Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
16484 commits 387 branches 195 tags 264 MiB
Commit graph

244 commits

Author SHA1 Message Date
Tim Wojtulewicz
41dcd0cde0 Use shared_ptr for encapsulation data instead of raw pointer 2020-10-15 12:49:05 -07:00
Tim Wojtulewicz
a7d4364334 Review cleanup 2020-10-15 12:44:45 -07:00
Tim Wojtulewicz
665d0d9814 Store the ip header in the packet after processing, reuse other places 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
7d2c35174f Change to store data in packet directly instead of keystore 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
d0ef05c748 Don't always insert data into keystore for tunnels 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
02ed03adaa Add comment about packet header size and session analysis 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
d0cc30eccd Set data to ip header's payload instead of advancing the pointer 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
afdc08085f Move packet dumping to packet_mgr 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
1cf251d1ca Move IP and IP tunnel code from Sessions into packet analyzers 2020-10-15 12:18:30 -07:00
Tim Wojtulewicz
23bbe0ac38 Move packet_mgr to the zeek namespace 2020-09-24 09:56:55 -07:00
Tim Wojtulewicz
c21504deed Fix build on FreeBSD, which was missing full definition of sockaddr for ARP 2020-09-23 11:14:01 -07:00
Jan Grashoefer
8d834a1d89 Packet analysis cleanup. 2020-09-23 11:13:29 -07:00
Tim Wojtulewicz
62562504d5 Minor cleanup 2020-09-23 11:13:29 -07:00
Jan Grashoefer
7ede4f48bd Simplify packet analyzer config. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
efa262a229 Make default packet analyzer definition explicit. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
8f951574d7 Add explicit root analyzer for packet analysis. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
3f3f00030d Simplify MPLS analysis. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
38337d799b Improve packet analysis data flow. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
90eb97876f Improve packet analyzer API. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
d5ca0f9da5 Rename DefaultAnalyzer to IP. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
24babf096e Move ARP analysis into packet analyzer. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
0ec7516602 Small cleanup of packet analysis. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
0925b3bbec Remove encap_hdr_size (replaced by skip analyzer). 2020-09-23 11:13:28 -07:00
Jan Grashoefer
54961b5ea2 Allow to overwrite packet analysis mappings. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
fc814bd7e2 Add SkipAnalyzer. 
This is WIP: The test case would require a new pcap or the possibility
to overwrite analyzer mappings. The CustomEncapsulationSkip method and
the corresponding options need to be removed.
 2020-09-23 11:13:28 -07:00
Jan Grashoefer
6f6e5b4df0 Suggested code improvements for packet analysis. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
4aeab7402d Improve naming in packet analysis. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
6365fa6d80 Migrate all packet analyzers to new API. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
cbdaa53f85 Remove magic identifiers from Ethernet analyzer. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
462b1fe3a2 Bring back default packet analysis. 
Default analyzers can be configured per packet analyzer by omitting the
identifier in the ConfigEntry.
 2020-09-23 11:13:28 -07:00
Jan Grashoefer
d4ff5a236c Further simplified the packet analysis API. 
This is still WIP and includes the following changes:
* Dispatchers are now part of analyzers (moving dispatching logic from
  the manager to the analyzers)
* All available analyzers are instantiated on start up
* Removal of configuration class
 2020-09-23 11:13:28 -07:00
Jan Grashoefer
9feda100b9 Move dispatching into packet analyzers. 
WIP that updates only the Ethernet analyzer.
 2020-09-23 11:13:28 -07:00
Jan Grashoefer
96d0e11bb8 Move cur_pos from packet into packet manager loop. 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
c2500d03d6 Remove packet_analysis/Defines.h 
- Replace uses of identifier_t with uint32_t
- Replace repeated usage of tuple type for Analysis results with type alias
 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
b46e600775 Move VectorDispatcher to be the only dispatcher 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
d22481aef3 Remove Manager::Reset() method 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
bd6d3e0112 Remove enabled state from Components, ability to enable/disable from Manager 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
f39d6bb4c4 Use shared_ptr instead of raw pointers in packet_analysis for analyzers and dispatchers 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
07b7a3be40 Whitespace fixes from review 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
27fea2b218 Reorganize some pointer handling 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
08ceea8de1 Fixes for various btest issues 
- Fix handling of truncated ethernet headers, fix core.truncation test output
- Update commit hashes for external private test repo
 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
1c3ded7dd5 Merge ProtocolAnalyzerSet into Manager, remove AnalyzerSet base class 2020-09-23 11:13:28 -07:00
Jan Grashoefer
1e0e8e35af Minor fixes for packet analyzer renaming. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
e53ec46c23 Renamed LL-Analyzers to Packet Analyzers. 2020-09-23 11:13:28 -07:00