Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 13:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Working unified2 analyzer.

Browse source 
- No output by default yet.  Most of the activity is centered
   around generating the Unified2::alert event which ties together
   an IDSEvent and a packet.
This commit is contained in:
Seth Hall 2013-08-12 14:57:12 -04:00
parent 48a190276a
commit 091c8f3ebc
11 changed files with 282 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/file_analysis/analyzer/unified2/Unified2.cc
View file

@ -1,7 +1,5 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include <string>
#include "Unified2.h"
#include "file_analysis/Manager.h"
@ -15,6 +13,7 @@ Unified2::Unified2(RecordVal* args, File* file)
Unified2::~Unified2()
{
delete interp;
}
file_analysis::Analyzer* Unified2::Instantiate(RecordVal* args, File* file)
@ -24,6 +23,15 @@ file_analysis::Analyzer* Unified2::Instantiate(RecordVal* args, File* file)
bool Unified2::DeliverStream(const u_char* data, uint64 len)
{
interp->NewData(true, data, data+len);
try
{
interp->NewData(true, data, data + len);
}
catch ( const binpac::Exception& e )
{
printf("Binpac exception: %s\n", e.c_msg());
return false;
}
return true;
}