diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 5fabc60a3e..5c86024202 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -5342,29 +5342,29 @@ event net_done(t: time) @if ( __init_primary_bifs() ) @endif -module LLAnalyzer; +module PacketAnalyzer; -# Defines a mapping for the LLAnalyzer's configuration tree. This +# Defines a mapping for the PacketAnalyzer's configuration tree. This # maps from a parent analyzer to a child analyzer through a numeric # identifier. export { type ConfigEntry : record { # The parent analyzer. This analyzer will check for the *identifier* in the # packet data to know whether to call the next analyzer. This field is optional. - # If it is not included, the identifier will attach to the "root" analyzer. This - # means that the identifier will be searched for the initial packet header instead - # of later headers. - parent : LLAnalyzer::Tag &optional; + # If it is not included, the identifier will attach to the "root" analyzer. The + # root analyzer uses the link layer identifier provided by the packet source to + # determine the protocol for the initial packet header. + parent : PacketAnalyzer::Tag &optional; - # A numeric identifier that can be found in the packet data that denotes an - # analyzer should be called. + # A numeric identifier, which can be found in the packet data, that denotes the + # encapsulated protocol. identifier : count; # The analyzer that corresponds to the above identifier. - analyzer : LLAnalyzer::Tag; + analyzer : PacketAnalyzer::Tag; }; - const config_map : vector of LLAnalyzer::ConfigEntry &redef; + const config_map : vector of PacketAnalyzer::ConfigEntry &redef; } -@load base/llprotocols +@load base/packet-protocols diff --git a/scripts/base/llprotocols/__load__.zeek b/scripts/base/llprotocols/__load__.zeek deleted file mode 100644 index a6d256338b..0000000000 --- a/scripts/base/llprotocols/__load__.zeek +++ /dev/null @@ -1,11 +0,0 @@ -@load base/llprotocols/default -@load base/llprotocols/ethernet -@load base/llprotocols/fddi -@load base/llprotocols/ieee802_11 -@load base/llprotocols/ieee802_11_radio -@load base/llprotocols/linux_sll -@load base/llprotocols/nflog -@load base/llprotocols/null -@load base/llprotocols/ppp_serial -@load base/llprotocols/pppoe -@load base/llprotocols/vlan diff --git a/scripts/base/llprotocols/default/main.zeek b/scripts/base/llprotocols/default/main.zeek deleted file mode 100644 index caf50e6378..0000000000 --- a/scripts/base/llprotocols/default/main.zeek +++ /dev/null @@ -1,6 +0,0 @@ -module LL_DEFAULT; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_DEFAULTANALYZER, $identifier=4, $analyzer=LLAnalyzer::LLANALYZER_IPV4), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_DEFAULTANALYZER, $identifier=6, $analyzer=LLAnalyzer::LLANALYZER_IPV6) -}; diff --git a/scripts/base/llprotocols/ethernet/main.zeek b/scripts/base/llprotocols/ethernet/main.zeek deleted file mode 100644 index 1227b2fb83..0000000000 --- a/scripts/base/llprotocols/ethernet/main.zeek +++ /dev/null @@ -1,16 +0,0 @@ -module LL_ETHERNET; - -const DLT_EN10MB : count = 1; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($identifier=DLT_EN10MB, $analyzer=LLAnalyzer::LLANALYZER_ETHERNET), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8847, $analyzer=LLAnalyzer::LLANALYZER_MPLS), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8100, $analyzer=LLAnalyzer::LLANALYZER_VLAN), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x88A8, $analyzer=LLAnalyzer::LLANALYZER_VLAN), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x9100, $analyzer=LLAnalyzer::LLANALYZER_VLAN), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8864, $analyzer=LLAnalyzer::LLANALYZER_PPPOE) -}; diff --git a/scripts/base/llprotocols/fddi/main.zeek b/scripts/base/llprotocols/fddi/main.zeek deleted file mode 100644 index 68fd691d7f..0000000000 --- a/scripts/base/llprotocols/fddi/main.zeek +++ /dev/null @@ -1,7 +0,0 @@ -module LL_FDDI; - -const DLT_FDDI : count = 10; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($identifier=DLT_FDDI, $analyzer=LLAnalyzer::LLANALYZER_FDDI) -}; diff --git a/scripts/base/llprotocols/ieee802_11/main.zeek b/scripts/base/llprotocols/ieee802_11/main.zeek deleted file mode 100644 index 070e3f9eff..0000000000 --- a/scripts/base/llprotocols/ieee802_11/main.zeek +++ /dev/null @@ -1,11 +0,0 @@ -module LL_IEEE802_11; - -const DLT_IEEE802_11 : count = 105; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11, $analyzer=LLAnalyzer::LLANALYZER_IEEE802_11), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP) -}; diff --git a/scripts/base/llprotocols/ieee802_11_radio/main.zeek b/scripts/base/llprotocols/ieee802_11_radio/main.zeek deleted file mode 100644 index 0985b0e391..0000000000 --- a/scripts/base/llprotocols/ieee802_11_radio/main.zeek +++ /dev/null @@ -1,9 +0,0 @@ -module LL_IEEE802_11_RADIO; - -const DLT_IEEE802_11_RADIO : count = 127; -const DLT_IEEE802_11 : count = 105; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11_RADIO, $analyzer=LLAnalyzer::LLANALYZER_IEEE802_11_RADIO), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11_RADIO, $identifier=DLT_IEEE802_11, $analyzer=LLAnalyzer::LLANALYZER_IEEE802_11) -}; diff --git a/scripts/base/llprotocols/linux_sll/main.zeek b/scripts/base/llprotocols/linux_sll/main.zeek deleted file mode 100644 index 601c5ae870..0000000000 --- a/scripts/base/llprotocols/linux_sll/main.zeek +++ /dev/null @@ -1,12 +0,0 @@ -module LL_LINUX_SLL; - -const DLT_LINUX_SLL : count = 113; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($identifier=DLT_LINUX_SLL, $analyzer=LLAnalyzer::LLANALYZER_LINUXSLL), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP), - # RARP - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP) -}; diff --git a/scripts/base/llprotocols/nflog/main.zeek b/scripts/base/llprotocols/nflog/main.zeek deleted file mode 100644 index d62ccd20c5..0000000000 --- a/scripts/base/llprotocols/nflog/main.zeek +++ /dev/null @@ -1,11 +0,0 @@ -module LL_NFLOG; - -const DLT_NFLOG : count = 239; -const AF_INET : count = 2; -const AF_INET6 : count = 10; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($identifier=DLT_NFLOG, $analyzer=LLAnalyzer::LLANALYZER_NFLOG), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NFLOG, $identifier=AF_INET, $analyzer=LLAnalyzer::LLANALYZER_IPV4), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NFLOG, $identifier=AF_INET6, $analyzer=LLAnalyzer::LLANALYZER_IPV6) -}; diff --git a/scripts/base/llprotocols/null/main.zeek b/scripts/base/llprotocols/null/main.zeek deleted file mode 100644 index f70f40d0e2..0000000000 --- a/scripts/base/llprotocols/null/main.zeek +++ /dev/null @@ -1,19 +0,0 @@ -module LL_NULL; - -const DLT_NULL : count = 0; -const AF_INET : count = 2; -const AF_INET6 : count = 10; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($identifier=DLT_NULL, $analyzer=LLAnalyzer::LLANALYZER_NULL), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=AF_INET, $analyzer=LLAnalyzer::LLANALYZER_IPV4), - - ## From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different values in - ## {NetBSD,OpenBSD,BSD/OS}, {FreeBSD,DragonFlyBSD}, and {Darwin/Mac OS X}, so an IPv6 - ## packet might have a link-layer header with 24, 28, or 30 as the AF_ value. As we - ## may be reading traces captured on platforms other than what we're running on, we - ## accept them all here. - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=24, $analyzer=LLAnalyzer::LLANALYZER_IPV6), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=28, $analyzer=LLAnalyzer::LLANALYZER_IPV6), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=30, $analyzer=LLAnalyzer::LLANALYZER_IPV6) -}; diff --git a/scripts/base/llprotocols/ppp_serial/main.zeek b/scripts/base/llprotocols/ppp_serial/main.zeek deleted file mode 100644 index cb873a773b..0000000000 --- a/scripts/base/llprotocols/ppp_serial/main.zeek +++ /dev/null @@ -1,10 +0,0 @@ -module LL_PPP_SERIAL; - -const DLT_PPP_SERIAL : count = 50; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($identifier=DLT_PPP_SERIAL, $analyzer=LLAnalyzer::LLANALYZER_PPPSERIAL), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPSERIAL, $identifier=0x0281, $analyzer=LLAnalyzer::LLANALYZER_MPLS), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPSERIAL, $identifier=0x0021, $analyzer=LLAnalyzer::LLANALYZER_IPV4), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPSERIAL, $identifier=0x0057, $analyzer=LLAnalyzer::LLANALYZER_IPV6) -}; diff --git a/scripts/base/llprotocols/pppoe/main.zeek b/scripts/base/llprotocols/pppoe/main.zeek deleted file mode 100644 index 737658d826..0000000000 --- a/scripts/base/llprotocols/pppoe/main.zeek +++ /dev/null @@ -1,6 +0,0 @@ -module LL_PPPOE; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPOE, $identifier=0x0021, $analyzer=LLAnalyzer::LLANALYZER_IPV4), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPOE, $identifier=0x0057, $analyzer=LLAnalyzer::LLANALYZER_IPV6) -}; diff --git a/scripts/base/llprotocols/vlan/main.zeek b/scripts/base/llprotocols/vlan/main.zeek deleted file mode 100644 index 97e4cdcb09..0000000000 --- a/scripts/base/llprotocols/vlan/main.zeek +++ /dev/null @@ -1,11 +0,0 @@ -module LL_VLAN; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8847, $analyzer=LLAnalyzer::LLANALYZER_MPLS), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8100, $analyzer=LLAnalyzer::LLANALYZER_VLAN), - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8864, $analyzer=LLAnalyzer::LLANALYZER_PPPOE) -}; diff --git a/scripts/base/packet-protocols/__load__.zeek b/scripts/base/packet-protocols/__load__.zeek new file mode 100644 index 0000000000..60c804f2fd --- /dev/null +++ b/scripts/base/packet-protocols/__load__.zeek @@ -0,0 +1,11 @@ +@load base/packet-protocols/default +@load base/packet-protocols/ethernet +@load base/packet-protocols/fddi +@load base/packet-protocols/ieee802_11 +@load base/packet-protocols/ieee802_11_radio +@load base/packet-protocols/linux_sll +@load base/packet-protocols/nflog +@load base/packet-protocols/null +@load base/packet-protocols/ppp_serial +@load base/packet-protocols/pppoe +@load base/packet-protocols/vlan diff --git a/scripts/base/llprotocols/default/__load__.zeek b/scripts/base/packet-protocols/default/__load__.zeek similarity index 100% rename from scripts/base/llprotocols/default/__load__.zeek rename to scripts/base/packet-protocols/default/__load__.zeek diff --git a/scripts/base/packet-protocols/default/main.zeek b/scripts/base/packet-protocols/default/main.zeek new file mode 100644 index 0000000000..2d0d451d3f --- /dev/null +++ b/scripts/base/packet-protocols/default/main.zeek @@ -0,0 +1,6 @@ +module LL_DEFAULT; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=4, $analyzer=PacketAnalyzer::ANALYZER_IPV4), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=6, $analyzer=PacketAnalyzer::ANALYZER_IPV6) +}; diff --git a/scripts/base/llprotocols/ethernet/__load__.zeek b/scripts/base/packet-protocols/ethernet/__load__.zeek similarity index 100% rename from scripts/base/llprotocols/ethernet/__load__.zeek rename to scripts/base/packet-protocols/ethernet/__load__.zeek diff --git a/scripts/base/packet-protocols/ethernet/main.zeek b/scripts/base/packet-protocols/ethernet/main.zeek new file mode 100644 index 0000000000..ca11767466 --- /dev/null +++ b/scripts/base/packet-protocols/ethernet/main.zeek @@ -0,0 +1,16 @@ +module LL_ETHERNET; + +const DLT_EN10MB : count = 1; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($identifier=DLT_EN10MB, $analyzer=PacketAnalyzer::ANALYZER_ETHERNET), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8847, $analyzer=PacketAnalyzer::ANALYZER_MPLS), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8100, $analyzer=PacketAnalyzer::ANALYZER_VLAN), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x88A8, $analyzer=PacketAnalyzer::ANALYZER_VLAN), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x9100, $analyzer=PacketAnalyzer::ANALYZER_VLAN), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE) +}; diff --git a/scripts/base/llprotocols/fddi/__load__.zeek b/scripts/base/packet-protocols/fddi/__load__.zeek similarity index 100% rename from scripts/base/llprotocols/fddi/__load__.zeek rename to scripts/base/packet-protocols/fddi/__load__.zeek diff --git a/scripts/base/packet-protocols/fddi/main.zeek b/scripts/base/packet-protocols/fddi/main.zeek new file mode 100644 index 0000000000..b503a143f1 --- /dev/null +++ b/scripts/base/packet-protocols/fddi/main.zeek @@ -0,0 +1,7 @@ +module LL_FDDI; + +const DLT_FDDI : count = 10; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($identifier=DLT_FDDI, $analyzer=PacketAnalyzer::ANALYZER_FDDI) +}; diff --git a/scripts/base/llprotocols/ieee802_11/__load__.zeek b/scripts/base/packet-protocols/ieee802_11/__load__.zeek similarity index 100% rename from scripts/base/llprotocols/ieee802_11/__load__.zeek rename to scripts/base/packet-protocols/ieee802_11/__load__.zeek diff --git a/scripts/base/packet-protocols/ieee802_11/main.zeek b/scripts/base/packet-protocols/ieee802_11/main.zeek new file mode 100644 index 0000000000..221f301ef3 --- /dev/null +++ b/scripts/base/packet-protocols/ieee802_11/main.zeek @@ -0,0 +1,11 @@ +module LL_IEEE802_11; + +const DLT_IEEE802_11 : count = 105; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP) +}; diff --git a/scripts/base/llprotocols/ieee802_11_radio/__load__.zeek b/scripts/base/packet-protocols/ieee802_11_radio/__load__.zeek similarity index 100% rename from scripts/base/llprotocols/ieee802_11_radio/__load__.zeek rename to scripts/base/packet-protocols/ieee802_11_radio/__load__.zeek diff --git a/scripts/base/packet-protocols/ieee802_11_radio/main.zeek b/scripts/base/packet-protocols/ieee802_11_radio/main.zeek new file mode 100644 index 0000000000..52660f6e5e --- /dev/null +++ b/scripts/base/packet-protocols/ieee802_11_radio/main.zeek @@ -0,0 +1,9 @@ +module LL_IEEE802_11_RADIO; + +const DLT_IEEE802_11_RADIO : count = 127; +const DLT_IEEE802_11 : count = 105; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11_RADIO, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, $identifier=DLT_IEEE802_11, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11) +}; diff --git a/scripts/base/llprotocols/linux_sll/__load__.zeek b/scripts/base/packet-protocols/linux_sll/__load__.zeek similarity index 100% rename from scripts/base/llprotocols/linux_sll/__load__.zeek rename to scripts/base/packet-protocols/linux_sll/__load__.zeek diff --git a/scripts/base/packet-protocols/linux_sll/main.zeek b/scripts/base/packet-protocols/linux_sll/main.zeek new file mode 100644 index 0000000000..096ffb2d74 --- /dev/null +++ b/scripts/base/packet-protocols/linux_sll/main.zeek @@ -0,0 +1,12 @@ +module LL_LINUX_SLL; + +const DLT_LINUX_SLL : count = 113; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($identifier=DLT_LINUX_SLL, $analyzer=PacketAnalyzer::ANALYZER_LINUXSLL), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP), + # RARP + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP) +}; diff --git a/scripts/base/llprotocols/nflog/__load__.zeek b/scripts/base/packet-protocols/nflog/__load__.zeek similarity index 100% rename from scripts/base/llprotocols/nflog/__load__.zeek rename to scripts/base/packet-protocols/nflog/__load__.zeek diff --git a/scripts/base/packet-protocols/nflog/main.zeek b/scripts/base/packet-protocols/nflog/main.zeek new file mode 100644 index 0000000000..ebbf156df8 --- /dev/null +++ b/scripts/base/packet-protocols/nflog/main.zeek @@ -0,0 +1,11 @@ +module LL_NFLOG; + +const DLT_NFLOG : count = 239; +const AF_INET : count = 2; +const AF_INET6 : count = 10; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($identifier=DLT_NFLOG, $analyzer=PacketAnalyzer::ANALYZER_NFLOG), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NFLOG, $identifier=AF_INET, $analyzer=PacketAnalyzer::ANALYZER_IPV4), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NFLOG, $identifier=AF_INET6, $analyzer=PacketAnalyzer::ANALYZER_IPV6) +}; diff --git a/scripts/base/llprotocols/null/__load__.zeek b/scripts/base/packet-protocols/null/__load__.zeek similarity index 100% rename from scripts/base/llprotocols/null/__load__.zeek rename to scripts/base/packet-protocols/null/__load__.zeek diff --git a/scripts/base/packet-protocols/null/main.zeek b/scripts/base/packet-protocols/null/main.zeek new file mode 100644 index 0000000000..f2a8a02245 --- /dev/null +++ b/scripts/base/packet-protocols/null/main.zeek @@ -0,0 +1,19 @@ +module LL_NULL; + +const DLT_NULL : count = 0; +const AF_INET : count = 2; +const AF_INET6 : count = 10; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($identifier=DLT_NULL, $analyzer=PacketAnalyzer::ANALYZER_NULL), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=AF_INET, $analyzer=PacketAnalyzer::ANALYZER_IPV4), + + ## From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different values in + ## {NetBSD,OpenBSD,BSD/OS}, {FreeBSD,DragonFlyBSD}, and {Darwin/Mac OS X}, so an IPv6 + ## packet might have a link-layer header with 24, 28, or 30 as the AF_ value. As we + ## may be reading traces captured on platforms other than what we're running on, we + ## accept them all here. + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=24, $analyzer=PacketAnalyzer::ANALYZER_IPV6), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=28, $analyzer=PacketAnalyzer::ANALYZER_IPV6), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=30, $analyzer=PacketAnalyzer::ANALYZER_IPV6) +}; diff --git a/scripts/base/llprotocols/ppp_serial/__load__.zeek b/scripts/base/packet-protocols/ppp_serial/__load__.zeek similarity index 100% rename from scripts/base/llprotocols/ppp_serial/__load__.zeek rename to scripts/base/packet-protocols/ppp_serial/__load__.zeek diff --git a/scripts/base/packet-protocols/ppp_serial/main.zeek b/scripts/base/packet-protocols/ppp_serial/main.zeek new file mode 100644 index 0000000000..1feb5fdfe3 --- /dev/null +++ b/scripts/base/packet-protocols/ppp_serial/main.zeek @@ -0,0 +1,10 @@ +module LL_PPP_SERIAL; + +const DLT_PPP_SERIAL : count = 50; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($identifier=DLT_PPP_SERIAL, $analyzer=PacketAnalyzer::ANALYZER_PPPSERIAL), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0281, $analyzer=PacketAnalyzer::ANALYZER_MPLS), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0021, $analyzer=PacketAnalyzer::ANALYZER_IPV4), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0057, $analyzer=PacketAnalyzer::ANALYZER_IPV6) +}; diff --git a/scripts/base/llprotocols/pppoe/__load__.zeek b/scripts/base/packet-protocols/pppoe/__load__.zeek similarity index 100% rename from scripts/base/llprotocols/pppoe/__load__.zeek rename to scripts/base/packet-protocols/pppoe/__load__.zeek diff --git a/scripts/base/packet-protocols/pppoe/main.zeek b/scripts/base/packet-protocols/pppoe/main.zeek new file mode 100644 index 0000000000..8416e42bf2 --- /dev/null +++ b/scripts/base/packet-protocols/pppoe/main.zeek @@ -0,0 +1,6 @@ +module LL_PPPOE; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPOE, $identifier=0x0021, $analyzer=PacketAnalyzer::ANALYZER_IPV4), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPOE, $identifier=0x0057, $analyzer=PacketAnalyzer::ANALYZER_IPV6) +}; diff --git a/scripts/base/llprotocols/vlan/__load__.zeek b/scripts/base/packet-protocols/vlan/__load__.zeek similarity index 100% rename from scripts/base/llprotocols/vlan/__load__.zeek rename to scripts/base/packet-protocols/vlan/__load__.zeek diff --git a/scripts/base/packet-protocols/vlan/main.zeek b/scripts/base/packet-protocols/vlan/main.zeek new file mode 100644 index 0000000000..78bff9398a --- /dev/null +++ b/scripts/base/packet-protocols/vlan/main.zeek @@ -0,0 +1,11 @@ +module LL_VLAN; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8847, $analyzer=PacketAnalyzer::ANALYZER_MPLS), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8100, $analyzer=PacketAnalyzer::ANALYZER_VLAN), + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE) +}; diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 9545236898..e851872b65 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -146,7 +146,7 @@ set(bro_PLUGIN_LIBS CACHE INTERNAL "plugin libraries" FORCE) set(bro_PLUGIN_DEPS CACHE INTERNAL "plugin dependencies" FORCE) add_subdirectory(analyzer) -add_subdirectory(llanalyzer) +add_subdirectory(packet_analysis) add_subdirectory(broker) add_subdirectory(zeekygen) add_subdirectory(file_analysis) diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index 497bae8230..96a9ce171c 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -19,7 +19,7 @@ DebugLogger::Stream DebugLogger::streams[NUM_DBGS] = { { "string", 0, false }, { "notifiers", 0, false }, { "main-loop", 0, false }, - { "llanalyzer", 0, false }, + { "packet_analysis", 0, false }, { "dpd", 0, false }, { "tm", 0, false }, { "logging", 0, false }, diff --git a/src/DebugLogger.h b/src/DebugLogger.h index 80ec926b1b..1005c367a6 100644 --- a/src/DebugLogger.h +++ b/src/DebugLogger.h @@ -30,24 +30,24 @@ namespace zeek { // an entry to DebugLogger::streams in DebugLogger.cc. enum DebugStream { - DBG_SERIAL, // Serialization - DBG_RULES, // Signature matching - DBG_STRING, // String code - DBG_NOTIFIERS, // Notifiers - DBG_MAINLOOP, // Main IOSource loop - DBG_LLANALYZER, // Low-Layer Analyzer Proof of Concept - DBG_ANALYZER, // Analyzer framework - DBG_TM, // Time-machine packet input via Brocolli - DBG_LOGGING, // Logging streams - DBG_INPUT, // Input streams - DBG_THREADING, // Threading system - DBG_FILE_ANALYSIS, // File analysis - DBG_PLUGINS, // Plugin system - DBG_ZEEKYGEN, // Zeekygen - DBG_PKTIO, // Packet sources and dumpers. - DBG_BROKER, // Broker communication - DBG_SCRIPTS, // Script initialization - DBG_SUPERVISOR, // Process supervisor + DBG_SERIAL, // Serialization + DBG_RULES, // Signature matching + DBG_STRING, // String code + DBG_NOTIFIERS, // Notifiers + DBG_MAINLOOP, // Main IOSource loop + DBG_ANALYZER, // Analyzer framework + DBG_PACKET_ANALYSIS, // Packet analysis + DBG_FILE_ANALYSIS, // File analysis + DBG_TM, // Time-machine packet input via Brocolli + DBG_LOGGING, // Logging streams + DBG_INPUT, // Input streams + DBG_THREADING, // Threading system + DBG_PLUGINS, // Plugin system + DBG_ZEEKYGEN, // Zeekygen + DBG_PKTIO, // Packet sources and dumpers. + DBG_BROKER, // Broker communication + DBG_SCRIPTS, // Script initialization + DBG_SUPERVISOR, // Process supervisor NUM_DBGS // Has to be last }; diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index ae074bb9da..e2c9ca01b6 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -3,7 +3,7 @@ #include "Desc.h" #include "IP.h" #include "iosource/Manager.h" -#include "llanalyzer/Manager.h" +#include "packet_analysis/Manager.h" #include "Var.h" extern "C" { @@ -59,15 +59,15 @@ void Packet::Init(int arg_link_type, pkt_timeval *arg_ts, uint32_t arg_caplen, l3_proto = L3_UNKNOWN; l3_checksummed = false; - // For ll-analyzer: cur_pos points to the next payload. + // For packet analyzer: cur_pos points to the next payload. cur_pos = data; if ( data ) { - // From here we assume that layer 2 is valid. If an ll-analyzer encounters + // From here we assume that layer 2 is valid. If a packet analyzer encounters // an issue, it will call Packet::Weird(), which sets l2_valid to false. l2_valid = true; - llanalyzer_mgr->ProcessPacket(this); + packet_mgr->ProcessPacket(this); // Calculate header size after processing lower layers. hdr_size = cur_pos - data; } diff --git a/src/llanalyzer/protocol/default/Plugin.cc b/src/llanalyzer/protocol/default/Plugin.cc deleted file mode 100644 index cc92fd6870..0000000000 --- a/src/llanalyzer/protocol/default/Plugin.cc +++ /dev/null @@ -1,24 +0,0 @@ -// See the file "COPYING" in the main distribution directory for copyright. - -#include "Default.h" -#include "plugin/Plugin.h" -#include "llanalyzer/Component.h" - -namespace zeek::plugin::LLAnalyzer_Default { - -class Plugin : public zeek::plugin::Plugin { -public: - zeek::plugin::Configuration Configure() - { - AddComponent(new zeek::llanalyzer::Component("DefaultAnalyzer", - zeek::llanalyzer::Default::DefaultAnalyzer::Instantiate)); - - zeek::plugin::Configuration config; - config.name = "LLAnalyzer::DefaultAnalyzer"; - config.description = "Default LL-Analyzer for IP fallback"; - return config; - } - -} plugin; - -} diff --git a/src/llanalyzer/protocol/ethernet/Plugin.cc b/src/llanalyzer/protocol/ethernet/Plugin.cc deleted file mode 100644 index 5ae0e1cc87..0000000000 --- a/src/llanalyzer/protocol/ethernet/Plugin.cc +++ /dev/null @@ -1,24 +0,0 @@ -// See the file "COPYING" in the main distribution directory for copyright. - -#include "Ethernet.h" -#include "plugin/Plugin.h" -#include "llanalyzer/Component.h" - -namespace zeek::plugin::LLAnalyzer_Ethernet { - -class Plugin : public zeek::plugin::Plugin { -public: - zeek::plugin::Configuration Configure() - { - AddComponent(new zeek::llanalyzer::Component("Ethernet", - zeek::llanalyzer::Ethernet::EthernetAnalyzer::Instantiate)); - - zeek::plugin::Configuration config; - config.name = "LLAnalyzer::Ethernet"; - config.description = "Ethernet LL-Analyzer"; - return config; - } - -} plugin; - -} diff --git a/src/llanalyzer/protocol/ieee802_11/Plugin.cc b/src/llanalyzer/protocol/ieee802_11/Plugin.cc deleted file mode 100644 index b85fb29b9a..0000000000 --- a/src/llanalyzer/protocol/ieee802_11/Plugin.cc +++ /dev/null @@ -1,24 +0,0 @@ -// See the file "COPYING" in the main distribution directory for copyright. - -#include "IEEE802_11.h" -#include "plugin/Plugin.h" -#include "llanalyzer/Component.h" - -namespace zeek::plugin::LLAnalyzer_IEEE802_11 { - -class Plugin : public zeek::plugin::Plugin { -public: - zeek::plugin::Configuration Configure() - { - AddComponent(new zeek::llanalyzer::Component("IEEE802_11", - zeek::llanalyzer::IEEE802_11::IEEE802_11Analyzer::Instantiate)); - - zeek::plugin::Configuration config; - config.name = "LLAnalyzer::IEEE802_11"; - config.description = "IEEE 802.11 LL-Analyzer"; - return config; - } - -} plugin; - -} diff --git a/src/llanalyzer/protocol/ieee802_11_radio/Plugin.cc b/src/llanalyzer/protocol/ieee802_11_radio/Plugin.cc deleted file mode 100644 index e0339be75d..0000000000 --- a/src/llanalyzer/protocol/ieee802_11_radio/Plugin.cc +++ /dev/null @@ -1,23 +0,0 @@ -// See the file "COPYING" in the main distribution directory for copyright. - -#include "IEEE802_11_Radio.h" -#include "plugin/Plugin.h" -#include "llanalyzer/Component.h" - -namespace zeek::plugin::LLAnalyzer_IEEE802_11_Radio { - -class Plugin : public zeek::plugin::Plugin { -public: - zeek::plugin::Configuration Configure() - { - AddComponent(new zeek::llanalyzer::Component("IEEE802_11_Radio", - zeek::llanalyzer::IEEE802_11_Radio::IEEE802_11_RadioAnalyzer::Instantiate)); - - zeek::plugin::Configuration config; - config.name = "LLAnalyzer::IEEE802_11_Radio"; - config.description = "IEEE 802.11 Radiotap LL-Analyzer"; - return config; - } - -} plugin; -} diff --git a/src/llanalyzer/protocol/linux_sll/Plugin.cc b/src/llanalyzer/protocol/linux_sll/Plugin.cc deleted file mode 100644 index 8968e38c79..0000000000 --- a/src/llanalyzer/protocol/linux_sll/Plugin.cc +++ /dev/null @@ -1,24 +0,0 @@ -// See the file "COPYING" in the main distribution directory for copyright. - -#include "plugin/Plugin.h" -#include "LinuxSLL.h" -#include "llanalyzer/Component.h" - -namespace zeek::plugin::LLAnalyzer_LinuxSLL { - -class Plugin : public zeek::plugin::Plugin { -public: - zeek::plugin::Configuration Configure() - { - AddComponent(new zeek::llanalyzer::Component("LinuxSLL", - zeek::llanalyzer::LinuxSLL::LinuxSLLAnalyzer::Instantiate)); - - zeek::plugin::Configuration config; - config.name = "LLAnalyzer::LinuxSLL"; - config.description = "Linux cooked capture (SLL) LL-Analyzer"; - return config; - } - -} plugin; - -} diff --git a/src/llanalyzer/protocol/ppp_serial/Plugin.cc b/src/llanalyzer/protocol/ppp_serial/Plugin.cc deleted file mode 100644 index c7ac7c42cd..0000000000 --- a/src/llanalyzer/protocol/ppp_serial/Plugin.cc +++ /dev/null @@ -1,24 +0,0 @@ -// See the file "COPYING" in the main distribution directory for copyright. - -#include "PPPSerial.h" -#include "plugin/Plugin.h" -#include "llanalyzer/Component.h" - -namespace zeek::plugin::LLAnalyzer_PPPSerial { - -class Plugin : public zeek::plugin::Plugin { -public: - zeek::plugin::Configuration Configure() - { - AddComponent(new zeek::llanalyzer::Component("PPPSerial", - zeek::llanalyzer::PPPSerial::PPPSerialAnalyzer::Instantiate)); - - zeek::plugin::Configuration config; - config.name = "LLAnalyzer::PPPSerial"; - config.description = "PPPSerial LL-Analyzer"; - return config; - } - -} plugin; - -} diff --git a/src/llanalyzer/Analyzer.cc b/src/packet_analysis/Analyzer.cc similarity index 66% rename from src/llanalyzer/Analyzer.cc rename to src/packet_analysis/Analyzer.cc index ff5798070b..c045a9302f 100644 --- a/src/llanalyzer/Analyzer.cc +++ b/src/packet_analysis/Analyzer.cc @@ -3,14 +3,14 @@ #include #include "Analyzer.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { Analyzer::Analyzer(std::string name) { - Tag t = llanalyzer_mgr->GetComponentTag(name); + Tag t = packet_mgr->GetComponentTag(name); if ( ! t ) - reporter->InternalError("unknown llanalyzer name %s", name.c_str()); + reporter->InternalError("unknown packet_analysis name %s", name.c_str()); Init(t); } @@ -35,13 +35,13 @@ const Tag Analyzer::GetAnalyzerTag() const const char* Analyzer::GetAnalyzerName() const { assert(tag); - return llanalyzer_mgr->GetComponentName(tag).c_str(); + return packet_mgr->GetComponentName(tag).c_str(); } bool Analyzer::IsAnalyzer(const char* name) { assert(tag); - return llanalyzer_mgr->GetComponentName(tag).compare(name) == 0; + return packet_mgr->GetComponentName(tag).compare(name) == 0; } } diff --git a/src/llanalyzer/Analyzer.h b/src/packet_analysis/Analyzer.h similarity index 86% rename from src/llanalyzer/Analyzer.h rename to src/packet_analysis/Analyzer.h index 06dd75e5d1..0a20f2fe39 100644 --- a/src/llanalyzer/Analyzer.h +++ b/src/packet_analysis/Analyzer.h @@ -6,15 +6,15 @@ #include "Tag.h" #include -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { /** - * Result of low layer analysis. + * Result of packet analysis. */ enum class AnalyzerResult { Failed, // Analysis failed - Continue, // Analysis succeded and an encapuslated protocol was determined - Terminate // Analysis succeded and there is no further analysis to do + Continue, // Analysis succeeded and an encapsulated protocol was determined + Terminate // Analysis succeeded and there is no further analysis to do }; using AnalysisResultTuple = std::tuple; @@ -49,7 +49,7 @@ public: /** * Returns a textual description of the analyzer's type. This is - * what's passed to the constructor and usally corresponds to the + * what's passed to the constructor and usually corresponds to the * protocol name, e.g., "ARP". */ const char* GetAnalyzerName() const; @@ -86,4 +86,4 @@ private: void Init(const Tag& tag); }; -} // llanalyzer namespace end +} diff --git a/src/llanalyzer/AnalyzerSet.h b/src/packet_analysis/AnalyzerSet.h similarity index 91% rename from src/llanalyzer/AnalyzerSet.h rename to src/packet_analysis/AnalyzerSet.h index de71fb7dda..5e9c538ce2 100644 --- a/src/llanalyzer/AnalyzerSet.h +++ b/src/packet_analysis/AnalyzerSet.h @@ -5,7 +5,7 @@ #include "Analyzer.h" #include "Defines.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { class Analyzer; diff --git a/src/llanalyzer/CMakeLists.txt b/src/packet_analysis/CMakeLists.txt similarity index 100% rename from src/llanalyzer/CMakeLists.txt rename to src/packet_analysis/CMakeLists.txt diff --git a/src/llanalyzer/Component.cc b/src/packet_analysis/Component.cc similarity index 69% rename from src/llanalyzer/Component.cc rename to src/packet_analysis/Component.cc index a5991cbf2b..7ca6f24bcc 100644 --- a/src/llanalyzer/Component.cc +++ b/src/packet_analysis/Component.cc @@ -4,11 +4,11 @@ #include "Desc.h" #include "Manager.h" -using namespace zeek::llanalyzer; +using namespace zeek::packet_analysis; Component::Component(const std::string& name, factory_callback arg_factory, Tag::subtype_t arg_subtype, bool arg_enabled) - : plugin::Component(plugin::component::LLANALYZER, name), - plugin::TaggedComponent(arg_subtype) + : plugin::Component(plugin::component::PACKET_ANALYZER, name), + plugin::TaggedComponent(arg_subtype) { factory = arg_factory; enabled = arg_enabled; @@ -17,14 +17,14 @@ Component::Component(const std::string& name, factory_callback arg_factory, Tag: void Component::Initialize() { InitializeTag(); - llanalyzer_mgr->RegisterComponent(this, "LLANALYZER_"); + packet_mgr->RegisterComponent(this, "ANALYZER_"); } void Component::DoDescribe(ODesc* d) const { if ( factory ) { - d->Add("LLANALYZER_"); + d->Add("ANALYZER_"); d->Add(CanonicalName()); d->Add(", "); } diff --git a/src/llanalyzer/Component.h b/src/packet_analysis/Component.h similarity index 92% rename from src/llanalyzer/Component.h rename to src/packet_analysis/Component.h index 5d9ed0c6f3..8bb7452080 100644 --- a/src/llanalyzer/Component.h +++ b/src/packet_analysis/Component.h @@ -9,12 +9,12 @@ #include "plugin/Component.h" #include "plugin/TaggedComponent.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { class Analyzer; class Component : public plugin::Component, - public plugin::TaggedComponent { + public plugin::TaggedComponent { public: typedef Analyzer* (*factory_callback)(); diff --git a/src/llanalyzer/Config.cc b/src/packet_analysis/Config.cc similarity index 93% rename from src/llanalyzer/Config.cc rename to src/packet_analysis/Config.cc index 1c068d27c2..bfb41d2540 100644 --- a/src/llanalyzer/Config.cc +++ b/src/packet_analysis/Config.cc @@ -4,7 +4,7 @@ #include "Reporter.h" #include "DebugLogger.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { // ############################## // ####### DispatcherConfig ##### @@ -22,7 +22,7 @@ const std::map& DispatcherConfig::GetMappings() const void DispatcherConfig::AddMapping(identifier_t identifier, const std::string& analyzer_name) { - DBG_LOG(DBG_LLANALYZER, "Adding configuration mapping: %s -> %#x -> %s", + DBG_LOG(DBG_PACKET_ANALYSIS, "Adding configuration mapping: %s -> %#x -> %s", name.c_str(), identifier, analyzer_name.c_str()); if ( mappings.count(identifier) ) @@ -84,4 +84,4 @@ void Config::AddMapping(const std::string& name, identifier_t identifier, dispatch_config->get().AddMapping(identifier, analyzer_name); } -} // namespace llanalyzer +} // namespace packet_analysis diff --git a/src/llanalyzer/Config.h b/src/packet_analysis/Config.h similarity index 97% rename from src/llanalyzer/Config.h rename to src/packet_analysis/Config.h index 0ce9837174..f99526d311 100644 --- a/src/llanalyzer/Config.h +++ b/src/packet_analysis/Config.h @@ -10,7 +10,7 @@ #include "Defines.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { class DispatcherConfig { public: diff --git a/src/llanalyzer/Defines.h b/src/packet_analysis/Defines.h similarity index 81% rename from src/llanalyzer/Defines.h rename to src/packet_analysis/Defines.h index 307af09e3a..3479b5b392 100644 --- a/src/llanalyzer/Defines.h +++ b/src/packet_analysis/Defines.h @@ -4,7 +4,7 @@ #include -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { using identifier_t = uint32_t; diff --git a/src/llanalyzer/Manager.cc b/src/packet_analysis/Manager.cc similarity index 76% rename from src/llanalyzer/Manager.cc rename to src/packet_analysis/Manager.cc index 0aa8e7f138..8b0ff3bbb7 100644 --- a/src/llanalyzer/Manager.cc +++ b/src/packet_analysis/Manager.cc @@ -9,10 +9,10 @@ #include "ProtocolAnalyzerSet.h" #include "plugin/Manager.h" -using namespace zeek::llanalyzer; +using namespace zeek::packet_analysis; Manager::Manager() - : plugin::ComponentManager("LLAnalyzer", "Tag") + : plugin::ComponentManager("PacketAnalyzer", "Tag") { } @@ -23,11 +23,11 @@ Manager::~Manager() void Manager::InitPostScript() { - auto llanalyzer_mapping = zeek::id::find("LLAnalyzer::config_map"); - if ( ! llanalyzer_mapping ) + auto analyzer_mapping = zeek::id::find("PacketAnalyzer::config_map"); + if ( ! analyzer_mapping ) return; - auto mapping_val = llanalyzer_mapping->GetVal()->AsVectorVal(); + auto mapping_val = analyzer_mapping->GetVal()->AsVectorVal(); if ( mapping_val->Size() == 0 ) return; @@ -53,10 +53,10 @@ void Manager::Done() void Manager::DumpDebug() { #ifdef DEBUG - DBG_LOG(DBG_LLANALYZER, "Available llanalyzers after zeek_init():"); + DBG_LOG(DBG_PACKET_ANALYSIS, "Available packet analyzers after zeek_init():"); for ( auto& current : GetComponents() ) { - DBG_LOG(DBG_LLANALYZER, " %s (%s)", current->Name().c_str(), IsEnabled(current->Tag()) ? "enabled" : "disabled"); + DBG_LOG(DBG_PACKET_ANALYSIS, " %s (%s)", current->Name().c_str(), IsEnabled(current->Tag()) ? "enabled" : "disabled"); } // Dump Analyzer Set @@ -72,7 +72,7 @@ bool Manager::EnableAnalyzer(const Tag& tag) if ( ! p ) return false; - DBG_LOG(DBG_LLANALYZER, "Enabling analyzer %s", p->Name().c_str()); + DBG_LOG(DBG_PACKET_ANALYSIS, "Enabling analyzer %s", p->Name().c_str()); p->SetEnabled(true); return true; @@ -85,7 +85,7 @@ bool Manager::EnableAnalyzer(EnumVal* val) if ( ! p ) return false; - DBG_LOG(DBG_LLANALYZER, "Enabling analyzer %s", p->Name().c_str()); + DBG_LOG(DBG_PACKET_ANALYSIS, "Enabling analyzer %s", p->Name().c_str()); p->SetEnabled(true); return true; @@ -98,7 +98,7 @@ bool Manager::DisableAnalyzer(const Tag& tag) if ( ! p ) return false; - DBG_LOG(DBG_LLANALYZER, "Disabling analyzer %s", p->Name().c_str()); + DBG_LOG(DBG_PACKET_ANALYSIS, "Disabling analyzer %s", p->Name().c_str()); p->SetEnabled(false); return true; @@ -111,7 +111,7 @@ bool Manager::DisableAnalyzer(EnumVal* val) if ( ! p ) return false; - DBG_LOG(DBG_LLANALYZER, "Disabling analyzer %s", p->Name().c_str()); + DBG_LOG(DBG_PACKET_ANALYSIS, "Disabling analyzer %s", p->Name().c_str()); p->SetEnabled(false); return true; @@ -119,14 +119,14 @@ bool Manager::DisableAnalyzer(EnumVal* val) void Manager::DisableAllAnalyzers() { - DBG_LOG(DBG_LLANALYZER, "Disabling all analyzers"); + DBG_LOG(DBG_PACKET_ANALYSIS, "Disabling all analyzers"); std::list all_analyzers = GetComponents(); for ( const auto& analyzer : all_analyzers ) analyzer->SetEnabled(false); } -zeek::llanalyzer::Tag Manager::GetAnalyzerTag(const char* name) +zeek::packet_analysis::Tag Manager::GetAnalyzerTag(const char* name) { return GetComponentTag(name); } @@ -160,7 +160,7 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag) if ( ! c ) { - reporter->InternalWarning("request to instantiate unknown llanalyzer"); + reporter->InternalWarning("request to instantiate unknown packet_analysis"); return nullptr; } @@ -201,7 +201,7 @@ void Manager::ProcessPacket(Packet* packet) { #ifdef DEBUG static size_t counter = 0; - DBG_LOG(DBG_LLANALYZER, "Analyzing packet %ld, ts=%.3f...", ++counter, packet->time); + DBG_LOG(DBG_PACKET_ANALYSIS, "Analyzing packet %ld, ts=%.3f...", ++counter, packet->time); #endif if ( ! analyzer_set ) @@ -217,7 +217,7 @@ void Manager::ProcessPacket(Packet* packet) // Analyzer not found if ( current_analyzer == nullptr ) { - DBG_LOG(DBG_LLANALYZER, "Could not find analyzer for identifier %#x", next_layer_id); + DBG_LOG(DBG_PACKET_ANALYSIS, "Could not find analyzer for identifier %#x", next_layer_id); packet->Weird("no_suitable_analyzer_found"); break; } @@ -229,14 +229,14 @@ void Manager::ProcessPacket(Packet* packet) switch ( result ) { case AnalyzerResult::Continue: - DBG_LOG(DBG_LLANALYZER, "Analysis in %s succeeded, next layer identifier is %#x.", + DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.", current_analyzer->GetAnalyzerName(), next_layer_id); break; case AnalyzerResult::Terminate: - DBG_LOG(DBG_LLANALYZER, "Done, last found layer identifier was %#x.", next_layer_id); + DBG_LOG(DBG_PACKET_ANALYSIS, "Done, last found layer identifier was %#x.", next_layer_id); break; case AnalyzerResult::Failed: - DBG_LOG(DBG_LLANALYZER, "Analysis failed in %s", current_analyzer->GetAnalyzerName()); + DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis failed in %s", current_analyzer->GetAnalyzerName()); } #endif diff --git a/src/llanalyzer/Manager.h b/src/packet_analysis/Manager.h similarity index 95% rename from src/llanalyzer/Manager.h rename to src/packet_analysis/Manager.h index 54e444bb07..30a1facb94 100644 --- a/src/llanalyzer/Manager.h +++ b/src/packet_analysis/Manager.h @@ -15,7 +15,7 @@ #include "../Dict.h" #include "../net_util.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { class AnalyzerSet; @@ -33,7 +33,7 @@ public: /** * Second-stage initialization of the manager. This is called late - * during Bro's initialization after any scripts are processed. + * during Zeek's initialization after any scripts are processed. */ void InitPostScript(); @@ -164,4 +164,4 @@ private: } -extern zeek::llanalyzer::Manager* llanalyzer_mgr; +extern zeek::packet_analysis::Manager* packet_mgr; diff --git a/src/llanalyzer/ProtocolAnalyzerSet.cc b/src/packet_analysis/ProtocolAnalyzerSet.cc similarity index 90% rename from src/llanalyzer/ProtocolAnalyzerSet.cc rename to src/packet_analysis/ProtocolAnalyzerSet.cc index 6d2aeca83f..21a3eac1f6 100644 --- a/src/llanalyzer/ProtocolAnalyzerSet.cc +++ b/src/packet_analysis/ProtocolAnalyzerSet.cc @@ -2,7 +2,7 @@ #include "ProtocolAnalyzerSet.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { ProtocolAnalyzerSet::ProtocolAnalyzerSet(Config& configuration, const std::string& default_analyzer_name) { @@ -16,7 +16,7 @@ ProtocolAnalyzerSet::ProtocolAnalyzerSet(Config& configuration, const std::strin continue; // Check if analyzer exists - if ( Analyzer* newAnalyzer = llanalyzer_mgr->InstantiateAnalyzer(current_mapping.second) ) + if ( Analyzer* newAnalyzer = packet_mgr->InstantiateAnalyzer(current_mapping.second) ) analyzers.emplace(current_mapping.second, newAnalyzer); } } @@ -24,14 +24,14 @@ ProtocolAnalyzerSet::ProtocolAnalyzerSet(Config& configuration, const std::strin // Generate Dispatchers, starting at root root_dispatcher = GetDispatcher(configuration, "ROOT"); if ( root_dispatcher == nullptr ) - reporter->InternalError("No dispatching configuration for ROOT of llanalyzer set."); + reporter->InternalError("No dispatching configuration for ROOT of packet_analysis set."); // Set up default analysis auto it = analyzers.find(default_analyzer_name); if ( it != analyzers.end() ) default_analyzer = it->second; else - default_analyzer = llanalyzer_mgr->InstantiateAnalyzer(default_analyzer_name); + default_analyzer = packet_mgr->InstantiateAnalyzer(default_analyzer_name); default_dispatcher = nullptr; if ( default_analyzer != nullptr ) @@ -89,10 +89,10 @@ void ProtocolAnalyzerSet::Reset() void ProtocolAnalyzerSet::DumpDebug() const { #ifdef DEBUG - DBG_LOG(DBG_LLANALYZER, "ProtocolAnalyzerSet FSM:"); + DBG_LOG(DBG_PACKET_ANALYSIS, "ProtocolAnalyzerSet FSM:"); for ( const auto& current : dispatchers ) { - DBG_LOG(DBG_LLANALYZER, " Dispatcher (%p): %s", current.second, current.first.c_str()); + DBG_LOG(DBG_PACKET_ANALYSIS, " Dispatcher (%p): %s", current.second, current.first.c_str()); current.second->DumpDebug(); } #endif diff --git a/src/llanalyzer/ProtocolAnalyzerSet.h b/src/packet_analysis/ProtocolAnalyzerSet.h similarity index 96% rename from src/llanalyzer/ProtocolAnalyzerSet.h rename to src/packet_analysis/ProtocolAnalyzerSet.h index 1f6a786456..bde05e73f9 100644 --- a/src/llanalyzer/ProtocolAnalyzerSet.h +++ b/src/packet_analysis/ProtocolAnalyzerSet.h @@ -8,7 +8,7 @@ #include "dispatchers/UniversalDispatcher.h" #include "dispatchers/VectorDispatcher.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { class ProtocolAnalyzerSet : public AnalyzerSet { diff --git a/src/llanalyzer/Tag.cc b/src/packet_analysis/Tag.cc similarity index 78% rename from src/llanalyzer/Tag.cc rename to src/packet_analysis/Tag.cc index 9960ed5e35..c33ab0dd82 100644 --- a/src/llanalyzer/Tag.cc +++ b/src/packet_analysis/Tag.cc @@ -3,12 +3,12 @@ #include "Tag.h" #include "Manager.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { Tag Tag::Error; Tag::Tag(type_t type, subtype_t subtype) - : zeek::Tag(llanalyzer_mgr->GetTagType(), type, subtype) + : zeek::Tag(packet_mgr->GetTagType(), type, subtype) { } @@ -20,7 +20,7 @@ Tag& Tag::operator=(const Tag& other) const IntrusivePtr& Tag::AsVal() const { - return zeek::Tag::AsVal(llanalyzer_mgr->GetTagType()); + return zeek::Tag::AsVal(packet_mgr->GetTagType()); } EnumVal* Tag::AsEnumVal() const diff --git a/src/llanalyzer/Tag.h b/src/packet_analysis/Tag.h similarity index 97% rename from src/llanalyzer/Tag.h rename to src/packet_analysis/Tag.h index 66c2cdc6cb..0d554e52f8 100644 --- a/src/llanalyzer/Tag.h +++ b/src/packet_analysis/Tag.h @@ -18,7 +18,7 @@ namespace plugin { zeek::plugin::ComponentManager; } -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { class Manager; class Component; @@ -100,7 +100,7 @@ public: protected: - friend class llanalyzer::Manager; + friend class packet_analysis::Manager; friend class plugin::ComponentManager; friend class plugin::TaggedComponent; diff --git a/src/llanalyzer/dispatchers/CMakeLists.txt b/src/packet_analysis/dispatchers/CMakeLists.txt similarity index 100% rename from src/llanalyzer/dispatchers/CMakeLists.txt rename to src/packet_analysis/dispatchers/CMakeLists.txt diff --git a/src/llanalyzer/dispatchers/Dispatcher.h b/src/packet_analysis/dispatchers/Dispatcher.h similarity index 96% rename from src/llanalyzer/dispatchers/Dispatcher.h rename to src/packet_analysis/dispatchers/Dispatcher.h index a59060459d..e71d1b5dfb 100644 --- a/src/llanalyzer/dispatchers/Dispatcher.h +++ b/src/packet_analysis/dispatchers/Dispatcher.h @@ -8,7 +8,7 @@ #include "Analyzer.h" #include "Defines.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { class Dispatcher; // Forward decl for Value using register_pair = std::pair>; diff --git a/src/llanalyzer/dispatchers/UniversalDispatcher.cc b/src/packet_analysis/dispatchers/UniversalDispatcher.cc similarity index 91% rename from src/llanalyzer/dispatchers/UniversalDispatcher.cc rename to src/packet_analysis/dispatchers/UniversalDispatcher.cc index 2bc86664e1..685c275b70 100644 --- a/src/llanalyzer/dispatchers/UniversalDispatcher.cc +++ b/src/packet_analysis/dispatchers/UniversalDispatcher.cc @@ -2,7 +2,7 @@ #include "UniversalDispatcher.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { UniversalDispatcher::UniversalDispatcher() : generator(rd()) { @@ -121,11 +121,11 @@ void UniversalDispatcher::Rehash() void UniversalDispatcher::DumpDebug() const { #ifdef DEBUG - DBG_LOG(DBG_LLANALYZER, " Dispatcher elements (used/total): %lu/%lu", Size(), table.size()); + DBG_LOG(DBG_PACKET_ANALYSIS, " Dispatcher elements (used/total): %lu/%lu", Size(), table.size()); for ( size_t i = 0; i < table.size(); i++ ) { if ( table[i].second != nullptr ) - DBG_LOG(DBG_LLANALYZER, " %#8x => %s, %p", table[i].first, table[i].second->analyzer->GetAnalyzerName(), table[i].second->dispatcher); + DBG_LOG(DBG_PACKET_ANALYSIS, " %#8x => %s, %p", table[i].first, table[i].second->analyzer->GetAnalyzerName(), table[i].second->dispatcher); } #endif } @@ -147,7 +147,7 @@ void UniversalDispatcher::Rehash(const std::vector& intermediate) { while ( ! FindCollisionFreeHashFunction(intermediate) ) { - DBG_LOG(DBG_LLANALYZER, "Rehashing did not work. Increasing #bins to %" PRIu64 " (%" PRIu64 " bit).", (uint64_t)std::pow(2, m + 1), m + 1); + DBG_LOG(DBG_PACKET_ANALYSIS, "Rehashing did not work. Increasing #bins to %" PRIu64 " (%" PRIu64 " bit).", (uint64_t)std::pow(2, m + 1), m + 1); SetBins(m + 1); } } @@ -195,7 +195,7 @@ bool UniversalDispatcher::FindCollisionFreeHashFunction(const std::vector #include "Dispatcher.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { class UniversalDispatcher : public Dispatcher { public: diff --git a/src/llanalyzer/dispatchers/VectorDispatcher.cc b/src/packet_analysis/dispatchers/VectorDispatcher.cc similarity index 89% rename from src/llanalyzer/dispatchers/VectorDispatcher.cc rename to src/packet_analysis/dispatchers/VectorDispatcher.cc index d948e3efda..0afa8660f0 100644 --- a/src/llanalyzer/dispatchers/VectorDispatcher.cc +++ b/src/packet_analysis/dispatchers/VectorDispatcher.cc @@ -4,7 +4,7 @@ #include "VectorDispatcher.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { VectorDispatcher::~VectorDispatcher() { @@ -109,12 +109,12 @@ void VectorDispatcher::FreeValues() void VectorDispatcher::DumpDebug() const { #ifdef DEBUG - DBG_LOG(DBG_LLANALYZER, " Dispatcher elements (used/total): %lu/%lu", Size(), table.size()); - DBG_LOG(DBG_LLANALYZER, "TABLE SIZE %lu", table.size()); + DBG_LOG(DBG_PACKET_ANALYSIS, " Dispatcher elements (used/total): %lu/%lu", Size(), table.size()); + DBG_LOG(DBG_PACKET_ANALYSIS, "TABLE SIZE %lu", table.size()); for ( size_t i = 0; i < table.size(); i++ ) { if ( table[i] != nullptr ) - DBG_LOG(DBG_LLANALYZER, " %#8lx => %s, %p", i+lowest_identifier, table[i]->analyzer->GetAnalyzerName(), table[i]->dispatcher); + DBG_LOG(DBG_PACKET_ANALYSIS, " %#8lx => %s, %p", i+lowest_identifier, table[i]->analyzer->GetAnalyzerName(), table[i]->dispatcher); } #endif } diff --git a/src/llanalyzer/dispatchers/VectorDispatcher.h b/src/packet_analysis/dispatchers/VectorDispatcher.h similarity index 95% rename from src/llanalyzer/dispatchers/VectorDispatcher.h rename to src/packet_analysis/dispatchers/VectorDispatcher.h index e801cde476..5e5b1ff4f7 100644 --- a/src/llanalyzer/dispatchers/VectorDispatcher.h +++ b/src/packet_analysis/dispatchers/VectorDispatcher.h @@ -5,7 +5,7 @@ #include #include "Dispatcher.h" -namespace zeek::llanalyzer { +namespace zeek::packet_analysis { class VectorDispatcher : public Dispatcher { public: diff --git a/src/llanalyzer/protocol/CMakeLists.txt b/src/packet_analysis/protocol/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/CMakeLists.txt rename to src/packet_analysis/protocol/CMakeLists.txt diff --git a/src/llanalyzer/protocol/arp/ARP.cc b/src/packet_analysis/protocol/arp/ARP.cc similarity index 57% rename from src/llanalyzer/protocol/arp/ARP.cc rename to src/packet_analysis/protocol/arp/ARP.cc index 4def2a449f..d0aa620dde 100644 --- a/src/llanalyzer/protocol/arp/ARP.cc +++ b/src/packet_analysis/protocol/arp/ARP.cc @@ -2,14 +2,14 @@ #include "ARP.h" -using namespace zeek::llanalyzer::ARP; +using namespace zeek::packet_analysis::ARP; ARPAnalyzer::ARPAnalyzer() - : zeek::llanalyzer::Analyzer("ARP") + : zeek::packet_analysis::Analyzer("ARP") { } -std::tuple ARPAnalyzer::Analyze(Packet* packet) +std::tuple ARPAnalyzer::Analyze(Packet* packet) { // TODO: Make ARP analyzer a native LL analyzer packet->l3_proto = L3_ARP; diff --git a/src/llanalyzer/protocol/arp/ARP.h b/src/packet_analysis/protocol/arp/ARP.h similarity index 74% rename from src/llanalyzer/protocol/arp/ARP.h rename to src/packet_analysis/protocol/arp/ARP.h index 6bf341ed51..0abfd7bf1d 100644 --- a/src/llanalyzer/protocol/arp/ARP.h +++ b/src/packet_analysis/protocol/arp/ARP.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::ARP { +namespace zeek::packet_analysis::ARP { class ARPAnalyzer : public Analyzer { public: diff --git a/src/llanalyzer/protocol/arp/CMakeLists.txt b/src/packet_analysis/protocol/arp/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/arp/CMakeLists.txt rename to src/packet_analysis/protocol/arp/CMakeLists.txt diff --git a/src/llanalyzer/protocol/arp/Plugin.cc b/src/packet_analysis/protocol/arp/Plugin.cc similarity index 51% rename from src/llanalyzer/protocol/arp/Plugin.cc rename to src/packet_analysis/protocol/arp/Plugin.cc index 5a7f296ddf..e2808cffb3 100644 --- a/src/llanalyzer/protocol/arp/Plugin.cc +++ b/src/packet_analysis/protocol/arp/Plugin.cc @@ -2,20 +2,20 @@ #include "plugin/Plugin.h" #include "ARP.h" -#include "llanalyzer/Component.h" +#include "packet_analysis/Component.h" -namespace zeek::plugin::LLAnalyzer_ARP { +namespace zeek::plugin::Zeek_ARP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() { - AddComponent(new zeek::llanalyzer::Component("ARP", - zeek::llanalyzer::ARP::ARPAnalyzer::Instantiate)); + AddComponent(new zeek::packet_analysis::Component("ARP", + zeek::packet_analysis::ARP::ARPAnalyzer::Instantiate)); zeek::plugin::Configuration config; - config.name = "LLAnalyzer::ARP"; - config.description = "ARP LL-Analyzer"; + config.name = "Zeek::ARP"; + config.description = "ARP packet analyzer"; return config; } diff --git a/src/llanalyzer/protocol/default/CMakeLists.txt b/src/packet_analysis/protocol/default/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/default/CMakeLists.txt rename to src/packet_analysis/protocol/default/CMakeLists.txt diff --git a/src/llanalyzer/protocol/default/Default.cc b/src/packet_analysis/protocol/default/Default.cc similarity index 70% rename from src/llanalyzer/protocol/default/Default.cc rename to src/packet_analysis/protocol/default/Default.cc index 3e01e1ba8c..72e226fcad 100644 --- a/src/llanalyzer/protocol/default/Default.cc +++ b/src/packet_analysis/protocol/default/Default.cc @@ -3,14 +3,14 @@ #include "Default.h" #include "NetVar.h" -using namespace zeek::llanalyzer::Default; +using namespace zeek::packet_analysis::Default; DefaultAnalyzer::DefaultAnalyzer() - : zeek::llanalyzer::Analyzer("DefaultAnalyzer") + : zeek::packet_analysis::Analyzer("DefaultAnalyzer") { } -std::tuple DefaultAnalyzer::Analyze(Packet* packet) +std::tuple DefaultAnalyzer::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; diff --git a/src/llanalyzer/protocol/default/Default.h b/src/packet_analysis/protocol/default/Default.h similarity index 74% rename from src/llanalyzer/protocol/default/Default.h rename to src/packet_analysis/protocol/default/Default.h index 6c02b72f62..eae4a3a5b9 100644 --- a/src/llanalyzer/protocol/default/Default.h +++ b/src/packet_analysis/protocol/default/Default.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::Default { +namespace zeek::packet_analysis::Default { class DefaultAnalyzer : public Analyzer { public: diff --git a/src/packet_analysis/protocol/default/Plugin.cc b/src/packet_analysis/protocol/default/Plugin.cc new file mode 100644 index 0000000000..30e27711f3 --- /dev/null +++ b/src/packet_analysis/protocol/default/Plugin.cc @@ -0,0 +1,24 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#include "Default.h" +#include "plugin/Plugin.h" +#include "packet_analysis/Component.h" + +namespace zeek::plugin::Zeek_Default { + +class Plugin : public zeek::plugin::Plugin { +public: + zeek::plugin::Configuration Configure() + { + AddComponent(new zeek::packet_analysis::Component("DefaultAnalyzer", + zeek::packet_analysis::Default::DefaultAnalyzer::Instantiate)); + + zeek::plugin::Configuration config; + config.name = "Zeek::DefaultAnalyzer"; + config.description = "Default packet analyzer for IP fallback"; + return config; + } + +} plugin; + +} diff --git a/src/llanalyzer/protocol/ethernet/CMakeLists.txt b/src/packet_analysis/protocol/ethernet/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/ethernet/CMakeLists.txt rename to src/packet_analysis/protocol/ethernet/CMakeLists.txt diff --git a/src/llanalyzer/protocol/ethernet/Ethernet.cc b/src/packet_analysis/protocol/ethernet/Ethernet.cc similarity index 88% rename from src/llanalyzer/protocol/ethernet/Ethernet.cc rename to src/packet_analysis/protocol/ethernet/Ethernet.cc index 564a3bf10f..261f30a0f0 100644 --- a/src/llanalyzer/protocol/ethernet/Ethernet.cc +++ b/src/packet_analysis/protocol/ethernet/Ethernet.cc @@ -3,14 +3,14 @@ #include "Ethernet.h" #include "NetVar.h" -using namespace zeek::llanalyzer::Ethernet; +using namespace zeek::packet_analysis::Ethernet; EthernetAnalyzer::EthernetAnalyzer() - : zeek::llanalyzer::Analyzer("Ethernet") + : zeek::packet_analysis::Analyzer("Ethernet") { } -std::tuple EthernetAnalyzer::Analyze(Packet* packet) +std::tuple EthernetAnalyzer::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; auto end_of_data = packet->GetEndOfData(); diff --git a/src/llanalyzer/protocol/ethernet/Ethernet.h b/src/packet_analysis/protocol/ethernet/Ethernet.h similarity index 75% rename from src/llanalyzer/protocol/ethernet/Ethernet.h rename to src/packet_analysis/protocol/ethernet/Ethernet.h index a6805f84a8..b59936a8c2 100644 --- a/src/llanalyzer/protocol/ethernet/Ethernet.h +++ b/src/packet_analysis/protocol/ethernet/Ethernet.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::Ethernet { +namespace zeek::packet_analysis::Ethernet { class EthernetAnalyzer : public Analyzer { public: diff --git a/src/packet_analysis/protocol/ethernet/Plugin.cc b/src/packet_analysis/protocol/ethernet/Plugin.cc new file mode 100644 index 0000000000..409292b3ac --- /dev/null +++ b/src/packet_analysis/protocol/ethernet/Plugin.cc @@ -0,0 +1,24 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#include "Ethernet.h" +#include "plugin/Plugin.h" +#include "packet_analysis/Component.h" + +namespace zeek::plugin::Zeek_Ethernet { + +class Plugin : public zeek::plugin::Plugin { +public: + zeek::plugin::Configuration Configure() + { + AddComponent(new zeek::packet_analysis::Component("Ethernet", + zeek::packet_analysis::Ethernet::EthernetAnalyzer::Instantiate)); + + zeek::plugin::Configuration config; + config.name = "Zeek::Ethernet"; + config.description = "Ethernet packet analyzer"; + return config; + } + +} plugin; + +} diff --git a/src/llanalyzer/protocol/fddi/CMakeLists.txt b/src/packet_analysis/protocol/fddi/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/fddi/CMakeLists.txt rename to src/packet_analysis/protocol/fddi/CMakeLists.txt diff --git a/src/llanalyzer/protocol/fddi/FDDI.cc b/src/packet_analysis/protocol/fddi/FDDI.cc similarity index 70% rename from src/llanalyzer/protocol/fddi/FDDI.cc rename to src/packet_analysis/protocol/fddi/FDDI.cc index c5594061f7..3a7b2c5d11 100644 --- a/src/llanalyzer/protocol/fddi/FDDI.cc +++ b/src/packet_analysis/protocol/fddi/FDDI.cc @@ -3,14 +3,14 @@ #include "FDDI.h" #include "NetVar.h" -using namespace zeek::llanalyzer::FDDI; +using namespace zeek::packet_analysis::FDDI; FDDIAnalyzer::FDDIAnalyzer() - : zeek::llanalyzer::Analyzer("FDDI") + : zeek::packet_analysis::Analyzer("FDDI") { } -std::tuple FDDIAnalyzer::Analyze(Packet* packet) +std::tuple FDDIAnalyzer::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; auto hdr_size = 13 + 8; // FDDI header + LLC diff --git a/src/llanalyzer/protocol/fddi/FDDI.h b/src/packet_analysis/protocol/fddi/FDDI.h similarity index 54% rename from src/llanalyzer/protocol/fddi/FDDI.h rename to src/packet_analysis/protocol/fddi/FDDI.h index b4217739dd..a96dcc8d9d 100644 --- a/src/llanalyzer/protocol/fddi/FDDI.h +++ b/src/packet_analysis/protocol/fddi/FDDI.h @@ -2,19 +2,19 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::FDDI { +namespace zeek::packet_analysis::FDDI { -class FDDIAnalyzer : public zeek::llanalyzer::Analyzer { +class FDDIAnalyzer : public zeek::packet_analysis::Analyzer { public: FDDIAnalyzer(); ~FDDIAnalyzer() override = default; std::tuple Analyze(Packet* packet) override; - static zeek::llanalyzer::Analyzer* Instantiate() + static zeek::packet_analysis::Analyzer* Instantiate() { return new FDDIAnalyzer(); } diff --git a/src/llanalyzer/protocol/fddi/Plugin.cc b/src/packet_analysis/protocol/fddi/Plugin.cc similarity index 50% rename from src/llanalyzer/protocol/fddi/Plugin.cc rename to src/packet_analysis/protocol/fddi/Plugin.cc index 809f30312f..8154e7f915 100644 --- a/src/llanalyzer/protocol/fddi/Plugin.cc +++ b/src/packet_analysis/protocol/fddi/Plugin.cc @@ -2,20 +2,20 @@ #include "FDDI.h" #include "plugin/Plugin.h" -#include "llanalyzer/Component.h" +#include "packet_analysis/Component.h" -namespace zeek::plugin::LLAnalyzer_FDDI { +namespace zeek::plugin::Zeek_FDDI { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() { - AddComponent(new zeek::llanalyzer::Component("FDDI", - zeek::llanalyzer::FDDI::FDDIAnalyzer::Instantiate)); + AddComponent(new zeek::packet_analysis::Component("FDDI", + zeek::packet_analysis::FDDI::FDDIAnalyzer::Instantiate)); zeek::plugin::Configuration config; - config.name = "LLAnalyzer::FDDI"; - config.description = "FDDI LL-Analyzer"; + config.name = "Zeek::FDDI"; + config.description = "FDDI packet analyzer"; return config; } diff --git a/src/llanalyzer/protocol/ieee802_11/CMakeLists.txt b/src/packet_analysis/protocol/ieee802_11/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/ieee802_11/CMakeLists.txt rename to src/packet_analysis/protocol/ieee802_11/CMakeLists.txt diff --git a/src/llanalyzer/protocol/ieee802_11/IEEE802_11.cc b/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc similarity index 91% rename from src/llanalyzer/protocol/ieee802_11/IEEE802_11.cc rename to src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc index 363706ae49..500d1fe592 100644 --- a/src/llanalyzer/protocol/ieee802_11/IEEE802_11.cc +++ b/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc @@ -3,14 +3,14 @@ #include "IEEE802_11.h" #include "NetVar.h" -using namespace zeek::llanalyzer::IEEE802_11; +using namespace zeek::packet_analysis::IEEE802_11; IEEE802_11Analyzer::IEEE802_11Analyzer() - : zeek::llanalyzer::Analyzer("IEEE802_11") + : zeek::packet_analysis::Analyzer("IEEE802_11") { } -std::tuple IEEE802_11Analyzer::Analyze(Packet* packet) +std::tuple IEEE802_11Analyzer::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; auto end_of_data = packet->GetEndOfData(); diff --git a/src/llanalyzer/protocol/ieee802_11/IEEE802_11.h b/src/packet_analysis/protocol/ieee802_11/IEEE802_11.h similarity index 75% rename from src/llanalyzer/protocol/ieee802_11/IEEE802_11.h rename to src/packet_analysis/protocol/ieee802_11/IEEE802_11.h index 930de4bce5..4890dc0ff1 100644 --- a/src/llanalyzer/protocol/ieee802_11/IEEE802_11.h +++ b/src/packet_analysis/protocol/ieee802_11/IEEE802_11.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::IEEE802_11 { +namespace zeek::packet_analysis::IEEE802_11 { class IEEE802_11Analyzer : public Analyzer { public: diff --git a/src/packet_analysis/protocol/ieee802_11/Plugin.cc b/src/packet_analysis/protocol/ieee802_11/Plugin.cc new file mode 100644 index 0000000000..11efda40c4 --- /dev/null +++ b/src/packet_analysis/protocol/ieee802_11/Plugin.cc @@ -0,0 +1,24 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#include "IEEE802_11.h" +#include "plugin/Plugin.h" +#include "packet_analysis/Component.h" + +namespace zeek::plugin::Zeek_IEEE802_11 { + +class Plugin : public zeek::plugin::Plugin { +public: + zeek::plugin::Configuration Configure() + { + AddComponent(new zeek::packet_analysis::Component("IEEE802_11", + zeek::packet_analysis::IEEE802_11::IEEE802_11Analyzer::Instantiate)); + + zeek::plugin::Configuration config; + config.name = "Zeek::IEEE802_11"; + config.description = "IEEE 802.11 packet analyzer"; + return config; + } + +} plugin; + +} diff --git a/src/llanalyzer/protocol/ieee802_11_radio/CMakeLists.txt b/src/packet_analysis/protocol/ieee802_11_radio/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/ieee802_11_radio/CMakeLists.txt rename to src/packet_analysis/protocol/ieee802_11_radio/CMakeLists.txt diff --git a/src/llanalyzer/protocol/ieee802_11_radio/IEEE802_11_Radio.cc b/src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.cc similarity index 74% rename from src/llanalyzer/protocol/ieee802_11_radio/IEEE802_11_Radio.cc rename to src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.cc index ef39420c64..b5025ce372 100644 --- a/src/llanalyzer/protocol/ieee802_11_radio/IEEE802_11_Radio.cc +++ b/src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.cc @@ -5,14 +5,14 @@ #include "IEEE802_11_Radio.h" #include "NetVar.h" -using namespace zeek::llanalyzer::IEEE802_11_Radio; +using namespace zeek::packet_analysis::IEEE802_11_Radio; IEEE802_11_RadioAnalyzer::IEEE802_11_RadioAnalyzer() - : zeek::llanalyzer::Analyzer("IEEE802_11_Radio") + : zeek::packet_analysis::Analyzer("IEEE802_11_Radio") { } -std::tuple IEEE802_11_RadioAnalyzer::Analyze(Packet* packet) +std::tuple IEEE802_11_RadioAnalyzer::Analyze(Packet* packet) { auto pdata = packet->cur_pos; auto end_of_data = packet->GetEndOfData(); diff --git a/src/llanalyzer/protocol/ieee802_11_radio/IEEE802_11_Radio.h b/src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.h similarity index 75% rename from src/llanalyzer/protocol/ieee802_11_radio/IEEE802_11_Radio.h rename to src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.h index 8fd9d0af65..1dba34c294 100644 --- a/src/llanalyzer/protocol/ieee802_11_radio/IEEE802_11_Radio.h +++ b/src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::IEEE802_11_Radio { +namespace zeek::packet_analysis::IEEE802_11_Radio { class IEEE802_11_RadioAnalyzer : public Analyzer { public: diff --git a/src/packet_analysis/protocol/ieee802_11_radio/Plugin.cc b/src/packet_analysis/protocol/ieee802_11_radio/Plugin.cc new file mode 100644 index 0000000000..0b566f6d5f --- /dev/null +++ b/src/packet_analysis/protocol/ieee802_11_radio/Plugin.cc @@ -0,0 +1,23 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#include "IEEE802_11_Radio.h" +#include "plugin/Plugin.h" +#include "packet_analysis/Component.h" + +namespace zeek::plugin::Zeek_IEEE802_11_Radio { + +class Plugin : public zeek::plugin::Plugin { +public: + zeek::plugin::Configuration Configure() + { + AddComponent(new zeek::packet_analysis::Component("IEEE802_11_Radio", + zeek::packet_analysis::IEEE802_11_Radio::IEEE802_11_RadioAnalyzer::Instantiate)); + + zeek::plugin::Configuration config; + config.name = "Zeek::IEEE802_11_Radio"; + config.description = "IEEE 802.11 Radiotap packet analyzer"; + return config; + } + +} plugin; +} diff --git a/src/llanalyzer/protocol/ipv4/CMakeLists.txt b/src/packet_analysis/protocol/ipv4/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/ipv4/CMakeLists.txt rename to src/packet_analysis/protocol/ipv4/CMakeLists.txt diff --git a/src/llanalyzer/protocol/ipv4/IPv4.cc b/src/packet_analysis/protocol/ipv4/IPv4.cc similarity index 52% rename from src/llanalyzer/protocol/ipv4/IPv4.cc rename to src/packet_analysis/protocol/ipv4/IPv4.cc index 138ebc8460..c8b03a3b37 100644 --- a/src/llanalyzer/protocol/ipv4/IPv4.cc +++ b/src/packet_analysis/protocol/ipv4/IPv4.cc @@ -2,14 +2,14 @@ #include "IPv4.h" -using namespace zeek::llanalyzer::IPv4; +using namespace zeek::packet_analysis::IPv4; IPv4Analyzer::IPv4Analyzer() - : zeek::llanalyzer::Analyzer("IPv4") + : zeek::packet_analysis::Analyzer("IPv4") { } -std::tuple IPv4Analyzer::Analyze(Packet* packet) +std::tuple IPv4Analyzer::Analyze(Packet* packet) { packet->l3_proto = L3_IPV4; diff --git a/src/llanalyzer/protocol/ipv4/IPv4.h b/src/packet_analysis/protocol/ipv4/IPv4.h similarity index 74% rename from src/llanalyzer/protocol/ipv4/IPv4.h rename to src/packet_analysis/protocol/ipv4/IPv4.h index 4e16ec4371..d40a033f2c 100644 --- a/src/llanalyzer/protocol/ipv4/IPv4.h +++ b/src/packet_analysis/protocol/ipv4/IPv4.