Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Simplify packet analyzer config.

Browse source
This commit is contained in:
Jan Grashoefer 2020-09-07 20:46:14 +02:00 committed by Tim Wojtulewicz
parent efa262a229
commit 7ede4f48bd
28 changed files with 233 additions and 213 deletions
Download patch file Download diff file Expand all files Collapse all files

20
scripts/base/packet-protocols/root/main.zeek
View file

@ -3,4 +3,24 @@ module PacketAnalyzer::ROOT;
export {
## Default analyzer (if we don't know the link type, we assume raw IP)
const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef;
## Identifier mappings based on link type
const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef;
}
const DLT_EN10MB : count = 1;
const DLT_FDDI : count = 10;
const DLT_IEEE802_11 : count = 105;
const DLT_IEEE802_11_RADIO : count = 127;
const DLT_LINUX_SLL : count = 113;
const DLT_NFLOG : count = 239;
redef dispatch_map += {
[DLT_EN10MB] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ETHERNET),
[DLT_FDDI] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_FDDI),
[DLT_IEEE802_11] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IEEE802_11),
[DLT_IEEE802_11_RADIO] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO),
[DLT_LINUX_SLL] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_LINUXSLL),
[DLT_NFLOG] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_NFLOG)
};