Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Deprecate ConnTuple and related APIs.

Browse source 
Given IP-aware ConnKeys, ConnTuples aren't really required any more. ConnTuple
had two benefits:

- It preserved the original src/dst orientation from the packet headers it was
based on, which IPBasedConnKey now tracks and provides accessor methods for.

- In IPBasedAnalyzer::AnalyzePacket() its instance survived past the std:move()
of the key into NewConn(), which we sidestep by keeping the original src address
and port around until we need after the connection is obtained.
This commit is contained in:
Christian Kreibich 2025-06-12 17:21:26 -07:00 committed by Arne Welzel
parent 7548dc9e96
commit a5122b5032
18 changed files with 149 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
View file

@ -98,10 +98,29 @@ protected:
*/
IPBasedAnalyzer(const char* name, TransportProto proto, uint32_t mask, bool report_unknown_protocols);
/**
* Initialize the given ConnKey from the packet header & data.
*
* @param len Remaining length of data.
* @param data Remaining packet data.
* @param packet The packet being processed.
* @param key The ConnKey instance to initialize.
*
* @return True if initialization succeeded, false otherwise (e.g. because
* there wasn't enough data available).
*/
virtual bool InitConnKey(size_t len, const uint8_t* data, Packet* packet, IPBasedConnKey& key) {
// Given deprecation of BuildConnTuple below, make this pure virtual in 8.1.
return false;
}
/**
* Parse the header from the packet into a ConnTuple object.
*/
virtual bool BuildConnTuple(size_t len, const uint8_t* data, Packet* packet, ConnTuple& tuple) = 0;
[[deprecated("Remove in v8.1. Switch to InitConnKey() and key-only initialization.")]]
virtual bool BuildConnTuple(size_t len, const uint8_t* data, Packet* packet, ConnTuple& tuple) {
return false;
}
/**
* Continues process of packet after the connection has been inserted into the
@ -180,12 +199,10 @@ private:
/**
* Creates a new Connection object from data gleaned from the current packet.
*
* @param id A connection ID generated from the packet data. This should have been
* passed in from a child analyzer.
* @param key A connection ID key generated from the ID.
* @param pkt The packet associated with the new connection.
* @param key A ConnKey with common 5-tuple information.
* @param pkt The packet associated with the new connection, for additional connection info.
*/
zeek::Connection* NewConn(const ConnTuple& id, IPBasedConnKeyPtr key, const Packet* pkt);
zeek::Connection* NewConn(IPBasedConnKeyPtr key, const Packet* pkt);
void BuildSessionAnalyzerTree(Connection* conn);