diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 9c60d76746..a2cb3e4c5e 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -793,71 +793,6 @@ type entropy_test_result: record { serial_correlation: double; ##< Serial correlation coefficient. }; -# Prototypes of Bro built-in functions. -@load base/bif/strings.bif -@load base/bif/bro.bif -@load base/bif/reporter.bif - -## Deprecated. This is superseded by the new logging framework. -global log_file_name: function(tag: string): string &redef; - -## Deprecated. This is superseded by the new logging framework. -global open_log_file: function(tag: string): file &redef; - -## Specifies a directory for Bro to store its persistent state. All globals can -## be declared persistent via the :bro:attr:`&persistent` attribute. -const state_dir = ".state" &redef; - -## Length of the delays inserted when storing state incrementally. To avoid -## dropping packets when serializing larger volumes of persistent state to -## disk, Bro interleaves the operation with continued packet processing. -const state_write_delay = 0.01 secs &redef; - -global done_with_network = F; -event net_done(t: time) { done_with_network = T; } - -function log_file_name(tag: string): string - { - local suffix = getenv("BRO_LOG_SUFFIX") == "" ? "log" : getenv("BRO_LOG_SUFFIX"); - return fmt("%s.%s", tag, suffix); - } - -function open_log_file(tag: string): file - { - return open(log_file_name(tag)); - } - -## Internal function. -function add_interface(iold: string, inew: string): string - { - if ( iold == "" ) - return inew; - else - return fmt("%s %s", iold, inew); - } - -## Network interfaces to listen on. Use ``redef interfaces += "eth0"`` to -## extend. -global interfaces = "" &add_func = add_interface; - -## Internal function. -function add_signature_file(sold: string, snew: string): string - { - if ( sold == "" ) - return snew; - else - return cat(sold, " ", snew); - } - -## Signature files to read. Use ``redef signature_files += "foo.sig"`` to -## extend. Signature files added this way will be searched relative to -## ``BROPATH``. Using the ``@load-sigs`` directive instead is preferred -## since that can search paths relative to the current script. -global signature_files = "" &add_func = add_signature_file; - -## ``p0f`` fingerprint file to use. Will be searched relative to ``BROPATH``. -const passive_fingerprint_file = "base/misc/p0f.fp" &redef; - # TCP values for :bro:see:`endpoint` *state* field. # todo:: these should go into an enum to make them autodoc'able. const TCP_INACTIVE = 0; ##< Endpoint is still inactive. @@ -1768,6 +1703,71 @@ type gtp_delete_pdp_ctx_response_elements: record { ext: gtp_private_extension &optional; }; +# Prototypes of Bro built-in functions. +@load base/bif/strings.bif +@load base/bif/bro.bif +@load base/bif/reporter.bif + +## Deprecated. This is superseded by the new logging framework. +global log_file_name: function(tag: string): string &redef; + +## Deprecated. This is superseded by the new logging framework. +global open_log_file: function(tag: string): file &redef; + +## Specifies a directory for Bro to store its persistent state. All globals can +## be declared persistent via the :bro:attr:`&persistent` attribute. +const state_dir = ".state" &redef; + +## Length of the delays inserted when storing state incrementally. To avoid +## dropping packets when serializing larger volumes of persistent state to +## disk, Bro interleaves the operation with continued packet processing. +const state_write_delay = 0.01 secs &redef; + +global done_with_network = F; +event net_done(t: time) { done_with_network = T; } + +function log_file_name(tag: string): string + { + local suffix = getenv("BRO_LOG_SUFFIX") == "" ? "log" : getenv("BRO_LOG_SUFFIX"); + return fmt("%s.