Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Rename DefaultAnalyzer to IP.

Browse source
This commit is contained in:
Jan Grashoefer 2020-08-28 18:40:02 +02:00 committed by Tim Wojtulewicz
parent 24babf096e
commit d5ca0f9da5
18 changed files with 99 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/packet_analysis/Analyzer.h
View file

@ -121,7 +121,7 @@ protected:
*
* @return The outcome of the analysis.
*/
virtual AnalyzerResult AnalyzeInnerPacket(Packet* packet, const uint8_t*& data,
AnalyzerResult AnalyzeInnerPacket(Packet* packet, const uint8_t*& data,
uint32_t identifier) const;
/**

2
src/packet_analysis/protocol/CMakeLists.txt
View file

@ -1,4 +1,3 @@
add_subdirectory(default)
add_subdirectory(skip)
add_subdirectory(wrapper)
@ -15,5 +14,6 @@ add_subdirectory(mpls)
add_subdirectory(linux_sll)
add_subdirectory(arp)
add_subdirectory(ip)
add_subdirectory(ipv4)
add_subdirectory(ipv6)

44
src/packet_analysis/protocol/default/Default.cc
View file

@ -1,44 +0,0 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "Default.h"
#include "NetVar.h"
using namespace zeek::packet_analysis::Default;
DefaultAnalyzer::DefaultAnalyzer()
: zeek::packet_analysis::Analyzer("DefaultAnalyzer")
{
}
zeek::packet_analysis::AnalyzerResult DefaultAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
{
// Assume we're pointing at IP. Just figure out which version.
if ( data + sizeof(struct ip) >= packet->GetEndOfData() )
{
packet->Weird("packet_analyzer_truncated_header");
return AnalyzerResult::Failed;
}
auto ip = (const struct ip *)data;
uint32_t protocol = ip->ip_v;
return AnalyzeInnerPacket(packet, data, protocol);
}
zeek::packet_analysis::AnalyzerResult DefaultAnalyzer::AnalyzeInnerPacket(Packet* packet,
const uint8_t*& data, uint32_t identifier) const
{
auto inner_analyzer = Lookup(identifier);
if ( inner_analyzer == nullptr )
{
DBG_LOG(DBG_PACKET_ANALYSIS, "Default analysis in %s failed, could not find analyzer for identifier %#x.",
GetAnalyzerName(), identifier);
packet->Weird("no_suitable_analyzer_found");
return AnalyzerResult::Failed;
}
DBG_LOG(DBG_PACKET_ANALYSIS, "Default analysis in %s succeeded, next layer identifier is %#x.",
GetAnalyzerName(), identifier);
return inner_analyzer->Analyze(packet, data);
}

27
src/packet_analysis/protocol/default/Default.h
View file

@ -1,27 +0,0 @@
// See the file "COPYING" in the main distribution directory for copyright.
#pragma once
#include <packet_analysis/Analyzer.h>
#include <packet_analysis/Component.h>
namespace zeek::packet_analysis::Default {
class DefaultAnalyzer : public Analyzer {
public:
DefaultAnalyzer();
~DefaultAnalyzer() override = default;
AnalyzerResult Analyze(Packet* packet, const uint8_t*& data) override;
static zeek::packet_analysis::AnalyzerPtr Instantiate()
{
return std::make_shared<DefaultAnalyzer>();
}
protected:
AnalyzerResult AnalyzeInnerPacket(Packet* packet, const uint8_t*& data,
uint32_t identifier) const override;
};
}

4
src/packet_analysis/protocol/default/CMakeLists.txt → src/packet_analysis/protocol/ip/CMakeLists.txt
View file

@ -3,6 +3,6 @@ include(ZeekPlugin)
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
zeek_plugin_begin(PacketAnalyzer Default)
zeek_plugin_cc(Default.cc Plugin.cc)
zeek_plugin_begin(PacketAnalyzer IP)
zeek_plugin_cc(IP.cc Plugin.cc)
zeek_plugin_end()

38
src/packet_analysis/protocol/ip/IP.cc Normal file
View file

@ -0,0 +1,38 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "IP.h"
#include "NetVar.h"
using namespace zeek::packet_analysis::IP;
IPAnalyzer::IPAnalyzer()
: zeek::packet_analysis::Analyzer("IP")
{
}
zeek::packet_analysis::AnalyzerResult IPAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
{
// Assume we're pointing at IP. Just figure out which version.
if ( data + sizeof(struct ip) >= packet->GetEndOfData() )
{
packet->Weird("packet_analyzer_truncated_header");
return AnalyzerResult::Failed;
}
auto ip = (const struct ip *)data;
uint32_t protocol = ip->ip_v;
auto inner_analyzer = Lookup(protocol);
if ( inner_analyzer == nullptr )
{
DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s failed, could not find analyzer for identifier %#x.",
GetAnalyzerName(), protocol);
packet->Weird("no_suitable_analyzer_found");
return AnalyzerResult::Failed;
}
DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.",
GetAnalyzerName(), protocol);
return inner_analyzer->Analyze(packet, data);
}

23
src/packet_analysis/protocol/ip/IP.h Normal file
View file

@ -0,0 +1,23 @@
// See the file "COPYING" in the main distribution directory for copyright.
#pragma once
#include <packet_analysis/Analyzer.h>
#include <packet_analysis/Component.h>
namespace zeek::packet_analysis::IP {
class IPAnalyzer : public Analyzer {
public:
IPAnalyzer();
~IPAnalyzer() override = default;
AnalyzerResult Analyze(Packet* packet, const uint8_t*& data) override;
static zeek::packet_analysis::AnalyzerPtr Instantiate()
{
return std::make_shared<IPAnalyzer>();
}
};
}

10
src/packet_analysis/protocol/default/Plugin.cc → src/packet_analysis/protocol/ip/Plugin.cc
View file

@ -1,6 +1,6 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "Default.h"
#include "IP.h"
#include "plugin/Plugin.h"
#include "packet_analysis/Component.h"
@ -10,12 +10,12 @@ class Plugin : public zeek::plugin::Plugin {
public:
zeek::plugin::Configuration Configure()
{
AddComponent(new zeek::packet_analysis::Component("DefaultAnalyzer",
zeek::packet_analysis::Default::DefaultAnalyzer::Instantiate));
AddComponent(new zeek::packet_analysis::Component("IP",
zeek::packet_analysis::IP::IPAnalyzer::Instantiate));
zeek::plugin::Configuration config;
config.name = "Zeek::DefaultAnalyzer";
config.description = "Default packet analyzer for IP fallback";
config.name = "Zeek::IP";
config.description = "Packet analyzer for IP fallback (v4 or v6)";
return config;
}