Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Statically lookup field offsets for connection values in UDP and ICMP analyzers

Browse source
This commit is contained in:
Tim Wojtulewicz 2025-04-14 20:32:42 -07:00
parent 928b648f93
commit c2d8bc0620
4 changed files with 19 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc
View file

@ -22,20 +22,22 @@ void ICMPSessionAdapter::AddExtraAnalyzers(Connection* conn) {
}
void ICMPSessionAdapter::UpdateConnVal(zeek::RecordVal* conn_val) {
const auto& orig_endp = conn_val->GetField("orig");
const auto& resp_endp = conn_val->GetField("resp");
static const auto& conn_type = zeek::id::find_type<zeek::RecordType>("connection");
static const int origidx = conn_type->FieldOffset("orig");
static const int respidx = conn_type->FieldOffset("resp");
auto* orig_endp_val = conn_val->GetFieldAs<RecordVal>(origidx);
auto* resp_endp_val = conn_val->GetFieldAs<RecordVal>(respidx);
UpdateEndpointVal(orig_endp, true);
UpdateEndpointVal(resp_endp, false);
UpdateEndpointVal(orig_endp_val, true);
UpdateEndpointVal(resp_endp_val, false);
analyzer::Analyzer::UpdateConnVal(conn_val);
}
void ICMPSessionAdapter::UpdateEndpointVal(const ValPtr& endp_arg, bool is_orig) {
void ICMPSessionAdapter::UpdateEndpointVal(RecordVal* endp, bool is_orig) {
Conn()->EnableStatusUpdateTimer();
int size = is_orig ? request_len : reply_len;
auto endp = endp_arg->AsRecordVal();
if ( size < 0 ) {
endp->Assign(0, val_mgr->Count(0));