Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add support for DLT_LINUX_SLL2 PCAP link-type

Browse source
This commit is contained in:
Simeon Miteff 2022-08-15 15:32:20 +10:00
parent c887bcb517
commit b8f0acb5f1
13 changed files with 144 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
scripts/base/packet-protocols/__load__.zeek
View file

@ -8,6 +8,7 @@
@load base/packet-protocols/ieee802_11
@load base/packet-protocols/ieee802_11_radio
@load base/packet-protocols/linux_sll
@load base/packet-protocols/linux_sll2
@load base/packet-protocols/nflog
@load base/packet-protocols/null
@load base/packet-protocols/ppp_serial

1
scripts/base/packet-protocols/linux_sll2/__load__.zeek Normal file
View file

@ -0,0 +1 @@
@load ./main

11
scripts/base/packet-protocols/linux_sll2/main.zeek Normal file
View file

@ -0,0 +1,11 @@
module PacketAnalyzer::LINUXSLL2;
event zeek_init() &priority=20
{
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x0800, PacketAnalyzer::ANALYZER_IP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x86DD, PacketAnalyzer::ANALYZER_IP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x0806, PacketAnalyzer::ANALYZER_ARP);
# RARP
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x8035, PacketAnalyzer::ANALYZER_ARP);
}

2
scripts/base/packet-protocols/root/main.zeek
View file

@ -10,6 +10,7 @@ const DLT_FDDI : count = 10;
const DLT_IEEE802_11 : count = 105;
const DLT_IEEE802_11_RADIO : count = 127;
const DLT_LINUX_SLL : count = 113;
const DLT_LINUX_SLL2 : count = 276;
const DLT_NFLOG : count = 239;
event zeek_init() &priority=20
@ -19,5 +20,6 @@ event zeek_init() &priority=20
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_IEEE802_11, PacketAnalyzer::ANALYZER_IEEE802_11);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_IEEE802_11_RADIO, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_LINUX_SLL, PacketAnalyzer::ANALYZER_LINUXSLL);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_LINUX_SLL2, PacketAnalyzer::ANALYZER_LINUXSLL2);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_NFLOG, PacketAnalyzer::ANALYZER_NFLOG);
}