mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 09:38:19 +00:00
Initial implementation of Lower-Level analyzers
This commit is contained in:
Peter Oettig
Tim Wojtulewicz
parent
f744d4c070
commit
b2e6c9ac9a
146 changed files with 3967 additions and 613 deletions
35
src/llanalyzer/protocol/linux_sll/LinuxSLL.h
Normal file
35
src/llanalyzer/protocol/linux_sll/LinuxSLL.h
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <llanalyzer/Analyzer.h>
|
||||
#include <llanalyzer/Component.h>
|
||||
|
||||
namespace zeek::llanalyzer::LinuxSLL {
|
||||
|
||||
class LinuxSLLAnalyzer : public Analyzer {
|
||||
public:
|
||||
LinuxSLLAnalyzer();
|
||||
~LinuxSLLAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
|
||||
static Analyzer* Instantiate()
|
||||
{
|
||||
return new LinuxSLLAnalyzer();
|
||||
}
|
||||
|
||||
private:
|
||||
|
||||
// Structure layout is based on https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html
|
||||
struct SLLHeader
|
||||
{
|
||||
uint16_t packet_type;
|
||||
uint16_t arphrd_type;
|
||||
uint16_t addr_len;
|
||||
uint64_t addr;
|
||||
uint16_t protocol_type;
|
||||
} __attribute__((__packed__));
|
||||
};
|
||||
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue