Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 09:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/src/PacketFilter.h
Jon Siwek b3f1f45082 Remove --enable-brov6 flag, IPv6 now supported by default. 
Internally, all BROv6 preprocessor switches were removed and
addr/subnet representations wrapped in the new IPAddr/IPPrefix classes.

Some script-layer changes of note:

- dns_AAAA_reply event signature changed: the string representation
  of an IPv6 addr is easily derived from the addr value, it doesn't
  need to be another parameter.  This event also now generated directly
  by the DNS analyzer instead of being "faked" into a dns_A_reply event.

- removed addr_to_count BIF.  It used to return the host-order
  count representation of IPv4 addresses only.  To make it more
  generic, we might later add a BIF to return a vector of counts
  in order to support IPv6.

- changed the result of enclosing addr variables in vertical pipes
  (e.g. |my_addr|) to return the bit-width of the address type which
  is 128 for IPv6 and 32 for IPv4.  It used to function the same
  way as addr_to_count mentioned above.

- remove bro_has_ipv6 BIF
2012-02-03 16:46:58 -06:00

45 lines
1.3 KiB
C++
Raw Blame History

// Provides some very limited but fast packet filter mechanisms
#ifndef PACKETFILTER_H
#define PACKETFILTER_H
#include "IP.h"
#include "PrefixTable.h"
class PacketFilter {
public:
PacketFilter(bool arg_default) { default_match = arg_default; }
~PacketFilter() {}
// Drops all packets from a particular source (which may be given
// as an AddrVal or a SubnetVal) which hasn't any of TCP flags set
// (TH_*) with the given probability (from 0..MAX_PROB).
void AddSrc(const IPAddr& src, uint32 tcp_flags, double probability);
void AddSrc(Val* src, uint32 tcp_flags, double probability);
void AddDst(const IPAddr& src, uint32 tcp_flags, double probability);
void AddDst(Val* src, uint32 tcp_flags, double probability);
// Removes the filter entry for the given src/dst
// Returns false if filter doesn not exist.
bool RemoveSrc(const IPAddr& src);
bool RemoveSrc(Val* dst);
bool RemoveDst(const IPAddr& dst);
bool RemoveDst(Val* dst);
// Returns true if packet matches a drop filter
bool Match(const IP_Hdr* ip, int len, int caplen);
private:
struct Filter {
uint32 tcp_flags;
uint32 probability;
};
bool MatchFilter(const Filter& f, const IP_Hdr& ip, int len, int caplen);
bool default_match;
PrefixTable src_filter;
PrefixTable dst_filter;
};
#endif
Reference in a new issue View git blame Copy permalink