Added get_current_packet_header bif.

2025-10-06 08:38:20 +00:00 · 2016-04-20 00:00:47 +02:00 · 2016-04-20 00:00:47 +02:00 · c0bf1b3c67
commit c0bf1b3c67
parent 2fc8ef232a
6 changed files with 92 additions and 74 deletions
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@ -793,71 +793,6 @@ type entropy_test_result: record {
 	serial_correlation: double;	##< Serial correlation coefficient.
 };
 # Prototypes of Bro built-in functions.
@load base/bif/strings.bif
@load base/bif/bro.bif
@load base/bif/reporter.bif
 ## Deprecated. This is superseded by the new logging framework.
 global log_file_name: function(tag: string): string &redef;
 ## Deprecated. This is superseded by the new logging framework.
 global open_log_file: function(tag: string): file &redef;
 ## Specifies a directory for Bro to store its persistent state. All globals can
 ## be declared persistent via the :bro:attr:`&persistent` attribute.
 const state_dir = ".state" &redef;
 ## Length of the delays inserted when storing state incrementally. To avoid
 ## dropping packets when serializing larger volumes of persistent state to
 ## disk, Bro interleaves the operation with continued packet processing.
 const state_write_delay = 0.01 secs &redef;
 global done_with_network = F;
 event net_done(t: time) { done_with_network = T; }
 function log_file_name(tag: string): string
 	{
 	local suffix = getenv("BRO_LOG_SUFFIX") == "" ? "log" : getenv("BRO_LOG_SUFFIX");
 	return fmt("%s.%s", tag, suffix);
 	}
 function open_log_file(tag: string): file
 	{
 	return open(log_file_name(tag));
 	}
 ## Internal function.
 function add_interface(iold: string, inew: string): string
 	{
 	if ( iold == "" )
 		return inew;
 	else
 		return fmt("%s %s", iold, inew);
 	}
 ## Network interfaces to listen on. Use ``redef interfaces += "eth0"`` to
 ## extend.
 global interfaces = "" &add_func = add_interface;
 ## Internal function.
 function add_signature_file(sold: string, snew: string): string
 	{
 	if ( sold == "" )
 		return snew;
 	else
 		return cat(sold, " ", snew);
 	}
 ## Signature files to read. Use ``redef signature_files  += "foo.sig"`` to
 ## extend. Signature files added this way will be searched relative to
 ## ``BROPATH``.  Using the ``@load-sigs`` directive instead is preferred
 ## since that can search paths relative to the current script.
 global signature_files = "" &add_func = add_signature_file;
 ## ``p0f`` fingerprint file to use. Will be searched relative to ``BROPATH``.
 const passive_fingerprint_file = "base/misc/p0f.fp" &redef;
 # TCP values for :bro:see:`endpoint` *state* field.
 # todo:: these should go into an enum to make them autodoc'able.
 const TCP_INACTIVE = 0;	##< Endpoint is still inactive.
@ -1768,6 +1703,71 @@ type gtp_delete_pdp_ctx_response_elements: record {
 	ext:   gtp_private_extension &optional;
 };
 # Prototypes of Bro built-in functions.
@load base/bif/strings.bif
@load base/bif/bro.bif
@load base/bif/reporter.bif
 ## Deprecated. This is superseded by the new logging framework.
 global log_file_name: function(tag: string): string &redef;
 ## Deprecated. This is superseded by the new logging framework.
 global open_log_file: function(tag: string): file &redef;
 ## Specifies a directory for Bro to store its persistent state. All globals can
 ## be declared persistent via the :bro:attr:`&persistent` attribute.
 const state_dir = ".state" &redef;
 ## Length of the delays inserted when storing state incrementally. To avoid
 ## dropping packets when serializing larger volumes of persistent state to
 ## disk, Bro interleaves the operation with continued packet processing.
 const state_write_delay = 0.01 secs &redef;
 global done_with_network = F;
 event net_done(t: time) { done_with_network = T; }
 function log_file_name(tag: string): string
 	{
 	local suffix = getenv("BRO_LOG_SUFFIX") == "" ? "log" : getenv("BRO_LOG_SUFFIX");
 	return fmt("%s.%s", tag, suffix);
 	}
 function open_log_file(tag: string): file
 	{
 	return open(log_file_name(tag));
 	}
 ## Internal function.
 function add_interface(iold: string, inew: string): string
 	{
 	if ( iold == "" )
 		return inew;
 	else
 		return fmt("%s %s", iold, inew);
