mirror of
https://github.com/zeek/zeek.git
synced 2025-10-15 13:08:20 +00:00
bd9855a380
If 'use_conn_size_analyzer' is true, the event engine tracks number of packets and raw IP bytes per connection. If report_conn_size_analyzer is true, these values are included as four new columns into conn.log I changed conn.bro so that the value of report_conn_size_analyzer follows that of use_conn_size_analyzer. For the new conn.log, we probably want to get rid of report_conn_size_analyzer anyway.
47 lines
1.1 KiB
C++
47 lines
1.1 KiB
C++
// $Id: UDP.h 6219 2008-10-01 05:39:07Z vern $
|
|
//
|
|
// See the file "COPYING" in the main distribution directory for copyright.
|
|
|
|
#ifndef udp_h
|
|
#define udp_h
|
|
|
|
#include "Analyzer.h"
|
|
|
|
typedef enum {
|
|
UDP_INACTIVE, // no packet seen
|
|
UDP_ACTIVE, // packets seen
|
|
} UDP_EndpointState;
|
|
|
|
class UDP_Analyzer : public TransportLayerAnalyzer {
|
|
public:
|
|
UDP_Analyzer(Connection* conn);
|
|
virtual ~UDP_Analyzer();
|
|
|
|
virtual void Init();
|
|
|
|
virtual void UpdateConnVal(RecordVal *conn_val);
|
|
|
|
static Analyzer* InstantiateAnalyzer(Connection* conn)
|
|
{ return new UDP_Analyzer(conn); }
|
|
|
|
static bool Available() { return true; }
|
|
|
|
protected:
|
|
virtual void Done();
|
|
virtual void DeliverPacket(int len, const u_char* data, bool orig,
|
|
int seq, const IP_Hdr* ip, int caplen);
|
|
virtual bool IsReuse(double t, const u_char* pkt);
|
|
virtual unsigned int MemoryAllocation() const;
|
|
|
|
bro_int_t request_len, reply_len;
|
|
|
|
private:
|
|
void UpdateEndpointVal(RecordVal* endp, int is_orig);
|
|
|
|
#define HIST_ORIG_DATA_PKT 0x1
|
|
#define HIST_RESP_DATA_PKT 0x2
|
|
#define HIST_ORIG_CORRUPT_PKT 0x4
|
|
#define HIST_RESP_CORRUPT_PKT 0x8
|
|
};
|
|
|
|
#endif
|