mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 23:28:20 +00:00
Add new UDP packet analyzer, remove old one
This commit is contained in:
Tim Wojtulewicz
parent
d8adfaef65
commit
c21af39a30
22 changed files with 357 additions and 392 deletions
|
|
@ -8,7 +8,7 @@
|
|||
|
||||
namespace zeek::packet_analysis::UDP {
|
||||
|
||||
class UDPAnalyzer : public IP::IPBasedAnalyzer {
|
||||
class UDPAnalyzer final : public IP::IPBasedAnalyzer {
|
||||
public:
|
||||
UDPAnalyzer();
|
||||
~UDPAnalyzer() override;
|
||||
|
|
@ -23,6 +23,13 @@ public:
|
|||
void CreateTransportAnalyzer(Connection* conn, IP::IPBasedTransportAnalyzer*& root,
|
||||
analyzer::pia::PIA*& pia, bool& check_port) override;
|
||||
|
||||
/**
|
||||
* Initialize the analyzer. This method is called after the configuration
|
||||
* was read. Derived classes can override this method to implement custom
|
||||
* initialization.
|
||||
*/
|
||||
void Initialize() override;
|
||||
|
||||
protected:
|
||||
|
||||
/**
|
||||
|
|
@ -39,6 +46,54 @@ protected:
|
|||
*/
|
||||
bool WantConnection(uint16_t src_port, uint16_t dst_port,
|
||||
const u_char* data, bool& flip_roles) const override;
|
||||
|
||||
void ContinueProcessing(Connection* c, double t, bool is_orig, int remaining,
|
||||
Packet* pkt) override;
|
||||
|
||||
private:
|
||||
|
||||
// Returns true if the checksum is valid, false if not
|
||||
static bool ValidateChecksum(const IP_Hdr* ip, const struct udphdr* up,
|
||||
int len);
|
||||
|
||||
void ChecksumEvent(bool is_orig, uint32_t threshold);
|
||||
|
||||
Connection* conn;
|
||||
|
||||
std::vector<uint16_t> vxlan_ports;
|
||||
};
|
||||
|
||||
class UDPTransportAnalyzer final : public IP::IPBasedTransportAnalyzer {
|
||||
|
||||
public:
|
||||
|
||||
UDPTransportAnalyzer(Connection* conn) :
|
||||
IP::IPBasedTransportAnalyzer("UDP", conn) { }
|
||||
|
||||
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
|
||||
{
|
||||
return new UDPTransportAnalyzer(conn);
|
||||
}
|
||||
|
||||
void AddExtraAnalyzers(Connection* conn) override;
|
||||
void UpdateConnVal(RecordVal* conn_val) override;
|
||||
|
||||
void UpdateLength(bool is_orig, int len);
|
||||
|
||||
// For tracking checksum history. These are connection-specific so they
|
||||
// need to be stored in the transport analyzer created for each
|
||||
// connection.
|
||||
uint32_t req_chk_cnt = 0;
|
||||
uint32_t req_chk_thresh = 1;
|
||||
uint32_t rep_chk_cnt = 0;
|
||||
uint32_t rep_chk_thresh = 1;
|
||||
|
||||
private:
|
||||
|
||||
void UpdateEndpointVal(const ValPtr& endp_arg, bool is_orig);
|
||||
|
||||
bro_int_t request_len = -1;
|
||||
bro_int_t reply_len = -1;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue