diff --git a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc index 045c2b6c3d..6ec50f70fc 100644 --- a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc +++ b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc @@ -22,20 +22,22 @@ void ICMPSessionAdapter::AddExtraAnalyzers(Connection* conn) { } void ICMPSessionAdapter::UpdateConnVal(zeek::RecordVal* conn_val) { - const auto& orig_endp = conn_val->GetField("orig"); - const auto& resp_endp = conn_val->GetField("resp"); + static const auto& conn_type = zeek::id::find_type("connection"); + static const int origidx = conn_type->FieldOffset("orig"); + static const int respidx = conn_type->FieldOffset("resp"); + auto* orig_endp_val = conn_val->GetFieldAs(origidx); + auto* resp_endp_val = conn_val->GetFieldAs(respidx); - UpdateEndpointVal(orig_endp, true); - UpdateEndpointVal(resp_endp, false); + UpdateEndpointVal(orig_endp_val, true); + UpdateEndpointVal(resp_endp_val, false); analyzer::Analyzer::UpdateConnVal(conn_val); } -void ICMPSessionAdapter::UpdateEndpointVal(const ValPtr& endp_arg, bool is_orig) { +void ICMPSessionAdapter::UpdateEndpointVal(RecordVal* endp, bool is_orig) { Conn()->EnableStatusUpdateTimer(); int size = is_orig ? request_len : reply_len; - auto endp = endp_arg->AsRecordVal(); if ( size < 0 ) { endp->Assign(0, val_mgr->Count(0)); diff --git a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.h b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.h index f0b3cd6c9c..2bfe2e0055 100644 --- a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.h +++ b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.h @@ -13,7 +13,6 @@ public: void AddExtraAnalyzers(Connection* conn) override; void UpdateConnVal(RecordVal* conn_val) override; - void UpdateEndpointVal(const ValPtr& endp, bool is_orig); void UpdateLength(bool is_orig, int len); void Done() override; @@ -22,6 +21,8 @@ public: void MatchEndpoint(const u_char* data, int len, bool is_orig); private: + void UpdateEndpointVal(RecordVal* endp, bool is_orig); + zeek::detail::RuleMatcherState matcher_state; int request_len = -1; int reply_len = -1; diff --git a/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc b/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc index 6029343424..932a06f2dc 100644 --- a/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc +++ b/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc @@ -23,19 +23,21 @@ void UDPSessionAdapter::AddExtraAnalyzers(Connection* conn) { } void UDPSessionAdapter::UpdateConnVal(RecordVal* conn_val) { - auto orig_endp = conn_val->GetField("orig"); - auto resp_endp = conn_val->GetField("resp"); + static const auto& conn_type = zeek::id::find_type("connection"); + static const int origidx = conn_type->FieldOffset("orig"); + static const int respidx = conn_type->FieldOffset("resp"); + auto* orig_endp_val = conn_val->GetFieldAs(origidx); + auto* resp_endp_val = conn_val->GetFieldAs(respidx); - UpdateEndpointVal(orig_endp, true); - UpdateEndpointVal(resp_endp, false); + UpdateEndpointVal(orig_endp_val, true); + UpdateEndpointVal(resp_endp_val, false); // Call children's UpdateConnVal Analyzer::UpdateConnVal(conn_val); } -void UDPSessionAdapter::UpdateEndpointVal(const ValPtr& endp_arg, bool is_orig) { +void UDPSessionAdapter::UpdateEndpointVal(RecordVal* endp, bool is_orig) { zeek_int_t size = is_orig ? request_len : reply_len; - auto endp = endp_arg->AsRecordVal(); if ( size < 0 ) { endp->Assign(0, val_mgr->Count(0)); diff --git a/src/packet_analysis/protocol/udp/UDPSessionAdapter.h b/src/packet_analysis/protocol/udp/UDPSessionAdapter.h index 8e533efc45..6c1d48d4bb 100644 --- a/src/packet_analysis/protocol/udp/UDPSessionAdapter.h +++ b/src/packet_analysis/protocol/udp/UDPSessionAdapter.h @@ -24,7 +24,7 @@ public: uint32_t rep_chk_thresh = 1; private: - void UpdateEndpointVal(const ValPtr& endp_arg, bool is_orig); + void UpdateEndpointVal(RecordVal* endp_arg, bool is_orig); void ChecksumEvent(bool is_orig, uint32_t threshold); zeek_int_t request_len = -1;