Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'master' into topic/icmp6

Browse source 
Conflicts:
	policy/bro.init
	policy/icmp.bro
	src/Analyzer.cc
	src/AnalyzerTags.h
	src/DPM.cc
	src/ICMP.h
	src/Sessions.cc
	src/event.bif
	src/net_util.cc
This commit is contained in:
Daniel Thayer 2012-02-15 15:58:53 -06:00
commit ef31099fd7
1250 changed files with 56739 additions and 54904 deletions
Download patch file Download diff file Expand all files Collapse all files

31
src/ICMP.cc
View file

@ -1,7 +1,7 @@
// $Id: ICMP.cc 6219 2008-10-01 05:39:07Z vern $
//
// See the file "COPYING" in the main distribution directory for copyright.
#include <algorithm>
#include "config.h"
#include "Net.h"
@ -53,7 +53,7 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data,
if ( ! ignore_checksums )
{
int chksum;
int chksum = 0;
#ifdef BROv6
switch ( ip->NextProto() )
@ -67,10 +67,10 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data,
break;
default:
internal_error("unexpected IP proto in ICMP analyzer");
reporter->InternalError("unexpected IP proto in ICMP analyzer");
}
#else
# Classic v4 version.
// Classic v4 version.
chksum = icmp_checksum(icmpp, len);
#endif
@ -96,10 +96,15 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data,
if ( ip->NextProto() == IPPROTO_ICMP )
NextICMP4(current_timestamp, icmpp, len, caplen, data, ip);
#ifdef BROv6
else
NextICMP6(current_timestamp, icmpp, len, caplen, data, ip);
#endif
if ( caplen >= len )
ForwardPacket(len, data, is_orig, seq, ip, caplen);
if ( rule_matcher )
matcher_state.Match(Rule::PAYLOAD, data, len, is_orig,
false, false, true);
@ -337,6 +342,7 @@ RecordVal* ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
return iprec;
}
#ifdef BROv6
RecordVal* ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data)
{
const IP_Hdr ip_hdr_data((const struct ip6_hdr*) data);
@ -407,6 +413,7 @@ RecordVal* ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data)
return iprec;
}
#endif
bool ICMP_Analyzer::IsReuse(double /* t */, const u_char* /* pkt */)
@ -435,6 +442,20 @@ void ICMP_Analyzer::Describe(ODesc* d) const
d->Add(dotted_addr(Conn()->RespAddr()));
}
void ICMP_Analyzer::UpdateConnVal(RecordVal *conn_val)
{
int orig_endp_idx = connection_type->FieldOffset("orig");
int resp_endp_idx = connection_type->FieldOffset("resp");
RecordVal *orig_endp = conn_val->Lookup(orig_endp_idx)->AsRecordVal();
RecordVal *resp_endp = conn_val->Lookup(resp_endp_idx)->AsRecordVal();
UpdateEndpointVal(orig_endp, 1);
UpdateEndpointVal(resp_endp, 0);
// Call children's UpdateConnVal
Analyzer::UpdateConnVal(conn_val);
}
void ICMP_Analyzer::UpdateEndpointVal(RecordVal* endp, int is_orig)
{
Conn()->EnableStatusUpdateTimer();