mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
35 lines
793 B
C++
35 lines
793 B
C++
// See the file "COPYING" in the main distribution directory for copyright.
|
|
|
|
#pragma once
|
|
|
|
#include <packet_analysis/Analyzer.h>
|
|
#include <packet_analysis/Component.h>
|
|
|
|
namespace zeek::packet_analysis::LinuxSLL {
|
|
|
|
class LinuxSLLAnalyzer : public Analyzer {
|
|
public:
|
|
LinuxSLLAnalyzer();
|
|
~LinuxSLLAnalyzer() override = default;
|
|
|
|
AnalysisResultTuple Analyze(Packet* packet, const uint8_t*& data) override;
|
|
|
|
static zeek::packet_analysis::AnalyzerPtr Instantiate()
|
|
{
|
|
return std::make_shared<LinuxSLLAnalyzer>();
|
|
}
|
|
|
|
private:
|
|
|
|
// Structure layout is based on https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html
|
|
struct SLLHeader
|
|
{
|
|
uint16_t packet_type;
|
|
uint16_t arphrd_type;
|
|
uint16_t addr_len;
|
|
uint64_t addr;
|
|
uint16_t protocol_type;
|
|
} __attribute__((__packed__));
|
|
};
|
|
|
|
}
|