Refactor to make bro use a common Packet object.

Do a better job of parsing layer 2 and keeping track of layer 3 proto.
Add support for raw packet event, including Layer2 headers.

src/Sessions.h

@@ -15,8 +15,6 @@
 
 #include <utility>
 
-struct pcap_pkthdr;
-
 class EncapsulationStack;
 class Connection;
 class OSFingerprint;
@@ -71,8 +69,7 @@ public:
 	// Main entry point for packet processing. Dispatches the packet
 	// either through NextPacket(), optionally employing the packet
 	// sorter first.
-	void DispatchPacket(double t, const struct pcap_pkthdr* hdr,
-			const u_char* const pkt, int hdr_size,
+	void DispatchPacket(double t, const Packet* pkt,
 			iosource::PktSrc* src_ps);
 
 	void Done();	// call to drain events before destructing
@@ -106,8 +103,8 @@ public:
 
 	void GetStats(SessionStats& s) const;
 
-	void Weird(const char* name, const struct pcap_pkthdr* hdr,
-	    const u_char* pkt, const EncapsulationStack* encap = 0);
+	void Weird(const char* name, const Packet* pkt,
+	    const EncapsulationStack* encap = 0);
 	void Weird(const char* name, const IP_Hdr* ip,
 	    const EncapsulationStack* encap = 0);
 
@@ -133,9 +130,8 @@ public:
 			icmp_conns.Length();
 		}
 
-	void DoNextPacket(double t, const struct pcap_pkthdr* hdr,
-			const IP_Hdr* ip_hdr, const u_char* const pkt,
-			int hdr_size, const EncapsulationStack* encapsulation);
+	void DoNextPacket(double t, const Packet *pkt, const IP_Hdr* ip_hdr,
+			const EncapsulationStack* encapsulation);
 
 	/**
 	 * Wrapper that recurses on DoNextPacket for encapsulated IP packets.
@@ -151,7 +147,7 @@ public:
 	 *        the most-recently found depth of encapsulation.
 	 * @param ec The most-recently found depth of encapsulation.
 	 */
-	void DoNextInnerPacket(double t, const struct pcap_pkthdr* hdr,
+	void DoNextInnerPacket(double t, const Packet *pkt,
 	                      const IP_Hdr* inner, const EncapsulationStack* prev,
 	                      const EncapsulatingConn& ec);
 
@@ -218,24 +214,20 @@ protected:
 				TransportProto transport_proto,
 				uint8 tcp_flags, bool& flip_roles);
 
-	void NextPacket(double t, const struct pcap_pkthdr* hdr,
-			const u_char* const pkt, int hdr_size);
+	void NextPacket(double t, const Packet* pkt);
+
+	void ProcNextPacket(double t, const Packet *pkt);
 
 	// Record the given packet (if a dumper is active).  If len=0
 	// then the whole packet is recorded, otherwise just the first
 	// len bytes.
-	void DumpPacket(const struct pcap_pkthdr* hdr, const u_char* pkt,
-			int len=0);
-
-	void Internal(const char* msg, const struct pcap_pkthdr* hdr,
-			const u_char* pkt);
+	void DumpPacket(const Packet *pkt, int len=0);
 
 	// For a given protocol, checks whether the header's length as derived
 	// from lower-level headers or the length actually captured is less
 	// than that protocol's minimum header size.
 	bool CheckHeaderTrunc(int proto, uint32 len, uint32 caplen,
-			      const struct pcap_pkthdr* hdr, const u_char* pkt,
-			      const EncapsulationStack* encap);
+			      const Packet *pkt, const EncapsulationStack* encap);
 
 	CompositeHash* ch;
 	PDict(Connection) tcp_conns;