.h>
#include <algorithm> #include <algorithm>
#include "zeek/analyzer/protocol/rpc/events.bif.h" #include "zeek/analyzer/protocol/rpc/events.bif.h"
#include "zeek/zeek-config.h"
uint32_t zeek::analyzer::rpc::extract_XDR_uint32(const u_char*& buf, int& len) uint32_t zeek::analyzer::rpc::extract_XDR_uint32(const u_char*& buf, int& len)
{ {

3
src/analyzer/protocol/smtp/SMTP.cc
View file

@ -2,6 +2,8 @@
#include "zeek/analyzer/protocol/smtp/SMTP.h" #include "zeek/analyzer/protocol/smtp/SMTP.h"
#include "zeek/zeek-config.h"
#include <stdlib.h> #include <stdlib.h>
#include "zeek/Event.h" #include "zeek/Event.h"
@ -9,7 +11,6 @@
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/analyzer/Manager.h" #include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/smtp/events.bif.h" #include "zeek/analyzer/protocol/smtp/events.bif.h"
#include "zeek/zeek-config.h"
#undef SMTP_CMD_DEF #undef SMTP_CMD_DEF
#define SMTP_CMD_DEF(cmd) #cmd, #define SMTP_CMD_DEF(cmd) #cmd,

24
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -42,14 +42,14 @@ TCP_Reassembler::TCP_Reassembler(analyzer::Analyzer* arg_dst_analyzer,
if ( ::tcp_contents ) if ( ::tcp_contents )
{ {
static auto tcp_content_delivery_ports_orig = static auto tcp_content_delivery_ports_orig = id::find_val<TableVal>(
id::find_val<TableVal>("tcp_content_delivery_ports_orig"); "tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp = static auto tcp_content_delivery_ports_resp = id::find_val<TableVal>(
id::find_val<TableVal>("tcp_content_delivery_ports_resp"); "tcp_content_delivery_ports_resp");
const auto& dst_port_val = const auto& dst_port_val = val_mgr->Port(ntohs(tcp_analyzer->Conn()->RespPort()),
val_mgr->Port(ntohs(tcp_analyzer->Conn()->RespPort()), TRANSPORT_TCP); TRANSPORT_TCP);
const auto& ports = const auto& ports = IsOrig() ? tcp_content_delivery_ports_orig
IsOrig() ? tcp_content_delivery_ports_orig : tcp_content_delivery_ports_resp; : tcp_content_delivery_ports_resp;
auto result = ports->FindOrDefault(dst_port_val); auto result = ports->FindOrDefault(dst_port_val);
if ( (IsOrig() && zeek::detail::tcp_content_deliver_all_orig) || if ( (IsOrig() && zeek::detail::tcp_content_deliver_all_orig) ||
@ -519,10 +519,10 @@ void TCP_Reassembler::AckReceived(uint64_t seq)
// Nothing to do. // Nothing to do.
return; return;
bool test_active = bool test_active = ! skip_deliveries && ! tcp_analyzer->Skipping() &&
! skip_deliveries && ! tcp_analyzer->Skipping() && (BifConst::report_gaps_for_partial ||
(BifConst::report_gaps_for_partial || (endp->state == TCP_ENDPOINT_ESTABLISHED && (endp->state == TCP_ENDPOINT_ESTABLISHED &&
endp->peer->state == TCP_ENDPOINT_ESTABLISHED)); endp->peer->state == TCP_ENDPOINT_ESTABLISHED));
uint64_t num_missing = TrimToSeq(seq); uint64_t num_missing = TrimToSeq(seq);

3
src/analyzer/protocol/zip/ZIP.h
View file

@ -2,10 +2,11 @@
#pragma once #pragma once
#include "zeek/zeek-config.h"
#include <zlib.h> #include <zlib.h>
#include "zeek/analyzer/protocol/tcp/TCP.h" #include "zeek/analyzer/protocol/tcp/TCP.h"
#include "zeek/zeek-config.h"
namespace zeek::analyzer::zip namespace zeek::analyzer::zip
{ {

364
src/broker/Data.cc
View file

@ -134,14 +134,14 @@ struct val_converter
case TYPE_STRING: case TYPE_STRING:
return make_intrusive<StringVal>(a.size(), a.data()); return make_intrusive<StringVal>(a.size(), a.data());
case TYPE_FILE: case TYPE_FILE:
{ {
auto file = File::Get(a.data()); auto file = File::Get(a.data());
if ( file ) if ( file )
return make_intrusive<FileVal>(std::move(file)); return make_intrusive<FileVal>(std::move(file));
return nullptr; return nullptr;
} }
default: default:
return nullptr; return nullptr;
} }
@ -364,8 +364,8 @@ struct val_converter
unsigned int pos = 0; unsigned int pos = 0;
for ( auto& item : a ) for ( auto& item : a )
{ {
auto item_val = auto item_val = data_to_val(move(item),
data_to_val(move(item), pure ? lt->GetPureType().get() : types[pos].get()); pure ? lt->GetPureType().get() : types[pos].get());
pos++; pos++;
if ( ! item_val ) if ( ! item_val )
@ -842,231 +842,231 @@ broker::expected<broker::data> val_to_data(const Val* v)
case TYPE_COUNT: case TYPE_COUNT:
return {v->AsCount()}; return {v->AsCount()};
case TYPE_PORT: case TYPE_PORT:
{ {
auto p = v->AsPortVal(); auto p = v->AsPortVal();
return {broker::port(p->Port(), to_broker_port_proto(p->PortType()))}; return {broker::port(p->Port(), to_broker_port_proto(p->PortType()))};
} }
case TYPE_ADDR: case TYPE_ADDR:
{ {
auto a = v->AsAddr(); auto a = v->AsAddr();
in6_addr tmp; in6_addr tmp;
a.CopyIPv6(&tmp); a.CopyIPv6(&tmp);
return {broker::address(reinterpret_cast<const uint32_t*>(&tmp), return {broker::address(reinterpret_cast<const uint32_t*>(&tmp),
broker::address::family::ipv6, broker::address::family::ipv6,
broker::address::byte_order::network)}; broker::address::byte_order::network)};
} }
break; break;
case TYPE_SUBNET: case TYPE_SUBNET:
{ {
auto s = v->AsSubNet(); auto s = v->AsSubNet();
in6_addr tmp; in6_addr tmp;
s.Prefix().CopyIPv6(&tmp); s.Prefix().CopyIPv6(&tmp);
auto a = broker::address(reinterpret_cast<const uint32_t*>(&tmp), auto a = broker::address(reinterpret_cast<const uint32_t*>(&tmp),
broker::address::family::ipv6, broker::address::family::ipv6,
broker::address::byte_order::network); broker::address::byte_order::network);
return {broker::subnet(std::move(a), s.Length())}; return {broker::subnet(std::move(a), s.Length())};
} }
break; break;
case TYPE_DOUBLE: case TYPE_DOUBLE:
return {v->AsDouble()}; return {v->AsDouble()};
case TYPE_TIME: case TYPE_TIME:
{ {
auto secs = broker::fractional_seconds{v->AsTime()}; auto secs = broker::fractional_seconds{v->AsTime()};
auto since_epoch = std::chrono::duration_cast<broker::timespan>(secs); auto since_epoch = std::chrono::duration_cast<broker::timespan>(secs);
return {broker::timestamp{since_epoch}}; return {broker::timestamp{since_epoch}};
} }
case TYPE_INTERVAL: case TYPE_INTERVAL:
{ {
auto secs = broker::fractional_seconds{v->AsInterval()}; auto secs = broker::fractional_seconds{v->AsInterval()};
return {std::chrono::duration_cast<broker::timespan>(secs)}; return {std::chrono::duration_cast<broker::timespan>(secs)};
} }
case TYPE_ENUM: case TYPE_ENUM:
{ {
auto enum_type = v->GetType()->AsEnumType(); auto enum_type = v->GetType()->AsEnumType();
auto enum_name = enum_type->Lookup(v->AsEnum()); auto enum_name = enum_type->Lookup(v->AsEnum());
return {broker::enum_value(enum_name ? enum_name : "<unknown enum>")}; return {broker::enum_value(enum_name ? enum_name : "<unknown enum>")};
} }
case TYPE_STRING: case TYPE_STRING:
{ {
auto s = v->AsString(); auto s = v->AsString();
return {string(reinterpret_cast<const char*>(s->Bytes()), s->Len())}; return {string(reinterpret_cast<const char*>(s->Bytes()), s->Len())};
} }
case TYPE_FILE: case TYPE_FILE:
return {string(v->AsFile()->Name())}; return {string(v->AsFile()->Name())};
case TYPE_FUNC: case TYPE_FUNC:
{
const Func* f = v->AsFunc();
std::string name(f->Name());
broker::vector rval;
rval.push_back(name);
if ( name.find("lambda_<") == 0 )
{ {
const Func* f = v->AsFunc(); // Only ScriptFuncs have closures.
std::string name(f->Name()); if ( auto b = dynamic_cast<const zeek::detail::ScriptFunc*>(f) )
broker::vector rval;
rval.push_back(name);
if ( name.find("lambda_<") == 0 )
{ {
// Only ScriptFuncs have closures. auto bc = b->SerializeClosure();
if ( auto b = dynamic_cast<const zeek::detail::ScriptFunc*>(f) ) if ( ! bc )
{
auto bc = b->SerializeClosure();
if ( ! bc )
return broker::ec::invalid_data;
rval.emplace_back(std::move(*bc));
}
else
{
reporter->InternalWarning("Closure with non-ScriptFunc");
return broker::ec::invalid_data; return broker::ec::invalid_data;
}
rval.emplace_back(std::move(*bc));
}
else
{
reporter->InternalWarning("Closure with non-ScriptFunc");
return broker::ec::invalid_data;
}
}
return {std::move(rval)};
}
case TYPE_TABLE:
{
auto is_set = v->GetType()->IsSet();
auto table = v->AsTable();
auto table_val = v->AsTableVal();
broker::data rval;
if ( is_set )
rval = broker::set();
else
rval = broker::table();
for ( const auto& te : *table )
{
auto hk = te.GetHashKey();
auto* entry = te.GetValue<TableEntryVal*>();
auto vl = table_val->RecreateIndex(*hk);
broker::vector composite_key;
composite_key.reserve(vl->Length());
for ( auto k = 0; k < vl->Length(); ++k )
{
auto key_part = val_to_data(vl->Idx(k).get());
if ( ! key_part )
return broker::ec::invalid_data;
composite_key.emplace_back(move(*key_part));
} }
return {std::move(rval)}; broker::data key;
}
case TYPE_TABLE: if ( composite_key.size() == 1 )
{ key = move(composite_key[0]);
auto is_set = v->GetType()->IsSet(); else
auto table = v->AsTable(); key = move(composite_key);
auto table_val = v->AsTableVal();
broker::data rval;
if ( is_set ) if ( is_set )
rval = broker::set(); caf::get<broker::set>(rval).emplace(move(key));
else else
rval = broker::table();
for ( const auto& te : *table )
{ {
auto hk = te.GetHashKey(); auto val = val_to_data(entry->GetVal().get());
auto* entry = te.GetValue<TableEntryVal*>();
auto vl = table_val->RecreateIndex(*hk); if ( ! val )
return broker::ec::invalid_data;
broker::vector composite_key; caf::get<broker::table>(rval).emplace(move(key), move(*val));
composite_key.reserve(vl->Length());
for ( auto k = 0; k < vl->Length(); ++k )
{
auto key_part = val_to_data(vl->Idx(k).get());
if ( ! key_part )
return broker::ec::invalid_data;
composite_key.emplace_back(move(*key_part));
}
broker::data key;
if ( composite_key.size() == 1 )
key = move(composite_key[0]);
else
key = move(composite_key);
if ( is_set )
caf::get<broker::set>(rval).emplace(move(key));
else
{
auto val = val_to_data(entry->GetVal().get());
if ( ! val )
return broker::ec::invalid_data;
caf::get<broker::table>(rval).emplace(move(key), move(*val));
}
} }
return {std::move(rval)};
} }
return {std::move(rval)};
}
case TYPE_VECTOR: case TYPE_VECTOR:
{
auto vec = v->AsVectorVal();
broker::vector rval;
rval.reserve(vec->Size());
for ( auto i = 0u; i < vec->Size(); ++i )
{ {
auto vec = v->AsVectorVal(); auto item_val = vec->ValAt(i);
broker::vector rval;
rval.reserve(vec->Size());
for ( auto i = 0u; i < vec->Size(); ++i ) if ( ! item_val )
{ continue;
auto item_val = vec->ValAt(i);
if ( ! item_val ) auto item = val_to_data(item_val.get());
continue;
auto item = val_to_data(item_val.get()); if ( ! item )
return broker::ec::invalid_data;
if ( ! item ) rval.emplace_back(move(*item));
return broker::ec::invalid_data;
rval.emplace_back(move(*item));
}
return {std::move(rval)};
} }
return {std::move(rval)};
}
case TYPE_LIST: case TYPE_LIST:
{
// We don't really support lists on the broker side.
// So we just pretend that it is a vector instead.
auto list = v->AsListVal();
broker::vector rval;
rval.reserve(list->Length());
for ( auto i = 0; i < list->Length(); ++i )
{ {
// We don't really support lists on the broker side. const auto& item_val = list->Idx(i);
// So we just pretend that it is a vector instead.
auto list = v->AsListVal();
broker::vector rval;
rval.reserve(list->Length());
for ( auto i = 0; i < list->Length(); ++i ) if ( ! item_val )
{ continue;
const auto& item_val = list->Idx(i);
if ( ! item_val ) auto item = val_to_data(item_val.get());
continue;
auto item = val_to_data(item_val.get()); if ( ! item )
return broker::ec::invalid_data;
if ( ! item ) rval.emplace_back(move(*item));
return broker::ec::invalid_data;
rval.emplace_back(move(*item));
}
return {std::move(rval)};
} }
return {std::move(rval)};
}
case TYPE_RECORD: case TYPE_RECORD:
{
auto rec = v->AsRecordVal();
broker::vector rval;
size_t num_fields = v->GetType()->AsRecordType()->NumFields();
rval.reserve(num_fields);
for ( size_t i = 0; i < num_fields; ++i )
{ {
auto rec = v->AsRecordVal(); auto item_val = rec->GetFieldOrDefault(i);
broker::vector rval;
size_t num_fields = v->GetType()->AsRecordType()->NumFields();
rval.reserve(num_fields);
for ( size_t i = 0; i < num_fields; ++i ) if ( ! item_val )
{ {
auto item_val = rec->GetFieldOrDefault(i); rval.emplace_back(broker::nil);
continue;
if ( ! item_val )
{
rval.emplace_back(broker::nil);
continue;
}
auto item = val_to_data(item_val.get());
if ( ! item )
return broker::ec::invalid_data;
rval.emplace_back(move(*item));
} }
return {std::move(rval)}; auto item = val_to_data(item_val.get());
if ( ! item )
return broker::ec::invalid_data;
rval.emplace_back(move(*item));
} }
return {std::move(rval)};
}
case TYPE_PATTERN: case TYPE_PATTERN:
{ {
const RE_Matcher* p = v->AsPattern(); const RE_Matcher* p = v->AsPattern();
broker::vector rval = {p->PatternText(), p->AnywherePatternText()}; broker::vector rval = {p->PatternText(), p->AnywherePatternText()};
return {std::move(rval)}; return {std::move(rval)};
} }
case TYPE_OPAQUE: case TYPE_OPAQUE:
{
auto c = v->AsOpaqueVal()->Serialize();
if ( ! c )
{ {
auto c = v->AsOpaqueVal()->Serialize(); reporter->Error("unsupported opaque type for serialization");
if ( ! c ) break;
{
reporter->Error("unsupported opaque type for serialization");
break;
}
return {c};
} }
return {c};
}
default: default:
reporter->Error("unsupported Broker::Data type: %s", type_name(v->GetType()->Tag())); reporter->Error("unsupported Broker::Data type: %s", type_name(v->GetType()->Tag()));
break; break;

