diff --git a/src/analyzer/Component.cc b/src/analyzer/Component.cc index fe3a866773..e3b037f657 100644 --- a/src/analyzer/Component.cc +++ b/src/analyzer/Component.cc @@ -8,8 +8,9 @@ namespace zeek::analyzer { -Component::Component(const std::string& name, factory_callback arg_factory, Tag::subtype_t arg_subtype, bool arg_enabled, bool arg_partial) - : plugin::Component(plugin::component::ANALYZER, name), +Component::Component(const std::string& name, factory_callback arg_factory, Tag::subtype_t arg_subtype, + bool arg_enabled, bool arg_partial, bool arg_adapter) + : plugin::Component(arg_adapter ? plugin::component::SESSION_ADAPTER : plugin::component::ANALYZER, name), plugin::TaggedComponent(arg_subtype) { factory = arg_factory; diff --git a/src/analyzer/Component.h b/src/analyzer/Component.h index a48613a20d..b2372bf334 100644 --- a/src/analyzer/Component.h +++ b/src/analyzer/Component.h @@ -53,12 +53,16 @@ public: * manager, including from script-land. * * @param partial If true, the analyzer can deal with payload from - * partial connections, i.e., when Bro enters the stream mid-way + * partial connections, i.e., when Zeek enters the stream mid-way * after not seeing the beginning. Note that handling of partial * connections has generally not seen much testing yet as virtually * no existing analyzer supports it. + * + * @param adapter If true, this analyzer is a session adapter from + * the packet analyzer framework. */ - Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0, bool enabled = true, bool partial = false); + Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0, + bool enabled = true, bool partial = false, bool adapter = false); /** * Destructor. diff --git a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.h b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.h index f4085cb2f1..d0c50bc705 100644 --- a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.h +++ b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.h @@ -14,11 +14,6 @@ public: ICMPSessionAdapter(Connection* conn) : IP::SessionAdapter("ICMP", conn) { } - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) - { - return new ICMPSessionAdapter(conn); - } - void AddExtraAnalyzers(Connection* conn) override; void UpdateConnVal(RecordVal* conn_val) override; void UpdateEndpointVal(const ValPtr& endp, bool is_orig); diff --git a/src/packet_analysis/protocol/icmp/Plugin.cc b/src/packet_analysis/protocol/icmp/Plugin.cc index 7e875b4684..5a3d159b4e 100644 --- a/src/packet_analysis/protocol/icmp/Plugin.cc +++ b/src/packet_analysis/protocol/icmp/Plugin.cc @@ -14,8 +14,7 @@ public: { AddComponent(new zeek::packet_analysis::Component("ICMP", zeek::packet_analysis::ICMP::ICMPAnalyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("ICMP", - zeek::packet_analysis::ICMP::ICMPSessionAdapter::Instantiate)); + AddComponent(new zeek::analyzer::Component("ICMP", nullptr, 0, true, false, true)); zeek::plugin::Configuration config; config.name = "Zeek::ICMP"; diff --git a/src/packet_analysis/protocol/tcp/Plugin.cc b/src/packet_analysis/protocol/tcp/Plugin.cc index a689886fe1..a141417f8b 100644 --- a/src/packet_analysis/protocol/tcp/Plugin.cc +++ b/src/packet_analysis/protocol/tcp/Plugin.cc @@ -14,8 +14,7 @@ public: { AddComponent(new zeek::packet_analysis::Component("TCP", zeek::packet_analysis::TCP::TCPAnalyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("TCP", - zeek::packet_analysis::TCP::TCPSessionAdapter::Instantiate)); + AddComponent(new zeek::analyzer::Component("TCP", nullptr, 0, true, false, true)); zeek::plugin::Configuration config; config.name = "Zeek::TCP_PKT"; diff --git a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h index 73bb797721..29c82002e8 100644 --- a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h +++ b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.h @@ -69,9 +69,6 @@ public: // From Analyzer.h void UpdateConnVal(RecordVal *conn_val) override; - static analyzer::Analyzer* Instantiate(Connection* conn) - { return new TCPSessionAdapter(conn); } - void AddExtraAnalyzers(Connection* conn) override; protected: diff --git a/src/packet_analysis/protocol/udp/Plugin.cc b/src/packet_analysis/protocol/udp/Plugin.cc index 2933b5b8c4..07bf4d450d 100644 --- a/src/packet_analysis/protocol/udp/Plugin.cc +++ b/src/packet_analysis/protocol/udp/Plugin.cc @@ -14,8 +14,7 @@ public: { AddComponent(new zeek::packet_analysis::Component("UDP", zeek::packet_analysis::UDP::UDPAnalyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("UDP", - zeek::packet_analysis::UDP::UDPSessionAdapter::Instantiate)); + AddComponent(new zeek::analyzer::Component("UDP", nullptr, 0, true, false, true)); zeek::plugin::Configuration config; config.name = "Zeek::UDP"; diff --git a/src/packet_analysis/protocol/udp/UDPSessionAdapter.h b/src/packet_analysis/protocol/udp/UDPSessionAdapter.h index bd6e40c8b6..dd7bf0d6df 100644 --- a/src/packet_analysis/protocol/udp/UDPSessionAdapter.h +++ b/src/packet_analysis/protocol/udp/UDPSessionAdapter.h @@ -13,11 +13,6 @@ public: UDPSessionAdapter(Connection* conn) : IP::SessionAdapter("UDP", conn) { } - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) - { - return new UDPSessionAdapter(conn); - } - void AddExtraAnalyzers(Connection* conn) override; void UpdateConnVal(RecordVal* conn_val) override; diff --git a/src/plugin/Component.cc b/src/plugin/Component.cc index ceb7760b4e..b952ace0ad 100644 --- a/src/plugin/Component.cc +++ b/src/plugin/Component.cc @@ -66,6 +66,10 @@ void Component::Describe(ODesc* d) const d->Add("Packet Dumper"); break; + case component::SESSION_ADAPTER: + d->Add("Session Adapter"); + break; + default: reporter->InternalWarning("unknown component type in plugin::Component::Describe"); d->Add(""); diff --git a/src/plugin/Component.h b/src/plugin/Component.h index 41502b1f83..f632cb275d 100644 --- a/src/plugin/Component.h +++ b/src/plugin/Component.h @@ -23,7 +23,8 @@ enum Type { FILE_ANALYZER, /// A file analyzer. IOSOURCE, /// An I/O source, excluding packet sources. PKTSRC, /// A packet source. - PKTDUMPER /// A packet dumper. + PKTDUMPER, /// A packet dumper. + SESSION_ADAPTER, /// A session adapter analyzer. }; } // namespace component