 	}
 ## Network interfaces to listen on. Use ``redef interfaces += "eth0"`` to
 ## extend.
 global interfaces = "" &add_func = add_interface;
 ## Internal function.
 function add_signature_file(sold: string, snew: string): string
 	{
 	if ( sold == "" )
 		return snew;
 	else
 		return cat(sold, " ", snew);
 	}
 ## Signature files to read. Use ``redef signature_files  += "foo.sig"`` to
 ## extend. Signature files added this way will be searched relative to
 ## ``BROPATH``.  Using the ``@load-sigs`` directive instead is preferred
 ## since that can search paths relative to the current script.
 global signature_files = "" &add_func = add_signature_file;
 ## ``p0f`` fingerprint file to use. Will be searched relative to ``BROPATH``.
 const passive_fingerprint_file = "base/misc/p0f.fp" &redef;
 ## Definition of "secondary filters". A secondary filter is a BPF filter given
 ## as index in this table. For each such filter, the corresponding event is
 ## raised for all matching packets.
--- a/src/IP.cc
+++ b/src/IP.cc
@ -393,6 +393,7 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
 		}
 	case IPPROTO_ICMP:
 	case IPPROTO_ICMPV6:
 		{
 		const struct icmp* icmpp = (const struct icmp *) data;
 		RecordVal* icmp_hdr = new RecordVal(icmp_hdr_type);
--- a/src/NetVar.cc
+++ b/src/NetVar.cc
@ -15,6 +15,8 @@ RecordType* icmp_conn;
 RecordType* icmp_context;
 RecordType* SYN_packet;
 RecordType* pcap_packet;
 RecordType* raw_pkt_hdr_type;
 RecordType* l2_hdr_type;
 RecordType* signature_state;
 EnumType* transport_proto;
 TableType* string_set;
@ -324,6 +326,8 @@ void init_net_var()
 	signature_state = internal_type("signature_state")->AsRecordType();
 	SYN_packet = internal_type("SYN_packet")->AsRecordType();
 	pcap_packet = internal_type("pcap_packet")->AsRecordType();
 	raw_pkt_hdr_type = internal_type("raw_pkt_hdr")->AsRecordType();
 	l2_hdr_type = internal_type("l2_hdr")->AsRecordType();
 	transport_proto = internal_type("transport_proto")->AsEnumType();
 	string_set = internal_type("string_set")->AsTableType();
 	string_array = internal_type("string_array")->AsTableType();
--- a/src/NetVar.h
+++ b/src/NetVar.h
@ -19,6 +19,8 @@ extern RecordType* icmp_context;
 extern RecordType* signature_state;
 extern RecordType* SYN_packet;
 extern RecordType* pcap_packet;
 extern RecordType* raw_pkt_hdr_type;
 extern RecordType* l2_hdr_type;
 extern EnumType* transport_proto;
 extern TableType* string_set;
 extern TableType* string_array;
--- a/src/bro.bif
+++ b/src/bro.bif
@ -3458,6 +3458,26 @@ function get_current_packet%(%) : pcap_packet
 	return pkt;
 	%}
 ## Function to get the raw headers of the currently processed packet.
 ##
 ## Returns: A record containing the Layer 2, 3 and 4 headers of the
 ##          currently processed packet.
 ##
 ## .. bro:see:: raw_pkt_hdr get_current_packet
 function get_current_packet_header%(%) : raw_pkt_hdr
 	%{
 	const Packet* p;
 	if ( current_pktsrc &&
 	     current_pktsrc->GetCurrentPacket(&p) )
 		{
 		return p->BuildPktHdrVal();
 		}
 	RecordVal* hdr = new RecordVal(raw_pkt_hdr_type);
 	return hdr;
 	%}
 ## Writes a given packet to a file.
 ##
 ## pkt: The PCAP packet.
--- a/src/iosource/Packet.cc
+++ b/src/iosource/Packet.cc
@ -428,15 +428,6 @@ void Packet::ProcessLayer2()
 RecordVal* Packet::BuildPktHdrVal() const
 	{
 	static RecordType* l2_hdr_type = 0;
 	static RecordType* raw_pkt_hdr_type = 0;
 	if ( ! raw_pkt_hdr_type )
 		{
 		raw_pkt_hdr_type = internal_type("raw_pkt_hdr")->AsRecordType();
 		l2_hdr_type = internal_type("l2_hdr")->AsRecordType();
 		}
 	RecordVal* pkt_hdr = new RecordVal(raw_pkt_hdr_type);
 	RecordVal* l2_hdr = new RecordVal(l2_hdr_type);