Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/src/packet_analysis/protocol/arp/ARP.h
Jan Grashoefer 24babf096e Move ARP analysis into packet analyzer.
2020-09-23 11:13:28 -07:00

38 lines
949 B
C++
Raw Blame History

// See the file "COPYING" in the main distribution directory for copyright.
#pragma once
#include <packet_analysis/Analyzer.h>
#include <packet_analysis/Component.h>
#include <net/if_arp.h>
#ifndef arp_pkthdr
#define arp_pkthdr arphdr
#endif
namespace zeek::packet_analysis::ARP {
class ARPAnalyzer : public Analyzer {
public:
ARPAnalyzer();
~ARPAnalyzer() override = default;
AnalyzerResult Analyze(Packet* packet, const uint8_t*& data) override;
static zeek::packet_analysis::AnalyzerPtr Instantiate()
{
return std::make_shared<ARPAnalyzer>();
}
private:
zeek::AddrValPtr ToAddrVal(const void* addr);
zeek::StringValPtr ToEthAddrStr(const u_char* addr);
void BadARPEvent(const struct arp_pkthdr* hdr, const char* fmt, ...)
__attribute__((format(printf, 3, 4)));
void RequestReplyEvent(EventHandlerPtr e, const u_char* src, const u_char* dst,
const char* spa, const char* sha, const char* tpa, const char* tha);
};
}
Reference in a new issue View git blame Copy permalink