Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 09:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Remove --enable-brov6 flag, IPv6 now supported by default.

Browse source 
Internally, all BROv6 preprocessor switches were removed and
addr/subnet representations wrapped in the new IPAddr/IPPrefix classes.

Some script-layer changes of note:

- dns_AAAA_reply event signature changed: the string representation
  of an IPv6 addr is easily derived from the addr value, it doesn't
  need to be another parameter.  This event also now generated directly
  by the DNS analyzer instead of being "faked" into a dns_A_reply event.

- removed addr_to_count BIF.  It used to return the host-order
  count representation of IPv4 addresses only.  To make it more
  generic, we might later add a BIF to return a vector of counts
  in order to support IPv6.

- changed the result of enclosing addr variables in vertical pipes
  (e.g. |my_addr|) to return the bit-width of the address type which
  is 128 for IPv6 and 32 for IPv4.  It used to function the same
  way as addr_to_count mentioned above.

- remove bro_has_ipv6 BIF
This commit is contained in:
Jon Siwek 2012-02-03 16:20:15 -06:00
parent 2c439fd0a2
commit b3f1f45082
85 changed files with 1428 additions and 1684 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/TCP.cc
View file

@ -276,7 +276,7 @@ void TCP_Analyzer::ProcessSYN(const IP_Hdr* ip, const struct tcphdr* tp,
uint32 tcp_hdr_len, int& seq_len,
TCP_Endpoint* endpoint, TCP_Endpoint* peer,
uint32 base_seq, uint32 ack_seq,
const uint32* orig_addr,
const IPAddr& orig_addr,
int is_orig, TCP_Flags flags)
{
int len = seq_len;
@ -346,7 +346,7 @@ void TCP_Analyzer::ProcessSYN(const IP_Hdr* ip, const struct tcphdr* tp,
// is_orig will be removed once we can do SYN-ACK fingerprinting.
if ( OS_version_found && is_orig )
{
Val src_addr_val(orig_addr, TYPE_ADDR);
AddrVal src_addr_val(orig_addr);
if ( generate_OS_version_event->Size() == 0 ||
generate_OS_version_event->Lookup(&src_addr_val) )
{
@ -414,7 +414,7 @@ int TCP_Analyzer::ProcessFlags(double t,
uint32 tcp_hdr_len, int len, int& seq_len,
TCP_Endpoint* endpoint, TCP_Endpoint* peer,
uint32 base_seq, uint32 ack_seq,
const uint32* orig_addr,
const IPAddr& orig_addr,
int is_orig, TCP_Flags flags)
{
if ( flags.SYN() )
@ -989,8 +989,8 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
if ( ! orig->did_close || ! resp->did_close )
Conn()->SetLastTime(t);
const uint32* orig_addr = Conn()->OrigAddr();
const uint32* resp_addr = Conn()->RespAddr();
const IPAddr orig_addr = Conn()->OrigAddr();
const IPAddr resp_addr = Conn()->RespAddr();
uint32 tcp_hdr_len = data - (const u_char*) tp;
@ -1331,7 +1331,7 @@ RecordVal* TCP_Analyzer::BuildOSVal(int is_orig, const IP_Hdr* ip,
tstamp, quirks,
uint8(tcp->th_flags & (TH_ECE|TH_CWR)));
if ( sessions->CompareWithPreviousOSMatch(ip->SrcAddr4(), id) )
if ( sessions->CompareWithPreviousOSMatch(ip->SrcAddr(), id) )
{
RecordVal* os = new RecordVal(OS_version);