add Pacf plugin for the internal Bro PacketFilter (not BPF)

testing/btest/Baseline/scripts.base.frameworks.pacf.packetfilter/conn.log

@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2015-05-12-22-11-25
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
+1254722767.492060	CXWv6p3arKYeMETxOg	10.10.1.4	56166	10.10.1.1	53	udp	dns	0.034025	34	100	SF	-	-	0	Dd	1	62	1	128	(empty)
+1254722767.529046	CjhGID4nQcgTWjvg4c	10.10.1.4	1470	74.53.140.153	25	tcp	-	0.346950	0	0	S1	-	-	0	Sh	1	48	1	48	(empty)
+1254722776.690444	CCvvfg3TEfuqmmG4bh	10.10.1.20	138	10.10.1.255	138	udp	-	-	-	-	S0	-	-	0	D	1	229	0	0	(empty)
+#close	2015-05-12-22-11-25

testing/btest/scripts/base/frameworks/pacf/packetfilter.bro

@@ -0,0 +1,18 @@
+# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
+# @TEST-EXEC: btest-diff conn.log
+
+@load base/frameworks/pacf
+
+event bro_init()
+	{
+	local pacf_packetfilter = Pacf::create_packetfilter();
+	Pacf::activate(pacf_packetfilter, 0);
+	}
+
+event connection_established(c: connection)
+	{
+	local e = Pacf::Entity($ty=Pacf::ADDRESS, $ip=addr_to_subnet(c$id$orig_h));
+	local r = Pacf::Rule($ty=Pacf::DROP, $target=Pacf::MONITOR, $entity=e, $expire=10min);
+
+	Pacf::add_rule(r);
+	}