diff --git a/src/Sessions.cc b/src/Sessions.cc index 7b5d7458b0..f7729c7637 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -28,7 +28,6 @@ #include "analyzer/Manager.h" #include "iosource/IOSource.h" -#include "iosource/PktDumper.h" #include "packet_analysis/Manager.h" #include "pcap.h" @@ -233,7 +232,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr else { int hdr_len = data - pkt->data; - DumpPacket(pkt, hdr_len); // just save the header + packet_mgr->DumpPacket(pkt, hdr_len); // just save the header } } } @@ -679,22 +678,6 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port, return true; } -void NetSessions::DumpPacket(const Packet *pkt, int len) - { - if ( ! run_state::detail::pkt_dumper ) - return; - - if ( len != 0 ) - { - if ( (uint32_t)len > pkt->cap_len ) - reporter->Warning("bad modified caplen"); - else - const_cast(pkt)->cap_len = len; - } - - run_state::detail::pkt_dumper->Dump(pkt); - } - void NetSessions::Weird(const char* name, const Packet* pkt, const EncapsulationStack* encap, const char* addl) { diff --git a/src/Sessions.h b/src/Sessions.h index 812b26dc04..30d6acaf24 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -128,11 +128,6 @@ public: unsigned int MemoryAllocation(); analyzer::tcp::TCPStateStats tcp_stats; // keeps statistics on TCP states - // Record the given packet (if a dumper is active). If len=0 - // then the whole packet is recorded, otherwise just the first - // len bytes. - void DumpPacket(const Packet *pkt, int len=0); - protected: friend class ConnCompressor; diff --git a/src/packet_analysis/Manager.cc b/src/packet_analysis/Manager.cc index 39a3d07e2b..7341a9ba90 100644 --- a/src/packet_analysis/Manager.cc +++ b/src/packet_analysis/Manager.cc @@ -8,6 +8,7 @@ #include "Stats.h" #include "zeek/Sessions.h" #include "zeek/RunState.h" +#include "iosource/PktDumper.h" using namespace zeek::packet_analysis; @@ -95,8 +96,7 @@ void Manager::ProcessPacket(Packet* packet) bool dumped_packet = false; if ( packet->dump_packet || zeek::detail::record_all_packets ) { - // TODO: should this stay in Session? - sessions->DumpPacket(packet); + DumpPacket(packet); dumped_packet = true; } @@ -109,8 +109,7 @@ void Manager::ProcessPacket(Packet* packet) // Check whether packet should be recorded based on session analysis if ( packet->dump_packet && ! dumped_packet ) - // TODO: should this stay in Session? - sessions->DumpPacket(packet); + DumpPacket(packet); } bool Manager::ProcessInnerPacket(Packet* packet) @@ -156,3 +155,19 @@ AnalyzerPtr Manager::InstantiateAnalyzer(const std::string& name) Tag tag = GetComponentTag(name); return tag ? InstantiateAnalyzer(tag) : nullptr; } + +void Manager::DumpPacket(const Packet *pkt, int len) + { + if ( ! run_state::detail::pkt_dumper ) + return; + + if ( len != 0 ) + { + if ( (uint32_t)len > pkt->cap_len ) + reporter->Warning("bad modified caplen"); + else + const_cast(pkt)->cap_len = len; + } + + run_state::detail::pkt_dumper->Dump(pkt); + } diff --git a/src/packet_analysis/Manager.h b/src/packet_analysis/Manager.h index ff68a1e94c..6e9ddecb1c 100644 --- a/src/packet_analysis/Manager.h +++ b/src/packet_analysis/Manager.h @@ -83,6 +83,15 @@ public: uint64_t PacketsProcessed() const { return num_packets_processed; } + /** + * Records the given packet if a dumper is active. + * + * @param pkt The packet to record. + * @param len The number of bytes to record. If set to zero, the whole + * packet is recorded. + */ + void DumpPacket(const Packet *pkt, int len=0); + private: /** * Instantiates a new analyzer instance.