Merge of Gregor's conn-size branch.

If 'use_conn_size_analyzer' is true, the event engine tracks number of packets and raw IP bytes per connection. If report_conn_size_analyzer is true, these values are included as four new columns into conn.log I changed conn.bro so that the value of report_conn_size_analyzer follows that of use_conn_size_analyzer. For the new conn.log, we probably want to get rid of report_conn_size_analyzer anyway.
2025-10-10 02:28:21 +00:00 · 2011-05-09 16:39:01 -07:00 · 2011-05-09 16:39:01 -07:00 · bd9855a380
commit bd9855a380
parent 7524cce186
26 changed files with 340 additions and 49 deletions
--- a/src/ConnSizeAnalyzer.h
+++ b/src/ConnSizeAnalyzer.h
@ -0,0 +1,41 @@
+// $Id$
+//
+// See the file "COPYING" in the main distribution directory for copyright.
+//
+
+#ifndef CONNSTATS_H
+#define CONNSTATS_H
+
+#include "Analyzer.h"
+#include "NetVar.h"
+
+
+class ConnSize_Analyzer : public Analyzer {
+public:
+	ConnSize_Analyzer(Connection* c);
+	virtual ~ConnSize_Analyzer();
+
+	virtual void Init();
+	virtual void Done();
+
+	// from Analyzer.h
+	virtual void UpdateConnVal(RecordVal *conn_val);
+	virtual void FlipRoles();
+
+	static Analyzer* InstantiateAnalyzer(Connection* conn)
+		{ return new ConnSize_Analyzer(conn); }
+
+	static bool Available()	{ return BifConst::use_conn_size_analyzer ; }
+
+protected:
+	virtual void DeliverPacket(int len, const u_char* data, bool is_orig,
+					int seq, const IP_Hdr* ip, int caplen);
+
+
+	uint64_t orig_bytes;
+	uint64_t resp_bytes;
+	uint64_t orig_pkts;
+	uint64_t resp_pkts;
+};
+
+#endif