Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Move arp, tcp, udp, pia, and stepping stone analyzers

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-08-03 12:53:07 -07:00
parent f1cfd5aa2b
commit 914ffcadae
112 changed files with 520 additions and 436 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/RuleCondition.cc
View file

@ -9,15 +9,15 @@
#include "ID.h"
#include "Val.h"
static inline bool is_established(const analyzer::tcp::TCP_Endpoint* e)
static inline bool is_established(const zeek::analyzer::tcp::TCP_Endpoint* e)
{
// We more or less follow Snort here: an established session
// is one for which the initial handshake has succeded (but we
// add partial connections). The connection tear-down is part
// of the connection.
return e->state != analyzer::tcp::TCP_ENDPOINT_INACTIVE &&
e->state != analyzer::tcp::TCP_ENDPOINT_SYN_SENT &&
e->state != analyzer::tcp::TCP_ENDPOINT_SYN_ACK_SENT;
return e->state != zeek::analyzer::tcp::TCP_ENDPOINT_INACTIVE &&
e->state != zeek::analyzer::tcp::TCP_ENDPOINT_SYN_SENT &&
e->state != zeek::analyzer::tcp::TCP_ENDPOINT_SYN_ACK_SENT;
}
namespace zeek::detail {
@ -30,7 +30,7 @@ bool RuleConditionTCPState::DoMatch(Rule* rule, RuleEndpointState* state,
if ( ! root || ! root->IsAnalyzer("TCP") )
return false;
::analyzer::tcp::TCP_Analyzer* ta = static_cast<::analyzer::tcp::TCP_Analyzer*>(root);
auto* ta = static_cast<zeek::analyzer::tcp::TCP_Analyzer*>(root);
if ( tcpstates & STATE_STATELESS )
return true;