Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 23:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/plugins/packet-protocol-plugin/src/RawLayer.cc
Benjamin Bannier f5a76c1aed Reformat Zeek in Spicy style 
This largely copies over Spicy's `.clang-format` configuration file. The
one place where we deviate is header include order since Zeek depends on
headers being included in a certain order.
2023-10-30 09:40:55 +01:00

26 lines
815 B
C++
Raw Blame History

#include "RawLayer.h"
#include "zeek/Event.h"
#include "zeek/Val.h"
#include "zeek/session/Manager.h"
#include "events.bif.h"
using namespace zeek::packet_analysis::PacketDemo;
RawLayer::RawLayer() : zeek::packet_analysis::Analyzer("Raw_Layer") {}
bool RawLayer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) {
constexpr auto layer_size = 21;
if ( layer_size >= len ) {
session_mgr->Weird("truncated_raw_layer", packet);
return false;
}
uint16_t protocol = ntohs(*((const uint16_t*)(data + layer_size - 2)));
event_mgr.Enqueue(raw_layer_message, make_intrusive<StringVal>(layer_size, reinterpret_cast<const char*>(data)),
val_mgr->Count(protocol));
return ForwardPacket(len - layer_size, data + layer_size, packet, protocol);
}
Reference in a new issue View git blame Copy permalink