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::IPv4 { +namespace zeek::packet_analysis::IPv4 { class IPv4Analyzer : public Analyzer { public: diff --git a/src/llanalyzer/protocol/ipv4/Plugin.cc b/src/packet_analysis/protocol/ipv4/Plugin.cc similarity index 50% rename from src/llanalyzer/protocol/ipv4/Plugin.cc rename to src/packet_analysis/protocol/ipv4/Plugin.cc index 7990ac70e0..ec865917da 100644 --- a/src/llanalyzer/protocol/ipv4/Plugin.cc +++ b/src/packet_analysis/protocol/ipv4/Plugin.cc @@ -2,20 +2,20 @@ #include "IPv4.h" #include "plugin/Plugin.h" -#include "llanalyzer/Component.h" +#include "packet_analysis/Component.h" -namespace zeek::plugin::LLAnalyzer_IPv4 { +namespace zeek::plugin::Zeek_IPv4 { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() { - AddComponent(new zeek::llanalyzer::Component("IPv4", - zeek::llanalyzer::IPv4::IPv4Analyzer::Instantiate)); + AddComponent(new zeek::packet_analysis::Component("IPv4", + zeek::packet_analysis::IPv4::IPv4Analyzer::Instantiate)); zeek::plugin::Configuration config; - config.name = "LLAnalyzer::IPv4"; - config.description = "IPv4 LL-Analyzer"; + config.name = "Zeek::IPv4"; + config.description = "IPv4 packet analyzer"; return config; } diff --git a/src/llanalyzer/protocol/ipv6/CMakeLists.txt b/src/packet_analysis/protocol/ipv6/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/ipv6/CMakeLists.txt rename to src/packet_analysis/protocol/ipv6/CMakeLists.txt diff --git a/src/llanalyzer/protocol/ipv6/IPv6.cc b/src/packet_analysis/protocol/ipv6/IPv6.cc similarity index 52% rename from src/llanalyzer/protocol/ipv6/IPv6.cc rename to src/packet_analysis/protocol/ipv6/IPv6.cc index ee6b6ef059..65ed530ee6 100644 --- a/src/llanalyzer/protocol/ipv6/IPv6.cc +++ b/src/packet_analysis/protocol/ipv6/IPv6.cc @@ -2,14 +2,14 @@ #include "IPv6.h" -using namespace zeek::llanalyzer::IPv6; +using namespace zeek::packet_analysis::IPv6; IPv6Analyzer::IPv6Analyzer() - : zeek::llanalyzer::Analyzer("IPv6") + : zeek::packet_analysis::Analyzer("IPv6") { } -std::tuple IPv6Analyzer::Analyze(Packet* packet) +std::tuple IPv6Analyzer::Analyze(Packet* packet) { packet->l3_proto = L3_IPV6; diff --git a/src/llanalyzer/protocol/ipv6/IPv6.h b/src/packet_analysis/protocol/ipv6/IPv6.h similarity index 74% rename from src/llanalyzer/protocol/ipv6/IPv6.h rename to src/packet_analysis/protocol/ipv6/IPv6.h index 0364d6b4d5..86d361436c 100644 --- a/src/llanalyzer/protocol/ipv6/IPv6.h +++ b/src/packet_analysis/protocol/ipv6/IPv6.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::IPv6 { +namespace zeek::packet_analysis::IPv6 { class IPv6Analyzer : public Analyzer { public: diff --git a/src/llanalyzer/protocol/ipv6/Plugin.cc b/src/packet_analysis/protocol/ipv6/Plugin.cc similarity index 50% rename from src/llanalyzer/protocol/ipv6/Plugin.cc rename to src/packet_analysis/protocol/ipv6/Plugin.cc index 137db569d3..474926e000 100644 --- a/src/llanalyzer/protocol/ipv6/Plugin.cc +++ b/src/packet_analysis/protocol/ipv6/Plugin.cc @@ -2,20 +2,20 @@ #include "plugin/Plugin.h" #include "IPv6.h" -#include "llanalyzer/Component.h" +#include "packet_analysis/Component.h" -namespace zeek::plugin::LLAnalyzer_IPv6 { +namespace zeek::plugin::Zeek_IPv6 { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() { - AddComponent(new zeek::llanalyzer::Component("IPv6", - zeek::llanalyzer::IPv6::IPv6Analyzer::Instantiate)); + AddComponent(new zeek::packet_analysis::Component("IPv6", + zeek::packet_analysis::IPv6::IPv6Analyzer::Instantiate)); zeek::plugin::Configuration config; - config.name = "LLAnalyzer::IPv6"; - config.description = "IPv6 LL-Analyzer"; + config.name = "Zeek::IPv6"; + config.description = "IPv6 packet analyzer"; return config; } } plugin; diff --git a/src/llanalyzer/protocol/linux_sll/CMakeLists.txt b/src/packet_analysis/protocol/linux_sll/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/linux_sll/CMakeLists.txt rename to src/packet_analysis/protocol/linux_sll/CMakeLists.txt diff --git a/src/llanalyzer/protocol/linux_sll/LinuxSLL.cc b/src/packet_analysis/protocol/linux_sll/LinuxSLL.cc similarity index 77% rename from src/llanalyzer/protocol/linux_sll/LinuxSLL.cc rename to src/packet_analysis/protocol/linux_sll/LinuxSLL.cc index 975b8bba09..f324f368f0 100644 --- a/src/llanalyzer/protocol/linux_sll/LinuxSLL.cc +++ b/src/packet_analysis/protocol/linux_sll/LinuxSLL.cc @@ -2,14 +2,14 @@ #include "LinuxSLL.h" -using namespace zeek::llanalyzer::LinuxSLL; +using namespace zeek::packet_analysis::LinuxSLL; LinuxSLLAnalyzer::LinuxSLLAnalyzer() - : zeek::llanalyzer::Analyzer("LinuxSLL") + : zeek::packet_analysis::Analyzer("LinuxSLL") { } -std::tuple LinuxSLLAnalyzer::Analyze(Packet* packet) +std::tuple LinuxSLLAnalyzer::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; diff --git a/src/llanalyzer/protocol/linux_sll/LinuxSLL.h b/src/packet_analysis/protocol/linux_sll/LinuxSLL.h similarity index 83% rename from src/llanalyzer/protocol/linux_sll/LinuxSLL.h rename to src/packet_analysis/protocol/linux_sll/LinuxSLL.h index 72c53972b7..e66d335f0a 100644 --- a/src/llanalyzer/protocol/linux_sll/LinuxSLL.h +++ b/src/packet_analysis/protocol/linux_sll/LinuxSLL.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::LinuxSLL { +namespace zeek::packet_analysis::LinuxSLL { class LinuxSLLAnalyzer : public Analyzer { public: diff --git a/src/packet_analysis/protocol/linux_sll/Plugin.cc b/src/packet_analysis/protocol/linux_sll/Plugin.cc new file mode 100644 index 0000000000..a0cf4583be --- /dev/null +++ b/src/packet_analysis/protocol/linux_sll/Plugin.cc @@ -0,0 +1,24 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#include "plugin/Plugin.h" +#include "LinuxSLL.h" +#include "packet_analysis/Component.h" + +namespace zeek::plugin::Zeek_LinuxSLL { + +class Plugin : public zeek::plugin::Plugin { +public: + zeek::plugin::Configuration Configure() + { + AddComponent(new zeek::packet_analysis::Component("LinuxSLL", + zeek::packet_analysis::LinuxSLL::LinuxSLLAnalyzer::Instantiate)); + + zeek::plugin::Configuration config; + config.name = "Zeek::LinuxSLL"; + config.description = "Linux cooked capture (SLL) packet analyzer"; + return config; + } + +} plugin; + +} diff --git a/src/llanalyzer/protocol/mpls/CMakeLists.txt b/src/packet_analysis/protocol/mpls/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/mpls/CMakeLists.txt rename to src/packet_analysis/protocol/mpls/CMakeLists.txt diff --git a/src/llanalyzer/protocol/mpls/MPLS.cc b/src/packet_analysis/protocol/mpls/MPLS.cc similarity index 83% rename from src/llanalyzer/protocol/mpls/MPLS.cc rename to src/packet_analysis/protocol/mpls/MPLS.cc index 412cf74266..b655ada837 100644 --- a/src/llanalyzer/protocol/mpls/MPLS.cc +++ b/src/packet_analysis/protocol/mpls/MPLS.cc @@ -2,14 +2,14 @@ #include "MPLS.h" -using namespace zeek::llanalyzer::MPLS; +using namespace zeek::packet_analysis::MPLS; MPLSAnalyzer::MPLSAnalyzer() - : zeek::llanalyzer::Analyzer("MPLS") + : zeek::packet_analysis::Analyzer("MPLS") { } -std::tuple MPLSAnalyzer::Analyze(Packet* packet) +std::tuple MPLSAnalyzer::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; auto end_of_data = packet->GetEndOfData(); diff --git a/src/llanalyzer/protocol/mpls/MPLS.h b/src/packet_analysis/protocol/mpls/MPLS.h similarity index 54% rename from src/llanalyzer/protocol/mpls/MPLS.h rename to src/packet_analysis/protocol/mpls/MPLS.h index 72581f5ae7..35f595e3d3 100644 --- a/src/llanalyzer/protocol/mpls/MPLS.h +++ b/src/packet_analysis/protocol/mpls/MPLS.h @@ -2,19 +2,19 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::MPLS { +namespace zeek::packet_analysis::MPLS { -class MPLSAnalyzer : public zeek::llanalyzer::Analyzer { +class MPLSAnalyzer : public zeek::packet_analysis::Analyzer { public: MPLSAnalyzer(); ~MPLSAnalyzer() override = default; std::tuple Analyze(Packet* packet) override; - static zeek::llanalyzer::Analyzer* Instantiate() + static zeek::packet_analysis::Analyzer* Instantiate() { return new MPLSAnalyzer(); } diff --git a/src/llanalyzer/protocol/mpls/Plugin.cc b/src/packet_analysis/protocol/mpls/Plugin.cc similarity index 50% rename from src/llanalyzer/protocol/mpls/Plugin.cc rename to src/packet_analysis/protocol/mpls/Plugin.cc index c24b1003f3..ef29566623 100644 --- a/src/llanalyzer/protocol/mpls/Plugin.cc +++ b/src/packet_analysis/protocol/mpls/Plugin.cc @@ -2,20 +2,20 @@ #include "MPLS.h" #include "plugin/Plugin.h" -#include "llanalyzer/Component.h" +#include "packet_analysis/Component.h" -namespace zeek::plugin::LLAnalyzer_MPLS { +namespace zeek::plugin::Zeek_MPLS { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() { - AddComponent(new zeek::llanalyzer::Component("MPLS", - zeek::llanalyzer::MPLS::MPLSAnalyzer::Instantiate)); + AddComponent(new zeek::packet_analysis::Component("MPLS", + zeek::packet_analysis::MPLS::MPLSAnalyzer::Instantiate)); zeek::plugin::Configuration config; - config.name = "LLAnalyzer::MPLS"; - config.description = "MPLS LL-Analyzer"; + config.name = "Zeek::MPLS"; + config.description = "MPLS packet analyzer"; return config; } diff --git a/src/llanalyzer/protocol/nflog/CMakeLists.txt b/src/packet_analysis/protocol/nflog/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/nflog/CMakeLists.txt rename to src/packet_analysis/protocol/nflog/CMakeLists.txt diff --git a/src/llanalyzer/protocol/nflog/NFLog.cc b/src/packet_analysis/protocol/nflog/NFLog.cc similarity index 88% rename from src/llanalyzer/protocol/nflog/NFLog.cc rename to src/packet_analysis/protocol/nflog/NFLog.cc index 1f919dbca1..38bb08d5db 100644 --- a/src/llanalyzer/protocol/nflog/NFLog.cc +++ b/src/packet_analysis/protocol/nflog/NFLog.cc @@ -3,14 +3,14 @@ #include "NFLog.h" #include "NetVar.h" -using namespace zeek::llanalyzer::NFLog; +using namespace zeek::packet_analysis::NFLog; NFLogAnalyzer::NFLogAnalyzer() - : zeek::llanalyzer::Analyzer("NFLog") + : zeek::packet_analysis::Analyzer("NFLog") { } -std::tuple NFLogAnalyzer::Analyze(Packet* packet) { +std::tuple NFLogAnalyzer::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; auto end_of_data = packet->GetEndOfData(); diff --git a/src/llanalyzer/protocol/nflog/NFLog.h b/src/packet_analysis/protocol/nflog/NFLog.h similarity index 74% rename from src/llanalyzer/protocol/nflog/NFLog.h rename to src/packet_analysis/protocol/nflog/NFLog.h index aeb8234c31..c2b691ea51 100644 --- a/src/llanalyzer/protocol/nflog/NFLog.h +++ b/src/packet_analysis/protocol/nflog/NFLog.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::NFLog { +namespace zeek::packet_analysis::NFLog { class NFLogAnalyzer : public Analyzer { public: diff --git a/src/llanalyzer/protocol/nflog/Plugin.cc b/src/packet_analysis/protocol/nflog/Plugin.cc similarity index 50% rename from src/llanalyzer/protocol/nflog/Plugin.cc rename to src/packet_analysis/protocol/nflog/Plugin.cc index 16106fee2d..94997fe96a 100644 --- a/src/llanalyzer/protocol/nflog/Plugin.cc +++ b/src/packet_analysis/protocol/nflog/Plugin.cc @@ -2,20 +2,20 @@ #include "NFLog.h" #include "plugin/Plugin.h" -#include "llanalyzer/Component.h" +#include "packet_analysis/Component.h" -namespace zeek::plugin::LLAnalyzer_NFLog { +namespace zeek::plugin::Zeek_NFLog { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() { - AddComponent(new zeek::llanalyzer::Component("NFLog", - zeek::llanalyzer::NFLog::NFLogAnalyzer::Instantiate)); + AddComponent(new zeek::packet_analysis::Component("NFLog", + zeek::packet_analysis::NFLog::NFLogAnalyzer::Instantiate)); zeek::plugin::Configuration config; - config.name = "LLAnalyzer::NFLog"; - config.description = "NFLog LL-Analyzer"; + config.name = "Zeek::NFLog"; + config.description = "NFLog packet analyzer"; return config; } } plugin; diff --git a/src/llanalyzer/protocol/null/CMakeLists.txt b/src/packet_analysis/protocol/null/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/null/CMakeLists.txt rename to src/packet_analysis/protocol/null/CMakeLists.txt diff --git a/src/llanalyzer/protocol/null/Null.cc b/src/packet_analysis/protocol/null/Null.cc similarity index 70% rename from src/llanalyzer/protocol/null/Null.cc rename to src/packet_analysis/protocol/null/Null.cc index d9c29582a2..6a0158a508 100644 --- a/src/llanalyzer/protocol/null/Null.cc +++ b/src/packet_analysis/protocol/null/Null.cc @@ -3,14 +3,14 @@ #include "Null.h" #include "NetVar.h" -using namespace zeek::llanalyzer::Null; +using namespace zeek::packet_analysis::Null; NullAnalyzer::NullAnalyzer() - : zeek::llanalyzer::Analyzer("Null") + : zeek::packet_analysis::Analyzer("Null") { } -std::tuple NullAnalyzer::Analyze(Packet* packet) +std::tuple NullAnalyzer::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; diff --git a/src/llanalyzer/protocol/null/Null.h b/src/packet_analysis/protocol/null/Null.h similarity index 74% rename from src/llanalyzer/protocol/null/Null.h rename to src/packet_analysis/protocol/null/Null.h index 27294bc386..7f3976cf31 100644 --- a/src/llanalyzer/protocol/null/Null.h +++ b/src/packet_analysis/protocol/null/Null.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::Null { +namespace zeek::packet_analysis::Null { class NullAnalyzer : public Analyzer { public: diff --git a/src/llanalyzer/protocol/null/Plugin.cc b/src/packet_analysis/protocol/null/Plugin.cc similarity index 50% rename from src/llanalyzer/protocol/null/Plugin.cc rename to src/packet_analysis/protocol/null/Plugin.cc index 3d1ddc4213..ab568641db 100644 --- a/src/llanalyzer/protocol/null/Plugin.cc +++ b/src/packet_analysis/protocol/null/Plugin.cc @@ -2,20 +2,20 @@ #include "plugin/Plugin.h" #include "Null.h" -#include "llanalyzer/Component.h" +#include "packet_analysis/Component.h" -namespace zeek::plugin::LLAnalyzer_Null { +namespace zeek::plugin::Zeek_Null { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() { - AddComponent(new zeek::llanalyzer::Component("Null", - zeek::llanalyzer::Null::NullAnalyzer::Instantiate)); + AddComponent(new zeek::packet_analysis::Component("Null", + zeek::packet_analysis::Null::NullAnalyzer::Instantiate)); zeek::plugin::Configuration config; - config.name = "LLAnalyzer::Null"; - config.description = "Null LL-Analyzer"; + config.name = "Zeek::Null"; + config.description = "Null packet analyzer"; return config; } diff --git a/src/llanalyzer/protocol/ppp_serial/CMakeLists.txt b/src/packet_analysis/protocol/ppp_serial/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/ppp_serial/CMakeLists.txt rename to src/packet_analysis/protocol/ppp_serial/CMakeLists.txt diff --git a/src/llanalyzer/protocol/ppp_serial/PPPSerial.cc b/src/packet_analysis/protocol/ppp_serial/PPPSerial.cc similarity index 62% rename from src/llanalyzer/protocol/ppp_serial/PPPSerial.cc rename to src/packet_analysis/protocol/ppp_serial/PPPSerial.cc index a250210113..b4019a74a4 100644 --- a/src/llanalyzer/protocol/ppp_serial/PPPSerial.cc +++ b/src/packet_analysis/protocol/ppp_serial/PPPSerial.cc @@ -3,14 +3,14 @@ #include "PPPSerial.h" #include "NetVar.h" -using namespace zeek::llanalyzer::PPPSerial; +using namespace zeek::packet_analysis::PPPSerial; PPPSerialAnalyzer::PPPSerialAnalyzer() - : zeek::llanalyzer::Analyzer("PPPSerial") + : zeek::packet_analysis::Analyzer("PPPSerial") { } -std::tuple PPPSerialAnalyzer::Analyze(Packet* packet) +std::tuple PPPSerialAnalyzer::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; diff --git a/src/llanalyzer/protocol/ppp_serial/PPPSerial.h b/src/packet_analysis/protocol/ppp_serial/PPPSerial.h similarity index 75% rename from src/llanalyzer/protocol/ppp_serial/PPPSerial.h rename to src/packet_analysis/protocol/ppp_serial/PPPSerial.h index 030b8801fa..76e7dcd8b9 100644 --- a/src/llanalyzer/protocol/ppp_serial/PPPSerial.h +++ b/src/packet_analysis/protocol/ppp_serial/PPPSerial.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::PPPSerial { +namespace zeek::packet_analysis::PPPSerial { class PPPSerialAnalyzer : public Analyzer { public: diff --git a/src/packet_analysis/protocol/ppp_serial/Plugin.cc b/src/packet_analysis/protocol/ppp_serial/Plugin.cc new file mode 100644 index 0000000000..e45923c311 --- /dev/null +++ b/src/packet_analysis/protocol/ppp_serial/Plugin.cc @@ -0,0 +1,24 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#include "PPPSerial.h" +#include "plugin/Plugin.h" +#include "packet_analysis/Component.h" + +namespace zeek::plugin::Zeek_PPPSerial { + +class Plugin : public zeek::plugin::Plugin { +public: + zeek::plugin::Configuration Configure() + { + AddComponent(new zeek::packet_analysis::Component("PPPSerial", + zeek::packet_analysis::PPPSerial::PPPSerialAnalyzer::Instantiate)); + + zeek::plugin::Configuration config; + config.name = "Zeek::PPPSerial"; + config.description = "PPPSerial packet analyzer"; + return config; + } + +} plugin; + +} diff --git a/src/llanalyzer/protocol/pppoe/CMakeLists.txt b/src/packet_analysis/protocol/pppoe/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/pppoe/CMakeLists.txt rename to src/packet_analysis/protocol/pppoe/CMakeLists.txt diff --git a/src/llanalyzer/protocol/pppoe/PPPoE.cc b/src/packet_analysis/protocol/pppoe/PPPoE.cc similarity index 70% rename from src/llanalyzer/protocol/pppoe/PPPoE.cc rename to src/packet_analysis/protocol/pppoe/PPPoE.cc index 903e5ab07b..282e341cde 100644 --- a/src/llanalyzer/protocol/pppoe/PPPoE.cc +++ b/src/packet_analysis/protocol/pppoe/PPPoE.cc @@ -3,14 +3,14 @@ #include "PPPoE.h" #include "NetVar.h" -using namespace zeek::llanalyzer::PPPoE; +using namespace zeek::packet_analysis::PPPoE; PPPoEAnalyzer::PPPoEAnalyzer() - : zeek::llanalyzer::Analyzer("PPPoE") + : zeek::packet_analysis::Analyzer("PPPoE") { } -std::tuple PPPoEAnalyzer::Analyze(Packet* packet) +std::tuple PPPoEAnalyzer::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; diff --git a/src/llanalyzer/protocol/pppoe/PPPoE.h b/src/packet_analysis/protocol/pppoe/PPPoE.h similarity index 75% rename from src/llanalyzer/protocol/pppoe/PPPoE.h rename to src/packet_analysis/protocol/pppoe/PPPoE.h index cbeeda160f..3a979af8a1 100644 --- a/src/llanalyzer/protocol/pppoe/PPPoE.h +++ b/src/packet_analysis/protocol/pppoe/PPPoE.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::PPPoE { +namespace zeek::packet_analysis::PPPoE { class PPPoEAnalyzer : public Analyzer { public: diff --git a/src/llanalyzer/protocol/pppoe/Plugin.cc b/src/packet_analysis/protocol/pppoe/Plugin.cc similarity index 50% rename from src/llanalyzer/protocol/pppoe/Plugin.cc rename to src/packet_analysis/protocol/pppoe/Plugin.cc index 95883f51ca..b70e7e5af1 100644 --- a/src/llanalyzer/protocol/pppoe/Plugin.cc +++ b/src/packet_analysis/protocol/pppoe/Plugin.cc @@ -2,20 +2,20 @@ #include "PPPoE.h" #include "plugin/Plugin.h" -#include "llanalyzer/Component.h" +#include "packet_analysis/Component.h" -namespace zeek::plugin::LLAnalyzer_PPPoE { +namespace zeek::plugin::Zeek_PPPoE { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() { - AddComponent(new zeek::llanalyzer::Component("PPPoE", - zeek::llanalyzer::PPPoE::PPPoEAnalyzer::Instantiate)); + AddComponent(new zeek::packet_analysis::Component("PPPoE", + zeek::packet_analysis::PPPoE::PPPoEAnalyzer::Instantiate)); zeek::plugin::Configuration config; - config.name = "LLAnalyzer::PPPoE"; - config.description = "PPPoE LL-Analyzer"; + config.name = "Zeek::PPPoE"; + config.description = "PPPoE packet analyzer"; return config; } diff --git a/src/llanalyzer/protocol/vlan/CMakeLists.txt b/src/packet_analysis/protocol/vlan/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/vlan/CMakeLists.txt rename to src/packet_analysis/protocol/vlan/CMakeLists.txt diff --git a/src/llanalyzer/protocol/vlan/Plugin.cc b/src/packet_analysis/protocol/vlan/Plugin.cc similarity index 50% rename from src/llanalyzer/protocol/vlan/Plugin.cc rename to src/packet_analysis/protocol/vlan/Plugin.cc index 8e4da160d7..7a6222c9b3 100644 --- a/src/llanalyzer/protocol/vlan/Plugin.cc +++ b/src/packet_analysis/protocol/vlan/Plugin.cc @@ -2,20 +2,20 @@ #include "VLAN.h" #include "plugin/Plugin.h" -#include "llanalyzer/Component.h" +#include "packet_analysis/Component.h" -namespace zeek::plugin::LLAnalyzer_VLAN { +namespace zeek::plugin::Zeek_VLAN { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() { - AddComponent(new zeek::llanalyzer::Component("VLAN", - zeek::llanalyzer::VLAN::VLANAnalyzer::Instantiate)); + AddComponent(new zeek::packet_analysis::Component("VLAN", + zeek::packet_analysis::VLAN::VLANAnalyzer::Instantiate)); zeek::plugin::Configuration config; - config.name = "LLAnalyzer::VLAN"; - config.description = "VLAN LL-Analyzer"; + config.name = "Zeek::VLAN"; + config.description = "VLAN packet analyzer"; return config; } diff --git a/src/llanalyzer/protocol/vlan/VLAN.cc b/src/packet_analysis/protocol/vlan/VLAN.cc similarity index 74% rename from src/llanalyzer/protocol/vlan/VLAN.cc rename to src/packet_analysis/protocol/vlan/VLAN.cc index e1cfb7c056..24f23b14b1 100644 --- a/src/llanalyzer/protocol/vlan/VLAN.cc +++ b/src/packet_analysis/protocol/vlan/VLAN.cc @@ -3,14 +3,14 @@ #include "VLAN.h" #include "NetVar.h" -using namespace zeek::llanalyzer::VLAN; +using namespace zeek::packet_analysis::VLAN; VLANAnalyzer::VLANAnalyzer() - : zeek::llanalyzer::Analyzer("VLAN") + : zeek::packet_analysis::Analyzer("VLAN") { } -std::tuple VLANAnalyzer::Analyze(Packet* packet) +std::tuple VLANAnalyzer::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; diff --git a/src/llanalyzer/protocol/vlan/VLAN.h b/src/packet_analysis/protocol/vlan/VLAN.h similarity index 74% rename from src/llanalyzer/protocol/vlan/VLAN.h rename to src/packet_analysis/protocol/vlan/VLAN.h index 1f7532b940..8f64e0ec64 100644 --- a/src/llanalyzer/protocol/vlan/VLAN.h +++ b/src/packet_analysis/protocol/vlan/VLAN.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::VLAN { +namespace zeek::packet_analysis::VLAN { class VLANAnalyzer : public Analyzer { public: diff --git a/src/llanalyzer/protocol/wrapper/CMakeLists.txt b/src/packet_analysis/protocol/wrapper/CMakeLists.txt similarity index 100% rename from src/llanalyzer/protocol/wrapper/CMakeLists.txt rename to src/packet_analysis/protocol/wrapper/CMakeLists.txt diff --git a/src/llanalyzer/protocol/wrapper/Plugin.cc b/src/packet_analysis/protocol/wrapper/Plugin.cc similarity index 64% rename from src/llanalyzer/protocol/wrapper/Plugin.cc rename to src/packet_analysis/protocol/wrapper/Plugin.cc index 36baa8a6dd..45be64498e 100644 --- a/src/llanalyzer/protocol/wrapper/Plugin.cc +++ b/src/packet_analysis/protocol/wrapper/Plugin.cc @@ -2,7 +2,7 @@ #include "Wrapper.h" #include "plugin/Plugin.h" -#include "llanalyzer/Component.h" +#include "packet_analysis/Component.h" namespace zeek::plugin::LLAnalyzer { @@ -10,11 +10,11 @@ class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() { - AddComponent(new zeek::llanalyzer::Component("Wrapper", - zeek::llanalyzer::Wrapper::WrapperAnalyzer::Instantiate)); + AddComponent(new zeek::packet_analysis::Component("Wrapper", + zeek::packet_analysis::Wrapper::WrapperAnalyzer::Instantiate)); zeek::plugin::Configuration config; - config.name = "LLAnalyzer::Wrapper"; + config.name = "Zeek::Wrapper"; config.description = "A wrapper for the original zeek code."; return config; } diff --git a/src/llanalyzer/protocol/wrapper/Wrapper.cc b/src/packet_analysis/protocol/wrapper/Wrapper.cc similarity index 94% rename from src/llanalyzer/protocol/wrapper/Wrapper.cc rename to src/packet_analysis/protocol/wrapper/Wrapper.cc index b14d34e953..4a92504e5a 100644 --- a/src/llanalyzer/protocol/wrapper/Wrapper.cc +++ b/src/packet_analysis/protocol/wrapper/Wrapper.cc @@ -3,14 +3,14 @@ #include "Wrapper.h" #include "NetVar.h" -using namespace zeek::llanalyzer::Wrapper; +using namespace zeek::packet_analysis::Wrapper; WrapperAnalyzer::WrapperAnalyzer() - : zeek::llanalyzer::Analyzer("Wrapper") + : zeek::packet_analysis::Analyzer("Wrapper") { } -std::tuple WrapperAnalyzer::Analyze(Packet* packet) +std::tuple WrapperAnalyzer::Analyze(Packet* packet) { // Unfortunately some packets on the link might have MPLS labels // while others don't. That means we need to ask the link-layer if diff --git a/src/llanalyzer/protocol/wrapper/Wrapper.h b/src/packet_analysis/protocol/wrapper/Wrapper.h similarity index 74% rename from src/llanalyzer/protocol/wrapper/Wrapper.h rename to src/packet_analysis/protocol/wrapper/Wrapper.h index 74d257c052..b8403e297e 100644 --- a/src/llanalyzer/protocol/wrapper/Wrapper.h +++ b/src/packet_analysis/protocol/wrapper/Wrapper.h @@ -2,10 +2,10 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::Wrapper { +namespace zeek::packet_analysis::Wrapper { class WrapperAnalyzer : public Analyzer { public: diff --git a/src/plugin/Component.cc b/src/plugin/Component.cc index 7be5d465d0..a0bc21cfb8 100644 --- a/src/plugin/Component.cc +++ b/src/plugin/Component.cc @@ -46,8 +46,8 @@ void Component::Describe(ODesc* d) const d->Add("Analyzer"); break; - case component::LLANALYZER: - d->Add("Low-Layer Analyzer"); + case component::PACKET_ANALYZER: + d->Add("Packet Analyzer"); break; case component::FILE_ANALYZER: diff --git a/src/plugin/Component.h b/src/plugin/Component.h index 6d069e6edf..52068f68ce 100644 --- a/src/plugin/Component.h +++ b/src/plugin/Component.h @@ -15,14 +15,14 @@ namespace component { * Component types. */ enum Type { - READER, /// An input reader (not currently used). - WRITER, /// A logging writer (not currenly used). - ANALYZER, /// A protocol analyzer. - LLANALYZER, /// A low layer protocol analyzer. - FILE_ANALYZER, /// A file analyzer. - IOSOURCE, /// An I/O source, excluding packet sources. - PKTSRC, /// A packet source. - PKTDUMPER /// A packet dumper. + READER, /// An input reader (not currently used). + WRITER, /// A logging writer (not currently used). + ANALYZER, /// A protocol analyzer. + PACKET_ANALYZER, /// A packet analyzer. + FILE_ANALYZER, /// A file analyzer. + IOSOURCE, /// An I/O source, excluding packet sources. + PKTSRC, /// A packet source. + PKTDUMPER /// A packet dumper. }; } // namespace component diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc index a3d7418226..c748e02d84 100644 --- a/src/zeek-setup.cc +++ b/src/zeek-setup.cc @@ -55,7 +55,7 @@ extern "C" { #include "input/readers/raw/Raw.h" #include "analyzer/Manager.h" #include "analyzer/Tag.h" -#include "llanalyzer/Manager.h" +#include "packet_analysis/Manager.h" #include "plugin/Manager.h" #include "file_analysis/Manager.h" #include "zeekygen/Manager.h" @@ -93,7 +93,7 @@ zeek::ValManager* zeek::val_mgr = nullptr; zeek::ValManager*& val_mgr = zeek::val_mgr; zeek::analyzer::Manager* zeek::analyzer_mgr = nullptr; zeek::analyzer::Manager*& analyzer_mgr = zeek::analyzer_mgr; -zeek::llanalyzer::Manager* llanalyzer_mgr = nullptr; +zeek::packet_analysis::Manager* packet_mgr = nullptr; zeek::plugin::Manager* zeek::plugin_mgr = nullptr; zeek::plugin::Manager*& plugin_mgr = zeek::plugin_mgr; @@ -267,7 +267,7 @@ static void done_with_network() run_state::terminating = true; analyzer_mgr->Done(); - llanalyzer_mgr->Done(); + packet_mgr->Done(); timer_mgr->Expire(); dns_mgr->Flush(); event_mgr.Drain(); @@ -338,7 +338,7 @@ static void terminate_bro() delete zeekygen_mgr; delete analyzer_mgr; - delete llanalyzer_mgr; + delete packet_mgr; delete file_mgr; // broker_mgr, timer_mgr, and supervisor are deleted via iosource_mgr delete iosource_mgr; @@ -585,7 +585,7 @@ SetupResult setup(int argc, char** argv, Options* zopts) iosource_mgr = new iosource::Manager(); event_registry = new EventRegistry(); analyzer_mgr = new analyzer::Manager(); - llanalyzer_mgr = new llanalyzer::Manager(); + packet_mgr = new packet_analysis::Manager(); log_mgr = new logging::Manager(); input_mgr = new input::Manager(); file_mgr = new file_analysis::Manager(); @@ -694,7 +694,7 @@ SetupResult setup(int argc, char** argv, Options* zopts) } analyzer_mgr->InitPostScript(); - llanalyzer_mgr->InitPostScript(); + packet_mgr->InitPostScript(); file_mgr->InitPostScript(); dns_mgr->InitPostScript(); @@ -895,7 +895,7 @@ SetupResult setup(int argc, char** argv, Options* zopts) broker_mgr->ZeekInitDone(); reporter->ZeekInitDone(); analyzer_mgr->DumpDebug(); - llanalyzer_mgr->DumpDebug(); + packet_mgr->DumpDebug(); run_state::detail::have_pending_timers = ! run_state::reading_traces && timer_mgr->Size() > 0; diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index d125d897ec..96865c911b 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -283,7 +283,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1600793171.441844, node=zeek, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1600793375.962139, node=zeek, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> @@ -464,7 +464,7 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1600793171.441844, node=zeek, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1600793375.962139, node=zeek, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> 0.000000 MetaHookPost CallFunction(NetControl::init, , ()) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> @@ -861,7 +861,6 @@ 0.000000 MetaHookPost LoadFile(0, base<...