Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 11:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Working on TODOs.

Browse source 
- Introducing analyzer::<protocol> namespaces.
- Moving protocol-specific events out of events.bif into analyzer/protocol/<protocol>/events.bif
- Moving ARP over (even though it's not an actual analyzer).
- Moving NetFlow over (even though it's not an actual analyzer).
- Moving MIME over (even though it's not an actual analyzer).
This commit is contained in:
Robin Sommer 2013-04-18 14:39:32 -07:00
parent dfc4cb0881
commit 5dc630f722
210 changed files with 7080 additions and 6608 deletions
Download patch file Download diff file Expand all files Collapse all files

42
src/analyzer/protocols/http/HTTP.h
View file

@ -6,13 +6,15 @@
#include "analyzer/protocols/tcp/TCP.h"
#include "analyzer/protocols/tcp/ContentLine.h"
#include "analyzer/protocols/zip/ZIP.h"
#include "MIME.h"
#include "analyzer/protocols/mime/MIME.h"
#include "binpac_bro.h"
#include "IPAddr.h"
#include "events.bif.h"
#include "HTTP.h"
namespace analyzer { namespace http {
enum CHUNKED_TRANSFER_STATE {
NON_CHUNKED_TRANSFER,
BEFORE_CHUNK,
@ -27,7 +29,7 @@ class HTTP_Entity;
class HTTP_Message;
class HTTP_Analyzer;
class HTTP_Entity : public MIME_Entity {
class HTTP_Entity : public mime::MIME_Entity {
public:
HTTP_Entity(HTTP_Message* msg, MIME_Entity* parent_entity,
int expect_body);
@ -57,7 +59,7 @@ protected:
int64_t header_length;
int deliver_body;
enum { IDENTITY, GZIP, COMPRESS, DEFLATE } encoding;
ZIP_Analyzer* zip;
zip::ZIP_Analyzer* zip;
MIME_Entity* NewChildEntity() { return new HTTP_Entity(http_message, this, 1); }
@ -68,7 +70,7 @@ protected:
void SetPlainDelivery(int64_t length);
void SubmitHeader(MIME_Header* h);
void SubmitHeader(mime::MIME_Header* h);
void SubmitAllHeaders();
};
@ -89,9 +91,9 @@ enum {
// HTTP_Message::EndEntity -> Message::Done
// HTTP_MessageDone -> {Request,Reply}Made
class HTTP_Message : public MIME_Message {
class HTTP_Message : public mime::MIME_Message {
public:
HTTP_Message(HTTP_Analyzer* analyzer, ContentLine_Analyzer* cl,
HTTP_Message(HTTP_Analyzer* analyzer, tcp::ContentLine_Analyzer* cl,
bool is_orig, int expect_body, int64_t init_header_length);
~HTTP_Message();
void Done(const int interrupted, const char* msg);
@ -99,16 +101,16 @@ public:
int Undelivered(int64_t len);
void BeginEntity(MIME_Entity* /* entity */);
void EndEntity(MIME_Entity* entity);
void SubmitHeader(MIME_Header* h);
void SubmitAllHeaders(MIME_HeaderList& /* hlist */);
void BeginEntity(mime::MIME_Entity* /* entity */);
void EndEntity(mime::MIME_Entity* entity);
void SubmitHeader(mime::MIME_Header* h);
void SubmitAllHeaders(mime::MIME_HeaderList& /* hlist */);
void SubmitData(int len, const char* buf);
int RequestBuffer(int* plen, char** pbuf);
void SubmitAllData();
void SubmitEvent(int event_type, const char* detail);
void SubmitTrailingHeaders(MIME_HeaderList& /* hlist */);
void SubmitTrailingHeaders(mime::MIME_HeaderList& /* hlist */);
void SetPlainDelivery(int64_t length);
void SkipEntityData();
@ -120,7 +122,7 @@ public:
protected:
HTTP_Analyzer* analyzer;
ContentLine_Analyzer* content_line;
tcp::ContentLine_Analyzer* content_line;
bool is_orig;
vector<const BroString*> buffers;
@ -148,14 +150,14 @@ protected:
Val* BuildMessageStat(const int interrupted, const char* msg);
};
class HTTP_Analyzer : public TCP_ApplicationAnalyzer {
class HTTP_Analyzer : public tcp::TCP_ApplicationAnalyzer {
public:
HTTP_Analyzer(Connection* conn);
~HTTP_Analyzer();
void Undelivered(TCP_Endpoint* sender, int seq, int len);
void Undelivered(tcp::TCP_Endpoint* sender, int seq, int len);
void HTTP_Header(int is_orig, MIME_Header* h);
void HTTP_Header(int is_orig, mime::MIME_Header* h);
void HTTP_EntityData(int is_orig, const BroString* entity_data);
void HTTP_MessageDone(int is_orig, HTTP_Message* message);
void HTTP_Event(const char* category, const char* detail);
@ -171,7 +173,7 @@ public:
virtual void DeliverStream(int len, const u_char* data, bool orig);
virtual void Undelivered(int seq, int len, bool orig);
// Overriden from TCP_ApplicationAnalyzer
// Overriden from tcp::TCP_ApplicationAnalyzer
virtual void EndpointEOF(bool is_orig);
virtual void ConnectionFinished(int half_finished);
virtual void ConnectionReset();
@ -192,7 +194,7 @@ protected:
int HTTP_RequestLine(const char* line, const char* end_of_line);
int HTTP_ReplyLine(const char* line, const char* end_of_line);
void InitHTTPMessage(ContentLine_Analyzer* cl, HTTP_Message*& message, bool is_orig,
void InitHTTPMessage(tcp::ContentLine_Analyzer* cl, HTTP_Message*& message, bool is_orig,
int expect_body, int64_t init_header_length);
const char* PrefixMatch(const char* line, const char* end_of_line,
@ -244,8 +246,8 @@ protected:
int reply_code;
Val* reply_reason_phrase;
ContentLine_Analyzer* content_line_orig;
ContentLine_Analyzer* content_line_resp;
tcp::ContentLine_Analyzer* content_line_orig;
tcp::ContentLine_Analyzer* content_line_resp;
HTTP_Message* request_message;
HTTP_Message* reply_message;
@ -257,4 +259,6 @@ extern void escape_URI_char(unsigned char ch, unsigned char*& p);
extern BroString* unescape_URI(const u_char* line, const u_char* line_end,
analyzer::Analyzer* analyzer);
} } // namespace analyzer::*
#endif