mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 07:38:19 +00:00
Several final fixes for PacketFilter framework.
- Fixed how the dpd_* variables are written. - Fixed a bug with the shunting code. - Updated a few tests.
This commit is contained in:
Seth Hall
parent
2ec7fbae62
commit
0c97c3c1de
17 changed files with 94 additions and 85 deletions
|
|
@ -110,9 +110,9 @@ redef record connection += {
|
|||
|
||||
# Not attaching ANALYZER_DNS_UDP_BINPAC and ANALYZER_DNS_TCP_BINPAC right now.
|
||||
global analyzers = { ANALYZER_DNS };
|
||||
redef Protocols::analyzer_map["DNS"] = analyzers;
|
||||
redef Protocols::analyzer_map += { ["DNS"] = analyzers };
|
||||
global ports = { 53/udp, 53/tcp, 137/udp, 5353/udp, 5355/udp };
|
||||
redef Protocols::common_ports["DNS"] = ports;
|
||||
redef Protocols::common_ports += { ["DNS"] = ports };
|
||||
|
||||
event bro_init() &priority=5
|
||||
{
|
||||
|
|
|
|||
|
|
@ -95,9 +95,9 @@ redef record connection += {
|
|||
};
|
||||
|
||||
global analyzers = { ANALYZER_FTP };
|
||||
redef Protocols::analyzer_map["FTP"] = analyzers;
|
||||
redef Protocols::analyzer_map += { ["FTP"] = analyzers };
|
||||
global ports = { 21/tcp };
|
||||
redef Protocols::common_ports["FTP"] = ports;
|
||||
redef Protocols::common_ports += { ["FTP"] = ports };
|
||||
|
||||
# Establish the variable for tracking expected connections.
|
||||
global ftp_data_expected: table[addr, port] of Info &create_expire=5mins;
|
||||
|
|
|
|||
|
|
@ -113,13 +113,9 @@ event bro_init() &priority=5
|
|||
|
||||
|
||||
global analyzers = { ANALYZER_HTTP, ANALYZER_HTTP_BINPAC };
|
||||
redef Protocols::analyzer_map["HTTP"] = analyzers;
|
||||
redef Protocols::analyzer_map += { ["HTTP"] = analyzers };
|
||||
global ports = { 80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3138/tcp, 8000/tcp, 8080/tcp, 8888/tcp };
|
||||
redef Protocols::common_ports["HTTP"] = ports;
|
||||
|
||||
#redef dpd_config += {
|
||||
# [[ANALYZER_HTTP, ANALYZER_HTTP_BINPAC]] = [$ports = Protocols::common_ports["HTTP"]],
|
||||
#};
|
||||
redef Protocols::common_ports += { ["HTTP"] = ports };
|
||||
|
||||
redef likely_server_ports += {
|
||||
80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3138/tcp,
|
||||
|
|
|
|||
|
|
@ -39,9 +39,9 @@ redef record connection += {
|
|||
};
|
||||
|
||||
global analyzers = { ANALYZER_IRC };
|
||||
redef Protocols::analyzer_map["IRC"] = analyzers;
|
||||
redef Protocols::analyzer_map += { ["IRC"] = analyzers };
|
||||
global ports = { 6666/tcp, 6667/tcp, 6668/tcp, 6669/tcp, 7000/tcp };
|
||||
redef Protocols::common_ports["IRC"] = ports;
|
||||
redef Protocols::common_ports += { ["IRC"] = ports };
|
||||
|
||||
event bro_init() &priority=5
|
||||
{
|
||||
|
|
|
|||
|
|
@ -57,9 +57,6 @@ export {
|
|||
const mail_path_capture = ALL_HOSTS &redef;
|
||||
|
||||
global log_smtp: event(rec: Info);
|
||||
|
||||
## Configure the default ports for SMTP analysis.
|
||||
const ports = { 25/tcp, 587/tcp } &redef;
|
||||
}
|
||||
|
||||
redef record connection += {
|
||||
|
|
@ -68,8 +65,9 @@ redef record connection += {
|
|||
};
|
||||
|
||||
global analyzers = { ANALYZER_SMTP };
|
||||
redef Protocols::analyzer_map["SMTP"] = analyzers;
|
||||
redef Protocols::common_ports["SMTP"] = ports;
|
||||
redef Protocols::analyzer_map += { ["SMTP"] = analyzers };
|
||||
const ports = { 25/tcp, 587/tcp } &redef;
|
||||
redef Protocols::common_ports += { ["SMTP"] = ports };
|
||||
|
||||
event bro_init() &priority=5
|
||||
{
|
||||
|
|
|
|||
|
|
@ -75,9 +75,9 @@ export {
|
|||
}
|
||||
|
||||
global analyzers = { ANALYZER_SSH };
|
||||
redef Protocols::analyzer_map["SSH"] = analyzers;
|
||||
redef Protocols::analyzer_map += { ["SSH"] = analyzers };
|
||||
global ports = { 22/tcp };
|
||||
redef Protocols::common_ports["SSH"] = ports;
|
||||
redef Protocols::common_ports += { ["SSH"] = ports };
|
||||
|
||||
redef record connection += {
|
||||
ssh: Info &optional;
|
||||
|
|
|
|||
|
|
@ -73,10 +73,10 @@ event bro_init() &priority=5
|
|||
}
|
||||
|
||||
global analyzers = { ANALYZER_SSL };
|
||||
redef Protocols::analyzer_map["SSL"] = analyzers;
|
||||
redef Protocols::analyzer_map += { ["SSL"] = analyzers };
|
||||
global ports = { 443/tcp, 563/tcp, 585/tcp, 614/tcp, 636/tcp,
|
||||
989/tcp, 990/tcp, 992/tcp, 993/tcp, 995/tcp, 5223/tcp };
|
||||
redef Protocols::common_ports["SSL"] = ports;
|
||||
redef Protocols::common_ports += { ["SSL"] = ports };
|
||||
|
||||
|
||||
function set_session(c: connection)
|
||||
|
|
|
|||
|
|
@ -26,9 +26,9 @@ export {
|
|||
}
|
||||
|
||||
global analyzers = { ANALYZER_SYSLOG_BINPAC };
|
||||
redef Protocols::analyzer_map["SYSLOG"] = analyzers;
|
||||
redef Protocols::analyzer_map += { ["SYSLOG"] = analyzers };
|
||||
global ports = { 514/udp };
|
||||
redef Protocols::common_ports["SYSLOG"] = ports;
|
||||
redef Protocols::common_ports += { ["SYSLOG"] = ports };
|
||||
|
||||
redef record connection += {
|
||||
syslog: Info &optional;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue