Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 22:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Move all of the rule matching code to zeek::detail

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-07-17 11:18:43 -07:00
parent 25c0fc7ab2
commit 382812298d
29 changed files with 269 additions and 196 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/RuleCondition.cc
View file

@ -20,6 +20,8 @@ static inline bool is_established(const analyzer::tcp::TCP_Endpoint* e)
e->state != analyzer::tcp::TCP_ENDPOINT_SYN_ACK_SENT;
}
namespace zeek::detail {
bool RuleConditionTCPState::DoMatch(Rule* rule, RuleEndpointState* state,
const u_char* data, int len)
{
@ -28,7 +30,7 @@ bool RuleConditionTCPState::DoMatch(Rule* rule, RuleEndpointState* state,
if ( ! root || ! root->IsAnalyzer("TCP") )
return false;
analyzer::tcp::TCP_Analyzer* ta = static_cast<analyzer::tcp::TCP_Analyzer*>(root);
::analyzer::tcp::TCP_Analyzer* ta = static_cast<::analyzer::tcp::TCP_Analyzer*>(root);
if ( tcpstates & STATE_STATELESS )
return true;
@ -196,3 +198,5 @@ void RuleConditionEval::PrintDebug()
{
fprintf(stderr, " RuleConditionEval: %s\n", id->Name());
}
} // namespace zeek::detail