Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Move IP and IP tunnel code from Sessions into packet analyzers

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-09-23 16:17:06 -07:00
parent 69da2d7b1d
commit 1cf251d1ca
53 changed files with 1226 additions and 907 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/packet_analysis/protocol/ip/IP.h
View file

@ -2,15 +2,18 @@
#pragma once
#include <packet_analysis/Analyzer.h>
#include <packet_analysis/Component.h>
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
#include "zeek/Frag.h"
ZEEK_FORWARD_DECLARE_NAMESPACED(Discarder, zeek::detail);
namespace zeek::packet_analysis::IP {
class IPAnalyzer : public Analyzer {
public:
IPAnalyzer();
~IPAnalyzer() override = default;
~IPAnalyzer() override;
bool AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) override;
@ -18,6 +21,15 @@ public:
{
return std::make_shared<IPAnalyzer>();
}
private:
// Returns a reassembled packet, or nil if there are still
// some missing fragments.
zeek::detail::FragReassembler* NextFragment(double t, const IP_Hdr* ip,
const u_char* pkt);
zeek::detail::Discarder* discarder = nullptr;
};
}