Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Cleanup and add customer MAC addresses

Browse source 
* Put c-dst/c-src in l2_dst/l2_src
 * use #define instead of const int and move to PBB.h
This commit is contained in:
Eldon Koyle 2023-02-10 17:42:25 -07:00
parent 28d540483e
commit 269cc15888
3 changed files with 14 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/packet-protocols/pbb/main.zeek
View file

@ -7,5 +7,8 @@ event zeek_init() &priority=20
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x0806, PacketAnalyzer::ANALYZER_ARP); PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x0806, PacketAnalyzer::ANALYZER_ARP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x8035, PacketAnalyzer::ANALYZER_ARP); PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x8035, PacketAnalyzer::ANALYZER_ARP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x8100, PacketAnalyzer::ANALYZER_VLAN); PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x8100, PacketAnalyzer::ANALYZER_VLAN);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x8100, PacketAnalyzer::ANALYZER_VLAN);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x88A8, PacketAnalyzer::ANALYZER_VLAN);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x9100, PacketAnalyzer::ANALYZER_VLAN);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x8864, PacketAnalyzer::ANALYZER_PPPOE); PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x8864, PacketAnalyzer::ANALYZER_PPPOE);
} }

10
src/packet_analysis/protocol/pbb/PBB.cc
View file

@ -8,16 +8,16 @@ PBBAnalyzer::PBBAnalyzer() : zeek::packet_analysis::Analyzer("PBB") { }
bool PBBAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) bool PBBAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
{ {
const uint8_t pbb_header_len = 18; if ( PBB_LEN >= len )
const uint8_t etype_offset = pbb_header_len - 2;
if ( pbb_header_len >= len )
{ {
Weird("truncated_PBB_header", packet); Weird("truncated_PBB_header", packet);
return false; return false;
} }
uint32_t protocol = ((data[etype_offset] << 8u) + data[etype_offset+1]); uint32_t protocol = ((data[PBB_ETYPE_OFF] << 8u) + data[PBB_ETYPE_OFF + 1u]);
packet->eth_type = protocol; packet->eth_type = protocol;
packet->l2_dst = data + PBB_C_DST_OFF;
packet->l2_src = data + PBB_C_SRC_OFF;
// Skip the PBB header // Skip the PBB header
return ForwardPacket(len - pbb_header_len, data + pbb_header_len, packet, protocol); return ForwardPacket(len - PBB_LEN, data + PBB_LEN, packet, protocol);
} }

6
src/packet_analysis/protocol/pbb/PBB.h
View file

@ -5,6 +5,12 @@
#include "zeek/packet_analysis/Analyzer.h" #include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h" #include "zeek/packet_analysis/Component.h"
#define PBB_LEN 18u
#define PBB_C_DST_OFF 4u
#define PBB_C_SRC_OFF 10u
#define PBB_ETYPE_OFF 16u
namespace zeek::packet_analysis::PBB namespace zeek::packet_analysis::PBB
{ {