Add AYIYA packet analyzer, disable old analyzer

2025-10-02 06:38:20 +00:00 · 2021-08-26 11:28:51 -07:00 · 2021-08-26 11:28:51 -07:00 · 7e40094f2c
commit 7e40094f2c
parent 44e0760e96
18 changed files with 214 additions and 35 deletions
--- a/scripts/base/packet-protocols/load.zeek
+++ b/scripts/base/packet-protocols/load.zeek
@ -14,9 +14,11 @@
@load base/packet-protocols/pppoe
@load base/packet-protocols/vlan
@load base/packet-protocols/mpls
-@load base/packet-protocols/gre
-@load base/packet-protocols/iptunnel
@load base/packet-protocols/vntag
@load base/packet-protocols/udp
@load base/packet-protocols/tcp
@load base/packet-protocols/icmp
+
+@load base/packet-protocols/gre
+@load base/packet-protocols/iptunnel
+@load base/packet-protocols/ayiya
--- a/scripts/base/packet-protocols/ayiya/load.zeek
+++ b/scripts/base/packet-protocols/ayiya/load.zeek
@ -0,0 +1 @@
+@load ./main
--- a/scripts/base/packet-protocols/ayiya/main.zeek
+++ b/scripts/base/packet-protocols/ayiya/main.zeek
@ -0,0 +1,19 @@
+module PacketAnalyzer::AYIYA;
+
+# Needed for port registration for BPF
+@load base/frameworks/analyzer/main
+
+const IPPROTO_IPV4 : count = 4;
+const IPPROTO_IPV6 : count = 41;
+
+const ayiya_ports = { 5072/udp };
+redef likely_server_ports += { ayiya_ports };
+
+event zeek_init() &priority=20
+	{
+	PacketAnalyzer::register_protocol_detection(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA);
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_AYIYA, IPPROTO_IPV4, PacketAnalyzer::ANALYZER_IP);
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_AYIYA, IPPROTO_IPV6, PacketAnalyzer::ANALYZER_IP);
+
+	PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, ayiya_ports);
+	}