mirror of
https://github.com/zeek/zeek.git
synced 2025-10-12 19:48:20 +00:00
Add Teredo packet analyzer, disable old analyzer
This commit is contained in:
Tim Wojtulewicz
parent
05574ecce1
commit
dc0ecf9811
25 changed files with 683 additions and 91 deletions
|
|
@ -101,48 +101,11 @@ void Manager::Done() { }
|
|||
|
||||
Connection* Manager::FindConnection(Val* v)
|
||||
{
|
||||
const auto& vt = v->GetType();
|
||||
if ( ! IsRecord(vt->Tag()) )
|
||||
zeek::detail::ConnKey conn_key(v);
|
||||
|
||||
if ( ! conn_key.valid )
|
||||
return nullptr;
|
||||
|
||||
RecordType* vr = vt->AsRecordType();
|
||||
auto vl = v->As<RecordVal*>();
|
||||
|
||||
int orig_h, orig_p; // indices into record's value list
|
||||
int resp_h, resp_p;
|
||||
|
||||
if ( vr == id::conn_id )
|
||||
{
|
||||
orig_h = 0;
|
||||
orig_p = 1;
|
||||
resp_h = 2;
|
||||
resp_p = 3;
|
||||
}
|
||||
else
|
||||
{
|
||||
// While it's not a conn_id, it may have equivalent fields.
|
||||
orig_h = vr->FieldOffset("orig_h");
|
||||
resp_h = vr->FieldOffset("resp_h");
|
||||
orig_p = vr->FieldOffset("orig_p");
|
||||
resp_p = vr->FieldOffset("resp_p");
|
||||
|
||||
if ( orig_h < 0 || resp_h < 0 || orig_p < 0 || resp_p < 0 )
|
||||
return nullptr;
|
||||
|
||||
// ### we ought to check that the fields have the right
|
||||
// types, too.
|
||||
}
|
||||
|
||||
const IPAddr& orig_addr = vl->GetFieldAs<AddrVal>(orig_h);
|
||||
const IPAddr& resp_addr = vl->GetFieldAs<AddrVal>(resp_h);
|
||||
|
||||
auto orig_portv = vl->GetFieldAs<PortVal>(orig_p);
|
||||
auto resp_portv = vl->GetFieldAs<PortVal>(resp_p);
|
||||
|
||||
zeek::detail::ConnKey conn_key(orig_addr, resp_addr, htons((unsigned short)orig_portv->Port()),
|
||||
htons((unsigned short)resp_portv->Port()),
|
||||
orig_portv->PortType(), false);
|
||||
|
||||
return FindConnection(conn_key);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue