mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 20:18:20 +00:00
Lots of cleanup and API documentation for the analyzer/* classes.
I've used the opportunity to also cleanup DPD's expect_connection()
infrastructure, and renamed that bif to schedule_analyzer(), which
seems more appropiate. One can now also schedule more than one
analyzer per connection.
TODOs:
- "make install" is probably broken.
- Broxygen is probably broken for plugin-defined events.
- event groups are broken (do we want to keep them?)
- parallel btest is broken, but I'm not sure why ...
(tests all pass individually, but lots of error when running
in parallel; must be related to *.bif restructuring).
- Document API for src/plugin/*
- Document API for src/analyzer/Analyzer.h
- Document API for scripts/base/frameworks/analyzer
This commit is contained in:
Robin Sommer
parent
e532aff687
commit
e0c4bd1a82
32 changed files with 994 additions and 550 deletions
|
|
@ -3,7 +3,7 @@
|
|||
// analyzers into separate plugins.
|
||||
|
||||
#include "BuiltInAnalyzers.h"
|
||||
#include "analyzer/PluginComponent.h"
|
||||
#include "analyzer/Component.h"
|
||||
|
||||
#include "../binpac_bro.h"
|
||||
|
||||
|
|
@ -47,8 +47,13 @@ using namespace analyzer;
|
|||
|
||||
BuiltinAnalyzers builtin_analyzers;
|
||||
|
||||
#define DEFINE_ANALYZER(name, factory, enabled, partial) \
|
||||
AddComponent(new PluginComponent(name, factory, enabled, partial))
|
||||
#define DEFINE_ANALYZER(name, factory) \
|
||||
AddComponent(new Component(name, factory))
|
||||
|
||||
#define DEFINE_ANALYZER_VERSION_BINPAC(name, factory) \
|
||||
AddComponent(new Component(name, factory, 0, FLAGS_use_binpac))
|
||||
#define DEFINE_ANALYZER_VERSION_NON_BINPAC(name, factory) \
|
||||
AddComponent(new Component(name, factory, 0, ! FLAGS_use_binpac))
|
||||
|
||||
void BuiltinAnalyzers::Init()
|
||||
{
|
||||
|
|
@ -58,72 +63,69 @@ void BuiltinAnalyzers::Init()
|
|||
desc.version = BRO_PLUGIN_VERSION_BUILTIN;
|
||||
SetDescription(desc);
|
||||
|
||||
DEFINE_ANALYZER("PIA_TCP", PIA_TCP::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("PIA_UDP", PIA_UDP::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("PIA_TCP", PIA_TCP::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("PIA_UDP", PIA_UDP::InstantiateAnalyzer);
|
||||
|
||||
DEFINE_ANALYZER("ICMP", ICMP_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("ICMP", ICMP_Analyzer::InstantiateAnalyzer);
|
||||
|
||||
DEFINE_ANALYZER("TCP", TCP_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("UDP", UDP_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("TCP", TCP_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("UDP", UDP_Analyzer::InstantiateAnalyzer);
|
||||
|
||||
DEFINE_ANALYZER("BITTORRENT", BitTorrent_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("BITTORRENTTRACKER", BitTorrentTracker_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("DCE_RPC", DCE_RPC_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("DNS", DNS_Analyzer::InstantiateAnalyzer, ! FLAGS_use_binpac, false);
|
||||
DEFINE_ANALYZER("FINGER", Finger_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("FTP", FTP_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("GNUTELLA", Gnutella_Analyzer::InstantiateAnalyzer, true, false);
|
||||
// DEFINE_ANALYZER("HTTP", HTTP_Analyzer::InstantiateAnalyzer, ! FLAGS_use_binpac, false);
|
||||
DEFINE_ANALYZER("IDENT", Ident_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("IRC", IRC_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("LOGIN", 0, true, false); // just a base class
|
||||
DEFINE_ANALYZER("NCP", NCP_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("NETBIOSSSN", NetbiosSSN_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("NFS", NFS_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("NTP", NTP_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("POP3", POP3_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("PORTMAPPER", Portmapper_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("RLOGIN", Rlogin_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("RPC", 0, true, false);
|
||||
DEFINE_ANALYZER("RSH", Rsh_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("SMB", SMB_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("SMTP", SMTP_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("SSH", SSH_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("TELNET", Telnet_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("BITTORRENT", BitTorrent_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("BITTORRENTTRACKER", BitTorrentTracker_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("DCE_RPC", DCE_RPC_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER_VERSION_NON_BINPAC("DNS", DNS_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("FINGER", Finger_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("FTP", FTP_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("GNUTELLA", Gnutella_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("IDENT", Ident_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("IRC", IRC_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("LOGIN", 0); // just a base class
|
||||
DEFINE_ANALYZER("NCP", NCP_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("NETBIOSSSN", NetbiosSSN_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("NFS", NFS_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("NTP", NTP_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("POP3", POP3_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("PORTMAPPER", Portmapper_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("RLOGIN", Rlogin_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("RPC", 0);
|
||||
DEFINE_ANALYZER("RSH", Rsh_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("SMB", SMB_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("SMTP", SMTP_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("SSH", SSH_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("TELNET", Telnet_Analyzer::InstantiateAnalyzer);
|
||||
|
||||
DEFINE_ANALYZER("DHCP_BINPAC", DHCP_Analyzer_binpac::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("DNS_TCP_BINPAC", DNS_TCP_Analyzer_binpac::InstantiateAnalyzer, FLAGS_use_binpac, false);
|
||||
DEFINE_ANALYZER("DNS_UDP_BINPAC", DNS_UDP_Analyzer_binpac::InstantiateAnalyzer, FLAGS_use_binpac, false);
|
||||
// DEFINE_ANALYZER("HTTP_BINPAC", HTTP_Analyzer_binpac::InstantiateAnalyzer, FLAGS_use_binpac, false);
|
||||
// DEFINE_ANALYZER("SSL", SSL_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("SYSLOG_BINPAC", Syslog_Analyzer_binpac::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("MODBUS", ModbusTCP_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("DHCP_BINPAC", DHCP_Analyzer_binpac::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER_VERSION_BINPAC("DNS_TCP_BINPAC", DNS_TCP_Analyzer_binpac::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER_VERSION_BINPAC("DNS_UDP_BINPAC", DNS_UDP_Analyzer_binpac::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("SYSLOG_BINPAC", Syslog_Analyzer_binpac::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("MODBUS", ModbusTCP_Analyzer::InstantiateAnalyzer);
|
||||
|
||||
DEFINE_ANALYZER("AYIYA", AYIYA_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("SOCKS", SOCKS_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("TEREDO", Teredo_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("GTPV1", GTPv1_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("AYIYA", AYIYA_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("SOCKS", SOCKS_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("TEREDO", Teredo_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("GTPV1", GTPv1_Analyzer::InstantiateAnalyzer);
|
||||
|
||||
DEFINE_ANALYZER("FILE", File_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("BACKDOOR", BackDoor_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("INTERCONN", InterConn_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("STEPPINGSTONE", SteppingStone_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("TCPSTATS", TCPStats_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("CONNSIZE", ConnSize_Analyzer::InstantiateAnalyzer, true, false);
|
||||
DEFINE_ANALYZER("FILE", File_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("BACKDOOR", BackDoor_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("INTERCONN", InterConn_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("STEPPINGSTONE", SteppingStone_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("TCPSTATS", TCPStats_Analyzer::InstantiateAnalyzer);
|
||||
DEFINE_ANALYZER("CONNSIZE", ConnSize_Analyzer::InstantiateAnalyzer);
|
||||
|
||||
DEFINE_ANALYZER("CONTENTS", 0, true, false);
|
||||
DEFINE_ANALYZER("CONTENTLINE", 0, true, false);
|
||||
DEFINE_ANALYZER("NVT", 0, true, false);
|
||||
DEFINE_ANALYZER("ZIP", 0, true, false);
|
||||
DEFINE_ANALYZER("CONTENTS_DNS", 0, true, false);
|
||||
DEFINE_ANALYZER("CONTENTS_NETBIOSSSN", 0, true, false);
|
||||
DEFINE_ANALYZER("CONTENTS_NCP", 0, true, false);
|
||||
DEFINE_ANALYZER("CONTENTS_RLOGIN", 0, true, false);
|
||||
DEFINE_ANALYZER("CONTENTS_RSH", 0, true, false);
|
||||
DEFINE_ANALYZER("CONTENTS_DCE_RPC", 0, true, false);
|
||||
DEFINE_ANALYZER("CONTENTS_SMB", 0, true, false);
|
||||
DEFINE_ANALYZER("CONTENTS_RPC", 0, true, false);
|
||||
DEFINE_ANALYZER("CONTENTS_NFS", 0, true, false);
|
||||
DEFINE_ANALYZER("FTP_ADAT", 0, true, false);
|
||||
DEFINE_ANALYZER("CONTENTS", 0);
|
||||
DEFINE_ANALYZER("CONTENTLINE", 0);
|
||||
DEFINE_ANALYZER("NVT", 0);
|
||||
DEFINE_ANALYZER("ZIP", 0);
|
||||
DEFINE_ANALYZER("CONTENTS_DNS", 0);
|
||||
DEFINE_ANALYZER("CONTENTS_NETBIOSSSN", 0);
|
||||
DEFINE_ANALYZER("CONTENTS_NCP", 0);
|
||||
DEFINE_ANALYZER("CONTENTS_RLOGIN", 0);
|
||||
DEFINE_ANALYZER("CONTENTS_RSH", 0);
|
||||
DEFINE_ANALYZER("CONTENTS_DCE_RPC", 0);
|
||||
DEFINE_ANALYZER("CONTENTS_SMB", 0);
|
||||
DEFINE_ANALYZER("CONTENTS_RPC", 0);
|
||||
DEFINE_ANALYZER("CONTENTS_NFS", 0);
|
||||
DEFINE_ANALYZER("FTP_ADAT", 0);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue