Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 00:58:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Refactor to make bro use a common Packet object.

Browse source 
Do a better job of parsing layer 2 and keeping track of layer 3 proto.
Add support for raw packet event, including Layer2 headers.
This commit is contained in:
Jeff Barber 2015-05-22 16:43:03 -04:00
parent 2b1cd66f17
commit 30fdc37479
34 changed files with 677 additions and 429 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/Net.cc
View file

@ -62,10 +62,8 @@ double bro_start_network_time; // timestamp of first packet
double last_watchdog_proc_time = 0.0; // value of above during last watchdog
bool terminating = false; // whether we're done reading and finishing up
const struct pcap_pkthdr* current_hdr = 0;
const u_char* current_pkt = 0;
const Packet *current_pkt = 0;
int current_dispatched = 0;
int current_hdr_size = 0;
double current_timestamp = 0.0;
iosource::PktSrc* current_pktsrc = 0;
iosource::IOSource* current_iosrc = 0;
@ -109,7 +107,7 @@ RETSIGTYPE watchdog(int /* signo */)
int frac_pst =
int((processing_start_time - int_pst) * 1e6);
if ( current_hdr )
if ( current_pkt )
{
if ( ! pkt_dumper )
{
@ -127,10 +125,7 @@ RETSIGTYPE watchdog(int /* signo */)
if ( pkt_dumper )
{
iosource::PktDumper::Packet p;
p.hdr = current_hdr;
p.data = current_pkt;
pkt_dumper->Dump(&p);
pkt_dumper->Dump(current_pkt);
}
}
@ -240,9 +235,7 @@ void expire_timers(iosource::PktSrc* src_ps)
max_timer_expires - current_dispatched);
}
void net_packet_dispatch(double t, const struct pcap_pkthdr* hdr,
const u_char* pkt, int hdr_size,
iosource::PktSrc* src_ps)
void net_packet_dispatch(double t, const Packet* pkt, iosource::PktSrc* src_ps)
{
if ( ! bro_start_network_time )
bro_start_network_time = t;
@ -278,7 +271,7 @@ void net_packet_dispatch(double t, const struct pcap_pkthdr* hdr,
}
}
sessions->DispatchPacket(t, hdr, pkt, hdr_size, src_ps);
sessions->DispatchPacket(t, pkt, src_ps);
mgr.Drain();
if ( sp )