diff --git a/src/packet_analysis/protocol/icmp/ICMP.cc b/src/packet_analysis/protocol/icmp/ICMP.cc index 8ceba9cf3a..90d5e6b079 100644 --- a/src/packet_analysis/protocol/icmp/ICMP.cc +++ b/src/packet_analysis/protocol/icmp/ICMP.cc @@ -26,12 +26,6 @@ using namespace zeek::packet_analysis::ICMP; using namespace zeek::packet_analysis::IP; ICMPAnalyzer::ICMPAnalyzer() : IPBasedAnalyzer("ICMP", TRANSPORT_ICMP, ICMP_PORT_MASK, false) - { - // TODO: remove once the other plugins are done - new_plugin = true; - } - -ICMPAnalyzer::~ICMPAnalyzer() { } diff --git a/src/packet_analysis/protocol/icmp/ICMP.h b/src/packet_analysis/protocol/icmp/ICMP.h index e6f6f67f3c..2ba00134c8 100644 --- a/src/packet_analysis/protocol/icmp/ICMP.h +++ b/src/packet_analysis/protocol/icmp/ICMP.h @@ -23,7 +23,7 @@ class ICMPSessionAdapter; class ICMPAnalyzer final : public IP::IPBasedAnalyzer { public: ICMPAnalyzer(); - ~ICMPAnalyzer() override; + ~ICMPAnalyzer() override = default; static zeek::packet_analysis::AnalyzerPtr Instantiate() { diff --git a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc index 8dd34e5e51..0b2c05fcfa 100644 --- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc +++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc @@ -81,62 +81,35 @@ bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt conn->EnqueueEvent(new_packet, nullptr, conn->GetVal(), pkt_hdr_val ? std::move(pkt_hdr_val) : ip_hdr->ToPktHdrVal()); - if ( new_plugin ) + conn->SetRecordPackets(true); + conn->SetRecordContents(true); + + const u_char* payload = pkt->ip_hdr->Payload(); + + run_state::current_timestamp = run_state::processing_start_time; + run_state::current_pkt = pkt; + + // TODO: Does this actually mean anything? + if ( conn->Skipping() ) + return true; + + DeliverPacket(conn, run_state::processing_start_time, is_orig, len, pkt); + + run_state::current_timestamp = 0; + run_state::current_pkt = nullptr; + + // If the packet is reassembled, disable packet dumping because the + // pointer math to dump the data wouldn't work. + if ( pkt->ip_hdr->reassembled ) + pkt->dump_packet = false; + else if ( conn->RecordPackets() ) { - conn->SetRecordPackets(true); - conn->SetRecordContents(true); + pkt->dump_packet = true; - const u_char* data = pkt->ip_hdr->Payload(); - - run_state::current_timestamp = run_state::processing_start_time; - run_state::current_pkt = pkt; - - // TODO: Does this actually mean anything? - if ( conn->Skipping() ) - return true; - - DeliverPacket(conn, run_state::processing_start_time, is_orig, len, pkt); - - run_state::current_timestamp = 0; - run_state::current_pkt = nullptr; - - // If the packet is reassembled, disable packet dumping because the - // pointer math to dump the data wouldn't work. - if ( pkt->ip_hdr->reassembled ) - pkt->dump_packet = false; - else if ( conn->RecordPackets() ) - { - pkt->dump_packet = true; - - // If we don't want the content, set the dump size to include just - // the header. - if ( ! conn->RecordContents() ) - pkt->dump_size = data - pkt->data; - } - } - else - { - int record_packet = 1; // whether to record the packet at all - int record_content = 1; // whether to record its data - - const u_char* data = pkt->ip_hdr->Payload(); - - conn->NextPacket(run_state::processing_start_time, is_orig, ip_hdr.get(), ip_hdr->PayloadLen(), - len, data, record_packet, record_content, pkt); - - // If the packet is reassembled, disable packet dumping because the - // pointer math to dump the data wouldn't work. - if ( ip_hdr->reassembled ) - pkt->dump_packet = false; - else if ( record_packet ) - { - pkt->dump_packet = true; - - // If we don't want the content, set the dump size to include just - // the header. - if ( ! record_content ) - pkt->dump_size = data - pkt->data; - } + // If we don't want the content, set the dump size to include just + // the header. + if ( ! conn->RecordContents() ) + pkt->dump_size = payload - pkt->data; } return true; @@ -196,12 +169,7 @@ zeek::Connection* IPBasedAnalyzer::NewConn(const ConnTuple* id, const detail::Co if ( flip ) conn->FlipRoles(); - if ( ! BuildSessionAnalyzerTree(conn) ) - { - conn->Done(); - Unref(conn); - return nullptr; - } + BuildSessionAnalyzerTree(conn); if ( new_connection ) conn->Event(new_connection, nullptr); @@ -209,7 +177,7 @@ zeek::Connection* IPBasedAnalyzer::NewConn(const ConnTuple* id, const detail::Co return conn; } -bool IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn) +void IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn) { SessionAdapter* root = MakeSessionAdapter(conn); analyzer::pia::PIA* pia = MakePIA(conn); @@ -253,9 +221,6 @@ bool IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn) root->InitChildren(); PLUGIN_HOOK_VOID(HOOK_SETUP_ANALYZER_TREE, HookSetupAnalyzerTree(conn)); - - // TODO: temporary - return true; } bool IPBasedAnalyzer::RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port) diff --git a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h index a7b865bdad..7ff54a4f09 100644 --- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h +++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h @@ -152,10 +152,6 @@ protected: */ bool IsLikelyServerPort(uint32_t port) const; - - // TODO: temporary, until all of the plugins are implemented - bool new_plugin = false; - private: // While this is storing session analyzer tags, we store it here since packet analyzers @@ -178,7 +174,7 @@ private: zeek::Connection* NewConn(const ConnTuple* id, const detail::ConnKey& key, const Packet* pkt); - bool BuildSessionAnalyzerTree(Connection* conn); + void BuildSessionAnalyzerTree(Connection* conn); TransportProto transport; uint32_t server_port_mask; diff --git a/src/packet_analysis/protocol/tcp/TCP.cc b/src/packet_analysis/protocol/tcp/TCP.cc index ab66c469b4..17f862a8a1 100644 --- a/src/packet_analysis/protocol/tcp/TCP.cc +++ b/src/packet_analysis/protocol/tcp/TCP.cc @@ -15,12 +15,6 @@ using namespace zeek::packet_analysis::IP; constexpr int32_t TOO_LARGE_SEQ_DELTA = 1048576; TCPAnalyzer::TCPAnalyzer() : IPBasedAnalyzer("TCP", TRANSPORT_TCP, TCP_PORT_MASK, false) - { - // TODO: remove once the other plugins are done - new_plugin = true; - } - -TCPAnalyzer::~TCPAnalyzer() { } diff --git a/src/packet_analysis/protocol/tcp/TCP.h b/src/packet_analysis/protocol/tcp/TCP.h index c2217f9953..e2e36ae45c 100644 --- a/src/packet_analysis/protocol/tcp/TCP.h +++ b/src/packet_analysis/protocol/tcp/TCP.h @@ -17,7 +17,7 @@ class TCPSessionAdapter; class TCPAnalyzer final : public IP::IPBasedAnalyzer { public: TCPAnalyzer(); - ~TCPAnalyzer() override; + ~TCPAnalyzer() override = default; static zeek::packet_analysis::AnalyzerPtr Instantiate() { diff --git a/src/packet_analysis/protocol/udp/UDP.cc b/src/packet_analysis/protocol/udp/UDP.cc index ffb2693e9d..6f9a001212 100644 --- a/src/packet_analysis/protocol/udp/UDP.cc +++ b/src/packet_analysis/protocol/udp/UDP.cc @@ -24,12 +24,6 @@ enum UDP_EndpointState { }; UDPAnalyzer::UDPAnalyzer() : IPBasedAnalyzer("UDP", TRANSPORT_UDP, UDP_PORT_MASK, false) - { - // TODO: remove once the other plugins are done - new_plugin = true; - } - -UDPAnalyzer::~UDPAnalyzer() { } diff --git a/src/packet_analysis/protocol/udp/UDP.h b/src/packet_analysis/protocol/udp/UDP.h index 9310c89506..f8d20e1c25 100644 --- a/src/packet_analysis/protocol/udp/UDP.h +++ b/src/packet_analysis/protocol/udp/UDP.h @@ -12,7 +12,7 @@ namespace zeek::packet_analysis::UDP { class UDPAnalyzer final : public IP::IPBasedAnalyzer { public: UDPAnalyzer(); - ~UDPAnalyzer() override; + ~UDPAnalyzer() override = default; static zeek::packet_analysis::AnalyzerPtr Instantiate() {