Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Split session adapter code into separate files from the analyzers

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-05-27 13:41:05 -07:00
parent b6ab22e9fb
commit 5433f2936e
12 changed files with 281 additions and 235 deletions
Download patch file Download diff file Expand all files Collapse all files

30
src/packet_analysis/protocol/icmp/ICMP.h
View file

@ -7,7 +7,6 @@
#include "zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h"
#include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
#include "zeek/analyzer/Analyzer.h"
#include "zeek/RuleMatcher.h"
namespace zeek {
@ -101,35 +100,6 @@ private:
void UpdateEndpointVal(const ValPtr& endp, bool is_orig);
};
class ICMPSessionAdapter final : public IP::SessionAdapter {
public:
ICMPSessionAdapter(Connection* conn) :
IP::SessionAdapter("ICMP", conn) { }
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{
return new ICMPSessionAdapter(conn);
}
void AddExtraAnalyzers(Connection* conn) override;
void UpdateConnVal(RecordVal* conn_val) override;
void UpdateEndpointVal(const ValPtr& endp, bool is_orig);
void UpdateLength(bool is_orig, int len);
void Done() override;
void InitEndpointMatcher(const IP_Hdr* ip_hdr, int len, bool is_orig);
void MatchEndpoint(const u_char* data, int len, bool is_orig);
private:
detail::RuleMatcherState matcher_state;
int request_len = -1;
int reply_len = -1;
};
// Returns the counterpart type to the given type (e.g., the counterpart
// to ICMP_ECHOREPLY is ICMP_ECHO).
extern int ICMP4_counterpart(int icmp_type, int icmp_code, bool& is_one_way);