Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Extending rexmit_inconsistency() event to receive an additional

Browse source 
parameter with the packet's TCP flags, if available.
This commit is contained in:
Robin Sommer 2015-10-26 14:11:21 -07:00
parent 88a4683d22
commit a83d97937e
14 changed files with 53 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/analyzer/protocol/tcp/TCP.h
View file

@ -8,6 +8,7 @@
#include "PacketDumper.h"
#include "IPAddr.h"
#include "TCP_Endpoint.h"
#include "TCP_Flags.h"
#include "Conn.h"
// We define two classes here:
@ -23,21 +24,6 @@ class TCP_Endpoint;
class TCP_ApplicationAnalyzer;
class TCP_Reassembler;
class TCP_Flags {
public:
TCP_Flags(const struct tcphdr* tp) { flags = tp->th_flags; }
bool SYN() { return flags & TH_SYN; }
bool FIN() { return flags & TH_FIN; }
bool RST() { return flags & TH_RST; }
bool ACK() { return flags & TH_ACK; }
bool URG() { return flags & TH_URG; }
bool PUSH() { return flags & TH_PUSH; }
protected:
u_char flags;
};
class TCP_Analyzer : public analyzer::TransportLayerAnalyzer {
public:
TCP_Analyzer(Connection* conn);