Skip to content

Commit 94e1e57

Browse files
keithjjoneskeithjjones
authored
Merge pull request #3 from bbannier/topic/bbannier/zeek-6
Fix for building against zeek-6.x
2 parents 5bfe52d + 5fc9c90 commit 94e1e57

File tree

9 files changed

+89
-90
lines changed

9 files changed

+89
-90
lines changed

CMakeLists.txt

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
1-
2-
cmake_minimum_required(VERSION 3.0 FATAL_ERROR)
1+
cmake_minimum_required(VERSION 3.15 FATAL_ERROR)
32

43
project(ZeekPluginELF)
54

src/Plugin.cc

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,10 @@ namespace plugin { namespace Zeek_ELF { Plugin plugin; } }
66

77
using namespace plugin::Zeek_ELF;
88

9-
plugin::Configuration Plugin::Configure()
9+
zeek::plugin::Configuration Plugin::Configure()
1010
{
11-
AddComponent(new ::file_analysis::Component("ELF", ::file_analysis::ELF::Instantiate));
12-
plugin::Configuration config;
11+
AddComponent(new zeek::file_analysis::Component("ELF", ::file_analysis::ELF::Instantiate));
12+
zeek::plugin::Configuration config;
1313
config.name = "Zeek::ELF";
1414
config.description = "ELF File Analyzer";
1515
config.version.major = 0;

src/Plugin.h

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,16 +2,16 @@
22
#ifndef BRO_PLUGIN_BRO_ELF
33
#define BRO_PLUGIN_BRO_ELF
44

5-
#include <plugin/Plugin.h>
5+
#include <zeek/plugin/Plugin.h>
66

77
namespace plugin {
88
namespace Zeek_ELF {
99

10-
class Plugin : public ::plugin::Plugin
10+
class Plugin : public zeek::plugin::Plugin
1111
{
1212
protected:
1313
// Overridden from plugin::Plugin.
14-
plugin::Configuration Configure() override;
14+
zeek::plugin::Configuration Configure() override;
1515
};
1616

1717
extern Plugin plugin;

src/elf-analyzer.pac

Lines changed: 32 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
%extern{
2-
#include "Event.h"
3-
#include "file_analysis/File.h"
4-
#include "file_analysis/Manager.h"
2+
#include "zeek/Event.h"
3+
#include "zeek/file_analysis/Analyzer.h"
4+
#include "zeek/file_analysis/File.h"
5+
#include "zeek/file_analysis/Manager.h"
56
#include "events.bif.h"
67
#include "types.bif.h"
78
%}
@@ -21,32 +22,33 @@ refine flow File += {
2122
if ( file_elf_header )
2223
{
2324

24-
RecordVal* dh = new RecordVal(BifType::Record::Zeek::ELFHeader);
25-
dh->Assign(0, val_mgr->GetCount(${h.signature}));
26-
dh->Assign(1, val_mgr->GetCount(${h.cpu_class}));
27-
dh->Assign(2, val_mgr->GetCount(${h.endianness}));
28-
dh->Assign(3, val_mgr->GetCount(${h.ver}));
29-
dh->Assign(4, val_mgr->GetCount(${h.osabi}));
30-
dh->Assign(5, val_mgr->GetCount(${h.abiversion}));
31-
dh->Assign(6, new StringVal(${h.unused_1}.length(), (const char*) ${h.unused_1}.data()));
32-
dh->Assign(7, new StringVal(${h.file_type}.length(), (const char*) ${h.file_type}.data()));
33-
dh->Assign(8, new StringVal(${h.machine}.length(), (const char*) ${h.machine}.data()));
34-
dh->Assign(9, new StringVal(${h.version}.length(), (const char*) ${h.version}.data()));
35-
dh->Assign(10, new StringVal(${h.entry}.length(), (const char*) ${h.entry}.data()));
36-
dh->Assign(11, new StringVal(${h.phoff}.length(), (const char*) ${h.phoff}.data()));
37-
dh->Assign(12, new StringVal(${h.shoff}.length(), (const char*) ${h.shoff}.data()));
38-
dh->Assign(13, new StringVal(${h.flags}.length(), (const char*) ${h.flags}.data()));
39-
dh->Assign(14, new StringVal(${h.ehsize}.length(), (const char*) ${h.ehsize}.data()));
40-
dh->Assign(15, new StringVal(${h.phentsize}.length(), (const char*) ${h.phentsize}.data()));
41-
dh->Assign(16, new StringVal(${h.phnum}.length(), (const char*) ${h.phnum}.data()));
42-
dh->Assign(17, new StringVal(${h.shentsize}.length(), (const char*) ${h.shentsize}.data()));
43-
dh->Assign(18, new StringVal(${h.shnum}.length(), (const char*) ${h.shnum}.data()));
44-
dh->Assign(19, new StringVal(${h.shstrndx}.length(), (const char*) ${h.shstrndx}.data()));
45-
dh->Assign(20, new StringVal(${h.restofdata}.length(), (const char*) ${h.restofdata}.data()));
46-
47-
BifEvent::generate_file_elf_header((analyzer::Analyzer *) connection()->bro_analyzer(),
48-
connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
49-
dh);
25+
auto dh = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Zeek::ELFHeader);
26+
dh->Assign(0, zeek::val_mgr->Count(${h.signature}));
27+
dh->Assign(1, zeek::val_mgr->Count(${h.cpu_class}));
28+
dh->Assign(2, zeek::val_mgr->Count(${h.endianness}));
29+
dh->Assign(3, zeek::val_mgr->Count(${h.ver}));
30+
dh->Assign(4, zeek::val_mgr->Count(${h.osabi}));
31+
dh->Assign(5, zeek::val_mgr->Count(${h.abiversion}));
32+
dh->Assign(6, new zeek::StringVal(${h.unused_1}.length(), (const char*) ${h.unused_1}.data()));
33+
dh->Assign(7, new zeek::StringVal(${h.file_type}.length(), (const char*) ${h.file_type}.data()));
34+
dh->Assign(8, new zeek::StringVal(${h.machine}.length(), (const char*) ${h.machine}.data()));
35+
dh->Assign(9, new zeek::StringVal(${h.version}.length(), (const char*) ${h.version}.data()));
36+
dh->Assign(10, new zeek::StringVal(${h.entry}.length(), (const char*) ${h.entry}.data()));
37+
dh->Assign(11, new zeek::StringVal(${h.phoff}.length(), (const char*) ${h.phoff}.data()));
38+
dh->Assign(12, new zeek::StringVal(${h.shoff}.length(), (const char*) ${h.shoff}.data()));
39+
dh->Assign(13, new zeek::StringVal(${h.flags}.length(), (const char*) ${h.flags}.data()));
40+
dh->Assign(14, new zeek::StringVal(${h.ehsize}.length(), (const char*) ${h.ehsize}.data()));
41+
dh->Assign(15, new zeek::StringVal(${h.phentsize}.length(), (const char*) ${h.phentsize}.data()));
42+
dh->Assign(16, new zeek::StringVal(${h.phnum}.length(), (const char*) ${h.phnum}.data()));
43+
dh->Assign(17, new zeek::StringVal(${h.shentsize}.length(), (const char*) ${h.shentsize}.data()));
44+
dh->Assign(18, new zeek::StringVal(${h.shnum}.length(), (const char*) ${h.shnum}.data()));
45+
dh->Assign(19, new zeek::StringVal(${h.shstrndx}.length(), (const char*) ${h.shstrndx}.data()));
46+
dh->Assign(20, new zeek::StringVal(${h.restofdata}.length(), (const char*) ${h.restofdata}.data()));
47+
48+
zeek::BifEvent::enqueue_file_elf_header(
49+
dynamic_cast<zeek::analyzer::Analyzer*>(connection()->bro_analyzer()),
50+
connection()->bro_analyzer()->GetFile()->ToVal(),
51+
dh);
5052
}
5153

