Updates for the PacketFilter framework to simplify it.

scripts/base/protocols/dns/main.bro

@@ -122,14 +122,6 @@ redef record connection += {
 	dns_state: State &optional;
 };
 
-# DPD configuration.
-redef capture_filters += {
-	["dns"] = "port 53",
-	["mdns"] = "udp and port 5353",
-	["llmns"] = "udp and port 5355",
-	["netbios-ns"] = "udp port 137",
-};
-
 const ports = { 53/udp, 53/tcp, 137/udp, 5353/udp, 5355/udp };
 redef likely_server_ports += { ports };
 

scripts/base/protocols/ftp/main.bro

@@ -111,21 +111,18 @@ redef record connection += {
 	ftp_data_reuse: bool &default=F;
 };
 
-# Configure DPD
-redef capture_filters += { ["ftp"] = "port 21 and port 2811" };
-
 const ports = { 21/tcp, 2811/tcp };
 redef likely_server_ports += { ports };
 
-# Establish the variable for tracking expected connections.
-global ftp_data_expected: table[addr, port] of Info &read_expire=5mins;
-
 event bro_init() &priority=5
 	{
 	Log::create_stream(FTP::LOG, [$columns=Info, $ev=log_ftp]);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, ports);
 	}
 
+# Establish the variable for tracking expected connections.
+global ftp_data_expected: table[addr, port] of Info &read_expire=5mins;
+
 ## A set of commands where the argument can be expected to refer
 ## to a file or directory.
 const file_cmds = {

scripts/base/protocols/http/main.bro

@@ -123,19 +123,12 @@ redef record connection += {
 	http_state:  State &optional;
 };
 
-# DPD configuration.
-redef capture_filters +=  {
-	["http"] = "tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888)"
-};
-
 const ports = {
 	80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3128/tcp,
 	8000/tcp, 8080/tcp, 8888/tcp,
 };
-
 redef likely_server_ports += { ports };
 
-
 # Initialize the HTTP logging stream and ports.
 event bro_init() &priority=5
 	{

scripts/base/protocols/irc/main.bro

@@ -38,13 +38,6 @@ redef record connection += {
 	irc:  Info &optional;
 };
 
-# Some common IRC ports.
-redef capture_filters += { ["irc-6666"] = "port 6666" };
-redef capture_filters += { ["irc-6667"] = "port 6667" };
-redef capture_filters += { ["irc-6668"] = "port 6668" };
-redef capture_filters += { ["irc-6669"] = "port 6669" };
-
-# DPD configuration.
 const ports = { 6666/tcp, 6667/tcp, 6668/tcp, 6669/tcp };
 redef likely_server_ports += { ports };
 

scripts/base/protocols/modbus/main.bro

@@ -29,9 +29,6 @@ redef record connection += {
 	modbus: Info &optional;
 };
 
-# Configure DPD and the packet filter.
-redef capture_filters += { ["modbus"] = "tcp port 502" };
-
 const ports = { 502/tcp };
 redef likely_server_ports += { ports };
 

scripts/base/protocols/smtp/main.bro

@@ -81,9 +81,6 @@ redef record connection += {
 	smtp_state: State &optional;
 };
 
-# Configure DPD
-redef capture_filters += { ["smtp"] = "tcp port 25 or tcp port 587" };
-
 const ports = { 25/tcp, 587/tcp };
 redef likely_server_ports += { ports };
 

scripts/base/protocols/socks/main.bro

@@ -47,10 +47,6 @@ redef record connection += {
 	socks: SOCKS::Info &optional;
 };
 
-# Configure DPD
-redef capture_filters += { ["socks"] = "tcp port 1080" };
-redef likely_server_ports += { 1080/tcp };
-
 function set_session(c: connection, version: count)
 	{
 	if ( ! c?$socks )

scripts/base/protocols/ssh/main.bro

@@ -70,17 +70,13 @@ export {
 	global log_ssh: event(rec: Info);
 }
 
-# Configure DPD and the packet filter
-
-const ports = { 22/tcp };
- 
-redef capture_filters += { ["ssh"] = "tcp port 22" };
-redef likely_server_ports += { ports };
-
 redef record connection += {
 	ssh: Info &optional;
 };
 
+const ports = { 22/tcp };
+redef likely_server_ports += { ports };
+
 event bro_init() &priority=5
 {
 	Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh]);

scripts/base/protocols/ssl/main.bro

@@ -94,26 +94,10 @@ redef record Info += {
 		delay_tokens: set[string] &optional;
 };
 
-redef capture_filters += {
-	["ssl"] = "tcp port 443",
-	["nntps"] = "tcp port 563",
-	["imap4-ssl"] = "tcp port 585",
-	["sshell"] = "tcp port 614",
-	["ldaps"] = "tcp port 636",
-	["ftps-data"] = "tcp port 989",
-	["ftps"] = "tcp port 990",
-	["telnets"] = "tcp port 992",
-	["imaps"] = "tcp port 993",
-	["ircs"] = "tcp port 994",
-	["pop3s"] = "tcp port 995",
-	["xmpps"] = "tcp port 5223",
-};
-
 const ports = {
 	443/tcp, 563/tcp, 585/tcp, 614/tcp, 636/tcp,
 	989/tcp, 990/tcp, 992/tcp, 993/tcp, 995/tcp, 5223/tcp
-} &redef;
-
+};
 redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
@@ -154,7 +138,7 @@ function log_record(info: Info)
 			{
 			log_record(info);
 			}
-		timeout max_log_delay
+		timeout SSL::max_log_delay
 			{
 			Reporter::info(fmt("SSL delay tokens not released in time (%s tokens remaining)",
 			                   |info$delay_tokens|));

scripts/base/protocols/syslog/main.bro

@@ -26,15 +26,13 @@ export {
 	};
 }
 
-redef capture_filters += { ["syslog"] = "port 514" };
-
-const ports = { 514/udp };
-redef likely_server_ports += { ports };
-
 redef record connection += {
 	syslog: Info &optional;
 };
 
+const ports = { 514/udp };
+redef likely_server_ports += { ports };
+
 event bro_init() &priority=5
 	{
 	Log::create_stream(Syslog::LOG, [$columns=Info]);