Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add base class for IP-based packet analyzers

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-04-13 15:36:31 -07:00
parent 3e1692676d
commit c1f0d312b5
23 changed files with 781 additions and 421 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/packet_analysis/protocol/icmp/ICMP.h
View file

@ -4,10 +4,11 @@
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
#include "zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h"
namespace zeek::packet_analysis::ICMP {
class ICMPAnalyzer : public Analyzer {
class ICMPAnalyzer final : public IP::IPBasedAnalyzer {
public:
ICMPAnalyzer();
~ICMPAnalyzer() override;
@ -19,8 +20,21 @@ public:
return std::make_shared<ICMPAnalyzer>();
}
void CreateTransportAnalyzer(Connection* conn, IP::IPBasedTransportAnalyzer*& root,
analyzer::pia::PIA*& pia, bool& check_port) override;
protected:
void ContinueProcessing(Connection* c, double t, bool is_orig, int remaining,
Packet* pkt) override;
private:
// Returns the counterpart type to the given type (e.g., the counterpart
// to ICMP_ECHOREPLY is ICMP_ECHO).
int ICMP4_counterpart(int icmp_type, int icmp_code, bool& is_one_way);
int ICMP6_counterpart(int icmp_type, int icmp_code, bool& is_one_way);
};
}