Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 23:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Rework the packet flow through the IP-based analyzers

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-05-06 13:48:45 -07:00
parent c21af39a30
commit 7dc803f7bb
8 changed files with 102 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/packet_analysis/protocol/tcp/TCP.h
View file

@ -13,8 +13,6 @@ public:
TCPAnalyzer();
~TCPAnalyzer() override;
bool AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) override;
static zeek::packet_analysis::AnalyzerPtr Instantiate()
{
return std::make_shared<TCPAnalyzer>();
@ -25,6 +23,12 @@ public:
protected:
/**
* Parse the header from the packet into a ConnTuple object.
*/
bool BuildConnTuple(size_t len, const uint8_t* data, Packet* packet,
ConnTuple& tuple) override;
/**
* Upon seeing the first packet of a connection, checks whether we want
* to analyze it (e.g. we may not want to look at partial connections)