mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 02:28:21 +00:00
Add linux netfilter NFLOG capture functionality initial commit
modified GetLinkHeaderSize to support link type modified ProcessLayer2 to support NFLOG packets expecting out of the box support from libpcap hacking my way around bpf, bpf is not supported in libpcap (would be easy to implement) but at the moment, throw a warn if applying a filter and short circuit bpf code. want to ensure this works... commenting out error states. Fixed SetFilter to properly detect m_matches_anything, which is used by the DLT_NFLOG type to short circuit bpf filters. Added NFLOG parsing to zeek source, added m_matches_anything flag check for bpf functionality (NFLOG is bpf incompatible, but shouldn't be)
This commit is contained in:
Ryan Denniston
parent
5618b21cca
commit
5262237c3b
3 changed files with 56 additions and 0 deletions
|
|
@ -104,6 +104,13 @@ bool BPF_Program::Compile(int snaplen, int linktype, const char* filter,
|
|||
{
|
||||
FreeCode();
|
||||
|
||||
if ( linktype == DLT_NFLOG ) //hacky way to support nflog but not bpf
|
||||
{
|
||||
m_compiled = true;
|
||||
m_matches_anything = true;
|
||||
return true;
|
||||
}
|
||||
|
||||
#ifdef LIBPCAP_PCAP_COMPILE_NOPCAP_HAS_ERROR_PARAMETER
|
||||
char my_error[PCAP_ERRBUF_SIZE];
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue