Naming/comment updates from review

zeek · Nov 2, 2020 · 8c8ae7a · 8c8ae7a
1 parent 6194e06
commit 8c8ae7a
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 8 deletions.
diff --git a/scripts/policy/misc/unknown-protocols.zeek b/scripts/policy/misc/unknown-protocols.zeek
@@ -17,7 +17,7 @@ export {
 		ts:           time     &log;
 		##
 		analyzer:     string   &log;
-		protocol:     string   &log;
+		protocol_id:  string   &log;
 		first_bytes:  string   &log;
 	};
 
@@ -46,7 +46,7 @@ event unknown_protocol(analyzer_name: string, protocol: count, first_bytes: stri
 	local info : Info;
 	info$ts = network_time();
 	info$analyzer = analyzer_name;
-	info$protocol = fmt("0x%x", protocol);
+	info$protocol_id = fmt("0x%x", protocol);
 	info$first_bytes = first_bytes;
 
 	Log::write(LOG, info);

diff --git a/src/packet_analysis/Manager.cc b/src/packet_analysis/Manager.cc
@@ -183,11 +183,13 @@ void Manager::DumpPacket(const Packet *pkt, int len)
 	run_state::detail::pkt_dumper->Dump(pkt);
 	}
 
-class UnknownProtocolTimerTimer final : public zeek::detail::Timer {
+class UnknownProtocolTimer final : public zeek::detail::Timer {
 public:
+	// Represents a combination of an analyzer name and protocol identifier, where the identifier was
+	// reported as unknown by the analyzer.
 	using UnknownProtocolPair = std::pair<std::string, uint32_t>;
 
-	UnknownProtocolTimerTimer(double t, UnknownProtocolPair p, double timeout)
+	UnknownProtocolTimer(double t, UnknownProtocolPair p, double timeout)
 		: zeek::detail::Timer(t + timeout, zeek::detail::TIMER_UNKNOWN_PROTOCOL_EXPIRE),
 		  unknown_protocol(std::move(p))
 		{}
@@ -210,8 +212,8 @@ bool Manager::PermitUnknownProtocol(const std::string& analyzer, uint32_t protoc
 	++count;
 
 	if ( count == 1 )
-		detail::timer_mgr->Add(new UnknownProtocolTimerTimer(run_state::network_time, p,
-		                                                     unknown_sampling_duration));
+		detail::timer_mgr->Add(new UnknownProtocolTimer(run_state::network_time, p,
+		                                                unknown_sampling_duration));
 
 	if ( count < unknown_sampling_threshold )
 		return true;

diff --git a/testing/btest/Baseline/core.disable-mobile-ipv6/unknown_protocols.log b/testing/btest/Baseline/core.disable-mobile-ipv6/unknown_protocols.log
@@ -5,7 +5,7 @@
 #unset_field	-
 #path	unknown_protocols
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	analyzer	protocol	first_bytes
+#fields	ts	analyzer	protocol_id	first_bytes
 #types	time	string	string	string
 XXXXXXXXXX.XXXXXX	IP	0x87	3b010600d1da0080002a
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/plugins.packet-protocol/output_orig b/testing/btest/Baseline/plugins.packet-protocol/output_orig
@@ -5,7 +5,7 @@
 #unset_field	-
 #path	unknown_protocols
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	analyzer	protocol	first_bytes
+#fields	ts	analyzer	protocol_id	first_bytes
 #types	time	string	string	string
 XXXXXXXXXX.XXXXXX	ETHERNET	0x88b5	4920616d20656e636170
 #close XXXX-XX-XX-XX-XX-XX