Avoid deprecation warnings with Zeek >= 4.2.

Also includes a bug fix triggering an internal error when no `{protocol,analyzer}_confirmation` event handler is defined. Also add Zeek 4.2 to CI.
zeek · Apr 19, 2022 · f8fde8d · f8fde8d
1 parent c9ca2d9
commit f8fde8d
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 10 deletions.
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -16,6 +16,9 @@ zkg_ubuntu_task:
       - docker_arguments:
         - ZEEK_LTS: 1
         - ZEEK_VERSION: 4.0.3-0
+      - docker_arguments:
+        - ZEEK_LTS:
+        - ZEEK_VERSION: 4.2.0-0
     cpu: 2
     memory: 8G
 

diff --git a/ci/Dockerfile b/ci/Dockerfile
@@ -30,12 +30,11 @@ RUN apt-get update \
     https://download.zeek.org/binary-packages/xUbuntu_20.04/amd64/zeek${ZEEK_LTS}-core-dev_${ZEEK_VERSION}_amd64.deb \
     https://download.zeek.org/binary-packages/xUbuntu_20.04/amd64/libbroker${ZEEK_LTS}-dev_${ZEEK_VERSION}_amd64.deb \
     https://download.zeek.org/binary-packages/xUbuntu_20.04/amd64/zeek${ZEEK_LTS}-libcaf-dev_${ZEEK_VERSION}_amd64.deb \
- && if echo ${ZEEK_VERSION} | grep -q '^4\.'; then \
+    https://download.zeek.org/binary-packages/xUbuntu_20.04/amd64/zeek${ZEEK_LTS}-btest_${ZEEK_VERSION}_amd64.deb \
+    https://download.zeek.org/binary-packages/xUbuntu_20.04/amd64/zeek${ZEEK_LTS}-zkg_${ZEEK_VERSION}_amd64.deb \
+ && if echo ${ZEEK_VERSION} | grep -vq '^4\.0'; then \
         curl -L --remote-name-all \
-        https://download.zeek.org/binary-packages/xUbuntu_20.04/amd64/zeek${ZEEK_LTS}-btest_${ZEEK_VERSION}_amd64.deb \
-        https://download.zeek.org/binary-packages/xUbuntu_20.04/amd64/zeek${ZEEK_LTS}-zkg_${ZEEK_VERSION}_amd64.deb; \
-    else \
-        pip3 install --no-cache-dir "btest>=0.66" zkg; \
+        https://download.zeek.org/binary-packages/xUbuntu_20.04/amd64/zeek${ZEEK_LTS}-btest-data_${ZEEK_VERSION}_amd64.deb; \
     fi \
  && dpkg -i ./*.deb \
  && cd - \

diff --git a/include/zeek-compat.h b/include/zeek-compat.h
@@ -113,6 +113,26 @@ class PacketAnalysisTag : public ::zeek::Tag {
 
 namespace spicy::zeek::compat {
 
+#if ZEEK_VERSION_NUMBER >= 40200 // Zeek >= 4.2
+inline auto Analyzer_AnalyzerConfirmation(::zeek::analyzer::Analyzer* analyzer, ::zeek::Tag tag) {
+    analyzer->AnalyzerConfirmation(tag);
+}
+
+inline auto Analyzer_AnalyzerViolation(::zeek::analyzer::Analyzer* analyzer, const char* reason,
+                                       const char* data = nullptr, int len = 0) {
+    analyzer->AnalyzerViolation(reason, data, len);
+}
+#else
+inline auto Analyzer_AnalyzerConfirmation(::zeek::analyzer::Analyzer* analyzer, ::zeek::analyzer::Tag tag) {
+    analyzer->ProtocolConfirmation(tag);
+}
+
+inline auto Analyzer_AnalyzerViolation(::zeek::analyzer::Analyzer* analyzer, const char* reason,
+                                       const char* data = nullptr, int len = 0) {
+    analyzer->ProtocolViolation(reason, data, len);
+}
+#endif
+
 #if ZEEK_VERSION_NUMBER >= 40100 // Zeek >= 4.1
 inline auto Connection_ConnVal(::zeek::Connection* c) { return c->GetVal(); }
 #else

diff --git a/src/runtime-support.cc b/src/runtime-support.cc
@@ -174,8 +174,11 @@ std::string rt::uid() {
     auto cookie = static_cast<Cookie*>(hilti::rt::context::cookie());
     assert(cookie);
 
-    if ( auto c = std::get_if<cookie::ProtocolAnalyzer>(cookie) )
+    if ( auto c = std::get_if<cookie::ProtocolAnalyzer>(cookie) ) {
+        // Retrieve the ConnVal() so that we ensure the UID has been set.
+        c->analyzer->ConnVal();
         return c->analyzer->Conn()->GetUID().Base62("C");
+    }
     else
         throw ValueUnavailable("uid() not available in current context");
 }
@@ -248,7 +251,7 @@ void rt::confirm_protocol() {
 
     if ( auto x = std::get_if<cookie::ProtocolAnalyzer>(cookie) ) {
         auto tag = OurPlugin->tagForProtocolAnalyzer(x->analyzer->GetAnalyzerTag());
-        return x->analyzer->ProtocolConfirmation(tag);
+        return ::spicy::zeek::compat::Analyzer_AnalyzerConfirmation(x->analyzer, tag);
     }
     else
         throw ValueUnavailable("no current connection available");
@@ -259,7 +262,7 @@ void rt::reject_protocol(const std::string& reason) {
     assert(cookie);
 
     if ( auto x = std::get_if<cookie::ProtocolAnalyzer>(cookie) )
-        return x->analyzer->ProtocolViolation(reason.c_str());
+        return ::spicy::zeek::compat::Analyzer_AnalyzerViolation(x->analyzer, reason.c_str());
     else
         throw ValueUnavailable("no current connection available");
 }

diff --git a/tests/zeek/replaces.zeek b/tests/zeek/replaces.zeek
@@ -6,7 +6,11 @@ event ssh::banner(c: connection, is_orig: bool, version: string, software: strin
 	print "SSH banner", c$id, is_orig, version, software;
 	}
 
+@if ( Version::number >= 40200 )
+event analyzer_confirmation(c: connection, atype: AllAnalyzers::Tag, aid: count)
+@else
 event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count)
+@endif
     {
     print atype, aid;
     }

diff --git a/tests/zeek/ssh-banner.zeek b/tests/zeek/ssh-banner.zeek
@@ -10,15 +10,23 @@ event ssh::banner(c: connection, is_orig: bool, version: string, software: strin
 	print "SSH banner", c$id, is_orig, version, software;
 	}
 
+@if ( Version::number >= 40200 )
+event analyzer_confirmation(c: connection, atype: AllAnalyzers::Tag, aid: count)
+@else
 event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count)
+@endif
 	{
-    if ( atype == Analyzer::ANALYZER_SPICY_SSH )
+	if ( atype == Analyzer::ANALYZER_SPICY_SSH )
 	    print "confirm", atype;
 	}
 
+@if ( Version::number >= 40200 )
+event analyzer_violation(c: connection, atype: AllAnalyzers::Tag, aid: count, reason: string)
+@else
 event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count, reason: string)
+@endif
 	{
-    if ( atype == Analyzer::ANALYZER_SPICY_SSH )
+	if ( atype == Analyzer::ANALYZER_SPICY_SSH )
 	    print "violation", atype;
 	}