Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 21:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
13120 commits 387 branches 198 tags 286 MiB
Commit graph

246 commits

Author SHA1 Message Date
Jan Grashoefer
8d834a1d89 Packet analysis cleanup. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
38337d799b Improve packet analysis data flow. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
90eb97876f Improve packet analyzer API. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
96d0e11bb8 Move cur_pos from packet into packet manager loop. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
e53ec46c23 Renamed LL-Analyzers to Packet Analyzers. 2020-09-23 11:13:28 -07:00
Peter Oettig
b2e6c9ac9a Initial implementation of Lower-Level analyzers 2020-09-23 11:13:25 -07:00
Jon Siwek
427a7de411 Merge remote-tracking branch 'origin/topic/timw/266-namespaces-part5' 
- Did a few whitespace re-adjustments during merge

* origin/topic/timw/266-namespaces-part5:
  Update plugin btests for namespace changes
  Plugins: Clean up explicit uses of namespaces in places where they're not necessary.
  Base: Clean up explicit uses of namespaces in places where they're not necessary.
 2020-08-25 19:51:42 -07:00
Tim Wojtulewicz
fe0c22c789 Base: Clean up explicit uses of namespaces in places where they're not necessary. 
This commit covers all of the common and base classes.
 2020-08-24 12:07:00 -07:00
Jon Siwek
bcef1fc871 Fix a case where PktSrc gets processed twice in one runloop iteration 
For a non-live PktSrc, it had a special-case to be considered "ready"
every iteration, but additionally every 1 in 100 iterations (the polling
frequency), if there were no other "ready" IOSources, it would get added
to the "ready" set a 2nd time.

