mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 10:38:20 +00:00
GH-1215: Remove dispatch_map from packet analysis, replace with BIF methods for registering dispatches
This commit is contained in:
Tim Wojtulewicz
Tim Wojtulewicz
parent
43821a8957
commit
cd06bf34c7
34 changed files with 3770 additions and 3623 deletions
|
|
@ -1,9 +1,10 @@
|
|||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
|
||||
#include "Analyzer.h"
|
||||
#include "zeek/packet_analysis/Analyzer.h"
|
||||
|
||||
#include "Dict.h"
|
||||
#include "DebugLogger.h"
|
||||
#include "zeek/Dict.h"
|
||||
#include "zeek/DebugLogger.h"
|
||||
#include "zeek/RunState.h"
|
||||
|
||||
namespace zeek::packet_analysis {
|
||||
|
||||
|
|
@ -30,31 +31,6 @@ void Analyzer::Init(const Tag& _tag)
|
|||
void Analyzer::Initialize()
|
||||
{
|
||||
default_analyzer = LoadAnalyzer("default_analyzer");
|
||||
|
||||
// Create dispatcher based on configuration
|
||||
auto& mapping_id = zeek::id::find(GetModuleName() + "dispatch_map");
|
||||
if ( ! mapping_id )
|
||||
return;
|
||||
|
||||
auto mapping_val = mapping_id->GetVal()->AsTableVal();
|
||||
auto mapping_tbl = mapping_val->AsTable();
|
||||
auto c = mapping_tbl->InitForIteration();
|
||||
|
||||
zeek::detail::HashKey* k = nullptr;
|
||||
TableEntryVal* v;
|
||||
while ( (v = mapping_tbl->NextEntry(k, c)) )
|
||||
{
|
||||
auto key = mapping_val->RecreateIndex(*k);
|
||||
delete k;
|
||||
|
||||
auto identifier = key->Idx(0)->AsCount();
|
||||
auto config_entry_val = v->GetVal()->AsRecordVal();
|
||||
|
||||
auto mapped_tag = config_entry_val->GetField("analyzer")->AsEnumVal();
|
||||
auto mapped_analyzer = packet_mgr->GetAnalyzer(mapped_tag);
|
||||
|
||||
dispatcher.Register(identifier, std::move(mapped_analyzer));
|
||||
}
|
||||
}
|
||||
|
||||
zeek::packet_analysis::AnalyzerPtr Analyzer::LoadAnalyzer(const std::string &name)
|
||||
|
|
@ -132,4 +108,12 @@ void Analyzer::DumpDebug() const
|
|||
#endif
|
||||
}
|
||||
|
||||
void Analyzer::RegisterProtocol(uint32_t identifier, AnalyzerPtr child)
|
||||
{
|
||||
if ( run_state::detail::zeek_init_done )
|
||||
reporter->FatalError("Packet protocols cannot be registered after zeek_init has finished.");
|
||||
|
||||
dispatcher.Register(identifier, std::move(child));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -85,6 +85,15 @@ public:
|
|||
*/
|
||||
void DumpDebug() const;
|
||||
|
||||
/**
|
||||
* Adds a protocol to this analyzer's dispatcher.
|
||||
*
|
||||
* @param idenfitier The identifier for the protocol being added.
|
||||
* @param child The analyzer that will be called for the new protocol during
|
||||
* forwarding.
|
||||
*/
|
||||
void RegisterProtocol(uint32_t identifier, AnalyzerPtr child);
|
||||
|
||||
protected:
|
||||
friend class Manager;
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ set(packet_analysis_SRCS
|
|||
Manager.cc
|
||||
Component.cc
|
||||
Tag.cc
|
||||
)
|
||||
)
|
||||
|
||||
bro_add_subdir_library(packet_analysis ${packet_analysis_SRCS})
|
||||
add_dependencies(bro_packet_analysis generate_outputs)
|
||||
|
|
|
|||
49
src/packet_analysis/packet_analysis.bif
Normal file
49
src/packet_analysis/packet_analysis.bif
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
module PacketAnalyzer;
|
||||
|
||||
%%{
|
||||
|
||||
#include "zeek/packet_analysis/Analyzer.h"
|
||||
#include "zeek/packet_analysis/Manager.h"
|
||||
|
||||
%%}
|
||||
|
||||
## Add an entry to parent's dispatcher that maps a protocol/index to a next-stage child analyzer.
|
||||
##
|
||||
## parent: The parent analyzer being modified
|
||||
## identifier: The identifier for the protocol being registered
|
||||
## child: The analyzer that will be called for the identifier
|
||||
##
|
||||
function register_packet_analyzer%(parent: PacketAnalyzer::Tag, identifier: count, child: PacketAnalyzer::Tag%): bool
|
||||
%{
|
||||
packet_analysis::AnalyzerPtr parent_analyzer = packet_mgr->GetAnalyzer(parent->AsEnumVal());
|
||||
if ( ! parent_analyzer )
|
||||
return zeek::val_mgr->False();
|
||||
|
||||
packet_analysis::AnalyzerPtr child_analyzer = packet_mgr->GetAnalyzer(child->AsEnumVal());
|
||||
if ( ! child_analyzer )
|
||||
return zeek::val_mgr->False();
|
||||
|
||||
parent_analyzer->RegisterProtocol(identifier, child_analyzer);
|
||||
return zeek::val_mgr->True();
|
||||
%}
|
||||
|
||||
## Attempts to add an entry to `parent`'s dispatcher that maps a protocol/index to a next-stage `child` analyzer.
|
||||
## This may fail if either of the two names does not respond to a known analyzer.
|
||||
##
|
||||
## parent: The parent analyzer being modified
|
||||
## identifier: The identifier for the protocol being registered
|
||||
## child: The analyzer that will be called for the identifier
|
||||
##
|
||||
function try_register_packet_analyzer_by_name%(parent: string, identifier: count, child: string%): bool
|
||||
%{
|
||||
packet_analysis::AnalyzerPtr parent_analyzer = packet_mgr->GetAnalyzer(parent->ToStdString());
|
||||
if ( ! parent_analyzer )
|
||||
return zeek::val_mgr->False();
|
||||
|
||||
packet_analysis::AnalyzerPtr child_analyzer = packet_mgr->GetAnalyzer(child->ToStdString());
|
||||
if ( ! child_analyzer )
|
||||
return zeek::val_mgr->False();
|
||||
|
||||
parent_analyzer->RegisterProtocol(identifier, child_analyzer);
|
||||
return zeek::val_mgr->True();
|
||||
%}
|
||||
Loading…
Add table
Add a link
Reference in a new issue