Move SessionManager::ParseIPPacket to IP analyzer's namespace

2025-10-10 02:28:21 +00:00 · 2021-04-09 15:46:19 -07:00 · 2021-04-09 15:46:19 -07:00 · 3e1692676d
commit 3e1692676d
parent 0c3e3069d0
10 changed files with 78 additions and 91 deletions
--- a/src/packet_analysis/protocol/ip/IP.cc
+++ b/src/packet_analysis/protocol/ip/IP.cc
@ -10,6 +10,7 @@
 #include "zeek/Frag.h"
 #include "zeek/Event.h"
 #include "zeek/TunnelEncapsulation.h"
+#include "zeek/IPAddr.h"

 using namespace zeek::packet_analysis::IP;

@ -260,3 +261,40 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)

 	return return_val;
 	}
+
+int zeek::packet_analysis::IP::ParsePacket(int caplen, const u_char* const pkt, int proto,
+                                           std::unique_ptr<zeek::IP_Hdr>& inner)
+	{
+	if ( proto == IPPROTO_IPV6 )
+		{
+		if ( caplen < (int)sizeof(struct ip6_hdr) )
+			return -1;
+
+		const struct ip6_hdr* ip6 = (const struct ip6_hdr*) pkt;
+		inner = std::make_unique<zeek::IP_Hdr>(ip6, false, caplen);
+		if ( ( ip6->ip6_ctlun.ip6_un2_vfc & 0xF0 ) != 0x60 )
+			return -2;
+		}
+
+	else if ( proto == IPPROTO_IPV4 )
+		{
+		if ( caplen < (int)sizeof(struct ip) )
+			return -1;
+
+		const struct ip* ip4 = (const struct ip*) pkt;
+		inner = std::make_unique<zeek::IP_Hdr>(ip4, false);
+		if ( ip4->ip_v != 4 )
+			return -2;
+		}
+
+	else
+		{
+		zeek::reporter->InternalWarning("Bad IP protocol version in IP::ParsePacket");
+		return -1;
+		}
+
+	if ( (uint32_t)caplen != inner->TotalLen() )
+		return (uint32_t)caplen < inner->TotalLen() ? -1 : 1;
+
+	return 0;
+	}