40
src/broker/Manager.cc
View file

@ -376,8 +376,8 @@ void Manager::InitializeBrokerStoreForwarding()
if ( id->HasVal() && id->GetAttr(zeek::detail::ATTR_BACKEND) ) if ( id->HasVal() && id->GetAttr(zeek::detail::ATTR_BACKEND) )
{ {
const auto& attr = id->GetAttr(zeek::detail::ATTR_BACKEND); const auto& attr = id->GetAttr(zeek::detail::ATTR_BACKEND);
auto e = auto e = static_cast<BifEnum::Broker::BackendType>(
static_cast<BifEnum::Broker::BackendType>(attr->GetExpr()->Eval(nullptr)->AsEnum()); attr->GetExpr()->Eval(nullptr)->AsEnum());
auto storename = std::string("___sync_store_") + global.first; auto storename = std::string("___sync_store_") + global.first;
id->GetVal()->AsTableVal()->SetBrokerStore(storename); id->GetVal()->AsTableVal()->SetBrokerStore(storename);
AddForwardedStore(storename, cast_intrusive<TableVal>(id->GetVal())); AddForwardedStore(storename, cast_intrusive<TableVal>(id->GetVal()));
@ -739,8 +739,8 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int
std::string serial_data(data, len); std::string serial_data(data, len);
free(data); free(data);
auto v = auto v = log_topic_func->Invoke(IntrusivePtr{NewRef{}, stream},
log_topic_func->Invoke(IntrusivePtr{NewRef{}, stream}, make_intrusive<StringVal>(path)); make_intrusive<StringVal>(path));
if ( ! v ) if ( ! v )
{ {
@ -1024,22 +1024,22 @@ void Manager::DispatchMessage(const broker::topic& topic, broker::data msg)
break; break;
case broker::zeek::Message::Type::Batch: case broker::zeek::Message::Type::Batch:
{
broker::zeek::Batch batch(std::move(msg));
if ( ! batch.valid() )
{ {
broker::zeek::Batch batch(std::move(msg)); reporter->Warning("received invalid broker Batch: %s",
broker::to_string(batch).data());
if ( ! batch.valid() ) return;
{
reporter->Warning("received invalid broker Batch: %s",
broker::to_string(batch).data());
return;
}
for ( auto& i : batch.batch() )
DispatchMessage(topic, std::move(i));
break;
} }
for ( auto& i : batch.batch() )
DispatchMessage(topic, std::move(i));
break;
}
default: default:
// We ignore unknown types so that we could add more in the // We ignore unknown types so that we could add more in the
// future if we had too. // future if we had too.
@ -1176,7 +1176,7 @@ void Manager::ProcessStoreEventInsertUpdate(const TableValPtr& table, const std:
{ {
reporter->Error( reporter->Error(
"ProcessStoreEvent %s: could not convert key \"%s\" for store \"%s\" while receiving " "ProcessStoreEvent %s: could not convert key \"%s\" for store \"%s\" while receiving "
"remote data. This probably means the tables have different types on different nodes.", "remote data. This probably means the tables have different types on different nodes.",
type, to_string(key).c_str(), store_id.c_str()); type, to_string(key).c_str(), store_id.c_str());
return; return;
} }
@ -1797,8 +1797,8 @@ void Manager::BrokerStoreToZeekTable(const std::string& name, const detail::Stor
if ( its.size() == 1 ) if ( its.size() == 1 )
zeek_key = detail::data_to_val(key, its[0].get()); zeek_key = detail::data_to_val(key, its[0].get());
else else
zeek_key = zeek_key = detail::data_to_val(key,
detail::data_to_val(key, table->GetType()->AsTableType()->GetIndices().get()); table->GetType()->AsTableType()->GetIndices().get());
if ( ! zeek_key ) if ( ! zeek_key )
{ {

Some files were not shown because too many files have changed in this diff Show more