Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 08:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Remove non-standard way of forwarding out of the Ethernet analyzer

Browse source
This commit is contained in:
Tim Wojtulewicz 2023-04-19 10:25:39 -07:00 committed by Tim Wojtulewicz
parent 7e88a2b3fb
commit c5b8603218
14 changed files with 48 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

1
testing/btest/plugins/packet-protocol-plugin/CMakeLists.txt
View file

@ -14,6 +14,5 @@ include(ZeekPlugin)
zeek_plugin_begin(PacketDemo Bar)
zeek_plugin_cc(src/Plugin.cc)
zeek_plugin_cc(src/RawLayer.cc)
zeek_plugin_cc(src/LLCDemo.cc)
zeek_plugin_bif(src/events.bif)
zeek_plugin_end()

1
testing/btest/plugins/packet-protocol-plugin/scripts/__load__.zeek
View file

@ -1,2 +1 @@
@load PacketDemo/RawLayer/base/main
@load PacketDemo/LLCDemo/base/main

30
testing/btest/plugins/packet-protocol-plugin/src/LLCDemo.cc
View file

@ -1,30 +0,0 @@
#include "LLCDemo.h"
#include "zeek/Event.h"
#include "zeek/Val.h"
#include "zeek/session/Manager.h"
#include "events.bif.h"
using namespace zeek::packet_analysis::PacketDemo;
LLCDemo::LLCDemo() : zeek::packet_analysis::Analyzer("LLC_Demo") { }
bool LLCDemo::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
{
// Rudimentary parsing of 802.2 LLC
if ( 17 >= len )
{
session_mgr->Weird("truncated_llc_header", packet);
return false;
}
auto dsap = data[14];
auto ssap = data[15];
auto control = data[16];
event_mgr.Enqueue(llc_demo_message, val_mgr->Count(dsap), val_mgr->Count(ssap),
val_mgr->Count(control));
return true;
}

20
testing/btest/plugins/packet-protocol-plugin/src/LLCDemo.h
View file

@ -1,20 +0,0 @@
#pragma once
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::PacketDemo
{
class LLCDemo : public Analyzer
{
public:
LLCDemo();
~LLCDemo() override = default;
bool AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) override;
static AnalyzerPtr Instantiate() { return std::make_shared<LLCDemo>(); }
};
}

5
testing/btest/plugins/packet-protocol-plugin/src/Plugin.cc
View file

@ -1,6 +1,5 @@
#include "Plugin.h"
#include "LLCDemo.h"
#include "RawLayer.h"
#include "packet_analysis/Component.h"
@ -14,12 +13,10 @@ public:
{
AddComponent(new zeek::packet_analysis::Component(
"Raw_Layer", zeek::packet_analysis::PacketDemo::RawLayer::Instantiate));
AddComponent(new zeek::packet_analysis::Component(
"LLC_Demo", zeek::packet_analysis::PacketDemo::LLCDemo::Instantiate));
zeek::plugin::Configuration config;
config.name = "PacketDemo::Bar";
config.description = "Demo packet analyzers (RawLayer, LLC).";
config.description = "Demo packet analyzers (RawLayer).";
config.version.major = 1;
config.version.minor = 0;
config.version.patch = 0;

1
testing/btest/plugins/packet-protocol-plugin/src/events.bif
View file

@ -1,3 +1,2 @@
event raw_layer_message%(message: string, protocol: count%);
event llc_demo_message%(dsap: count, ssap: count, control: count%);