Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Remove some code from IPBasedAnalyzer and children that was waiting for TCP to be implemented

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-05-24 15:44:37 -07:00
parent 4114bbebf0
commit 08fb5d76ee
8 changed files with 33 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/packet_analysis/protocol/icmp/ICMP.cc
View file

@ -26,12 +26,6 @@ using namespace zeek::packet_analysis::ICMP;
using namespace zeek::packet_analysis::IP; using namespace zeek::packet_analysis::IP;
ICMPAnalyzer::ICMPAnalyzer() : IPBasedAnalyzer("ICMP", TRANSPORT_ICMP, ICMP_PORT_MASK, false) ICMPAnalyzer::ICMPAnalyzer() : IPBasedAnalyzer("ICMP", TRANSPORT_ICMP, ICMP_PORT_MASK, false)
{
// TODO: remove once the other plugins are done
new_plugin = true;
}
ICMPAnalyzer::~ICMPAnalyzer()
{ {
} }

2
src/packet_analysis/protocol/icmp/ICMP.h
View file

@ -23,7 +23,7 @@ class ICMPSessionAdapter;
class ICMPAnalyzer final : public IP::IPBasedAnalyzer { class ICMPAnalyzer final : public IP::IPBasedAnalyzer {
public: public:
ICMPAnalyzer(); ICMPAnalyzer();
~ICMPAnalyzer() override; ~ICMPAnalyzer() override = default;
static zeek::packet_analysis::AnalyzerPtr Instantiate() static zeek::packet_analysis::AnalyzerPtr Instantiate()
{ {

43
src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc
View file

@ -81,12 +81,10 @@ bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt
conn->EnqueueEvent(new_packet, nullptr, conn->GetVal(), conn->EnqueueEvent(new_packet, nullptr, conn->GetVal(),
pkt_hdr_val ? std::move(pkt_hdr_val) : ip_hdr->ToPktHdrVal()); pkt_hdr_val ? std::move(pkt_hdr_val) : ip_hdr->ToPktHdrVal());
if ( new_plugin )
{
conn->SetRecordPackets(true); conn->SetRecordPackets(true);
conn->SetRecordContents(true); conn->SetRecordContents(true);
const u_char* data = pkt->ip_hdr->Payload(); const u_char* payload = pkt->ip_hdr->Payload();
run_state::current_timestamp = run_state::processing_start_time; run_state::current_timestamp = run_state::processing_start_time;
run_state::current_pkt = pkt; run_state::current_pkt = pkt;
@ -111,32 +109,7 @@ bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt
// If we don't want the content, set the dump size to include just // If we don't want the content, set the dump size to include just
// the header. // the header.
if ( ! conn->RecordContents() ) if ( ! conn->RecordContents() )
pkt->dump_size = data - pkt->data; pkt->dump_size = payload - pkt->data;
}
}
else
{
int record_packet = 1; // whether to record the packet at all
int record_content = 1; // whether to record its data
const u_char* data = pkt->ip_hdr->Payload();
conn->NextPacket(run_state::processing_start_time, is_orig, ip_hdr.get(), ip_hdr->PayloadLen(),
len, data, record_packet, record_content, pkt);
// If the packet is reassembled, disable packet dumping because the
// pointer math to dump the data wouldn't work.
if ( ip_hdr->reassembled )
pkt->dump_packet = false;
else if ( record_packet )
{
pkt->dump_packet = true;
// If we don't want the content, set the dump size to include just
// the header.
if ( ! record_content )
pkt->dump_size = data - pkt->data;
}
} }
return true; return true;
@ -196,12 +169,7 @@ zeek::Connection* IPBasedAnalyzer::NewConn(const ConnTuple* id, const detail::Co
if ( flip ) if ( flip )
conn->FlipRoles(); conn->FlipRoles();
if ( ! BuildSessionAnalyzerTree(conn) ) BuildSessionAnalyzerTree(conn);
{
conn->Done();
Unref(conn);
return nullptr;
}
if ( new_connection ) if ( new_connection )
conn->Event(new_connection, nullptr); conn->Event(new_connection, nullptr);
@ -209,7 +177,7 @@ zeek::Connection* IPBasedAnalyzer::NewConn(const ConnTuple* id, const detail::Co
return conn; return conn;
} }
bool IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn) void IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn)
{ {
SessionAdapter* root = MakeSessionAdapter(conn); SessionAdapter* root = MakeSessionAdapter(conn);
analyzer::pia::PIA* pia = MakePIA(conn); analyzer::pia::PIA* pia = MakePIA(conn);
@ -253,9 +221,6 @@ bool IPBasedAnalyzer::BuildSessionAnalyzerTree(Connection* conn)
root->InitChildren(); root->InitChildren();
PLUGIN_HOOK_VOID(HOOK_SETUP_ANALYZER_TREE, HookSetupAnalyzerTree(conn)); PLUGIN_HOOK_VOID(HOOK_SETUP_ANALYZER_TREE, HookSetupAnalyzerTree(conn));
// TODO: temporary
return true;
} }
bool IPBasedAnalyzer::RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port) bool IPBasedAnalyzer::RegisterAnalyzerForPort(const analyzer::Tag& tag, uint32_t port)

6
src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
View file

@ -152,10 +152,6 @@ protected:
*/ */
bool IsLikelyServerPort(uint32_t port) const; bool IsLikelyServerPort(uint32_t port) const;
// TODO: temporary, until all of the plugins are implemented
bool new_plugin = false;
private: private:
// While this is storing session analyzer tags, we store it here since packet analyzers // While this is storing session analyzer tags, we store it here since packet analyzers
@ -178,7 +174,7 @@ private:
zeek::Connection* NewConn(const ConnTuple* id, const detail::ConnKey& key, zeek::Connection* NewConn(const ConnTuple* id, const detail::ConnKey& key,
const Packet* pkt); const Packet* pkt);
bool BuildSessionAnalyzerTree(Connection* conn); void BuildSessionAnalyzerTree(Connection* conn);
TransportProto transport; TransportProto transport;
uint32_t server_port_mask; uint32_t server_port_mask;

6
src/packet_analysis/protocol/tcp/TCP.cc
View file

@ -15,12 +15,6 @@ using namespace zeek::packet_analysis::IP;
constexpr int32_t TOO_LARGE_SEQ_DELTA = 1048576; constexpr int32_t TOO_LARGE_SEQ_DELTA = 1048576;
TCPAnalyzer::TCPAnalyzer() : IPBasedAnalyzer("TCP", TRANSPORT_TCP, TCP_PORT_MASK, false) TCPAnalyzer::TCPAnalyzer() : IPBasedAnalyzer("TCP", TRANSPORT_TCP, TCP_PORT_MASK, false)
{
// TODO: remove once the other plugins are done
new_plugin = true;
}
TCPAnalyzer::~TCPAnalyzer()
{ {
} }

2
src/packet_analysis/protocol/tcp/TCP.h
View file

@ -17,7 +17,7 @@ class TCPSessionAdapter;
class TCPAnalyzer final : public IP::IPBasedAnalyzer { class TCPAnalyzer final : public IP::IPBasedAnalyzer {
public: public:
TCPAnalyzer(); TCPAnalyzer();
~TCPAnalyzer() override; ~TCPAnalyzer() override = default;
static zeek::packet_analysis::AnalyzerPtr Instantiate() static zeek::packet_analysis::AnalyzerPtr Instantiate()
{ {

6
src/packet_analysis/protocol/udp/UDP.cc
View file

@ -24,12 +24,6 @@ enum UDP_EndpointState {
}; };
UDPAnalyzer::UDPAnalyzer() : IPBasedAnalyzer("UDP", TRANSPORT_UDP, UDP_PORT_MASK, false) UDPAnalyzer::UDPAnalyzer() : IPBasedAnalyzer("UDP", TRANSPORT_UDP, UDP_PORT_MASK, false)
{
// TODO: remove once the other plugins are done
new_plugin = true;
}
UDPAnalyzer::~UDPAnalyzer()
{ {
} }

2
src/packet_analysis/protocol/udp/UDP.h
View file

@ -12,7 +12,7 @@ namespace zeek::packet_analysis::UDP {
class UDPAnalyzer final : public IP::IPBasedAnalyzer { class UDPAnalyzer final : public IP::IPBasedAnalyzer {
public: public:
UDPAnalyzer(); UDPAnalyzer();
~UDPAnalyzer() override; ~UDPAnalyzer() override = default;
static zeek::packet_analysis::AnalyzerPtr Instantiate() static zeek::packet_analysis::AnalyzerPtr Instantiate()
{ {