mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Remove encap_hdr_size (replaced by skip analyzer).
This commit is contained in:
Jan Grashoefer
Tim Wojtulewicz
parent
aa4506ad06
commit
0925b3bbec
5 changed files with 0 additions and 58 deletions
|
|
@ -1225,10 +1225,6 @@ const rpc_timeout = 24 sec &redef;
|
|||
## means "forever", which resists evasion, but can lead to state accrual.
|
||||
const frag_timeout = 0.0 sec &redef;
|
||||
|
||||
## If positive, indicates the encapsulation header size that should
|
||||
## be skipped. This applies to all packets.
|
||||
const encap_hdr_size = 0 &redef;
|
||||
|
||||
## Whether to use the ``ConnSize`` analyzer to count the number of packets and
|
||||
## IP-level bytes transferred by each endpoint. If true, these values are
|
||||
## returned in the connection's :zeek:see:`endpoint` record value.
|
||||
|
|
|
|||
|
|
@ -113,8 +113,6 @@ int partial_connection_ok;
|
|||
int tcp_SYN_ack_ok;
|
||||
int tcp_match_undelivered;
|
||||
|
||||
int encap_hdr_size;
|
||||
|
||||
double frag_timeout;
|
||||
|
||||
double tcp_SYN_timeout;
|
||||
|
|
@ -261,8 +259,6 @@ void init_net_var()
|
|||
tcp_SYN_ack_ok = id::find_val("tcp_SYN_ack_ok")->AsBool();
|
||||
tcp_match_undelivered = id::find_val("tcp_match_undelivered")->AsBool();
|
||||
|
||||
encap_hdr_size = id::find_val("encap_hdr_size")->AsCount();
|
||||
|
||||
frag_timeout = id::find_val("frag_timeout")->AsInterval();
|
||||
|
||||
tcp_SYN_timeout = id::find_val("tcp_SYN_timeout")->AsInterval();
|
||||
|
|
@ -365,7 +361,6 @@ int& ignore_checksums = zeek::detail::ignore_checksums;
|
|||
int& partial_connection_ok = zeek::detail::partial_connection_ok;
|
||||
int& tcp_SYN_ack_ok = zeek::detail::tcp_SYN_ack_ok;
|
||||
int& tcp_match_undelivered = zeek::detail::tcp_match_undelivered;
|
||||
int& encap_hdr_size = zeek::detail::encap_hdr_size;
|
||||
double& frag_timeout = zeek::detail::frag_timeout;
|
||||
double& tcp_SYN_timeout = zeek::detail::tcp_SYN_timeout;
|
||||
double& tcp_session_timer = zeek::detail::tcp_session_timer;
|
||||
|
|
|
|||
|
|
@ -17,8 +17,6 @@ extern int partial_connection_ok;
|
|||
extern int tcp_SYN_ack_ok;
|
||||
extern int tcp_match_undelivered;
|
||||
|
||||
extern int encap_hdr_size;
|
||||
|
||||
extern double frag_timeout;
|
||||
|
||||
extern double tcp_SYN_timeout;
|
||||
|
|
@ -117,7 +115,6 @@ extern int& ignore_checksums [[deprecated("Remove in v4.1. Use zeek::detail::ign
|
|||
extern int& partial_connection_ok [[deprecated("Remove in v4.1. Use zeek::detail::partial_connection_ok.")]];
|
||||
extern int& tcp_SYN_ack_ok [[deprecated("Remove in v4.1. Use zeek::detail::tcp_SYN_ack_ok.")]];
|
||||
extern int& tcp_match_undelivered [[deprecated("Remove in v4.1. Use zeek::detail::tcp_match_undelivered.")]];
|
||||
extern int& encap_hdr_size [[deprecated("Remove in v4.1. Use zeek::detail::encap_hdr_size.")]];
|
||||
extern double& frag_timeout [[deprecated("Remove in v4.1. Use zeek::detail::frag_timeout.")]];
|
||||
extern double& tcp_SYN_timeout [[deprecated("Remove in v4.1. Use zeek::detail::tcp_SYN_timeout.")]];
|
||||
extern double& tcp_session_timer [[deprecated("Remove in v4.1. Use zeek::detail::tcp_session_timer.")]];
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
#include "Manager.h"
|
||||
|
||||
#include "NetVar.h"
|
||||
#include "Analyzer.h"
|
||||
#include "Dispatcher.h"
|
||||
|
||||
|
|
@ -132,8 +131,6 @@ void Manager::ProcessPacket(Packet* packet)
|
|||
}
|
||||
|
||||
auto result = analyzer->Analyze(packet, data);
|
||||
if (result == AnalyzerResult::Terminate)
|
||||
CustomEncapsulationSkip(packet, data);
|
||||
|
||||
// Calculate header size after processing packet layers.
|
||||
packet->hdr_size = static_cast<uint32_t>(data - packet->data);
|
||||
|
|
@ -177,36 +174,3 @@ AnalyzerPtr Manager::InstantiateAnalyzer(const std::string& name)
|
|||
Tag tag = GetComponentTag(name);
|
||||
return tag ? InstantiateAnalyzer(tag) : nullptr;
|
||||
}
|
||||
|
||||
void Manager::CustomEncapsulationSkip(Packet* packet, const uint8_t* data)
|
||||
{
|
||||
if ( zeek::detail::encap_hdr_size > 0 )
|
||||
{
|
||||
// Blanket encapsulation. We assume that what remains is IP.
|
||||
if ( data + zeek::detail::encap_hdr_size + sizeof(struct ip) >= packet->GetEndOfData() )
|
||||
{
|
||||
packet->Weird("no_ip_left_after_encap");
|
||||
return;
|
||||
}
|
||||
|
||||
data += zeek::detail::encap_hdr_size;
|
||||
|
||||
auto ip = (const struct ip*)data;
|
||||
|
||||
switch ( ip->ip_v )
|
||||
{
|
||||
case 4:
|
||||
packet->l3_proto = L3_IPV4;
|
||||
break;
|
||||
case 6:
|
||||
packet->l3_proto = L3_IPV6;
|
||||
break;
|
||||
default:
|
||||
{
|
||||
// Neither IPv4 nor IPv6.
|
||||
packet->Weird("no_ip_in_encap");
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -89,16 +89,6 @@ private:
|
|||
*/
|
||||
AnalyzerPtr InstantiateAnalyzer(const std::string& name);
|
||||
|
||||
/**
|
||||
* Skips a fixed amount of packet data that is defined by encap_hdr_size.
|
||||
* It is assumed that an IP header follows.
|
||||
*
|
||||
* @param packet The packet to adapt.
|
||||
*
|
||||
* @param data Pointer to remaining payload.
|
||||
*/
|
||||
void CustomEncapsulationSkip(Packet* packet, const uint8_t* data);
|
||||
|
||||
std::map<std::string, AnalyzerPtr> analyzers;
|
||||
Dispatcher root_dispatcher;
|
||||
AnalyzerPtr default_analyzer = nullptr;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue