Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Move packet parsing code out of adapter into analyzer

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-05-14 10:45:17 -07:00
parent f6e31107e1
commit d6c74373c7
5 changed files with 927 additions and 930 deletions
Download patch file Download diff file Expand all files Collapse all files

26
src/packet_analysis/protocol/tcp/TCPSessionAdapter.h
View file

@ -18,6 +18,9 @@ class TCP_Reassembler;
namespace zeek::packet_analysis::TCP {
constexpr bool DEBUG_tcp_data_sent = false;
constexpr bool DEBUG_tcp_connection_close = false;
class TCPAnalyzer;
class TCPSessionAdapter final : public packet_analysis::IP::SessionAdapter {
@ -65,8 +68,6 @@ public:
// From Analyzer.h
void UpdateConnVal(RecordVal *conn_val) override;
int ParseTCPOptions(const struct tcphdr* tcp, bool is_orig);
static analyzer::Analyzer* Instantiate(Connection* conn)
{ return new TCPSessionAdapter(conn); }
@ -88,17 +89,6 @@ protected:
void FlipRoles() override;
bool IsReuse(double t, const u_char* pkt) override;
// Returns the TCP header pointed to by data (which we assume is
// aligned), updating data, len & caplen. Returns nil if the header
// isn't fully present.
const struct tcphdr* ExtractTCP_Header(const u_char*& data, int& len,
int& caplen);
// Returns true if the checksum is valid, false if not (and in which
// case also updates the status history of the endpoint).
bool ValidateChecksum(const IP_Hdr* ip, const struct tcphdr* tp, analyzer::tcp::TCP_Endpoint* endpoint,
int len, int caplen);
void SetPartialStatus(analyzer::tcp::TCP_Flags flags, bool is_orig);
// Update the state machine of the TCPs based on the activity. This
@ -141,7 +131,6 @@ protected:
analyzer::tcp::TCP_Endpoint* endpoint, uint64_t rel_data_seq,
bool is_orig, analyzer::tcp::TCP_Flags flags);
void CheckRecording(bool need_contents, analyzer::tcp::TCP_Flags flags);
void CheckPIA_FirstPacket(bool is_orig, const IP_Hdr* ip);
friend class session::detail::Timer;
@ -161,17 +150,10 @@ protected:
void SetReassembler(analyzer::tcp::TCP_Reassembler* rorig, analyzer::tcp::TCP_Reassembler* rresp);
// A couple utility functions that may also be useful to derived analyzers.
static uint64_t get_relative_seq(const analyzer::tcp::TCP_Endpoint* endpoint,
uint32_t cur_base, uint32_t last,
uint32_t wraps, bool* underflow = nullptr);
static int get_segment_len(int payload_len, analyzer::tcp::TCP_Flags flags);
bool HasPacketChildren() const { return ! packet_children.empty(); }
private:
void SynWeirds(analyzer::tcp::TCP_Flags flags, analyzer::tcp::TCP_Endpoint* endpoint, int data_len) const;
analyzer::tcp::TCP_Endpoint* orig;
analyzer::tcp::TCP_Endpoint* resp;