Initial implementation of Lower-Level analyzers

2025-10-13 20:18:20 +00:00 · 2019-05-09 17:49:52 +02:00 · 2019-05-09 17:49:52 +02:00 · b2e6c9ac9a
commit b2e6c9ac9a
parent f744d4c070
146 changed files with 3967 additions and 613 deletions
--- a/scripts/base/llprotocols/linux_sll/load.zeek
+++ b/scripts/base/llprotocols/linux_sll/load.zeek
@ -0,0 +1 @@
+@load ./main
--- a/scripts/base/llprotocols/linux_sll/main.zeek
+++ b/scripts/base/llprotocols/linux_sll/main.zeek
@ -0,0 +1,12 @@
+module LL_LINUX_SLL;
+
+const DLT_LINUX_SLL : count = 113;
+
+redef LLAnalyzer::config_map += {
+	LLAnalyzer::ConfigEntry($identifier=DLT_LINUX_SLL, $analyzer=LLAnalyzer::LLANALYZER_LINUXSLL),
+	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
+	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
+	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP),
+	# RARP
+	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP)
+};