%s", tag, suffix); + } + +function open_log_file(tag: string): file + { + return open(log_file_name(tag)); + } + +## Internal function. +function add_interface(iold: string, inew: string): string + { + if ( iold == "" ) + return inew; + else + return fmt("%s %s", iold, inew); + } + +## Network interfaces to listen on. Use ``redef interfaces += "eth0"`` to +## extend. +global interfaces = "" &add_func = add_interface; + +## Internal function. +function add_signature_file(sold: string, snew: string): string + { + if ( sold == "" ) + return snew; + else + return cat(sold, " ", snew); + } + +## Signature files to read. Use ``redef signature_files += "foo.sig"`` to +## extend. Signature files added this way will be searched relative to +## ``BROPATH``. Using the ``@load-sigs`` directive instead is preferred +## since that can search paths relative to the current script. +global signature_files = "" &add_func = add_signature_file; + +## ``p0f`` fingerprint file to use. Will be searched relative to ``BROPATH``. +const passive_fingerprint_file = "base/misc/p0f.fp" &redef; + ## Definition of "secondary filters". A secondary filter is a BPF filter given ## as index in this table. For each such filter, the corresponding event is ## raised for all matching packets. diff --git a/src/IP.cc b/src/IP.cc index 3a19f02d23..a36a3cf6fb 100644 --- a/src/IP.cc +++ b/src/IP.cc @@ -393,6 +393,7 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const } case IPPROTO_ICMP: + case IPPROTO_ICMPV6: { const struct icmp* icmpp = (const struct icmp *) data; RecordVal* icmp_hdr = new RecordVal(icmp_hdr_type); diff --git a/src/NetVar.cc b/src/NetVar.cc index 8a901842fd..ccc94c97a6 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -15,6 +15,8 @@ RecordType* icmp_conn; RecordType* icmp_context; RecordType* SYN_packet; RecordType* pcap_packet; +RecordType* raw_pkt_hdr_type; +RecordType* l2_hdr_type; RecordType* signature_state; EnumType* transport_proto; TableType* string_set; @@ -324,6 +326,8 @@ void init_net_var() signature_state = internal_type("signature_state")->AsRecordType(); SYN_packet = internal_type("SYN_packet")->AsRecordType(); pcap_packet = internal_type("pcap_packet")->AsRecordType(); + raw_pkt_hdr_type = internal_type("raw_pkt_hdr")->AsRecordType(); + l2_hdr_type = internal_type("l2_hdr")->AsRecordType(); transport_proto = internal_type("transport_proto")->AsEnumType(); string_set = internal_type("string_set")->AsTableType(); string_array = internal_type("string_array")->AsTableType(); diff --git a/src/NetVar.h b/src/NetVar.h index 97018121f9..909a2a4c1c 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -19,6 +19,8 @@ extern RecordType* icmp_context; extern RecordType* signature_state; extern RecordType* SYN_packet; extern RecordType* pcap_packet; +extern RecordType* raw_pkt_hdr_type; +extern RecordType* l2_hdr_type; extern EnumType* transport_proto; extern TableType* string_set; extern TableType* string_array; diff --git a/src/bro.bif b/src/bro.bif index 2c55c2bc95..fb8db5e23a 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -3458,6 +3458,26 @@ function get_current_packet%(%) : pcap_packet return pkt; %} +## Function to get the raw headers of the currently processed packet. +## +## Returns: A record containing the Layer 2, 3 and 4 headers of the +## currently processed packet. +## +## .. bro:see:: raw_pkt_hdr get_current_packet +function get_current_packet_header%(%) : raw_pkt_hdr + %{ + const Packet* p; + + if ( current_pktsrc && + current_pktsrc->GetCurrentPacket(&p) ) + { + return p->BuildPktHdrVal(); + } + + RecordVal* hdr = new RecordVal(raw_pkt_hdr_type); + return hdr; + %} + ## Writes a given packet to a file. ## ## pkt: The PCAP packet. diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index 2aa7fa58c7..c75b62a832 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -428,15 +428,6 @@ void Packet::ProcessLayer2() RecordVal* Packet::BuildPktHdrVal() const { - static RecordType* l2_hdr_type = 0; - static RecordType* raw_pkt_hdr_type = 0; - - if ( ! raw_pkt_hdr_type ) - { - raw_pkt_hdr_type = internal_type("raw_pkt_hdr")->AsRecordType(); - l2_hdr_type = internal_type("l2_hdr")->AsRecordType(); - } - RecordVal* pkt_hdr = new RecordVal(raw_pkt_hdr_type); RecordVal* l2_hdr = new RecordVal(l2_hdr_type);