mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 02:28:21 +00:00
Reformat the world
This commit is contained in:
Tim Wojtulewicz
parent
194cb24547
commit
b2f171ec69
714 changed files with 35149 additions and 35203 deletions
|
|
@ -1,22 +1,22 @@
|
|||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
|
||||
#include "zeek/packet_analysis/protocol/ip/IP.h"
|
||||
#include "zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h"
|
||||
#include "zeek/NetVar.h"
|
||||
#include "zeek/IP.h"
|
||||
|
||||
#include "zeek/Discard.h"
|
||||
#include "zeek/PacketFilter.h"
|
||||
#include "zeek/session/Manager.h"
|
||||
#include "zeek/RunState.h"
|
||||
#include "zeek/Frag.h"
|
||||
#include "zeek/Event.h"
|
||||
#include "zeek/TunnelEncapsulation.h"
|
||||
#include "zeek/Frag.h"
|
||||
#include "zeek/IP.h"
|
||||
#include "zeek/IPAddr.h"
|
||||
#include "zeek/NetVar.h"
|
||||
#include "zeek/PacketFilter.h"
|
||||
#include "zeek/RunState.h"
|
||||
#include "zeek/TunnelEncapsulation.h"
|
||||
#include "zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h"
|
||||
#include "zeek/session/Manager.h"
|
||||
|
||||
using namespace zeek::packet_analysis::IP;
|
||||
|
||||
IPAnalyzer::IPAnalyzer()
|
||||
: zeek::packet_analysis::Analyzer("IP")
|
||||
IPAnalyzer::IPAnalyzer() : zeek::packet_analysis::Analyzer("IP")
|
||||
{
|
||||
discarder = new detail::Discarder();
|
||||
if ( ! discarder->IsActive() )
|
||||
|
|
@ -45,7 +45,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
// Cast the current data pointer to an IP header pointer so we can use it to get some
|
||||
// data about the header.
|
||||
auto ip = (const struct ip *)data;
|
||||
auto ip = (const struct ip*)data;
|
||||
uint32_t protocol = ip->ip_v;
|
||||
|
||||
// This is a unique pointer because of the mass of early returns from this method.
|
||||
|
|
@ -62,7 +62,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
return false;
|
||||
}
|
||||
|
||||
packet->ip_hdr = std::make_unique<IP_Hdr>((const struct ip6_hdr*) data, false, len);
|
||||
packet->ip_hdr = std::make_unique<IP_Hdr>((const struct ip6_hdr*)data, false, len);
|
||||
packet->l3_proto = L3_IPV6;
|
||||
}
|
||||
else
|
||||
|
|
@ -126,7 +126,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
// Ignore if packet matches packet filter.
|
||||
detail::PacketFilter* packet_filter = packet_mgr->GetPacketFilter(false);
|
||||
if ( packet_filter && packet_filter->Match(packet->ip_hdr, total_len, len) )
|
||||
return false;
|
||||
return false;
|
||||
|
||||
if ( ! packet->l2_checksummed && ! detail::ignore_checksums && ip4 &&
|
||||
! IPBasedAnalyzer::GetIgnoreChecksumsNets()->Contains(packet->ip_hdr->IPHeaderSrcAddr()) &&
|
||||
|
|
@ -143,7 +143,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( packet->ip_hdr->IsFragment() )
|
||||
{
|
||||
packet->dump_packet = true; // always record fragments
|
||||
packet->dump_packet = true; // always record fragments
|
||||
|
||||
if ( len < total_len )
|
||||
{
|
||||
|
|
@ -203,7 +203,8 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
{
|
||||
packet->dump_packet = true;
|
||||
|
||||
if ( ! detail::ignore_checksums && mobility_header_checksum(packet->ip_hdr.get()) != 0xffff )
|
||||
if ( ! detail::ignore_checksums &&
|
||||
mobility_header_checksum(packet->ip_hdr.get()) != 0xffff )
|
||||
{
|
||||
Weird("bad_MH_checksum", packet);
|
||||
return false;
|
||||
|
|
@ -218,16 +219,16 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
return true;
|
||||
}
|
||||
|
||||
// Set the data pointer to match the payload from the IP header. This makes sure that it's also pointing
|
||||
// at the reassembled data for a fragmented packet.
|
||||
// Set the data pointer to match the payload from the IP header. This makes sure that it's also
|
||||
// pointing at the reassembled data for a fragmented packet.
|
||||
data = packet->ip_hdr->Payload();
|
||||
len -= ip_hdr_len;
|
||||
|
||||
// Session analysis assumes that the header size stored in the packet does not include the IP header
|
||||
// size. There are two reasons for this: 1) Packet::ToRawPktHdrVal() wants to look at the IP header for
|
||||
// reporting, and 2) The VXLAN analyzer uses the header position to create the next packet in the tunnel
|
||||
// chain. Once the TCP/UDP work is done and the VXLAN analyzer can move into packet analysis, this can
|
||||
// change, but for now we leave it as it is.
|
||||
// Session analysis assumes that the header size stored in the packet does not include the IP
|
||||
// header size. There are two reasons for this: 1) Packet::ToRawPktHdrVal() wants to look at the
|
||||
// IP header for reporting, and 2) The VXLAN analyzer uses the header position to create the
|
||||
// next packet in the tunnel chain. Once the TCP/UDP work is done and the VXLAN analyzer can
|
||||
// move into packet analysis, this can change, but for now we leave it as it is.
|
||||
|
||||
bool return_val = true;
|
||||
int proto = packet->ip_hdr->NextProto();
|
||||
|
|
@ -241,26 +242,26 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
return false;
|
||||
}
|
||||
|
||||
switch ( proto ) {
|
||||
case IPPROTO_NONE:
|
||||
// If the packet is encapsulated in Teredo, then it was a bubble and
|
||||
// the Teredo analyzer may have raised an event for that, else we're
|
||||
// not sure the reason for the No Next header in the packet.
|
||||
if ( ! ( packet->encap &&
|
||||
packet->encap->LastType() == BifEnum::Tunnel::TEREDO ) )
|
||||
{
|
||||
Weird("ipv6_no_next", packet);
|
||||
return_val = false;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
packet->proto = proto;
|
||||
switch ( proto )
|
||||
{
|
||||
case IPPROTO_NONE:
|
||||
// If the packet is encapsulated in Teredo, then it was a bubble and
|
||||
// the Teredo analyzer may have raised an event for that, else we're
|
||||
// not sure the reason for the No Next header in the packet.
|
||||
if ( ! (packet->encap && packet->encap->LastType() == BifEnum::Tunnel::TEREDO) )
|
||||
{
|
||||
Weird("ipv6_no_next", packet);
|
||||
return_val = false;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
packet->proto = proto;
|
||||
|
||||
// For everything else, pass it on to another analyzer. If there's no one to handle that,
|
||||
// it'll report a Weird.
|
||||
return_val = ForwardPacket(len, data, packet, proto);
|
||||
break;
|
||||
}
|
||||
// For everything else, pass it on to another analyzer. If there's no one to handle
|
||||
// that, it'll report a Weird.
|
||||
return_val = ForwardPacket(len, data, packet, proto);
|
||||
break;
|
||||
}
|
||||
|
||||
if ( f )
|
||||
f->DeleteTimer();
|
||||
|
|
@ -276,9 +277,9 @@ int zeek::packet_analysis::IP::ParsePacket(int caplen, const u_char* const pkt,
|
|||
if ( caplen < (int)sizeof(struct ip6_hdr) )
|
||||
return -1;
|
||||
|
||||
const struct ip6_hdr* ip6 = (const struct ip6_hdr*) pkt;
|
||||
const struct ip6_hdr* ip6 = (const struct ip6_hdr*)pkt;
|
||||
inner = std::make_unique<zeek::IP_Hdr>(ip6, false, caplen);
|
||||
if ( ( ip6->ip6_ctlun.ip6_un2_vfc & 0xF0 ) != 0x60 )
|
||||
if ( (ip6->ip6_ctlun.ip6_un2_vfc & 0xF0) != 0x60 )
|
||||
return -2;
|
||||
}
|
||||
|
||||
|
|
@ -287,7 +288,7 @@ int zeek::packet_analysis::IP::ParsePacket(int caplen, const u_char* const pkt,
|
|||
if ( caplen < (int)sizeof(struct ip) )
|
||||
return -1;
|
||||
|
||||
const struct ip* ip4 = (const struct ip*) pkt;
|
||||
const struct ip* ip4 = (const struct ip*)pkt;
|
||||
inner = std::make_unique<zeek::IP_Hdr>(ip4, false);
|
||||
if ( ip4->ip_v != 4 )
|
||||
return -2;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue