Move packet dumping to packet_mgr

2025-10-05 08:08:19 +00:00 · 2020-09-24 10:54:02 -07:00 · 2020-09-24 10:54:02 -07:00 · afdc08085f
commit afdc08085f
parent 8ece1cf484
4 changed files with 29 additions and 27 deletions
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -28,7 +28,6 @@

 #include "analyzer/Manager.h"
 #include "iosource/IOSource.h"
-#include "iosource/PktDumper.h"
 #include "packet_analysis/Manager.h"

 #include "pcap.h"
@ -233,7 +232,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 		else
 			{
 			int hdr_len = data - pkt->data;
-			DumpPacket(pkt, hdr_len);	// just save the header
+			packet_mgr->DumpPacket(pkt, hdr_len);	// just save the header
 			}
 		}
 	}
@ -679,22 +678,6 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port,
 	return true;
 	}

-void NetSessions::DumpPacket(const Packet *pkt, int len)
-	{
-	if ( ! run_state::detail::pkt_dumper )
-		return;
-
-	if ( len != 0 )
-		{
-		if ( (uint32_t)len > pkt->cap_len )
-			reporter->Warning("bad modified caplen");
-		else
-			const_cast<Packet *>(pkt)->cap_len = len;
-		}
-
-	run_state::detail::pkt_dumper->Dump(pkt);
-	}
-
 void NetSessions::Weird(const char* name, const Packet* pkt,
                        const EncapsulationStack* encap, const char* addl)
 	{
--- a/src/Sessions.h
+++ b/src/Sessions.h
@ -128,11 +128,6 @@ public:
 	unsigned int MemoryAllocation();
 	analyzer::tcp::TCPStateStats tcp_stats;	// keeps statistics on TCP states

-	// Record the given packet (if a dumper is active).  If len=0
-	// then the whole packet is recorded, otherwise just the first
-	// len bytes.
-	void DumpPacket(const Packet *pkt, int len=0);
-
 protected:
 	friend class ConnCompressor;

--- a/src/packet_analysis/Manager.cc
+++ b/src/packet_analysis/Manager.cc
@ -8,6 +8,7 @@
 #include "Stats.h"
 #include "zeek/Sessions.h"
 #include "zeek/RunState.h"
+#include "iosource/PktDumper.h"

 using namespace zeek::packet_analysis;

@ -95,8 +96,7 @@ void Manager::ProcessPacket(Packet* packet)
 	bool dumped_packet = false;
 	if ( packet->dump_packet || zeek::detail::record_all_packets )
 		{
-		// TODO: should this stay in Session?
-		sessions->DumpPacket(packet);
+		DumpPacket(packet);
 		dumped_packet = true;
 		}

@ -109,8 +109,7 @@ void Manager::ProcessPacket(Packet* packet)

 	// Check whether packet should be recorded based on session analysis
 	if ( packet->dump_packet && ! dumped_packet )
-		// TODO: should this stay in Session?
-		sessions->DumpPacket(packet);
+		DumpPacket(packet);
 	}

 bool Manager::ProcessInnerPacket(Packet* packet)
@ -156,3 +155,19 @@ AnalyzerPtr Manager::InstantiateAnalyzer(const std::string& name)
 	Tag tag = GetComponentTag(name);
 	return tag ? InstantiateAnalyzer(tag) : nullptr;
 	}
+
+void Manager::DumpPacket(const Packet *pkt, int len)
+	{
+	if ( ! run_state::detail::pkt_dumper )
+		return;
+
+	if ( len != 0 )
+		{
+		if ( (uint32_t)len > pkt->cap_len )
+			reporter->Warning("bad modified caplen");
+		else
+			const_cast<Packet *>(pkt)->cap_len = len;
+		}
+
+	run_state::detail::pkt_dumper->Dump(pkt);
+	}
--- a/src/packet_analysis/Manager.h
+++ b/src/packet_analysis/Manager.h
@ -83,6 +83,15 @@ public:

 	uint64_t PacketsProcessed() const	{ return num_packets_processed; }

+	/**
+	 * Records the given packet if a dumper is active.
+	 *
+	 * @param pkt The packet to record.
+	 * @param len The number of bytes to record. If set to zero, the whole
+	 * packet is recorded.
+	 */
+	void DumpPacket(const Packet *pkt, int len=0);
+
 private:
 	/**
 	 * Instantiates a new analyzer instance.