42 commits

Author	SHA1	Message	Date
Johanna Amann	8192ad581d	Do not lookup ignore_checksums_nets for every packet ... This could lead to a noticeable (single-percent) performance improvement. Most of the functionality for this is in the packet analyzers that now cache ignore_chesksums_nets. Based on a patch by Arne Welzel (Corelight).	2021-08-06 10:32:53 +01:00
Tim Wojtulewicz	f849f024e5	Redo how reassembled flag is accessed in IP_Hdr, filling in a memory hole	2021-07-14 14:59:49 -07:00
Tim Wojtulewicz	b14cd1ef16	GH-1216: Enable Mobile IPv6 support by default ... This removes the ENABLE_MOBILE_IPV6 #define variable. It also marks the --enable-mobile-ipv6 configure argument as deprecated.	2021-06-28 11:11:55 -07:00
Tim Wojtulewicz	d15fca7e17	Merge remote-tracking branch 'origin/topic/timw/fix-ip-header-length-checking' ... * origin/topic/timw/fix-ip-header-length-checking: Fix handling of IP packets with bogus IP header lengths	2021-06-04 08:28:57 -07:00
Tim Wojtulewicz	12d768d0d8	Remove obsolete Skipping()/SetSkip() from Connection	2021-06-02 13:20:10 -07:00
Tim Wojtulewicz	08fb5d76ee	Remove some code from IPBasedAnalyzer and children that was waiting for TCP to be implemented	2021-06-02 13:20:10 -07:00
Tim Wojtulewicz	9e1f6f95aa	Move analyzer-to-port mapping out of analyzer::Manager into packet analyzers	2021-06-02 13:20:10 -07:00
Tim Wojtulewicz	f6e31107e1	Move old TCP analyzer into analyzer adapter in packet analysis tree	2021-06-02 13:20:10 -07:00
Tim Wojtulewicz	0e34f2e02f	Fix handling of IP packets with bogus IP header lengths ... Credit to OSS-Fuzz for discovery https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34711 (Link to details becomes public 30 days after patch release)	2021-05-27 16:33:50 -07:00
Tim Wojtulewicz	5f57daf9d1	Ensure SessionAdapter members are initialized ... Fixes Coverity #1453273	2021-05-26 10:53:08 -07:00
Tim Wojtulewicz	b22ce6848f	Rename IPBasedTransportAnalyzer to SessionAdapter ... This also also combines the old TransportLayerAnalyzer class into SessionAdapter, and removes the old class. This requires naming changes in a few places but no functionality changes.	2021-05-18 15:19:12 -07:00
Tim Wojtulewicz	c56fb3e8e4	Move building session analyzer tree out of analyzer::Manager	2021-05-18 11:52:04 -07:00
Tim Wojtulewicz	7dc803f7bb	Rework the packet flow through the IP-based analyzers	2021-05-18 11:52:04 -07:00
Tim Wojtulewicz	c1f0d312b5	Add base class for IP-based packet analyzers	2021-05-18 11:52:03 -07:00
Tim Wojtulewicz	3e1692676d	Move SessionManager::ParseIPPacket to IP analyzer's namespace	2021-05-18 11:52:03 -07:00
Tim Wojtulewicz	0c3e3069d0	Added skeletons for TCP/UDP/ICMP packet analysis plugins. ... This includes integration into the IP plugin and calling of the sessions code from each plugin.	2021-05-18 11:52:03 -07:00
Tim Wojtulewicz	0b7ca5e7bc	Remove Session prefix from some session-related classes and files	2021-04-29 11:09:35 -07:00
Tim Wojtulewicz	18c6aaaa33	Move session code into new directory and into zeek::session namespace	2021-04-29 11:09:35 -07:00
Tim Wojtulewicz	db1d753b35	Rename NetSessions to SessionManager ... This also includes: - Deprecating the NetSessions name. - Renaming the zeek::sessions global to zeek::session_mgr and deprecating the old name. - Renaming Sessions.{h,cc} to SessionManager.{h,cc}.	2021-04-29 10:24:45 -07:00
Tim Wojtulewicz	c752d76052	Move packet filter out of NetSessions	2021-04-29 10:24:45 -07:00
Tim Wojtulewicz	6c52fd502f	GH-1493: Fix build with -DENABLE_MOBILE_IPV6	2021-04-07 13:44:18 -07:00
Tim Wojtulewicz	5111b8e386	Fix comment in IP analyzer	2021-03-02 14:04:30 -07:00
Tim Wojtulewicz	4ad08172d0	Remove obsolete ZEEK_FORWARD_DECLARE_NAMESPACED macros	2021-02-24 14:35:44 -07:00
Tim Wojtulewicz	e27008ef26	GH-1184: Add 'source' field to weird log denoting where the weird was reported	2020-12-01 09:34:37 -07:00
Tim Wojtulewicz	96d9115360	GH-1079: Use full paths starting with zeek/ when including files	2020-11-12 12:15:26 -07:00
Tim Wojtulewicz	b3eb63c48a	GH-1186: Remove Packet::hdr_size and uses of it. ... This change also removes Packet::IP(), since Packet now contains an ip_hdr member that points at the IP header if it exists.	2020-11-09 10:49:57 -07:00
Seth Hall	552a24e07c	Add an option to ignore packets sourced from particular subnets. ... It's implemented with a new set[subnet] option named ignore_checksums_nets. If you populate this set with subnets, any packet with a src address within that set of subnets will not have it's checksum validated.	2020-10-22 13:23:10 -04:00
Tim Wojtulewicz	ce2b00fe83	Fix a couple of Coverity findings (1433618, 1433619)	2020-10-21 10:53:34 -07:00
Tim Wojtulewicz	a99b540e46	Rework Sessions::Weird	2020-10-15 13:03:11 -07:00
Tim Wojtulewicz	ecd970ffde	Store packet's ip header as unique_ptr	2020-10-15 12:49:08 -07:00
Tim Wojtulewicz	41dcd0cde0	Use shared_ptr for encapsulation data instead of raw pointer	2020-10-15 12:49:05 -07:00
Tim Wojtulewicz	a7d4364334	Review cleanup	2020-10-15 12:44:45 -07:00
Tim Wojtulewicz	665d0d9814	Store the ip header in the packet after processing, reuse other places	2020-10-15 12:18:32 -07:00
Tim Wojtulewicz	7d2c35174f	Change to store data in packet directly instead of keystore	2020-10-15 12:18:32 -07:00
Tim Wojtulewicz	d0ef05c748	Don't always insert data into keystore for tunnels	2020-10-15 12:18:32 -07:00
Tim Wojtulewicz	02ed03adaa	Add comment about packet header size and session analysis	2020-10-15 12:18:32 -07:00
Tim Wojtulewicz	d0cc30eccd	Set data to ip header's payload instead of advancing the pointer	2020-10-15 12:18:32 -07:00
Tim Wojtulewicz	1cf251d1ca	Move IP and IP tunnel code from Sessions into packet analyzers	2020-10-15 12:18:30 -07:00
Jan Grashoefer	8f951574d7	Add explicit root analyzer for packet analysis.	2020-09-23 11:13:29 -07:00
Jan Grashoefer	38337d799b	Improve packet analysis data flow.	2020-09-23 11:13:29 -07:00
Jan Grashoefer	90eb97876f	Improve packet analyzer API.	2020-09-23 11:13:28 -07:00
Jan Grashoefer	d5ca0f9da5	Rename DefaultAnalyzer to IP.	2020-09-23 11:13:28 -07:00