mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 09:08:20 +00:00
Merge of Gregor's conn-size branch.
If 'use_conn_size_analyzer' is true, the event engine tracks number of packets and raw IP bytes per connection. If report_conn_size_analyzer is true, these values are included as four new columns into conn.log I changed conn.bro so that the value of report_conn_size_analyzer follows that of use_conn_size_analyzer. For the new conn.log, we probably want to get rid of report_conn_size_analyzer anyway.
This commit is contained in:
Robin Sommer
parent
7524cce186
commit
bd9855a380
26 changed files with 340 additions and 49 deletions
33
src/TCP.cc
33
src/TCP.cc
|
|
@ -2,7 +2,7 @@
|
|||
//
|
||||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
|
||||
|
||||
#include "NetVar.h"
|
||||
#include "PIA.h"
|
||||
#include "File.h"
|
||||
#include "TCP.h"
|
||||
|
|
@ -922,9 +922,6 @@ int TCP_Analyzer::DeliverData(double t, const u_char* data, int len, int caplen,
|
|||
int need_contents = endpoint->DataSent(t, data_seq,
|
||||
len, caplen, data, ip, tp);
|
||||
|
||||
LOOP_OVER_GIVEN_CHILDREN(i, packet_children)
|
||||
(*i)->NextPacket(len, data, is_orig, data_seq, ip, caplen);
|
||||
|
||||
return need_contents;
|
||||
}
|
||||
|
||||
|
|
@ -1053,6 +1050,12 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
|
|||
|
||||
CheckRecording(need_contents, flags);
|
||||
|
||||
// Handle child_packet analyzers. Note: This happens *after* the
|
||||
// packet has been processed and the TCP state updated.
|
||||
LOOP_OVER_GIVEN_CHILDREN(i, packet_children)
|
||||
(*i)->NextPacket(len, data, is_orig,
|
||||
base_seq - endpoint->StartSeq(), ip, caplen);
|
||||
|
||||
if ( ! reassembling )
|
||||
ForwardPacket(len, data, is_orig,
|
||||
base_seq - endpoint->StartSeq(), ip, caplen);
|
||||
|
|
@ -1082,11 +1085,25 @@ void TCP_Analyzer::FlipRoles()
|
|||
resp->is_orig = !resp->is_orig;
|
||||
}
|
||||
|
||||
void TCP_Analyzer::UpdateEndpointVal(RecordVal* endp, int is_orig)
|
||||
void TCP_Analyzer::UpdateConnVal(RecordVal *conn_val)
|
||||
{
|
||||
TCP_Endpoint* s = is_orig ? orig : resp;
|
||||
endp->Assign(0, new Val(s->Size(), TYPE_COUNT));
|
||||
endp->Assign(1, new Val(int(s->state), TYPE_COUNT));
|
||||
int orig_endp_idx = connection_type->FieldOffset("orig");
|
||||
int resp_endp_idx = connection_type->FieldOffset("resp");
|
||||
|
||||
RecordVal *orig_endp_val = conn_val->Lookup(orig_endp_idx)->AsRecordVal();
|
||||
RecordVal *resp_endp_val = conn_val->Lookup(resp_endp_idx)->AsRecordVal();
|
||||
|
||||
orig_endp_val->Assign(0, new Val(orig->Size(), TYPE_COUNT));
|
||||
orig_endp_val->Assign(1, new Val(int(orig->state), TYPE_COUNT));
|
||||
resp_endp_val->Assign(0, new Val(resp->Size(), TYPE_COUNT));
|
||||
resp_endp_val->Assign(1, new Val(int(resp->state), TYPE_COUNT));
|
||||
|
||||
// Call children's UpdateConnVal
|
||||
Analyzer::UpdateConnVal(conn_val);
|
||||
|
||||
// Have to do packet_children ourselves.
|
||||
LOOP_OVER_GIVEN_CHILDREN(i, packet_children)
|
||||
(*i)->UpdateConnVal(conn_val);
|
||||
}
|
||||
|
||||
Val* TCP_Analyzer::BuildSYNPacketVal(int is_orig, const IP_Hdr* ip,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue