Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Move all of the Packet-related classes to namespaces

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-07-21 09:37:55 -07:00
parent 45b5a98420
commit 93948b4d19
25 changed files with 116 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/Conn.cc
View file

@ -58,7 +58,7 @@ uint64_t Connection::total_connections = 0;
uint64_t Connection::current_connections = 0;
Connection::Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
uint32_t flow, const Packet* pkt,
uint32_t flow, const zeek::Packet* pkt,
const EncapsulationStack* arg_encap)
{
sessions = s;
@ -187,7 +187,7 @@ void Connection::NextPacket(double t, bool is_orig,
const u_char*& data,
int& record_packet, int& record_content,
// arguments for reproducing packets
const Packet *pkt)
const zeek::Packet *pkt)
{
current_timestamp = t;
current_pkt = pkt;

8
src/Conn.h
View file

@ -66,7 +66,7 @@ static inline int addr_port_canon_lt(const zeek::IPAddr& addr1, uint32_t p1,
class Connection final : public zeek::Obj {
public:
Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
uint32_t flow, const Packet* pkt, const EncapsulationStack* arg_encap);
uint32_t flow, const zeek::Packet* pkt, const EncapsulationStack* arg_encap);
~Connection() override;
// Invoked when an encapsulation is discovered. It records the
@ -96,7 +96,7 @@ public:
const u_char*& data,
int& record_packet, int& record_content,
// arguments for reproducing packets
const Packet *pkt);
const zeek::Packet *pkt);
// Keys are only considered valid for a connection when a
// connection is in the session map. If it is removed, the key
@ -355,8 +355,8 @@ protected:
TransportProto proto;
uint32_t orig_flow_label, resp_flow_label; // most recent IPv6 flow labels
uint32_t vlan, inner_vlan; // VLAN this connection traverses, if available
u_char orig_l2_addr[Packet::l2_addr_len]; // Link-layer originator address, if available
u_char resp_l2_addr[Packet::l2_addr_len]; // Link-layer responder address, if available
u_char orig_l2_addr[zeek::Packet::l2_addr_len]; // Link-layer originator address, if available
u_char resp_l2_addr[zeek::Packet::l2_addr_len]; // Link-layer responder address, if available
double start_time, last_time;
double inactivity_timeout;
zeek::RecordValPtr conn_val;

5
src/Net.cc
View file

@ -32,7 +32,6 @@ extern "C" {
#include "Reporter.h"
#include "Scope.h"
#include "Anon.h"
#include "PacketDumper.h"
#include "iosource/Manager.h"
#include "iosource/PktSrc.h"
#include "iosource/PktDumper.h"
@ -58,7 +57,7 @@ double last_watchdog_proc_time = 0.0; // value of above during last watchdog
bool terminating = false; // whether we're done reading and finishing up
bool is_parsing = false;
const Packet *current_pkt = nullptr;
const zeek::Packet *current_pkt = nullptr;
int current_dispatched = 0;
double current_timestamp = 0.0;
iosource::PktSrc* current_pktsrc = nullptr;
@ -220,7 +219,7 @@ void expire_timers(iosource::PktSrc* src_ps)
max_timer_expires - current_dispatched);
}
void net_packet_dispatch(double t, const Packet* pkt, iosource::PktSrc* src_ps)
void net_packet_dispatch(double t, const zeek::Packet* pkt, iosource::PktSrc* src_ps)
{
if ( ! bro_start_network_time )
{

