Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Suggested code improvements for packet analysis.

Browse source
This commit is contained in:
Jan Grashoefer 2020-08-25 11:14:36 +02:00 committed by Tim Wojtulewicz
parent 4aeab7402d
commit 6f6e5b4df0
2 changed files with 12 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/packet_analysis/Analyzer.cc
View file

@ -61,7 +61,8 @@ AnalyzerResult Analyzer::AnalyzeInnerPacket(Packet* packet,
const uint8_t*& data, uint32_t identifier) const const uint8_t*& data, uint32_t identifier) const
{ {
auto inner_analyzer = Lookup(identifier); auto inner_analyzer = Lookup(identifier);
inner_analyzer = inner_analyzer ? inner_analyzer : default_analyzer; if ( ! inner_analyzer )
inner_analyzer = default_analyzer;
if ( inner_analyzer == nullptr ) if ( inner_analyzer == nullptr )
{ {

19
src/packet_analysis/Manager.cc
View file

@ -42,34 +42,35 @@ void Manager::InitPostScript()
auto analyzer_tag = rv->GetField("analyzer")->AsEnumVal(); auto analyzer_tag = rv->GetField("analyzer")->AsEnumVal();
auto analyzer_name = Lookup(analyzer_tag)->Name(); auto analyzer_name = Lookup(analyzer_tag)->Name();
if ( analyzers.find(analyzer_name) == analyzers.end() ) auto analyzer_it = analyzers.find(analyzer_name);
if ( analyzer_it == analyzers.end() )
{ {
reporter->InternalWarning("Mapped analyzer %s not found.", analyzer_name.c_str()); reporter->InternalWarning("Mapped analyzer %s not found.", analyzer_name.c_str());
continue; continue;
} }
auto& analyzer = analyzer_it->second;
if ( parent_name == "ROOT" ) if ( parent_name == "ROOT" )
{ {
if ( identifier_val ) if ( identifier_val )
root_dispatcher.Register(identifier_val->AsCount(), root_dispatcher.Register(identifier_val->AsCount(), analyzer);
analyzers[analyzer_name]);
else else
default_analyzer = analyzers[analyzer_name]; default_analyzer = analyzer;
continue; continue;
} }
if ( analyzers.find(parent_name) == analyzers.end() ) auto parent_analyzer_it = analyzers.find(parent_name);
if ( parent_analyzer_it == analyzers.end() )
{ {
reporter->InternalWarning("Parent analyzer %s not found.", parent_name.c_str()); reporter->InternalWarning("Parent analyzer %s not found.", parent_name.c_str());
continue; continue;
} }
auto& parent_analyzer = parent_analyzer_it->second;
auto& parent_analyzer = analyzers[parent_name];
if ( identifier_val ) if ( identifier_val )
parent_analyzer->RegisterAnalyzerMapping(identifier_val->AsCount(), parent_analyzer->RegisterAnalyzerMapping(identifier_val->AsCount(), analyzer);
analyzers[analyzer_name]);
else else
parent_analyzer->RegisterDefaultAnalyzer(analyzers[analyzer_name]); parent_analyzer->RegisterDefaultAnalyzer(analyzer);
} }
// Initialize all analyzers // Initialize all analyzers