This commit completely excludes PktSrc from being processed during the
1/100 runloop iteration where a Poll() happens.  That exclusion is
desirable for a second reason: if reading a pcap happens to do its final
Process() during that 1/100 polling-iteration and there's other
IOSources ready to process like EventMgr/TimerMgr, those sources have
logic to advance network-time to current-time if a PktSrc is no longer
open.  So in such a case, PktSrc::Process() closes, then
EventMgr::Process() sees there's no longer an active PktSrc and advances
to current-time, then EventMgr::Drain() happens and may dispatch
various events that were previous scheduled, with those events now
unexpectedly seeing a network_time() returning current-time.
 2020-08-21 10:26:36 -07:00
Tim Wojtulewicz
54215ab9cd Rename methods in RunState to remove 'net' from their names 2020-08-20 16:11:47 -07:00
Tim Wojtulewicz
0ac3fafe13 Move zeek::net namespace to zeek::run_state namespace. 
This also moves all of the code from Net.{h,cc} to RunState.{h,cc} and marks Net.h as deprecated
 2020-08-20 16:11:47 -07:00
Tim Wojtulewicz
a34e632eef Move NetVar from zeek to zeek::detail namespace 2020-08-20 16:11:46 -07:00
Tim Wojtulewicz
4b61d60e80 Fix indentation of namespaced aliases 2020-08-20 16:11:46 -07:00
Tim Wojtulewicz
6b60a20360 Move all plugin classes into zeek::plugin::detail namespaces 2020-08-20 16:11:46 -07:00
Tim Wojtulewicz
8d2d867a65 Move everything in util.h to zeek::util namespace. 
This commit includes renaming a number of methods prefixed with bro_ to be prefixed with zeek_.
 2020-08-20 16:00:33 -07:00
Tim Wojtulewicz
e7c6d51ae7 Move the functions and variables in Net.h to the zeek::net namespace. This includes moving network_time out of util.h. 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
be92bd536f Move iosource code to zeek namespaces 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
e3ee1860b8 Move Session code to namespaces 2020-07-31 16:25:54 -04:00
Tim Wojtulewicz
4e9a5e9d98 Move ODesc to zeek namespace 2020-07-31 16:25:54 -04:00
Tim Wojtulewicz
886fc102b8 Move DebugLogger to zeek namespaces 2020-07-31 16:23:34 -04:00
Tim Wojtulewicz
93948b4d19 Move all of the Packet-related classes to namespaces 2020-07-31 16:23:34 -04:00
Tim Wojtulewicz
45b5a98420 Move EventMgr, EventHandler, and EventRegistry code to zeek namespace. Rename mgr to event_mgr. 2020-07-31 16:23:32 -04:00
Tim Wojtulewicz
bfab224d7c Move Reporter to zeek namespace 2020-07-31 16:22:41 -04:00
Tim Wojtulewicz
25c0fc7ab2 Move IP Addr/Prefix/Header classes into namespaces 2020-07-31 16:22:04 -04:00
Tim Wojtulewicz
834b76f94f Restore globally-namespaced plugin_mgr variable, move zeek::plugin::plugin_mgr to zeek::plugin_mgr 2020-07-31 16:22:04 -04:00
Tim Wojtulewicz
118605f4ac Add deprecated version of EnumType::GetVal() to returns EnumVal*, rename IntrusivePtr version to GetEnumVal 2020-07-15 14:56:05 -07:00
Tim Wojtulewicz
86fdf0eaa9 Mark global val_mgr as deprecated and fix uses of it to use namespaced version 2020-07-02 16:15:00 -07:00
Tim Wojtulewicz
d6f1ea16ac Move Func and associated classes into zeek::detail namespace 2020-06-30 20:51:58 -07:00
Tim Wojtulewicz
64332ca22c Move all Val classes to the zeek namespaces 2020-06-30 20:48:09 -07:00
Tim Wojtulewicz
ec9eff0bd5 Use type aliases for IntrusivePtr definitions 2020-06-30 20:37:30 -07:00
Tim Wojtulewicz
9364e6a5b7 Move IntrusivePtr and utility methods to the zeek namespace 2020-06-30 20:19:12 -07:00
Tim Wojtulewicz
b1b1ec5171 Deprecate plugin::HookType and plugin::component::Type in a different way 2020-06-30 13:38:39 -07:00
Jon Siwek
6cec268e43 Merge remote-tracking branch 'origin/topic/jsiwek/gh-977-improve-pcap-error-handling' 
* origin/topic/jsiwek/gh-977-improve-pcap-error-handling:
  Compare pcap_next_ex() result to PCAP_ERROR/PCAP_ERROR_BREAK
  GH-977: Improve pcap error handling
  Remove not-useful code in iosource::Manager::OpenPktSrc
 2020-06-11 23:22:19 -07:00
Tim Wojtulewicz
149e3b3c32 Disable some deprecation diagnostics for GCC 
Clang automatically disables deprecation warnings for types used within
already-deprecated contexts, such as if you use a deprecated type inside
of a method that's beeen marked as deprecated. GCC doesn't have this
feature so it spews a lot more warnings. These functions are now wrapped
in pragmas that disable the warnings for the usage.
 2020-06-11 15:43:11 -07:00
Jon Siwek
65ae4d732a Compare pcap_next_ex() result to PCAP_ERROR/PCAP_ERROR_BREAK 2020-06-11 15:01:06 -07:00
Tim Wojtulewicz
ed13972924 Move Type types to zeek namespace 2020-06-09 17:20:45 -07:00
Jon Siwek
2000e2a424 GH-977: Improve pcap error handling 
Switches from pcap_next() to pcap_next_ex() to better handle all error
conditions.  This allows, for example, to have a non-zero exit code for
a Zeek process that fails to fully process all packets in a pcap file.
 2020-06-08 18:11:58 -07:00
Jon Siwek
4f011a65f4 Remove not-useful code in iosource::Manager::OpenPktSrc 
It's generally expected for a PktSrc to not be Open yet right after
instantiation, but rather from InitSource() called during the
registration process.  Besides that, the logic in question would
potentially replace an error message that is useful/detailed with one
that is not.
 2020-06-08 18:02:44 -07:00
Tim Wojtulewicz
4a1b39a2be Move Flare/Pipe from the bro namespace to zeek::detail 2020-06-03 15:16:19 -07:00
Tim Wojtulewicz
7a5dae4354 Mark all of the aliased classes in plugin/Plugin.h deprecated, and fix all of the plugins that were using them 2020-06-03 15:16:18 -07:00
Tim Wojtulewicz
e77e8c4b7b Move all of the base plugin classes into the zeek::plugin namespace 2020-06-03 15:16:18 -07:00
Jon Siwek
f3d160d034 Deprecate RecordVal::Assign(int, Val*) 
And adapt all usages to the existing overload taking IntrusivePtr.
 2020-05-19 15:44:15 -07:00
Jon Siwek
4debad8caf Switch zeek:🆔:lookup to zeek:🆔:find 
For parity with Scope since it now uses Find instead of Lookup
 2020-05-14 18:00:18 -07:00
Jon Siwek
0db5c920f2 Deprecate names in BifConst, replace with zeek::BifConst 
Some Val* types are also replaced with IntrusivePtr at the new location
 2020-05-14 17:26:00 -07:00
Jon Siwek
eedeb07550 Deprecate all BroType* in BifType:: namespace 
Replaced with equivalently named IntrusivePtr in zeek::BifType::
 2020-05-14 17:25:35 -07:00
Jon Siwek
a5762c12cc Move various elements into ID.h and zeek::id namespace 
* A handful of generic/useful/common global type pointers that used
  to be in NetVar.h

* Lookup functions that used to be Var.h
 2020-05-14 17:24:20 -07:00
Jon Siwek
9210d443d3 Trim the list of "global type pointers" from NetVar.h further 
Most of them are deprecated now, with usage sites now doing the lookup
themselves.
 2020-05-14 17:23:20 -07:00
Jon Siwek
c0986f0739 Deprecate global type pointers in NetVar.h 
There's analogous IntrusivePtrs in zeek::vars
 2020-05-14 17:23:20 -07:00
Jon Siwek
61649d5da7 Deprecate various IP/packet header Val-building methods 
And supply new alternatives that use IntrusivePtr
 2020-05-14 17:18:00 -07:00
Tim Wojtulewicz
2c8d0f60da Ensure time continues moving forward if a pcap source is suspended 2020-05-01 12:36:57 -07:00