Several final fixes for PacketFilter framework.

- Fixed how the dpd_* variables are written. - Fixed a bug with the shunting code. - Updated a few tests.
2025-10-05 16:18:19 +00:00 · 2012-05-02 21:16:30 -04:00 · 2012-05-02 21:16:30 -04:00 · 0c97c3c1de
commit 0c97c3c1de
parent 2ec7fbae62
17 changed files with 94 additions and 85 deletions
--- a/scripts/base/frameworks/protocols/main.bro
+++ b/scripts/base/frameworks/protocols/main.bro
@ -1,9 +1,10 @@

-@load base/frameworks/packet-filter
+@load base/frameworks/packet-filter/utils

 module Protocols;

 export {
+	
 	const common_ports: table[string] of set[port] = {} &redef;

 	## Automatically creates a BPF filter for the specified protocol based
@ -15,14 +16,28 @@ export {
 	## Returns: BPF filter string.
 	global protocol_to_bpf: function(protocol: string): string;
 	
+	## Create a BPF filter which matches all of the ports defined 
+	## by the various protocol analysis scripts as "common ports"
+	## for the protocol.
 	global to_bpf: function(): string;
 	
 	## Maps between human readable protocol identifiers (like "HTTP")
 	## and the internal Bro representation for an analyzer (like ANALYZER_HTTP).
 	## This is typically fully populated by the base protocol analyzer scripts.
-	const analyzer_map: table[string] of set[count] = {} &redef;
+	const analyzer_map: table[string] of set[AnalyzerTag] = {} &redef;
 }

+event bro_init() &priority=10
+	{
+	for ( proto in common_ports )
+		{
+		for ( p in common_ports[proto] )
+			dpd_analyzer_ports[p] = analyzer_map[proto];
+		for ( a in analyzer_map[proto] )
+			dpd_config[a] = [$ports=common_ports[proto]];
+		}
+	}
+
 function protocol_to_bpf(protocol: string): string
 	{
 	# Return an empty string if an undefined protocol was given.
@ -42,8 +57,3 @@ function to_bpf(): string
 		output = PacketFilter::combine_filters(output, "or", protocol_to_bpf(p));
 	return output;
 	}
-	
-	
-	
-	
-