mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 17:18:20 +00:00
Remove packet_analysis/Defines.h
- Replace uses of identifier_t with uint32_t - Replace repeated usage of tuple type for Analysis results with type alias
This commit is contained in:
Tim Wojtulewicz
parent
b46e600775
commit
c2500d03d6
42 changed files with 66 additions and 80 deletions
|
|
@ -1,7 +1,6 @@
|
|||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
#pragma once
|
||||
|
||||
#include "Defines.h"
|
||||
#include "Manager.h"
|
||||
#include "Tag.h"
|
||||
#include <iosource/Packet.h>
|
||||
|
|
@ -17,7 +16,7 @@ enum class AnalyzerResult {
|
|||
Terminate // Analysis succeeded and there is no further analysis to do
|
||||
};
|
||||
|
||||
using AnalysisResultTuple = std::tuple<AnalyzerResult, identifier_t>;
|
||||
using AnalysisResultTuple = std::tuple<AnalyzerResult, uint32_t>;
|
||||
|
||||
class Analyzer {
|
||||
public:
|
||||
|
|
@ -75,7 +74,7 @@ public:
|
|||
* how to proceed. If analysis can continue, the identifier determines the
|
||||
* encapsulated protocol.
|
||||
*/
|
||||
virtual std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) = 0;
|
||||
virtual AnalysisResultTuple Analyze(Packet* packet) = 0;
|
||||
|
||||
protected:
|
||||
friend class Manager;
|
||||
|
|
|
|||
|
|
@ -14,12 +14,12 @@ const std::string& DispatcherConfig::GetName() const
|
|||
return name;
|
||||
}
|
||||
|
||||
const std::map<identifier_t, std::string>& DispatcherConfig::GetMappings() const
|
||||
const std::map<uint32_t, std::string>& DispatcherConfig::GetMappings() const
|
||||
{
|
||||
return mappings;
|
||||
}
|
||||
|
||||
void DispatcherConfig::AddMapping(identifier_t identifier,
|
||||
void DispatcherConfig::AddMapping(uint32_t identifier,
|
||||
const std::string& analyzer_name)
|
||||
{
|
||||
DBG_LOG(DBG_PACKET_ANALYSIS, "Adding configuration mapping: %s -> %#x -> %s",
|
||||
|
|
@ -71,7 +71,7 @@ DispatcherConfig& Config::AddDispatcherConfig(const std::string& name)
|
|||
return dispatchers.emplace_back(name);
|
||||
}
|
||||
|
||||
void Config::AddMapping(const std::string& name, identifier_t identifier,
|
||||
void Config::AddMapping(const std::string& name, uint32_t identifier,
|
||||
const std::string& analyzer_name)
|
||||
{
|
||||
// Create dispatcher config if it does not exist yet
|
||||
|
|
|
|||
|
|
@ -8,8 +8,6 @@
|
|||
#include <utility>
|
||||
#include <vector>
|
||||
|
||||
#include "Defines.h"
|
||||
|
||||
namespace zeek::packet_analysis {
|
||||
|
||||
class DispatcherConfig {
|
||||
|
|
@ -17,16 +15,16 @@ public:
|
|||
explicit DispatcherConfig(const std::string name) : name(std::move(name)) { }
|
||||
|
||||
const std::string& GetName() const;
|
||||
const std::map<identifier_t, std::string>& GetMappings() const;
|
||||
const std::map<uint32_t, std::string>& GetMappings() const;
|
||||
|
||||
void AddMapping(identifier_t identifier, const std::string& analyzer_name);
|
||||
void AddMapping(uint32_t identifier, const std::string& analyzer_name);
|
||||
|
||||
bool operator==(const DispatcherConfig& rhs) const;
|
||||
bool operator!=(const DispatcherConfig& rhs) const;
|
||||
|
||||
private:
|
||||
const std::string name;
|
||||
std::map<identifier_t, std::string> mappings;
|
||||
std::map<uint32_t, std::string> mappings;
|
||||
};
|
||||
|
||||
class Config {
|
||||
|
|
@ -35,7 +33,7 @@ public:
|
|||
const std::vector<DispatcherConfig>& GetDispatchers() const;
|
||||
std::optional<std::reference_wrapper<DispatcherConfig>> GetDispatcherConfig(const std::string& name);
|
||||
DispatcherConfig& AddDispatcherConfig(const std::string& name);
|
||||
void AddMapping(const std::string& name, identifier_t identifier, const std::string& analyzer_name);
|
||||
void AddMapping(const std::string& name, uint32_t identifier, const std::string& analyzer_name);
|
||||
|
||||
private:
|
||||
std::vector<DispatcherConfig> dispatchers;
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <cstdint>
|
||||
|
||||
namespace zeek::packet_analysis {
|
||||
|
||||
using identifier_t = uint32_t;
|
||||
|
||||
}
|
||||
|
|
@ -11,7 +11,7 @@ Dispatcher::~Dispatcher()
|
|||
FreeValues();
|
||||
}
|
||||
|
||||
bool Dispatcher::Register(identifier_t identifier, AnalyzerPtr analyzer, DispatcherPtr dispatcher)
|
||||
bool Dispatcher::Register(uint32_t identifier, AnalyzerPtr analyzer, DispatcherPtr dispatcher)
|
||||
{
|
||||
// If the table has size 1 and the entry is nullptr, there was nothing added yet. Just add it.
|
||||
if ( table.size() == 1 && table[0] == nullptr )
|
||||
|
|
@ -29,7 +29,7 @@ bool Dispatcher::Register(identifier_t identifier, AnalyzerPtr analyzer, Dispatc
|
|||
else if ( identifier < lowest_identifier )
|
||||
{
|
||||
// Lower than the lowest registered identifier. Shift up by lowerBound - identifier
|
||||
identifier_t distance = lowest_identifier - identifier;
|
||||
uint32_t distance = lowest_identifier - identifier;
|
||||
table.resize(table.size() + distance, nullptr);
|
||||
|
||||
// Shift values
|
||||
|
|
@ -77,7 +77,7 @@ void Dispatcher::Register(const register_map& data)
|
|||
}
|
||||
}
|
||||
|
||||
ValuePtr Dispatcher::Lookup(identifier_t identifier) const
|
||||
ValuePtr Dispatcher::Lookup(uint32_t identifier) const
|
||||
{
|
||||
int64_t index = identifier - lowest_identifier;
|
||||
if ( index >= 0 && index < static_cast<int64_t>(table.size()) && table[index] != nullptr )
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@ namespace zeek::packet_analysis {
|
|||
class Dispatcher; // Forward decl for Value
|
||||
using DispatcherPtr = std::shared_ptr<Dispatcher>;
|
||||
|
||||
using register_pair = std::pair<identifier_t, std::pair<AnalyzerPtr, DispatcherPtr>>;
|
||||
using register_map = std::map<identifier_t, std::pair<AnalyzerPtr, DispatcherPtr>>;
|
||||
using register_pair = std::pair<uint32_t, std::pair<AnalyzerPtr, DispatcherPtr>>;
|
||||
using register_map = std::map<uint32_t, std::pair<AnalyzerPtr, DispatcherPtr>>;
|
||||
|
||||
class Value {
|
||||
public:
|
||||
|
|
@ -35,22 +35,22 @@ public:
|
|||
|
||||
~Dispatcher();
|
||||
|
||||
bool Register(identifier_t identifier, AnalyzerPtr analyzer, DispatcherPtr dispatcher);
|
||||
bool Register(uint32_t identifier, AnalyzerPtr analyzer, DispatcherPtr dispatcher);
|
||||
void Register(const register_map& data);
|
||||
|
||||
ValuePtr Lookup(identifier_t identifier) const;
|
||||
ValuePtr Lookup(uint32_t identifier) const;
|
||||
|
||||
size_t Size() const;
|
||||
void Clear();
|
||||
void DumpDebug() const;
|
||||
|
||||
private:
|
||||
identifier_t lowest_identifier = 0;
|
||||
uint32_t lowest_identifier = 0;
|
||||
std::vector<ValuePtr> table;
|
||||
|
||||
void FreeValues();
|
||||
|
||||
inline identifier_t GetHighestIdentifier() const
|
||||
inline uint32_t GetHighestIdentifier() const
|
||||
{
|
||||
return lowest_identifier + table.size() - 1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -149,7 +149,7 @@ void Manager::ProcessPacket(Packet* packet)
|
|||
|
||||
// Dispatch and analyze layers
|
||||
AnalyzerResult result = AnalyzerResult::Continue;
|
||||
identifier_t next_layer_id = packet->link_type;
|
||||
uint32_t next_layer_id = packet->link_type;
|
||||
do
|
||||
{
|
||||
auto current_analyzer = Dispatch(next_layer_id);
|
||||
|
|
@ -224,7 +224,7 @@ void Manager::CustomEncapsulationSkip(Packet* packet)
|
|||
}
|
||||
}
|
||||
|
||||
AnalyzerPtr Manager::Dispatch(identifier_t identifier)
|
||||
AnalyzerPtr Manager::Dispatch(uint32_t identifier)
|
||||
{
|
||||
// Because leaf nodes (aka no more dispatching) can still have an existing analyzer that returns more identifiers,
|
||||
// current_state needs to be checked to be not null. In this case there would have been an analyzer dispatched
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ private:
|
|||
*/
|
||||
void CustomEncapsulationSkip(Packet* packet);
|
||||
|
||||
AnalyzerPtr Dispatch(identifier_t identifier);
|
||||
AnalyzerPtr Dispatch(uint32_t identifier);
|
||||
|
||||
DispatcherPtr GetDispatcher(Config& configuration, const std::string& dispatcher_name);
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ ARPAnalyzer::ARPAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> ARPAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple ARPAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
// TODO: Make ARP analyzer a native packet analyzer
|
||||
packet->l3_proto = L3_ARP;
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
ARPAnalyzer();
|
||||
~ARPAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ DefaultAnalyzer::DefaultAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> DefaultAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple DefaultAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
auto& pdata = packet->cur_pos;
|
||||
|
||||
|
|
@ -22,7 +22,7 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
|
|||
}
|
||||
|
||||
auto ip = (const struct ip *)pdata;
|
||||
identifier_t protocol = ip->ip_v;
|
||||
uint32_t protocol = ip->ip_v;
|
||||
|
||||
return { AnalyzerResult::Continue, protocol };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
DefaultAnalyzer();
|
||||
~DefaultAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ EthernetAnalyzer::EthernetAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> EthernetAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple EthernetAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
auto& pdata = packet->cur_pos;
|
||||
auto end_of_data = packet->GetEndOfData();
|
||||
|
|
@ -38,7 +38,7 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
|
|||
}
|
||||
|
||||
// Get protocol being carried from the ethernet frame.
|
||||
identifier_t protocol = (pdata[12] << 8) + pdata[13];
|
||||
uint32_t protocol = (pdata[12] << 8) + pdata[13];
|
||||
|
||||
packet->eth_type = protocol;
|
||||
packet->l2_dst = pdata;
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
EthernetAnalyzer();
|
||||
~EthernetAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ FDDIAnalyzer::FDDIAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> FDDIAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple FDDIAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
auto& pdata = packet->cur_pos;
|
||||
auto hdr_size = 13 + 8; // FDDI header + LLC
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
FDDIAnalyzer();
|
||||
~FDDIAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ IEEE802_11Analyzer::IEEE802_11Analyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> IEEE802_11Analyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple IEEE802_11Analyzer::Analyze(Packet* packet)
|
||||
{
|
||||
auto& pdata = packet->cur_pos;
|
||||
auto end_of_data = packet->GetEndOfData();
|
||||
|
|
@ -106,7 +106,7 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
|
|||
return { AnalyzerResult::Failed, 0 };
|
||||
}
|
||||
|
||||
identifier_t protocol = (pdata[0] << 8) + pdata[1];
|
||||
uint32_t protocol = (pdata[0] << 8) + pdata[1];
|
||||
pdata += 2;
|
||||
|
||||
return { AnalyzerResult::Continue, protocol };
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
IEEE802_11Analyzer();
|
||||
~IEEE802_11Analyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ IEEE802_11_RadioAnalyzer::IEEE802_11_RadioAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> IEEE802_11_RadioAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple IEEE802_11_RadioAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
auto pdata = packet->cur_pos;
|
||||
auto end_of_data = packet->GetEndOfData();
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
IEEE802_11_RadioAnalyzer();
|
||||
~IEEE802_11_RadioAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ IPv4Analyzer::IPv4Analyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> IPv4Analyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple IPv4Analyzer::Analyze(Packet* packet)
|
||||
{
|
||||
packet->l3_proto = L3_IPV4;
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
IPv4Analyzer();
|
||||
~IPv4Analyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ IPv6Analyzer::IPv6Analyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> IPv6Analyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple IPv6Analyzer::Analyze(Packet* packet)
|
||||
{
|
||||
packet->l3_proto = L3_IPV6;
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
IPv6Analyzer();
|
||||
~IPv6Analyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ LinuxSLLAnalyzer::LinuxSLLAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> LinuxSLLAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple LinuxSLLAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
auto& pdata = packet->cur_pos;
|
||||
|
||||
|
|
@ -22,7 +22,7 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
|
|||
//TODO: Handle different ARPHRD_types
|
||||
auto hdr = (const SLLHeader*)pdata;
|
||||
|
||||
identifier_t protocol = ntohs(hdr->protocol_type);
|
||||
uint32_t protocol = ntohs(hdr->protocol_type);
|
||||
packet->l2_src = (u_char*) &(hdr->addr);
|
||||
|
||||
// SLL doesn't include a destination address in the header, but not setting l2_dst to something
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
LinuxSLLAnalyzer();
|
||||
~LinuxSLLAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ MPLSAnalyzer::MPLSAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> MPLSAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple MPLSAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
auto& pdata = packet->cur_pos;
|
||||
auto end_of_data = packet->GetEndOfData();
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
MPLSAnalyzer();
|
||||
~MPLSAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,12 +10,12 @@ NFLogAnalyzer::NFLogAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> NFLogAnalyzer::Analyze(Packet* packet) {
|
||||
zeek::packet_analysis::AnalysisResultTuple NFLogAnalyzer::Analyze(Packet* packet) {
|
||||
auto& pdata = packet->cur_pos;
|
||||
auto end_of_data = packet->GetEndOfData();
|
||||
|
||||
// See https://www.tcpdump.org/linktypes/LINKTYPE_NFLOG.html
|
||||
identifier_t protocol = pdata[0];
|
||||
uint32_t protocol = pdata[0];
|
||||
uint8_t version = pdata[1];
|
||||
|
||||
if ( version != 0 )
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
NFLogAnalyzer();
|
||||
~NFLogAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ NullAnalyzer::NullAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> NullAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple NullAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
auto& pdata = packet->cur_pos;
|
||||
|
||||
|
|
@ -20,7 +20,7 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
|
|||
return { AnalyzerResult::Failed, 0 };
|
||||
}
|
||||
|
||||
identifier_t protocol = (pdata[3] << 24) + (pdata[2] << 16) + (pdata[1] << 8) + pdata[0];
|
||||
uint32_t protocol = (pdata[3] << 24) + (pdata[2] << 16) + (pdata[1] << 8) + pdata[0];
|
||||
pdata += 4; // skip link header
|
||||
|
||||
return { AnalyzerResult::Continue, protocol };
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
NullAnalyzer();
|
||||
~NullAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,12 +10,12 @@ PPPSerialAnalyzer::PPPSerialAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> PPPSerialAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple PPPSerialAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
auto& pdata = packet->cur_pos;
|
||||
|
||||
// Extract protocol identifier
|
||||
identifier_t protocol = (pdata[2] << 8) + pdata[3];
|
||||
uint32_t protocol = (pdata[2] << 8) + pdata[3];
|
||||
pdata += 4; // skip link header
|
||||
|
||||
return { AnalyzerResult::Continue, protocol };
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
PPPSerialAnalyzer();
|
||||
~PPPSerialAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ PPPoEAnalyzer::PPPoEAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> PPPoEAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple PPPoEAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
auto& pdata = packet->cur_pos;
|
||||
|
||||
|
|
@ -21,7 +21,7 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
|
|||
}
|
||||
|
||||
// Extract protocol identifier
|
||||
identifier_t protocol = (pdata[6] << 8u) + pdata[7];
|
||||
uint32_t protocol = (pdata[6] << 8u) + pdata[7];
|
||||
pdata += 8; // Skip the PPPoE session and PPP header
|
||||
|
||||
return { AnalyzerResult::Continue, protocol };
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
PPPoEAnalyzer();
|
||||
~PPPoEAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ VLANAnalyzer::VLANAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> VLANAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple VLANAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
auto& pdata = packet->cur_pos;
|
||||
|
||||
|
|
@ -23,7 +23,7 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
|
|||
auto& vlan_ref = packet->vlan != 0 ? packet->inner_vlan : packet->vlan;
|
||||
vlan_ref = ((pdata[0] << 8u) + pdata[1]) & 0xfff;
|
||||
|
||||
identifier_t protocol = ((pdata[2] << 8u) + pdata[3]);
|
||||
uint32_t protocol = ((pdata[2] << 8u) + pdata[3]);
|
||||
packet->eth_type = protocol;
|
||||
pdata += 4; // Skip the VLAN header
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
VLANAnalyzer();
|
||||
~VLANAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ WrapperAnalyzer::WrapperAnalyzer()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> WrapperAnalyzer::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple WrapperAnalyzer::Analyze(Packet* packet)
|
||||
{
|
||||
// Unfortunately some packets on the link might have MPLS labels
|
||||
// while others don't. That means we need to ask the link-layer if
|
||||
|
|
@ -35,7 +35,7 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
|
|||
}
|
||||
|
||||
// Extract protocol identifier
|
||||
identifier_t protocol = (pdata[12] << 8u) + pdata[13];
|
||||
uint32_t protocol = (pdata[12] << 8u) + pdata[13];
|
||||
|
||||
packet->eth_type = protocol;
|
||||
packet->l2_dst = pdata;
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public:
|
|||
WrapperAnalyzer();
|
||||
~WrapperAnalyzer() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ Bar::Bar()
|
|||
{
|
||||
}
|
||||
|
||||
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> Bar::Analyze(Packet* packet)
|
||||
zeek::packet_analysis::AnalysisResultTuple Bar::Analyze(Packet* packet)
|
||||
{
|
||||
auto& pdata = packet->cur_pos;
|
||||
auto end_of_data = packet->GetEndOfData();
|
||||
|
|
@ -31,5 +31,5 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
|
|||
val_mgr->Count(ssap),
|
||||
val_mgr->Count(control));
|
||||
|
||||
return std::make_tuple(AnalyzerResult::Terminate, 0);
|
||||
return { AnalyzerResult::Terminate, 0 };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ public:
|
|||
Bar();
|
||||
~Bar() override = default;
|
||||
|
||||
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
|
||||
AnalysisResultTuple Analyze(Packet* packet) override;
|
||||
|
||||
static AnalyzerPtr Instantiate()
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue