Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

GH-1215: Remove dispatch_map from packet analysis, replace with BIF methods for registering dispatches

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-10-27 12:43:36 -07:00 committed by Tim Wojtulewicz
parent 43821a8957
commit cd06bf34c7
34 changed files with 3770 additions and 3623 deletions
Download patch file Download diff file Expand all files Collapse all files

32
scripts/base/packet-protocols/null/main.zeek
View file

@ -1,24 +1,18 @@
module PacketAnalyzer::NULL;
export {
## Identifier mappings
const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef;
}
const DLT_NULL : count = 0;
redef PacketAnalyzer::ROOT::dispatch_map += {
[DLT_NULL] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_NULL)
};
event zeek_init() &priority=20
{
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_NULL, PacketAnalyzer::ANALYZER_NULL);
## From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different
## values in {NetBSD,OpenBSD,BSD/OS}, {FreeBSD,DragonFlyBSD}, and
## {Darwin/macOS}, so an IPv6 packet might have a link-layer header with 24, 28,
## or 30 as the ``AF_`` value. As we may be reading traces captured on platforms
## other than what we're running on, we accept them all here.
redef dispatch_map += {
[2] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP),
[24] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP),
[28] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP),
[30] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP)
};
# From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different
# values in {NetBSD,OpenBSD,BSD/OS}, {FreeBSD,DragonFlyBSD}, and
# {Darwin/macOS}, so an IPv6 packet might have a link-layer header with 24, 28,
# or 30 as the ``AF_`` value. As we may be reading traces captured on platforms
# other than what we're running on, we accept them all here.
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 2, PacketAnalyzer::ANALYZER_IP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 24, PacketAnalyzer::ANALYZER_IP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 28, PacketAnalyzer::ANALYZER_IP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 30, PacketAnalyzer::ANALYZER_IP);
}