8
src/Net.h
View file

@ -2,6 +2,8 @@
#pragma once
#include "zeek-config.h"
#include <sys/stat.h> // for ino_t
#include <list>
@ -15,7 +17,7 @@ namespace iosource {
class PktDumper;
}
class Packet;
ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
extern void net_init(const std::optional<std::string>& interfaces,
const std::optional<std::string>& pcap_input_file,
@ -26,7 +28,7 @@ extern void net_get_final_stats();
extern void net_finish(int drain_events);
extern void net_delete(); // Reclaim all memory, etc.
extern void net_update_time(double new_network_time);
extern void net_packet_dispatch(double t, const Packet* pkt,
extern void net_packet_dispatch(double t, const zeek::Packet* pkt,
iosource::PktSrc* src_ps);
extern void expire_timers(iosource::PktSrc* src_ps = nullptr);
extern void zeek_terminate_loop(const char* reason);
@ -77,7 +79,7 @@ extern bool terminating;
// True if Bro is currently parsing scripts.
extern bool is_parsing;
extern const Packet* current_pkt;
extern const zeek::Packet* current_pkt;
extern int current_dispatched;
extern double current_timestamp;
extern iosource::PktSrc* current_pktsrc;

4
src/PacketDumper.cc
View file

@ -6,6 +6,8 @@
#include "util.h"
#include "iosource/PktDumper.h"
namespace zeek::detail {
PacketDumper::PacketDumper(pcap_dumper_t* arg_pkt_dump)
{
last_timestamp.tv_sec = last_timestamp.tv_usec = 0;
@ -36,3 +38,5 @@ void PacketDumper::SortTimeStamp(struct timeval* timestamp)
else
last_timestamp = *timestamp;
}
} // namespace zeek::detail

4
src/PacketDumper.h
View file

@ -6,6 +6,8 @@
#include <sys/types.h> // for u_char
namespace zeek::detail {
class PacketDumper {
public:
explicit PacketDumper(pcap_dumper_t* pkt_dump);
@ -19,3 +21,5 @@ protected:
void SortTimeStamp(struct timeval* timestamp);
};
} // namespace zeek::detail

4
src/PacketFilter.cc
View file

@ -1,6 +1,8 @@
#include "PacketFilter.h"
#include "IP.h"
namespace zeek::detail {
void PacketFilter::DeleteFilter(void* data)
{
auto f = static_cast<Filter*>(data);
@ -115,3 +117,5 @@ bool PacketFilter::MatchFilter(const Filter& f, const zeek::IP_Hdr& ip,
return zeek::random_number() < f.probability;
}
} // namespace zeek::detail

6
src/PacketFilter.h
View file

@ -8,6 +8,8 @@
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
namespace zeek::detail {
class PacketFilter {
public:
explicit PacketFilter(bool arg_default);
@ -45,3 +47,7 @@ private:
PrefixTable src_filter;
PrefixTable dst_filter;
};
} // namespace zeek::detail
using PacketFilter [[deprecated("Remove in v4.1. Use zeek::detail::PacketFilter.")]] = zeek::detail::PacketFilter;

30
src/Sessions.cc
View file

@ -119,7 +119,7 @@ void NetSessions::Done()
{
}
void NetSessions::NextPacket(double t, const Packet* pkt)
void NetSessions::NextPacket(double t, const zeek::Packet* pkt)
{
SegmentProfiler prof(segment_logger, "dispatching-packet");
@ -144,7 +144,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt)
uint32_t caplen = pkt->cap_len - pkt->hdr_size;
if ( pkt->l3_proto == L3_IPV4 )
if ( pkt->l3_proto == zeek::L3_IPV4 )
{
if ( caplen < sizeof(struct ip) )
{
@ -157,7 +157,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt)
DoNextPacket(t, pkt, &ip_hdr, nullptr);
}
else if ( pkt->l3_proto == L3_IPV6 )
else if ( pkt->l3_proto == zeek::L3_IPV6 )
{
if ( caplen < sizeof(struct ip6_hdr) )
{
@ -169,7 +169,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt)
DoNextPacket(t, pkt, &ip_hdr, nullptr);
}
else if ( pkt->l3_proto == L3_ARP )
else if ( pkt->l3_proto == zeek::L3_ARP )
{
if ( arp_analyzer )
arp_analyzer->NextPacket(t, pkt);
@ -211,7 +211,7 @@ static unsigned int gre_header_len(uint16_t flags)
return len;
}
void NetSessions::DoNextPacket(double t, const Packet* pkt, const zeek::IP_Hdr* ip_hdr,
void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP_Hdr* ip_hdr,
const EncapsulationStack* encapsulation)
{
uint32_t caplen = pkt->cap_len - pkt->hdr_size;
@ -738,7 +738,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const zeek::IP_Hdr*
}
}
void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
void NetSessions::DoNextInnerPacket(double t, const zeek::Packet* pkt,
const zeek::IP_Hdr* inner, const EncapsulationStack* prev,
const EncapsulatingConn& ec)
{
@ -769,7 +769,7 @@ void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
outer->Add(ec);
// Construct fake packet for DoNextPacket
Packet p;
zeek::Packet p;
p.Init(DLT_RAW, &ts, caplen, len, data, false, "");
DoNextPacket(t, &p, inner, outer);
@ -778,7 +778,7 @@ void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
delete outer;
}
void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
void NetSessions::DoNextInnerPacket(double t, const zeek::Packet* pkt,
uint32_t caplen, uint32_t len,
const u_char* data, int link_type,
const EncapsulationStack* prev,
@ -800,10 +800,10 @@ void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
outer->Add(ec);
// Construct fake packet for DoNextPacket
Packet p;
zeek::Packet p;
p.Init(link_type, &ts, caplen, len, data, false, "");
if ( p.Layer2Valid() && (p.l3_proto == L3_IPV4 || p.l3_proto == L3_IPV6) )
if ( p.Layer2Valid() && (p.l3_proto == zeek::L3_IPV4 || p.l3_proto == zeek::L3_IPV6) )
{
auto inner = p.IP();
DoNextPacket(t, &p, &inner, outer);
@ -850,7 +850,7 @@ int NetSessions::ParseIPPacket(int caplen, const u_char* const pkt, int proto,
}
bool NetSessions::CheckHeaderTrunc(int proto, uint32_t len, uint32_t caplen,
const Packet* p, const EncapsulationStack* encap)
const zeek::Packet* p, const EncapsulationStack* encap)
{
uint32_t min_hdr_len = 0;
switch ( proto ) {
@ -1161,7 +1161,7 @@ void NetSessions::GetStats(SessionStats& s) const
Connection* NetSessions::NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
const u_char* data, int proto, uint32_t flow_label,
const Packet* pkt, const EncapsulationStack* encapsulation)
const zeek::Packet* pkt, const EncapsulationStack* encapsulation)
{
// FIXME: This should be cleaned up a bit, it's too protocol-specific.
// But I'm not yet sure what the right abstraction for these things is.
@ -1302,7 +1302,7 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port,
return true;
}
void NetSessions::DumpPacket(const Packet *pkt, int len)
void NetSessions::DumpPacket(const zeek::Packet *pkt, int len)
{
if ( ! pkt_dumper )
return;
@ -1312,13 +1312,13 @@ void NetSessions::DumpPacket(const Packet *pkt, int len)
if ( (uint32_t)len > pkt->cap_len )
zeek::reporter->Warning("bad modified caplen");
else
const_cast<Packet *>(pkt)->cap_len = len;
const_cast<zeek::Packet *>(pkt)->cap_len = len;
}
pkt_dumper->Dump(pkt);
}
void NetSessions::Weird(const char* name, const Packet* pkt,
void NetSessions::Weird(const char* name, const zeek::Packet* pkt,
const EncapsulationStack* encap, const char* addl)
{
if ( pkt )

24
src/Sessions.h
View file

@ -14,7 +14,7 @@
class EncapsulationStack;
class EncapsulatingConn;
class Packet;
ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
class PacketProfiler;
class Connection;
class ConnCompressor;
@ -49,7 +49,7 @@ public:
~NetSessions();
// Main entry point for packet processing.
void NextPacket(double t, const Packet* pkt);
void NextPacket(double t, const zeek::Packet* pkt);
void Done(); // call to drain events before destructing
@ -77,15 +77,15 @@ public:
void GetStats(SessionStats& s) const;
void Weird(const char* name, const Packet* pkt,
void Weird(const char* name, const zeek::Packet* pkt,
const EncapsulationStack* encap = nullptr, const char* addl = "");
void Weird(const char* name, const zeek::IP_Hdr* ip,
const EncapsulationStack* encap = nullptr, const char* addl = "");
PacketFilter* GetPacketFilter()
zeek::detail::PacketFilter* GetPacketFilter()
{
if ( ! packet_filter )
packet_filter = new PacketFilter(packet_filter_default);
packet_filter = new zeek::detail::PacketFilter(packet_filter_default);
return packet_filter;
}
@ -96,7 +96,7 @@ public:
return tcp_conns.size() + udp_conns.size() + icmp_conns.size();
}
void DoNextPacket(double t, const Packet *pkt, const zeek::IP_Hdr* ip_hdr,
void DoNextPacket(double t, const zeek::Packet *pkt, const zeek::IP_Hdr* ip_hdr,
const EncapsulationStack* encapsulation);
/**
@ -113,7 +113,7 @@ public:
* the most-recently found depth of encapsulation.
* @param ec The most-recently found depth of encapsulation.
*/
void DoNextInnerPacket(double t, const Packet *pkt,
void DoNextInnerPacket(double t, const zeek::Packet *pkt,
const zeek::IP_Hdr* inner, const EncapsulationStack* prev,
const EncapsulatingConn& ec);
@ -132,7 +132,7 @@ public:
* including the most-recently found depth of encapsulation.
* @param ec The most-recently found depth of encapsulation.
*/
void DoNextInnerPacket(double t, const Packet* pkt,
void DoNextInnerPacket(double t, const zeek::Packet* pkt,
uint32_t caplen, uint32_t len,
const u_char* data, int link_type,
const EncapsulationStack* prev,
@ -177,7 +177,7 @@ protected:
Connection* NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
const u_char* data, int proto, uint32_t flow_label,
const Packet* pkt, const EncapsulationStack* encapsulation);
const zeek::Packet* pkt, const EncapsulationStack* encapsulation);
Connection* LookupConn(const ConnectionMap& conns, const zeek::detail::ConnIDKey& key);
@ -202,13 +202,13 @@ protected:
// Record the given packet (if a dumper is active). If len=0
// then the whole packet is recorded, otherwise just the first
// len bytes.
void DumpPacket(const Packet *pkt, int len=0);
void DumpPacket(const zeek::Packet *pkt, int len=0);
// For a given protocol, checks whether the header's length as derived
// from lower-level headers or the length actually captured is less
// than that protocol's minimum header size.
bool CheckHeaderTrunc(int proto, uint32_t len, uint32_t caplen,
const Packet *pkt, const EncapsulationStack* encap);
const zeek::Packet *pkt, const EncapsulationStack* encap);
// Inserts a new connection into the sessions map. If a connection with
// the same key already exists in the map, it will be overwritten by
@ -233,7 +233,7 @@ protected:
analyzer::stepping_stone::SteppingStoneManager* stp_manager;
Discarder* discarder;
PacketFilter* packet_filter;
zeek::detail::PacketFilter* packet_filter;
uint64_t num_packets_processed;
PacketProfiler* pkt_profiler;
bool dump_this_packet; // if true, current packet should be recorded

2
src/analyzer/protocol/arp/ARP.cc
View file

@ -76,7 +76,7 @@ ARP_Analyzer::~ARP_Analyzer()
#endif
void ARP_Analyzer::NextPacket(double t, const Packet* pkt)
void ARP_Analyzer::NextPacket(double t, const zeek::Packet* pkt)
{
const u_char *data = pkt->data;
// Check whether the packet is OK ("inspired" in tcpdump's print-arp.c).

4
src/analyzer/protocol/arp/ARP.h
View file

@ -24,7 +24,7 @@
#include "NetVar.h"
class Packet;
ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
extern "C" {
#include <pcap.h>
@ -37,7 +37,7 @@ public:
ARP_Analyzer();
~ARP_Analyzer() override;
void NextPacket(double t, const Packet* pkt);
void NextPacket(double t, const zeek::Packet* pkt);
void Describe(ODesc* d) const override;
void RREvent(zeek::EventHandlerPtr e, const u_char* src, const u_char* dst,

4
src/analyzer/protocol/dns/DNS.cc
View file

@ -739,7 +739,7 @@ bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg,
// IPv6 address, depending on FAMILY, which MUST be truncated to the
// number of bits indicated by the SOURCE PREFIX-LENGTH field,
// padding with 0 bits to pad to the end of the last octet needed.
if ( ecs_family == L3_IPV4 )
if ( ecs_family == zeek::L3_IPV4 )
{
opt.ecs_family = zeek::make_intrusive<zeek::StringVal>("v4");
uint32_t addr = 0;
@ -752,7 +752,7 @@ bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg,
addr = htonl(addr);
opt.ecs_addr = zeek::make_intrusive<zeek::AddrVal>(addr);
}
else if ( ecs_family == L3_IPV6 )
else if ( ecs_family == zeek::L3_IPV6 )
{
opt.ecs_family = zeek::make_intrusive<zeek::StringVal>("v6");
uint32_t addr[4] = { 0 };

6
src/analyzer/protocol/vxlan/VXLAN.cc
View file

@ -63,7 +63,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
pkt_timeval ts;
ts.tv_sec = (time_t) current_timestamp;
ts.tv_usec = (suseconds_t) ((current_timestamp - (double)ts.tv_sec) * 1000000);
Packet pkt(DLT_EN10MB, &ts, caplen, len, data);
zeek::Packet pkt(DLT_EN10MB, &ts, caplen, len, data);
if ( ! pkt.Layer2Valid() )
{
@ -80,10 +80,10 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
int res = 0;
switch ( pkt.l3_proto ) {
case L3_IPV4:
case zeek::L3_IPV4:
res = sessions->ParseIPPacket(len, data, IPPROTO_IPV4, inner);
break;
case L3_IPV6:
case zeek::L3_IPV6:
res = sessions->ParseIPPacket(len, data, IPPROTO_IPV6, inner);
break;
default:

4
src/iosource/BPF_Program.cc
View file

@ -59,6 +59,8 @@ int pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
}
#endif
namespace zeek::detail {
// Simple heuristic to identify filters that always match, so that we can
// skip the filtering in that case. "ip or not ip" is Bro's default filter.
static bool filter_matches_anything(const char *filter)
@ -158,3 +160,5 @@ void BPF_Program::FreeCode()
m_compiled = false;
}
}
} // namespace zeek::detail

6
src/iosource/BPF_Program.h
View file

@ -8,6 +8,8 @@ extern "C" {
#include <stdint.h>
namespace zeek::detail {
// BPF_Programs are an abstraction around struct bpf_program,
// to create a clean facility for creating, compiling, and
// freeing such programs.
@ -53,3 +55,7 @@ protected:
bool m_matches_anything;
struct bpf_program m_program;
};
} // namespace zeek::detail
using BPF_Program [[deprecated("Remove in v4.1. Use zeek::detail::BPF_Program.")]] = zeek::detail::BPF_Program;

4
src/iosource/Packet.cc
View file

@ -19,6 +19,8 @@ extern "C" {
#endif
}
namespace zeek {
void Packet::Init(int arg_link_type, pkt_timeval *arg_ts, uint32_t arg_caplen,
uint32_t arg_len, const u_char *arg_data, bool arg_copy,
std::string arg_tag)
@ -688,3 +690,5 @@ void Packet::Describe(ODesc* d) const
d->Add("->");
d->Add(ip.DstAddr());
}
} // namespace zeek

17
src/iosource/Packet.h
View file

@ -14,17 +14,16 @@ typedef struct bpf_timeval pkt_timeval;
typedef struct timeval pkt_timeval;
#endif
class ODesc;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
namespace zeek {
template <class T> class IntrusivePtr;
using ValPtr = zeek::IntrusivePtr<zeek::Val>;
using RecordValPtr = zeek::IntrusivePtr<zeek::RecordVal>;
}
class ODesc;
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
/**
* The Layer 3 type of a packet, as determined by the parsing code in Packet.
@ -242,3 +241,13 @@ private:
// True if L2 processing succeeded.
bool l2_valid;
};
} // namespace zeek
using Layer3Proto [[deprecated("Remove in v4.1. Use zeek::Layer3Proto.")]] = zeek::Layer3Proto;
using Packet [[deprecated("Remove in v4.1. Use zeek::Packet.")]] = zeek::Packet;
constexpr auto L3_UNKNOWN [[deprecated("Remove in v4.1. Use zeek::L3_UNKNOWN")]] = zeek::L3_UNKNOWN;
constexpr auto L3_IPV4 [[deprecated("Remove in v4.1. Use zeek::L3_IPV4")]] = zeek::L3_IPV4;
constexpr auto L3_IPV6 [[deprecated("Remove in v4.1. Use zeek::L3_IPV6")]] = zeek::L3_IPV6;
constexpr auto L3_ARP [[deprecated("Remove in v4.1. Use zeek::L3_ARP")]] = zeek::L3_ARP;

5
src/iosource/PktDumper.h
View file

@ -2,9 +2,10 @@
#pragma once
#include "zeek-config.h"
#include <string>
class Packet;
ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek);
namespace iosource {
@ -84,7 +85,7 @@ public:
* @return True if succesful, false otherwise (in which case \a
* Error() must have been called.)
*/
virtual bool Dump(const Packet* pkt) = 0;
virtual bool Dump(const zeek::Packet* pkt) = 0;
protected:
friend class Manager;

12
src/iosource/PktSrc.cc
View file

@ -90,7 +90,7 @@ double PktSrc::CurrentPacketWallClock()
void PktSrc::Opened(const Properties& arg_props)
{
if ( Packet::GetLinkHeaderSize(arg_props.link_type) < 0 )
if ( zeek::Packet::GetLinkHeaderSize(arg_props.link_type) < 0 )
{
char buf[512];
snprintf(buf, sizeof(buf),
@ -151,7 +151,7 @@ void PktSrc::Info(const std::string& msg)
zeek::reporter->Info("%s", msg.c_str());
}
void PktSrc::Weird(const std::string& msg, const Packet* p)
void PktSrc::Weird(const std::string& msg, const zeek::Packet* p)
{
sessions->Weird(msg.c_str(), p, nullptr);
}
@ -269,7 +269,7 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter)
char errbuf[PCAP_ERRBUF_SIZE];
// Compile filter.
BPF_Program* code = new BPF_Program();
auto* code = new zeek::detail::BPF_Program();
if ( ! code->Compile(zeek::BifConst::Pcap::snaplen, LinkType(), filter.c_str(), Netmask(), errbuf, sizeof(errbuf)) )
{
@ -296,7 +296,7 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter)
return true;
}
BPF_Program* PktSrc::GetBPFFilter(int index)
zeek::detail::BPF_Program* PktSrc::GetBPFFilter(int index)
{
if ( index < 0 )
return nullptr;
@ -306,7 +306,7 @@ BPF_Program* PktSrc::GetBPFFilter(int index)
bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_char *pkt)
{
BPF_Program* code = GetBPFFilter(index);
zeek::detail::BPF_Program* code = GetBPFFilter(index);
if ( ! code )
{
@ -321,7 +321,7 @@ bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_ch
return pcap_offline_filter(code->GetProgram(), hdr, pkt);
}
bool PktSrc::GetCurrentPacket(const Packet** pkt)
bool PktSrc::GetCurrentPacket(const zeek::Packet** pkt)
{
if ( ! have_packet )
return false;