5254
return true;
@@ -55,4 +57,4 @@ refine flow File += {
5557

5658
refine typeattr ELF_Header += &let {
5759
proc : bool = $context.flow.proc_elf_header(this);
58-
};
60+
};

src/elf.cc

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,20 @@
11
#include "elf.h"
2-
#include "file_analysis/Manager.h"
2+
#include <zeek/analyzer/Analyzer.h>
33

44
using namespace file_analysis;
55

6-
ELF::ELF(RecordVal* args, File* file)
7-
: file_analysis::Analyzer(file_mgr->GetComponentTag("ELF"), args, file)
6+
ELF::ELF(zeek::RecordValPtr args, zeek::file_analysis::File* file)
7+
: zeek::file_analysis::Analyzer(zeek::file_mgr->GetComponentTag("ELF"), args, file)
88
{
99
conn = new binpac::ELF::MockConnection(this);
1010
interp = new binpac::ELF::File(conn);
1111
done = false;
1212

1313
if ( file_elf )
1414
{
15-
BifEvent::generate_file_elf((analyzer::Analyzer *) conn->bro_analyzer(),
16-
conn->bro_analyzer()->GetFile()->GetVal()->Ref());
15+
zeek::BifEvent::enqueue_file_elf(
16+
dynamic_cast<zeek::analyzer::Analyzer*>(conn->bro_analyzer()),
17+
conn->bro_analyzer()->GetFile()->ToVal());
1718
}
1819

1920
}

src/elf.h

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
#include <string>
44

5-
#include "Val.h"
5+
#include "zeek/file_analysis/Analyzer.h"
66
#include "events.bif.h"
77
#include "types.bif.h"
88
#include "elf_pac.h"
@@ -12,19 +12,19 @@ namespace file_analysis {
1212
/**
1313
* Analyze ELF files
1414
*/
15-
class ELF: public file_analysis::Analyzer {
15+
class ELF: public zeek::file_analysis::Analyzer {
1616
public:
1717
~ELF();
1818

19-
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
19+
static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, zeek::file_analysis::File* file)
2020
{ return new ELF(args, file); }
2121

2222
virtual bool DeliverStream(const u_char* data, uint64_t len);
2323

2424
virtual bool EndOfFile();
2525

2626
protected:
27-
ELF(RecordVal* args, File* file);
27+
ELF(zeek::RecordValPtr args, zeek::file_analysis::File* file);
2828
binpac::ELF::File* interp;
2929
binpac::ELF::MockConnection* conn;
3030
bool done;

src/elf.pac

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,3 @@
1-
%include binpac.pac
2-
%include bro.pac
3-
41
%extern{
52
#include "events.bif.h"
63
%}
@@ -10,7 +7,7 @@ analyzer ELF withcontext {
107
flow: File;
118
};
129

13-
connection MockConnection(bro_analyzer: BroFileAnalyzer) {
10+
connection MockConnection(bro_analyzer: zeek::file_analysis::Analyzer) {
1411
upflow = File;
1512
downflow = File;
1613
};

0 commit comments

Comments
 (0)