Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Use a default analyzer

Browse source 
Use a default analyzer instead of hardcoding a protocol number.
This commit is contained in:
Eldon Koyle 2023-02-16 19:39:27 -07:00
parent 56aa03031d
commit 32afbae9db
3 changed files with 6 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/packet_analysis/protocol/pbb/PBB.cc
View file

@ -7,8 +7,6 @@ using namespace zeek::packet_analysis::PBB;
constexpr int PBB_LEN = 18;
constexpr int PBB_C_DST_OFF = 4;
constexpr int PROTO_TEB = 0x6558;
PBBAnalyzer::PBBAnalyzer() : zeek::packet_analysis::Analyzer("PBB") { }
bool PBBAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
@ -19,6 +17,6 @@ bool PBBAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
return false;
}
// this looks an awful lot like ethernet from here on out
return ForwardPacket(len - PBB_C_DST_OFF, data + PBB_C_DST_OFF, packet, PROTO_TEB);
// pass this on to the ethernet analyzer
return ForwardPacket(len - PBB_C_DST_OFF, data + PBB_C_DST_OFF, packet);
}