Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'simeonmiteff/master'

Browse source 
* simeonmiteff/master:
  Pull changes from zeek/cmake fork
  Skip test based on preprocessor flag set by cmake
  Set flag for libpcap without DLT_LINUX_SLL2
  Force event order in core/init-error btest
  Update some coverage baselines
  Update plugins/hooks baseline
  Add support for DLT_LINUX_SLL2 PCAP link-type
This commit is contained in:
Tim Wojtulewicz 2022-08-24 09:22:47 -07:00
commit 76b6cf7afa
21 changed files with 194 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
scripts/base/packet-protocols/__load__.zeek
View file

@ -8,6 +8,7 @@
@load base/packet-protocols/ieee802_11
@load base/packet-protocols/ieee802_11_radio
@load base/packet-protocols/linux_sll
@load base/packet-protocols/linux_sll2
@load base/packet-protocols/nflog
@load base/packet-protocols/null
@load base/packet-protocols/ppp_serial

1
scripts/base/packet-protocols/linux_sll2/__load__.zeek Normal file
View file

@ -0,0 +1 @@
@load ./main

11
scripts/base/packet-protocols/linux_sll2/main.zeek Normal file
View file

@ -0,0 +1,11 @@
module PacketAnalyzer::LINUXSLL2;
event zeek_init() &priority=20
{
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x0800, PacketAnalyzer::ANALYZER_IP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x86DD, PacketAnalyzer::ANALYZER_IP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x0806, PacketAnalyzer::ANALYZER_ARP);
# RARP
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x8035, PacketAnalyzer::ANALYZER_ARP);
}

2
scripts/base/packet-protocols/root/main.zeek
View file

@ -10,6 +10,7 @@ const DLT_FDDI : count = 10;
const DLT_IEEE802_11 : count = 105;
const DLT_IEEE802_11_RADIO : count = 127;
const DLT_LINUX_SLL : count = 113;
const DLT_LINUX_SLL2 : count = 276;
const DLT_NFLOG : count = 239;
event zeek_init() &priority=20
@ -19,5 +20,6 @@ event zeek_init() &priority=20
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_IEEE802_11, PacketAnalyzer::ANALYZER_IEEE802_11);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_IEEE802_11_RADIO, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_LINUX_SLL, PacketAnalyzer::ANALYZER_LINUXSLL);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_LINUX_SLL2, PacketAnalyzer::ANALYZER_LINUXSLL2);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_NFLOG, PacketAnalyzer::ANALYZER_NFLOG);
}