Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 00:58:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Rework the packet flow through the IP-based analyzers

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-05-06 13:48:45 -07:00
parent c21af39a30
commit 7dc803f7bb
8 changed files with 102 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/packet_analysis/protocol/udp/UDP.h
View file

@ -13,8 +13,6 @@ public:
UDPAnalyzer();
~UDPAnalyzer() override;
bool AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) override;
static zeek::packet_analysis::AnalyzerPtr Instantiate()
{
return std::make_shared<UDPAnalyzer>();
@ -32,6 +30,15 @@ public:
protected:
/**
* Parse the header from the packet into a ConnTuple object.
*/
bool BuildConnTuple(size_t len, const uint8_t* data, Packet* packet,
ConnTuple& tuple) override;
void DeliverPacket(Connection* c, double t, bool is_orig, int remaining,
Packet* pkt) override;
/**
* Upon seeing the first packet of a connection, checks whether we want
* to analyze it (e.g. we may not want to look at partial connections)
@ -47,9 +54,6 @@ protected:
bool WantConnection(uint16_t src_port, uint16_t dst_port,
const u_char* data, bool& flip_roles) const override;
void ContinueProcessing(Connection* c, double t, bool is_orig, int remaining,
Packet* pkt) override;
private:
// Returns true if the checksum is valid, false if not