From 2ec7fbae62fb50a40a4f535fdae05f3198d0eabc Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 25 Apr 2012 23:21:53 -0400 Subject: [PATCH] Packet filter framework checkpoint. --- .../base/frameworks/packet-filter/main.bro | 20 +++++++++--------- .../base/frameworks/packet-filter/shunt.bro | 21 +++++++++---------- 2 files changed, 20 insertions(+), 21 deletions(-) diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.bro index 6e839c9210..9ffd8cc4c3 100644 --- a/scripts/base/frameworks/packet-filter/main.bro +++ b/scripts/base/frameworks/packet-filter/main.bro @@ -97,14 +97,14 @@ export { ## packet filter. global install: function(): bool; - ## A data structure to represent filter generating factories. - type FilterFactory: record { + ## A data structure to represent filter generating plugins. + type FilterPlugin: record { ## A function that is directly called when generating the complete filter. func : function(); }; - ## API function to register a new factory for dynamic restriction filters. - global register_filter_factory: function(ff: FilterFactory); + ## API function to register a new pluginfor dynamic restriction filters. + global register_filter_plugin: function(fp: FilterPlugin); ## Enables the old filtering approach of "only watch common ports for ## analyzed protocols". @@ -129,7 +129,7 @@ global currently_building = F; # Internal tracking for if the the filter being built has possibly been changed. global filter_changed = F; -global filter_factories: set[FilterFactory] = {}; +global filter_plugins: set[FilterPlugin] = {}; redef enum PcapFilterID += { DefaultPcapFilter, @@ -182,9 +182,9 @@ event bro_init() &priority=-5 event filter_change_tracking(); } -function register_filter_factory(ff: FilterFactory) +function register_filter_plugin(fp: FilterPlugin) { - add filter_factories[ff]; + add filter_plugins[fp]; } event remove_dynamic_filter(filter_id: string) @@ -245,10 +245,10 @@ function build(): string for ( filt in dynamic_restrict_filters ) rfilter = combine_filters(rfilter, "and", string_cat("not (", dynamic_restrict_filters[filt], ")")); - # Generate all of the plugin factory based filters. - for ( factory in filter_factories ) + # Generate all of the plugin based filters. + for ( plugin in filter_plugins ) { - factory$func(); + plugin$func(); } # Finally, join them into one filter. diff --git a/scripts/base/frameworks/packet-filter/shunt.bro b/scripts/base/frameworks/packet-filter/shunt.bro index 5527592642..be33f8085a 100644 --- a/scripts/base/frameworks/packet-filter/shunt.bro +++ b/scripts/base/frameworks/packet-filter/shunt.bro @@ -46,7 +46,7 @@ export { global shunted_conns: set[conn_id]; global shunted_host_pairs: set[conn_id]; -function conn_shunt_filters() +function shunt_filters() { # NOTE: this could wrongly match if a connection happens with the ports reversed. local tcp_filter = "tcp and tcp[tcpflags] & (tcp-syn|tcp-fin|tcp-rst) == 0"; @@ -63,19 +63,18 @@ function conn_shunt_filters() } local conn_shunt_filter = combine_filters(tcp_filter, "and", udp_filter); + local hp_shunt_filter = ""; for ( id in shunted_host_pairs ) - { - local hp_filter = fmt("host %s and host %s", id$orig_h, id$resp_h); - - } - - PacketFilter::exclude("conn_shunt_filters", conn_shunt_filter); - } + hp_shunt_filter = combine_filters(hp_shunt_filter, "and", fmt("host %s and host %s", id$orig_h, id$resp_h)); + + local filter = combine_filters(conn_shunt_filter, "and", hp_shunt_filter); + PacketFilter::exclude("shunt_filters", filter); +} event bro_init() &priority=5 { - register_filter_factory([ - $func()={ return conn_shunt_filters(); } + register_filter_plugin([ + $func()={ return shunt_filters(); } ]); } @@ -144,7 +143,7 @@ function shunt_conn(id: conn_id): bool NOTICE([$note=Cannot_BPF_Shunt_Conn, $msg="IPv6 connections can't be shunted with BPF due to limitations in BPF", $sub="ipv6_conn", - $id=id, $identifier=string_cat(id)]); + $id=id, $identifier=cat(id)]); return F; }