14
src/iosource/PktSrc.h
View file

@ -10,7 +10,7 @@
#include <sys/types.h> // for u_char
struct pcap_pkthdr;
class BPF_Program;
ZEEK_FORWARD_DECLARE_NAMESPACED(BPF_Program, zeek::detail);
namespace iosource {
@ -136,7 +136,7 @@ public:
* @return The BPF filter associated, or null if none has been
* (successfully) compiled.
*/
BPF_Program* GetBPFFilter(int index);
zeek::detail::BPF_Program* GetBPFFilter(int index);
/**
* Applies a precompiled BPF filter to a packet. This will close the
@ -163,7 +163,7 @@ public:
*
* @return True if the current packet is available, or false if not.
*/
bool GetCurrentPacket(const Packet** hdr);
bool GetCurrentPacket(const zeek::Packet** hdr);
// PacketSource interace for derived classes to override.
@ -297,7 +297,7 @@ protected:
*
* @param pkt The packet associated with the weird, or null if none.
*/
void Weird(const std::string& msg, const Packet* pkt);
void Weird(const std::string& msg, const zeek::Packet* pkt);
/**
* Can be called from derived classes to flag an internal error,
@ -340,7 +340,7 @@ protected:
* if not packet is available or an error occured (which must be
* flageed via Error()).
*/
virtual bool ExtractNextPacket(Packet* pkt) = 0;
virtual bool ExtractNextPacket(zeek::Packet* pkt) = 0;
/**
* Signals that the data of previously extracted packet will no
@ -365,10 +365,10 @@ private:
Properties props;
bool have_packet;
Packet current_packet;
zeek::Packet current_packet;
// For BPF filtering support.
std::vector<BPF_Program *> filters;
std::vector<zeek::detail::BPF_Program *> filters;
// Only set in pseudo-realtime mode.
double first_timestamp;

4
src/iosource/pcap/Dumper.cc
View file

@ -82,7 +82,7 @@ void PcapDumper::Open()
}
props.open_time = network_time;
props.hdr_size = Packet::GetLinkHeaderSize(pcap_datalink(pd));
props.hdr_size = zeek::Packet::GetLinkHeaderSize(pcap_datalink(pd));
Opened(props);
}
@ -99,7 +99,7 @@ void PcapDumper::Close()
Closed();
}
bool PcapDumper::Dump(const Packet* pkt)
bool PcapDumper::Dump(const zeek::Packet* pkt)
{
if ( ! dumper )
return false;

2
src/iosource/pcap/Dumper.h
View file

@ -22,7 +22,7 @@ protected:
// PktDumper interface.
void Open() override;
void Close() override;
bool Dump(const Packet* pkt) override;
bool Dump(const zeek::Packet* pkt) override;
private:
Properties props;

4
src/iosource/pcap/Source.cc
View file

@ -191,7 +191,7 @@ void PcapSource::OpenOffline()
Opened(props);
}
bool PcapSource::ExtractNextPacket(Packet* pkt)
bool PcapSource::ExtractNextPacket(zeek::Packet* pkt)
{
if ( ! pd )
return false;
@ -258,7 +258,7 @@ bool PcapSource::SetFilter(int index)
char errbuf[PCAP_ERRBUF_SIZE];
BPF_Program* code = GetBPFFilter(index);
zeek::detail::BPF_Program* code = GetBPFFilter(index);
if ( ! code )
{

2
src/iosource/pcap/Source.h
View file

@ -24,7 +24,7 @@ protected:
// PktSrc interface.
void Open() override;
void Close() override;
bool ExtractNextPacket(Packet* pkt) override;
bool ExtractNextPacket(zeek::Packet* pkt) override;
void DoneWithPacket() override;
bool PrecompileFilter(int index, const std::string& filter) override;
bool SetFilter(int index) override;