>/irc) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/krb) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/linux_sll) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/llprotocols) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/logging) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/logging.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/main.zeek) -> -1 @@ -879,6 +878,7 @@ 0.000000 MetaHookPost LoadFile(0, base<...>/openflow) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/option.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/packet-filter) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/packet-protocols) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/paths.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/patterns.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/pe) -> -1 @@ -1225,7 +1225,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1600793171.441844, node=zeek, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1600793375.962139, node=zeek, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) @@ -1406,7 +1406,7 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1600793171.441844, node=zeek, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1600793375.962139, node=zeek, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ()) 0.000000 MetaHookPre CallFunction(NetControl::init, , ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) @@ -1803,7 +1803,6 @@ 0.000000 MetaHookPre LoadFile(0, base<...>/irc) 0.000000 MetaHookPre LoadFile(0, base<...>/krb) 0.000000 MetaHookPre LoadFile(0, base<...>/linux_sll) -0.000000 MetaHookPre LoadFile(0, base<...>/llprotocols) 0.000000 MetaHookPre LoadFile(0, base<...>/logging) 0.000000 MetaHookPre LoadFile(0, base<...>/logging.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/main.zeek) @@ -1821,6 +1820,7 @@ 0.000000 MetaHookPre LoadFile(0, base<...>/openflow) 0.000000 MetaHookPre LoadFile(0, base<...>/option.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/packet-filter) +0.000000 MetaHookPre LoadFile(0, base<...>/packet-protocols) 0.000000 MetaHookPre LoadFile(0, base<...>/paths.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/patterns.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/pe) @@ -2166,7 +2166,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1600793171.441844, node=zeek, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1600793375.962139, node=zeek, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) @@ -2347,7 +2347,7 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1600793171.441844, node=zeek, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1600793375.962139, node=zeek, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction NetControl::check_plugins() 0.000000 | HookCallFunction NetControl::init() 0.000000 | HookCallFunction Notice::want_pp() @@ -2756,7 +2756,6 @@ 0.000000 | HookLoadFile base<...>/irc 0.000000 | HookLoadFile base<...>/krb 0.000000 | HookLoadFile base<...>/linux_sll -0.000000 | HookLoadFile base<...>/llprotocols 0.000000 | HookLoadFile base<...>/logging 0.000000 | HookLoadFile base<...>/logging.bif.zeek 0.000000 | HookLoadFile base<...>/main.zeek @@ -2774,6 +2773,7 @@ 0.000000 | HookLoadFile base<...>/openflow 0.000000 | HookLoadFile base<...>/option.bif.zeek 0.000000 | HookLoadFile base<...>/packet-filter +0.000000 | HookLoadFile base<...>/packet-protocols 0.000000 | HookLoadFile base<...>/paths.zeek 0.000000 | HookLoadFile base<...>/patterns.zeek 0.000000 | HookLoadFile base<...>/pe @@ -2819,7 +2819,7 @@ 0.000000 | HookLoadFile base<...>/xmpp 0.000000 | HookLoadFile base<...>/zeek.bif.zeek 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} -0.000000 | HookLogWrite packet_filter [ts=1600793171.441844, node=zeek, filter=ip or not ip, init=T, success=T] +0.000000 | HookLogWrite packet_filter [ts=1600793375.962139, node=zeek, filter=ip or not ip, init=T, success=T] 0.000000 | HookQueueEvent NetControl::init() 0.000000 | HookQueueEvent filter_change_tracking() 0.000000 | HookQueueEvent zeek_init() diff --git a/testing/btest/Baseline/plugins.ll-protocol/output b/testing/btest/Baseline/plugins.packet-protocol/output similarity index 65% rename from testing/btest/Baseline/plugins.ll-protocol/output rename to testing/btest/Baseline/plugins.packet-protocol/output index 578a37577d..42fd1cea42 100644 --- a/testing/btest/Baseline/plugins.ll-protocol/output +++ b/testing/btest/Baseline/plugins.packet-protocol/output @@ -1,5 +1,5 @@ -LLDemo::Bar - A Bar LL-test-analyzer. (dynamic, version 1.0.0) - [Low-Layer Analyzer] Bar (LLANALYZER_BAR, enabled) +PacketDemo::Bar - A Bar packet analyzer. (dynamic, version 1.0.0) + [Packet Analyzer] Bar (ANALYZER_BAR, enabled) [Event] bar_message === diff --git a/testing/btest/plugins/ll-protocol-plugin/scripts/LLDemo/Bar/base/main.zeek b/testing/btest/plugins/ll-protocol-plugin/scripts/LLDemo/Bar/base/main.zeek deleted file mode 100644 index 031bd4f058..0000000000 --- a/testing/btest/plugins/ll-protocol-plugin/scripts/LLDemo/Bar/base/main.zeek +++ /dev/null @@ -1,5 +0,0 @@ -module LL_BAR; - -redef LLAnalyzer::config_map += { - LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=1501, $analyzer=LLAnalyzer::LLANALYZER_BAR), -}; diff --git a/testing/btest/plugins/ll-protocol-plugin/scripts/__load__.zeek b/testing/btest/plugins/ll-protocol-plugin/scripts/__load__.zeek deleted file mode 100644 index 697ab585a1..0000000000 --- a/testing/btest/plugins/ll-protocol-plugin/scripts/__load__.zeek +++ /dev/null @@ -1 +0,0 @@ -@load LLDemo/Bar/base/main diff --git a/testing/btest/plugins/ll-protocol-plugin/.btest-ignore b/testing/btest/plugins/packet-protocol-plugin/.btest-ignore similarity index 100% rename from testing/btest/plugins/ll-protocol-plugin/.btest-ignore rename to testing/btest/plugins/packet-protocol-plugin/.btest-ignore diff --git a/testing/btest/plugins/ll-protocol-plugin/CMakeLists.txt b/testing/btest/plugins/packet-protocol-plugin/CMakeLists.txt similarity index 80% rename from testing/btest/plugins/ll-protocol-plugin/CMakeLists.txt rename to testing/btest/plugins/packet-protocol-plugin/CMakeLists.txt index 7f11aa11e7..a642f8ca01 100644 --- a/testing/btest/plugins/ll-protocol-plugin/CMakeLists.txt +++ b/testing/btest/plugins/packet-protocol-plugin/CMakeLists.txt @@ -1,5 +1,5 @@ -project(Zeek-LL-Plugin-Demo-Bar) +project(Zeek-Packet-Plugin-Demo-Bar) cmake_minimum_required(VERSION 2.6.3) @@ -11,7 +11,7 @@ set(CMAKE_MODULE_PATH ${ZEEK_DIST}/cmake) include(ZeekPlugin) -zeek_plugin_begin(LLDemo Bar) +zeek_plugin_begin(PacketDemo Bar) zeek_plugin_cc(src/Plugin.cc) zeek_plugin_cc(src/Bar.cc) zeek_plugin_bif(src/events.bif) diff --git a/testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/Bar/base/main.zeek b/testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/Bar/base/main.zeek new file mode 100644 index 0000000000..a0c4fa6757 --- /dev/null +++ b/testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/Bar/base/main.zeek @@ -0,0 +1,5 @@ +module Packet_BAR; + +redef PacketAnalyzer::config_map += { + PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=1501, $analyzer=PacketAnalyzer::ANALYZER_BAR), +}; diff --git a/testing/btest/plugins/packet-protocol-plugin/scripts/__load__.zeek b/testing/btest/plugins/packet-protocol-plugin/scripts/__load__.zeek new file mode 100644 index 0000000000..deb0a01443 --- /dev/null +++ b/testing/btest/plugins/packet-protocol-plugin/scripts/__load__.zeek @@ -0,0 +1 @@ +@load PacketDemo/Bar/base/main diff --git a/testing/btest/plugins/ll-protocol-plugin/src/Bar.cc b/testing/btest/plugins/packet-protocol-plugin/src/Bar.cc similarity index 73% rename from testing/btest/plugins/ll-protocol-plugin/src/Bar.cc rename to testing/btest/plugins/packet-protocol-plugin/src/Bar.cc index 93c8b87dc0..14308d2339 100644 --- a/testing/btest/plugins/ll-protocol-plugin/src/Bar.cc +++ b/testing/btest/plugins/packet-protocol-plugin/src/Bar.cc @@ -3,14 +3,14 @@ #include "Val.h" #include "events.bif.h" -using namespace zeek::llanalyzer::LLDemo; +using namespace zeek::packet_analysis::PacketDemo; Bar::Bar() - : zeek::llanalyzer::Analyzer("Bar") + : zeek::packet_analysis::Analyzer("Bar") { } -std::tuple Bar::Analyze(Packet* packet) +std::tuple Bar::Analyze(Packet* packet) { auto& pdata = packet->cur_pos; auto end_of_data = packet->GetEndOfData(); diff --git a/testing/btest/plugins/ll-protocol-plugin/src/Bar.h b/testing/btest/plugins/packet-protocol-plugin/src/Bar.h similarity index 65% rename from testing/btest/plugins/ll-protocol-plugin/src/Bar.h rename to testing/btest/plugins/packet-protocol-plugin/src/Bar.h index 24f0a0856c..125e8883c1 100644 --- a/testing/btest/plugins/ll-protocol-plugin/src/Bar.h +++ b/testing/btest/plugins/packet-protocol-plugin/src/Bar.h @@ -1,9 +1,9 @@ #pragma once -#include -#include +#include +#include -namespace zeek::llanalyzer::LLDemo { +namespace zeek::packet_analysis::PacketDemo { class Bar : public Analyzer { public: diff --git a/testing/btest/plugins/ll-protocol-plugin/src/Plugin.cc b/testing/btest/plugins/packet-protocol-plugin/src/Plugin.cc similarity index 50% rename from testing/btest/plugins/ll-protocol-plugin/src/Plugin.cc rename to testing/btest/plugins/packet-protocol-plugin/src/Plugin.cc index 4e0b7bc451..80032ea5f5 100644 --- a/testing/btest/plugins/ll-protocol-plugin/src/Plugin.cc +++ b/testing/btest/plugins/packet-protocol-plugin/src/Plugin.cc @@ -1,21 +1,21 @@ #include "Plugin.h" -#include "llanalyzer/Component.h" +#include "packet_analysis/Component.h" #include "Bar.h" -namespace zeek::plugin::LLDemo_Bar { +namespace zeek::plugin::PacketDemo_Bar { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() { - AddComponent(new zeek::llanalyzer::Component("Bar", - zeek::llanalyzer::LLDemo::Bar::Instantiate)); + AddComponent(new zeek::packet_analysis::Component("Bar", + zeek::packet_analysis::PacketDemo::Bar::Instantiate)); zeek::plugin::Configuration config; - config.name = "LLDemo::Bar"; - config.description = "A Bar LL-test-analyzer."; + config.name = "PacketDemo::Bar"; + config.description = "A Bar packet analyzer."; config.version.major = 1; config.version.minor = 0; config.version.patch = 0; diff --git a/testing/btest/plugins/ll-protocol-plugin/src/events.bif b/testing/btest/plugins/packet-protocol-plugin/src/events.bif similarity index 100% rename from testing/btest/plugins/ll-protocol-plugin/src/events.bif rename to testing/btest/plugins/packet-protocol-plugin/src/events.bif diff --git a/testing/btest/plugins/ll-protocol.zeek b/testing/btest/plugins/packet-protocol.zeek similarity index 75% rename from testing/btest/plugins/ll-protocol.zeek rename to testing/btest/plugins/packet-protocol.zeek index 125daba230..d4f351f2fe 100644 --- a/testing/btest/plugins/ll-protocol.zeek +++ b/testing/btest/plugins/packet-protocol.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . LLDemo Bar -# @TEST-EXEC: cp -r %DIR/ll-protocol-plugin/* . +# @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . PacketDemo Bar +# @TEST-EXEC: cp -r %DIR/packet-protocol-plugin/* . # @TEST-EXEC: ./configure --zeek-dist=${DIST} && make -# @TEST-EXEC: ZEEK_PLUGIN_PATH=`pwd` zeek -NN LLDemo::Bar >>output +# @TEST-EXEC: ZEEK_PLUGIN_PATH=`pwd` zeek -NN PacketDemo::Bar >>output # @TEST-EXEC: echo === >>output # @TEST-EXEC: ZEEK_PLUGIN_PATH=`pwd` zeek -r $TRACES/raw_packets.trace %INPUT >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output