Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Packet analysis cleanup.

Browse source
This commit is contained in:
Jan Grashoefer 2020-09-22 15:07:41 +02:00 committed by Tim Wojtulewicz
parent 62562504d5
commit 8d834a1d89
7 changed files with 21 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/packet_analysis/Manager.cc
View file

@ -70,8 +70,8 @@ void Manager::ProcessPacket(Packet* packet)
DBG_LOG(DBG_PACKET_ANALYSIS, "Analyzing packet %ld, ts=%.3f...", ++counter, packet->time);
#endif
// Start packet analysis
if ( ! root_analyzer->ForwardPacket(packet->cap_len, packet->data, packet, packet->link_type) )
packet->InvalidateLayer2();
packet->l2_valid = root_analyzer->ForwardPacket(packet->cap_len, packet->data,
packet, packet->link_type);
}
AnalyzerPtr Manager::InstantiateAnalyzer(const Tag& tag)

3
src/packet_analysis/protocol/linux_sll/LinuxSLL.cc
View file

@ -18,7 +18,8 @@ bool LinuxSLLAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
return false;
}
//TODO: Handle different ARPHRD_types
// Note: We assume to see an Ethertype and don't consider different ARPHRD_types
// (see https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html)
auto hdr = (const SLLHeader*)data;
uint32_t protocol = ntohs(hdr->protocol_type);