mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 08:08:19 +00:00
d4ff5a236c
This is still WIP and includes the following changes: * Dispatchers are now part of analyzers (moving dispatching logic from the manager to the analyzers) * All available analyzers are instantiated on start up * Removal of configuration class
93 lines
2.2 KiB
C++
93 lines
2.2 KiB
C++
// See the file "COPYING" in the main distribution directory for copyright.
|
|
|
|
#pragma once
|
|
|
|
#include "Tag.h"
|
|
#include "Component.h"
|
|
#include "plugin/ComponentManager.h"
|
|
#include "iosource/Packet.h"
|
|
#include "Dispatcher.h"
|
|
|
|
namespace zeek::packet_analysis {
|
|
|
|
class Analyzer;
|
|
using AnalyzerPtr = std::shared_ptr<Analyzer>;
|
|
|
|
class Manager : public plugin::ComponentManager<Tag, Component> {
|
|
public:
|
|
/**
|
|
* Constructor.
|
|
*/
|
|
Manager();
|
|
|
|
/**
|
|
* Destructor.
|
|
*/
|
|
~Manager() = default;
|
|
|
|
/**
|
|
* Second-stage initialization of the manager. This is called late
|
|
* during Zeek's initialization after any scripts are processed.
|
|
*/
|
|
void InitPostScript();
|
|
|
|
/**
|
|
* Finished the manager's operations.
|
|
*/
|
|
void Done();
|
|
|
|
/**
|
|
* Dumps out the state of all registered analyzers to the \c analyzer
|
|
* debug stream. Should be called only after any \c zeek_init events
|
|
* have executed to ensure that any of their changes are applied.
|
|
*/
|
|
void DumpDebug(); // Called after zeek_init() events.
|
|
|
|
/**
|
|
* Instantiates a new analyzer instance.
|
|
*
|
|
* @param tag The analyzer's tag.
|
|
*
|
|
* @return The new analyzer instance. Returns
|
|
* null if tag is invalid, the requested analyzer is disabled, or the
|
|
* analyzer can't be instantiated.
|
|
*/
|
|
AnalyzerPtr InstantiateAnalyzer(const Tag& tag);
|
|
|
|
/**
|
|
* Instantiates a new analyzer.
|
|
*
|
|
* @param name The name of the analyzer.
|
|
*
|
|
* @return The new analyzer instance. Returns
|
|
* null if the name is not known or if the requested analyzer that is
|
|
* disabled.
|
|
*/
|
|
AnalyzerPtr InstantiateAnalyzer(const std::string& name);
|
|
|
|
/**
|
|
* Processes a packet by applying the configured packet analyzers.
|
|
*
|
|
* @param packet The packet to process.
|
|
*/
|
|
void ProcessPacket(Packet* packet);
|
|
|
|
private:
|
|
/**
|
|
* Skips a fixed amount of packet data that is defined by encap_hdr_size.
|
|
* It is assumed that an IP header follows.
|
|
*
|
|
* @param packet The packet to adapt.
|
|
*
|
|
* @param data Pointer to remaining payload.
|
|
*/
|
|
void CustomEncapsulationSkip(Packet* packet, const uint8_t* data);
|
|
|
|
std::map<std::string, AnalyzerPtr> analyzers;
|
|
Dispatcher root_dispatcher;
|
|
AnalyzerPtr default_analyzer = nullptr;
|
|
};
|
|
|
|
}
|
|
|
|
extern zeek::packet_analysis::Manager* packet_mgr;
|