Rework the packet flow through the IP-based analyzers

src/packet_analysis/protocol/ip/IPBasedAnalyzer.h

@@ -22,6 +22,8 @@ class IPBasedAnalyzer : public Analyzer {
 public:
 	~IPBasedAnalyzer() override;
 
+	bool AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) override;
+
 	/**
 	 * Returns true if the analyzer determines that in fact a new
 	 * connection has started without the connection statement having
@@ -56,26 +58,24 @@ protected:
 	                bool report_unknown_protocols);
 
 	/**
-	 * Entry point for child classes to call to do the actual heavy lifting for
-	 * processing a packet and extracting a connection out of it.
-	 *
-	 * @param conn_id The connection ID generated by the child class.
-	 * @param pkt The packet being processed.
-	 * @param remaining The number of bytes remaining to be processed in the packet.
+	 * Parse the header from the packet into a ConnTuple object.
 	 */
-	void ProcessConnection(const ConnTuple& conn_id, Packet* pkt, size_t remaining);
+	virtual bool BuildConnTuple(size_t len, const uint8_t* data, Packet* packet,
+	                            ConnTuple& tuple) = 0;
 
 	/**
-	 * Verifies that there is enough data in the packet to process the header
-	 * length requested.
+	 * Continues process of packet after the connection has been inserted into the
+	 * session manager. This should be implemented by all child classes.
 	 *
-	 * @param min_hdr_len The minimum data in bytes that needs to exist.
-	 * @param remaining The remaining number of bytes in the packet reported by
-	 * previous analyzer.
-	 * @param packet The packet being processed. This will be used to pull out the
-	 * number of bytes the IP header says we have remaining.
+	 * @param conn The connection currently being processed.
+	 * @param t The timestamp for the current packet.
+	 * @param is_orig Flag denoting whether this packet is from the originator of
+	 * the connection.
+	 * @param remaining The remaining about of data in the packet.
+	 * @param pkt The packet being processed.
 	 */
-	bool CheckHeaderTrunc(size_t min_hdr_len, size_t remaining, Packet* packet);
+	virtual void DeliverPacket(Connection* conn, double t, bool is_orig, int remaining,
+	                           Packet* pkt) {}
 
 	/**
 	 * Upon seeing the first packet of a connection, checks whether we want
@@ -96,6 +96,18 @@ protected:
 		return true;
 		}
 
+	/**
+	 * Verifies that there is enough data in the packet to process the header
+	 * length requested.
+	 *
+	 * @param min_hdr_len The minimum data in bytes that needs to exist.
+	 * @param remaining The remaining number of bytes in the packet reported by
+	 * previous analyzer.
+	 * @param packet The packet being processed. This will be used to pull out the
+	 * number of bytes the IP header says we have remaining.
+	 */
+	bool CheckHeaderTrunc(size_t min_hdr_len, size_t remaining, Packet* packet);
+
 	/**
 	 * Returns true if the port corresponds to an application for which there
 	 * is a Zeek analyzer (even if it might not be used by the present policy
@@ -105,19 +117,6 @@ protected:
 	 */
 	bool IsLikelyServerPort(uint32_t port) const;
 
-	/**
-	 * Continues process of packet after the connection has been inserted into the
-	 * session manager. This should be implemented by all child classes.
-	 *
-	 * @param conn The connection currently being processed.
-	 * @param t The timestamp for the current packet.
-	 * @param is_orig Flag denoting whether this packet is from the originator of
-	 * the connection.
-	 * @param remaining The remaining about of data in the packet.
-	 * @param pkt The packet being processed.
-	 */
-	virtual void ContinueProcessing(Connection* conn, double t, bool is_orig, int remaining,
-	                                Packet* pkt) {}
 
 	// TODO: temporary, until all of the plugins are implemented
 	bool new_plugin = false;