Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 04:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Refactor to make bro use a common Packet object.

Browse source 
Do a better job of parsing layer 2 and keeping track of layer 3 proto.
Add support for raw packet event, including Layer2 headers.
This commit is contained in:
Jeff Barber 2015-05-22 16:43:03 -04:00
parent 2b1cd66f17
commit 30fdc37479
34 changed files with 677 additions and 429 deletions
Download patch file Download diff file Expand all files Collapse all files

31
src/IP.cc
View file

@ -325,26 +325,33 @@ RecordVal* IP_Hdr::BuildIPHdrVal() const
}
RecordVal* IP_Hdr::BuildPktHdrVal() const
{
{
static RecordType* pkt_hdr_type = 0;
static RecordType* tcp_hdr_type = 0;
static RecordType* udp_hdr_type = 0;
static RecordType* icmp_hdr_type = 0;
if ( ! pkt_hdr_type )
{
pkt_hdr_type = internal_type("pkt_hdr")->AsRecordType();
}
RecordVal* pkt_hdr = new RecordVal(pkt_hdr_type);
return BuildPktHdrVal(pkt_hdr, 0);
}
RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
{
static RecordType* tcp_hdr_type = 0;
static RecordType* udp_hdr_type = 0;
static RecordType* icmp_hdr_type = 0;
if ( ! tcp_hdr_type )
{
tcp_hdr_type = internal_type("tcp_hdr")->AsRecordType();
udp_hdr_type = internal_type("udp_hdr")->AsRecordType();
icmp_hdr_type = internal_type("icmp_hdr")->AsRecordType();
}
RecordVal* pkt_hdr = new RecordVal(pkt_hdr_type);
if ( ip4 )
pkt_hdr->Assign(0, BuildIPHdrVal());
pkt_hdr->Assign(sindex + 0, BuildIPHdrVal());
else
pkt_hdr->Assign(1, BuildIPHdrVal());
pkt_hdr->Assign(sindex + 1, BuildIPHdrVal());
// L4 header.
const u_char* data = Payload();
@ -368,7 +375,7 @@ RecordVal* IP_Hdr::BuildPktHdrVal() const
tcp_hdr->Assign(6, new Val(tp->th_flags, TYPE_COUNT));
tcp_hdr->Assign(7, new Val(ntohs(tp->th_win), TYPE_COUNT));
pkt_hdr->Assign(2, tcp_hdr);
pkt_hdr->Assign(sindex + 2, tcp_hdr);
break;
}
@ -381,7 +388,7 @@ RecordVal* IP_Hdr::BuildPktHdrVal() const
udp_hdr->Assign(1, new PortVal(ntohs(up->uh_dport), TRANSPORT_UDP));
udp_hdr->Assign(2, new Val(ntohs(up->uh_ulen), TYPE_COUNT));
pkt_hdr->Assign(3, udp_hdr);
pkt_hdr->Assign(sindex + 3, udp_hdr);
break;
}
@ -392,7 +399,7 @@ RecordVal* IP_Hdr::BuildPktHdrVal() const
icmp_hdr->Assign(0, new Val(icmpp->icmp_type, TYPE_COUNT));
pkt_hdr->Assign(4, icmp_hdr);
pkt_hdr->Assign(sindex + 4, icmp_hdr);
break;
}