mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 16:18:19 +00:00
Move IP and IP tunnel code from Sessions into packet analyzers
This commit is contained in:
Tim Wojtulewicz
parent
69da2d7b1d
commit
1cf251d1ca
53 changed files with 1226 additions and 907 deletions
|
|
@ -4,6 +4,10 @@
|
|||
|
||||
#include "Analyzer.h"
|
||||
#include "Dispatcher.h"
|
||||
#include "zeek-bif.h"
|
||||
#include "Stats.h"
|
||||
#include "zeek/Sessions.h"
|
||||
#include "zeek/RunState.h"
|
||||
|
||||
using namespace zeek::packet_analysis;
|
||||
|
||||
|
|
@ -12,6 +16,11 @@ Manager::Manager()
|
|||
{
|
||||
}
|
||||
|
||||
Manager::~Manager()
|
||||
{
|
||||
delete pkt_profiler;
|
||||
}
|
||||
|
||||
void Manager::InitPostScript()
|
||||
{
|
||||
// Instantiate objects for all available analyzers
|
||||
|
|
@ -26,6 +35,13 @@ void Manager::InitPostScript()
|
|||
analyzer->Initialize();
|
||||
|
||||
root_analyzer = analyzers["Root"];
|
||||
|
||||
static auto pkt_profile_file = id::find_val("pkt_profile_file");
|
||||
|
||||
if ( detail::pkt_profile_mode && detail::pkt_profile_freq > 0 && pkt_profile_file )
|
||||
pkt_profiler = new detail::PacketProfiler(detail::pkt_profile_mode,
|
||||
detail::pkt_profile_freq,
|
||||
pkt_profile_file->AsFile());
|
||||
}
|
||||
|
||||
void Manager::Done()
|
||||
|
|
@ -69,9 +85,37 @@ void Manager::ProcessPacket(Packet* packet)
|
|||
static size_t counter = 0;
|
||||
DBG_LOG(DBG_PACKET_ANALYSIS, "Analyzing packet %ld, ts=%.3f...", ++counter, packet->time);
|
||||
#endif
|
||||
|
||||
zeek::detail::SegmentProfiler prof(detail::segment_logger, "dispatching-packet");
|
||||
if ( pkt_profiler )
|
||||
pkt_profiler->ProfilePkt(zeek::run_state::processing_start_time, packet->cap_len);
|
||||
|
||||
++num_packets_processed;
|
||||
|
||||
bool dumped_packet = false;
|
||||
if ( packet->dump_packet || zeek::detail::record_all_packets )
|
||||
{
|
||||
// TODO: should this stay in Session?
|
||||
sessions->DumpPacket(packet);
|
||||
dumped_packet = true;
|
||||
}
|
||||
|
||||
// Start packet analysis
|
||||
packet->l2_valid = root_analyzer->ForwardPacket(packet->cap_len, packet->data,
|
||||
packet, packet->link_type);
|
||||
|
||||
if ( raw_packet )
|
||||
event_mgr.Enqueue(raw_packet, packet->ToRawPktHdrVal());
|
||||
|
||||
// Check whether packet should be recorded based on session analysis
|
||||
if ( packet->dump_packet && ! dumped_packet )
|
||||
// TODO: should this stay in Session?
|
||||
sessions->DumpPacket(packet);
|
||||
}
|
||||
|
||||
bool Manager::ProcessInnerPacket(Packet* packet)
|
||||
{
|
||||
return root_analyzer->ForwardPacket(packet->cap_len, packet->data, packet, packet->link_type);
|
||||
}
|
||||
|
||||
AnalyzerPtr Manager::InstantiateAnalyzer(const Tag& tag)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue