Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Label session adapters in the output of zeek -NN

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-05-28 13:51:23 -07:00
parent 5433f2936e
commit 1f94b8f250
10 changed files with 18 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/analyzer/Component.cc
View file

@ -8,8 +8,9 @@
namespace zeek::analyzer {
Component::Component(const std::string& name, factory_callback arg_factory, Tag::subtype_t arg_subtype, bool arg_enabled, bool arg_partial)
: plugin::Component(plugin::component::ANALYZER, name),
Component::Component(const std::string& name, factory_callback arg_factory, Tag::subtype_t arg_subtype,
bool arg_enabled, bool arg_partial, bool arg_adapter)
: plugin::Component(arg_adapter ? plugin::component::SESSION_ADAPTER : plugin::component::ANALYZER, name),
plugin::TaggedComponent<analyzer::Tag>(arg_subtype)
{
factory = arg_factory;

8
src/analyzer/Component.h
View file

@ -53,12 +53,16 @@ public:
* manager, including from script-land.
*
* @param partial If true, the analyzer can deal with payload from
* partial connections, i.e., when Bro enters the stream mid-way
* partial connections, i.e., when Zeek enters the stream mid-way
* after not seeing the beginning. Note that handling of partial
* connections has generally not seen much testing yet as virtually
* no existing analyzer supports it.
*
* @param adapter If true, this analyzer is a session adapter from
* the packet analyzer framework.
*/
Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0, bool enabled = true, bool partial = false);
Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0,
bool enabled = true, bool partial = false, bool adapter = false);
/**
* Destructor.

5
src/packet_analysis/protocol/icmp/ICMPSessionAdapter.h
View file

@ -14,11 +14,6 @@ public:
ICMPSessionAdapter(Connection* conn) :
IP::SessionAdapter("ICMP", conn) { }
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{
return new ICMPSessionAdapter(conn);
}
void AddExtraAnalyzers(Connection* conn) override;
void UpdateConnVal(RecordVal* conn_val) override;
void UpdateEndpointVal(const ValPtr& endp, bool is_orig);

3
src/packet_analysis/protocol/icmp/Plugin.cc
View file

@ -14,8 +14,7 @@ public:
{
AddComponent(new zeek::packet_analysis::Component("ICMP",
zeek::packet_analysis::ICMP::ICMPAnalyzer::Instantiate));
AddComponent(new zeek::analyzer::Component("ICMP",
zeek::packet_analysis::ICMP::ICMPSessionAdapter::Instantiate));
AddComponent(new zeek::analyzer::Component("ICMP", nullptr, 0, true, false, true));
zeek::plugin::Configuration config;
config.name = "Zeek::ICMP";

3
src/packet_analysis/protocol/tcp/Plugin.cc
View file

@ -14,8 +14,7 @@ public:
{
AddComponent(new zeek::packet_analysis::Component("TCP",
zeek::packet_analysis::TCP::TCPAnalyzer::Instantiate));
AddComponent(new zeek::analyzer::Component("TCP",
zeek::packet_analysis::TCP::TCPSessionAdapter::Instantiate));
AddComponent(new zeek::analyzer::Component("TCP", nullptr, 0, true, false, true));
zeek::plugin::Configuration config;
config.name = "Zeek::TCP_PKT";

3
src/packet_analysis/protocol/tcp/TCPSessionAdapter.h
View file

@ -69,9 +69,6 @@ public:
// From Analyzer.h
void UpdateConnVal(RecordVal *conn_val) override;
static analyzer::Analyzer* Instantiate(Connection* conn)
{ return new TCPSessionAdapter(conn); }
void AddExtraAnalyzers(Connection* conn) override;
protected:

3
src/packet_analysis/protocol/udp/Plugin.cc
View file

@ -14,8 +14,7 @@ public:
{
AddComponent(new zeek::packet_analysis::Component("UDP",
zeek::packet_analysis::UDP::UDPAnalyzer::Instantiate));
AddComponent(new zeek::analyzer::Component("UDP",
zeek::packet_analysis::UDP::UDPSessionAdapter::Instantiate));
AddComponent(new zeek::analyzer::Component("UDP", nullptr, 0, true, false, true));
zeek::plugin::Configuration config;
config.name = "Zeek::UDP";

5
src/packet_analysis/protocol/udp/UDPSessionAdapter.h
View file

@ -13,11 +13,6 @@ public:
UDPSessionAdapter(Connection* conn) :
IP::SessionAdapter("UDP", conn) { }
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{
return new UDPSessionAdapter(conn);
}
void AddExtraAnalyzers(Connection* conn) override;
void UpdateConnVal(RecordVal* conn_val) override;

4
src/plugin/Component.cc
View file

@ -66,6 +66,10 @@ void Component::Describe(ODesc* d) const
d->Add("Packet Dumper");
break;
case component::SESSION_ADAPTER:
d->Add("Session Adapter");
break;
default:
reporter->InternalWarning("unknown component type in plugin::Component::Describe");
d->Add("<unknown component type>");

3
src/plugin/Component.h
View file

@ -23,7 +23,8 @@ enum Type {
FILE_ANALYZER, /// A file analyzer.
IOSOURCE, /// An I/O source, excluding packet sources.
PKTSRC, /// A packet source.
PKTDUMPER /// A packet dumper.
PKTDUMPER, /// A packet dumper.
SESSION_ADAPTER, /// A session adapter analyzer.
};
} // namespace component