mirror of
https://github.com/zeek/zeek.git
synced 2025-10-16 05:28:20 +00:00
First commit of binpac based AYIYA analyzer.
- ayiya-analyzer.pac needs work to do something with the actual packet. - Lots more cleanup to do, but it parses the protocol at least.
This commit is contained in:
Seth Hall
parent
4062fc1776
commit
bcadb67731
8 changed files with 215 additions and 2 deletions
90
src/AYIYA.cc
Normal file
90
src/AYIYA.cc
Normal file
|
|
@ -0,0 +1,90 @@
|
|||
#include "AYIYA.h"
|
||||
#include "TCP_Reassembler.h"
|
||||
|
||||
AYIYA_Analyzer::AYIYA_Analyzer(Connection* conn)
|
||||
: Analyzer(AnalyzerTag::SYSLOG_BINPAC, conn)
|
||||
{
|
||||
interp = new binpac::AYIYA::AYIYA_Conn(this);
|
||||
did_session_done = 0;
|
||||
//ADD_ANALYZER_TIMER(&AYIYA_Analyzer::ExpireTimer,
|
||||
// network_time + Syslog_session_timeout, 1, TIMER_Syslog_EXPIRE);
|
||||
}
|
||||
|
||||
AYIYA_Analyzer::~AYIYA_Analyzer()
|
||||
{
|
||||
delete interp;
|
||||
}
|
||||
|
||||
void AYIYA_Analyzer::Done()
|
||||
{
|
||||
Analyzer::Done();
|
||||
|
||||
if ( ! did_session_done )
|
||||
Event(udp_session_done);
|
||||
}
|
||||
|
||||
void AYIYA_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, int seq, const IP_Hdr* ip, int caplen)
|
||||
{
|
||||
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);
|
||||
interp->NewData(orig, data, data + len);
|
||||
}
|
||||
|
||||
//void AYIYA_Analyzer::ExpireTimer(double t)
|
||||
// {
|
||||
// // The - 1.0 in the following is to allow 1 second for the
|
||||
// // common case of a single request followed by a single reply,
|
||||
// // so we don't needlessly set the timer twice in that case.
|
||||
// if ( t - Conn()->LastTime() >= Syslog_session_timeout - 1.0 || terminating )
|
||||
// {
|
||||
// Event(connection_timeout);
|
||||
// sessions->Remove(Conn());
|
||||
// }
|
||||
// else
|
||||
// ADD_ANALYZER_TIMER(&AYIYA_Analyzer::ExpireTimer,
|
||||
// t + Syslog_session_timeout, 1, TIMER_Syslog_EXPIRE);
|
||||
// }
|
||||
|
||||
//Syslog_TCP_Analyzer_binpac::Syslog_TCP_Analyzer_binpac(Connection* conn)
|
||||
//: TCP_ApplicationAnalyzer(AnalyzerTag::Syslog_TCP_BINPAC, conn)
|
||||
// {
|
||||
// interp = new binpac::Syslog_on_TCP::Syslog_TCP_Conn(this);
|
||||
// }
|
||||
|
||||
//Syslog_TCP_Analyzer_binpac::~Syslog_TCP_Analyzer_binpac()
|
||||
// {
|
||||
// delete interp;
|
||||
// }
|
||||
|
||||
//void Syslog_TCP_Analyzer_binpac::Done()
|
||||
// {
|
||||
// TCP_ApplicationAnalyzer::Done();
|
||||
//
|
||||
// interp->FlowEOF(true);
|
||||
// interp->FlowEOF(false);
|
||||
// }
|
||||
|
||||
//void Syslog_TCP_Analyzer_binpac::EndpointEOF(TCP_Reassembler* endp)
|
||||
// {
|
||||
// TCP_ApplicationAnalyzer::EndpointEOF(endp);
|
||||
// interp->FlowEOF(endp->IsOrig());
|
||||
// }
|
||||
|
||||
//void Syslog_TCP_Analyzer_binpac::DeliverStream(int len, const u_char* data,
|
||||
// bool orig)
|
||||
// {
|
||||
// TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
|
||||
//
|
||||
// assert(TCP());
|
||||
//
|
||||
// if ( TCP()->IsPartial() || TCP()->HadGap(orig) )
|
||||
// // punt-on-partial or stop-on-gap.
|
||||
// return;
|
||||
//
|
||||
// interp->NewData(orig, data, data + len);
|
||||
// }
|
||||
|
||||
//void Syslog_TCP_Analyzer_binpac::Undelivered(int seq, int len, bool orig)
|
||||
// {
|
||||
// TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
|
||||
// interp->NewGap(orig, len);
|
||||
// }
|
||||
Loading…
Add table
Add a link
Reference in a new issue