Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 03:28:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge of Gregor's conn-size branch.

Browse source 
If 'use_conn_size_analyzer' is true, the event engine tracks number of
packets and raw IP bytes per connection. If report_conn_size_analyzer
is true, these values are included as four new columns into conn.log

I changed conn.bro so that the value of report_conn_size_analyzer
follows that of use_conn_size_analyzer. For the new conn.log, we
probably want to get rid of report_conn_size_analyzer anyway.
This commit is contained in:
Robin Sommer 2011-05-09 16:39:01 -07:00
parent 7524cce186
commit bd9855a380
26 changed files with 340 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/ICMP.h
View file

@ -18,6 +18,8 @@ class ICMP_Analyzer : public TransportLayerAnalyzer {
public:
ICMP_Analyzer(Connection* conn);
virtual void UpdateConnVal(RecordVal *conn_val);
static Analyzer* InstantiateAnalyzer(Connection* conn)
{ return new ICMP_Analyzer(conn); }
@ -30,7 +32,6 @@ protected:
virtual void Done();
virtual void DeliverPacket(int len, const u_char* data, bool orig,
int seq, const IP_Hdr* ip, int caplen);
virtual void UpdateEndpointVal(RecordVal* endp, int is_orig);
virtual bool IsReuse(double t, const u_char* pkt);
virtual unsigned int MemoryAllocation() const;
@ -52,6 +53,9 @@ protected:
int request_len, reply_len;
RuleMatcherState matcher_state;
private:
void UpdateEndpointVal(RecordVal* endp, int is_orig);
};
class ICMP_Echo_Analyzer : public ICMP_Analyzer {