Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Rename DefaultAnalyzer to IP.

Browse source
This commit is contained in:
Jan Grashoefer 2020-08-28 18:40:02 +02:00 committed by Tim Wojtulewicz
parent 24babf096e
commit d5ca0f9da5
18 changed files with 99 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

38
src/packet_analysis/protocol/ip/IP.cc Normal file
View file

@ -0,0 +1,38 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "IP.h"
#include "NetVar.h"
using namespace zeek::packet_analysis::IP;
IPAnalyzer::IPAnalyzer()
: zeek::packet_analysis::Analyzer("IP")
{
}
zeek::packet_analysis::AnalyzerResult IPAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
{
// Assume we're pointing at IP. Just figure out which version.
if ( data + sizeof(struct ip) >= packet->GetEndOfData() )
{
packet->Weird("packet_analyzer_truncated_header");
return AnalyzerResult::Failed;
}
auto ip = (const struct ip *)data;
uint32_t protocol = ip->ip_v;
auto inner_analyzer = Lookup(protocol);
if ( inner_analyzer == nullptr )
{
DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s failed, could not find analyzer for identifier %#x.",
GetAnalyzerName(), protocol);
packet->Weird("no_suitable_analyzer_found");
return AnalyzerResult::Failed;
}
DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.",
GetAnalyzerName(), protocol);
return inner_analyzer->Analyze(packet, data);
}