Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Move IP and IP tunnel code from Sessions into packet analyzers

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-09-23 16:17:06 -07:00
parent 69da2d7b1d
commit 1cf251d1ca
53 changed files with 1226 additions and 907 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/iosource/Packet.cc
View file

@ -45,7 +45,6 @@ void Packet::Init(int arg_link_type, pkt_timeval *arg_ts, uint32_t arg_caplen,
else
data = arg_data;
session_analysis = false;
dump_packet = false;
time = ts.tv_sec + double(ts.tv_usec) / 1e6;
@ -75,9 +74,9 @@ const IP_Hdr Packet::IP() const
return IP_Hdr((struct ip *) (data + hdr_size), false);
}
void Packet::Weird(const char* name)
void Packet::Weird(const char* name, const EncapsulationStack* encap)
{
sessions->Weird(name, this);
sessions->Weird(name, this, encap);
}
RecordValPtr Packet::ToRawPktHdrVal() const

21
src/iosource/Packet.h
View file

@ -2,10 +2,11 @@
#include "zeek-config.h"
#include <string>
#include <stdint.h>
#include <sys/types.h> // for u_char
#include <string>
#include <map>
#include <any>
#if defined(__OpenBSD__)
#include <net/bpf.h>
@ -18,6 +19,7 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(ODesc, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(EncapsulationStack, zeek);
namespace zeek {
@ -207,19 +209,18 @@ public:
*/
bool l3_checksummed;
/**
* Indicates whether the packet should be processed by zeek's
* session analysis in NetSessions.
*/
bool session_analysis;
/**
* Indicates whether this packet should be recorded.
*/
mutable bool dump_packet;
// Wrapper to generate a packet-level weird. Has to be public for packet analyzers to use it.
void Weird(const char* name);
/**
* Key/value store for use by the packet analyzers to pass information between them.
*/
std::map<std::string, std::any> key_store;
// Wrapper to generate a packet-level weird. Has to be public for llanalyzers to use it.
void Weird(const char* name, const EncapsulationStack* encap = nullptr);
private:
// Renders an MAC address into its ASCII representation.

17
src/iosource/PktSrc.cc
View file

@ -162,22 +162,7 @@ void PktSrc::Process()
if ( ! ExtractNextPacketInternal() )
return;
// This is set here to avoid having to pass the packet source down into the processing
// methods unnecessarily.
run_state::detail::current_iosrc = this;
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
run_state::detail::current_pktsrc = this;
#pragma GCC diagnostic pop
packet_mgr->ProcessPacket(&current_packet);
run_state::detail::dispatch_packet(&current_packet);
run_state::detail::current_iosrc = nullptr;
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
run_state::detail::current_pktsrc = nullptr;
#pragma GCC diagnostic pop
run_state::detail::dispatch_packet(&current_packet, this);
have_packet = false;
DoneWithPacket();