Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Use conntuple builder's FillConnIdVal() in Connection::GetVal()

Browse source 
This allows tuple builders to complete conn_id instances in implementations that
redef that record. We could be more invasive here and shift most of GetVal() into
the five-tuple builder implementation.
This commit is contained in:
Christian Kreibich 2025-04-10 15:18:14 -07:00
parent 2ac9e136ba
commit 7502ba7f2d
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/Conn.cc
View file

@ -17,6 +17,7 @@
#include "zeek/analyzer/Analyzer.h" #include "zeek/analyzer/Analyzer.h"
#include "zeek/analyzer/Manager.h" #include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/pia/PIA.h" #include "zeek/analyzer/protocol/pia/PIA.h"
#include "zeek/conntuple/Manager.h"
#include "zeek/iosource/IOSource.h" #include "zeek/iosource/IOSource.h"
#include "zeek/packet_analysis/protocol/ip/SessionAdapter.h" #include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
#include "zeek/packet_analysis/protocol/tcp/TCP.h" #include "zeek/packet_analysis/protocol/tcp/TCP.h"
@ -202,6 +203,9 @@ const RecordValPtr& Connection::GetVal() {
id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type)); id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type));
id_val->Assign(4, KeyProto()); id_val->Assign(4, KeyProto());
// Allow the connection tuple builder to augment the conn_id.
zeek::conntuple_mgr->GetBuilder().FillConnIdVal(key, id_val);
auto orig_endp = make_intrusive<RecordVal>(id::endpoint); auto orig_endp = make_intrusive<RecordVal>(id::endpoint);
orig_endp->Assign(0, 0); orig_endp->Assign(0, 0);
orig_endp->Assign(1, 0); orig_endp->Assign(1, 0);