mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
Merge remote-tracking branch 'origin/master' into topic/icmp6
Conflicts: src/ICMP.cc src/net_util.cc src/net_util.h
This commit is contained in:
Daniel Thayer
commit
8e32e89ce4
104 changed files with 2152 additions and 1956 deletions
|
|
@ -16,7 +16,7 @@ export {
|
|||
redef enum Notice::Type += {
|
||||
## This notice is generated if a packet filter is unable to be compiled.
|
||||
Compile_Failure,
|
||||
|
||||
|
||||
## This notice is generated if a packet filter is fails to install.
|
||||
Install_Failure,
|
||||
};
|
||||
|
|
@ -26,18 +26,18 @@ export {
|
|||
type Info: record {
|
||||
## The time at which the packet filter installation attempt was made.
|
||||
ts: time &log;
|
||||
|
||||
|
||||
## This is a string representation of the node that applied this
|
||||
## packet filter. It's mostly useful in the context of dynamically
|
||||
## changing filters on clusters.
|
||||
node: string &log &optional;
|
||||
|
||||
|
||||
## The packet filter that is being set.
|
||||
filter: string &log;
|
||||
|
||||
|
||||
## Indicate if this is the filter set during initialization.
|
||||
init: bool &log &default=F;
|
||||
|
||||
|
||||
## Indicate if the filter was applied successfully.
|
||||
success: bool &log &default=T;
|
||||
};
|
||||
|
|
@ -48,16 +48,16 @@ export {
|
|||
## The latter used to be default for Bro versions < 2.0. That has now
|
||||
## changed however to enable port-independent protocol analysis.
|
||||
const all_packets = T &redef;
|
||||
|
||||
## Filter string which is unconditionally or'ed to the beginning of every
|
||||
|
||||
## Filter string which is unconditionally or'ed to the beginning of every
|
||||
## dynamically built filter.
|
||||
const unrestricted_filter = "" &redef;
|
||||
|
||||
|
||||
## Call this function to build and install a new dynamically built
|
||||
## packet filter.
|
||||
global install: function();
|
||||
|
||||
## This is where the default packet filter is stored and it should not
|
||||
|
||||
## This is where the default packet filter is stored and it should not
|
||||
## normally be modified by users.
|
||||
global default_filter = "<not set yet>";
|
||||
}
|
||||
|
|
@ -85,35 +85,26 @@ function build_default_filter(): string
|
|||
return cmd_line_bpf_filter;
|
||||
|
||||
if ( all_packets )
|
||||
{
|
||||
# Return an "always true" filter.
|
||||
if ( bro_has_ipv6() )
|
||||
return "ip or not ip";
|
||||
else
|
||||
return "not ip6";
|
||||
}
|
||||
return "ip or not ip";
|
||||
|
||||
# Build filter dynamically.
|
||||
|
||||
|
||||
# First the capture_filter.
|
||||
local cfilter = "";
|
||||
for ( id in capture_filters )
|
||||
cfilter = combine_filters(cfilter, capture_filters[id], "or");
|
||||
|
||||
|
||||
# Then the restrict_filter.
|
||||
local rfilter = "";
|
||||
for ( id in restrict_filters )
|
||||
rfilter = combine_filters(rfilter, restrict_filters[id], "and");
|
||||
|
||||
|
||||
# Finally, join them into one filter.
|
||||
local filter = combine_filters(rfilter, cfilter, "and");
|
||||
if ( unrestricted_filter != "" )
|
||||
filter = combine_filters(unrestricted_filter, filter, "or");
|
||||
|
||||
# Exclude IPv6 if we don't support it.
|
||||
if ( ! bro_has_ipv6() )
|
||||
filter = combine_filters(filter, "not ip6", "and");
|
||||
|
||||
|
||||
return filter;
|
||||
}
|
||||
|
||||
|
|
@ -123,32 +114,32 @@ function install()
|
|||
|
||||
if ( ! precompile_pcap_filter(DefaultPcapFilter, default_filter) )
|
||||
{
|
||||
NOTICE([$note=Compile_Failure,
|
||||
NOTICE([$note=Compile_Failure,
|
||||
$msg=fmt("Compiling packet filter failed"),
|
||||
$sub=default_filter]);
|
||||
Reporter::fatal(fmt("Bad pcap filter '%s'", default_filter));
|
||||
}
|
||||
|
||||
|
||||
# Do an audit log for the packet filter.
|
||||
local info: Info;
|
||||
info$ts = network_time();
|
||||
# If network_time() is 0.0 we're at init time so use the wall clock.
|
||||
if ( info$ts == 0.0 )
|
||||
if ( info$ts == 0.0 )
|
||||
{
|
||||
info$ts = current_time();
|
||||
info$init = T;
|
||||
}
|
||||
info$filter = default_filter;
|
||||
|
||||
|
||||
if ( ! install_pcap_filter(DefaultPcapFilter) )
|
||||
{
|
||||
# Installing the filter failed for some reason.
|
||||
info$success = F;
|
||||
NOTICE([$note=Install_Failure,
|
||||
NOTICE([$note=Install_Failure,
|
||||
$msg=fmt("Installing packet filter failed"),
|
||||
$sub=default_filter]);
|
||||
}
|
||||
|
||||
|
||||
if ( reading_live_traffic() || reading_traces() )
|
||||
Log::write(PacketFilter::LOG, info);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -261,10 +261,13 @@ event dns_TXT_reply(c: connection, msg: dns_msg, ans: dns_answer, str: string) &
|
|||
event DNS::do_reply(c, msg, ans, str);
|
||||
}
|
||||
|
||||
event dns_AAAA_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr,
|
||||
astr: string) &priority=5
|
||||
event dns_AAAA_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) &priority=5
|
||||
{
|
||||
event DNS::do_reply(c, msg, ans, fmt("%s", a));
|
||||
}
|
||||
|
||||
event dns_A6_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) &priority=5
|
||||
{
|
||||
# TODO: What should we do with astr?
|
||||
event DNS::do_reply(c, msg, ans, fmt("%s", a));
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue