mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 09:08:20 +00:00
Renamed LL-Analyzers to Packet Analyzers.
This commit is contained in:
Jan Grashoefer
Tim Wojtulewicz
parent
b2e6c9ac9a
commit
e53ec46c23
148 changed files with 587 additions and 587 deletions
|
|
@ -5342,29 +5342,29 @@ event net_done(t: time)
|
|||
@if ( __init_primary_bifs() )
|
||||
@endif
|
||||
|
||||
module LLAnalyzer;
|
||||
module PacketAnalyzer;
|
||||
|
||||
# Defines a mapping for the LLAnalyzer's configuration tree. This
|
||||
# Defines a mapping for the PacketAnalyzer's configuration tree. This
|
||||
# maps from a parent analyzer to a child analyzer through a numeric
|
||||
# identifier.
|
||||
export {
|
||||
type ConfigEntry : record {
|
||||
# The parent analyzer. This analyzer will check for the *identifier* in the
|
||||
# packet data to know whether to call the next analyzer. This field is optional.
|
||||
# If it is not included, the identifier will attach to the "root" analyzer. This
|
||||
# means that the identifier will be searched for the initial packet header instead
|
||||
# of later headers.
|
||||
parent : LLAnalyzer::Tag &optional;
|
||||
# If it is not included, the identifier will attach to the "root" analyzer. The
|
||||
# root analyzer uses the link layer identifier provided by the packet source to
|
||||
# determine the protocol for the initial packet header.
|
||||
parent : PacketAnalyzer::Tag &optional;
|
||||
|
||||
# A numeric identifier that can be found in the packet data that denotes an
|
||||
# analyzer should be called.
|
||||
# A numeric identifier, which can be found in the packet data, that denotes the
|
||||
# encapsulated protocol.
|
||||
identifier : count;
|
||||
|
||||
# The analyzer that corresponds to the above identifier.
|
||||
analyzer : LLAnalyzer::Tag;
|
||||
analyzer : PacketAnalyzer::Tag;
|
||||
};
|
||||
|
||||
const config_map : vector of LLAnalyzer::ConfigEntry &redef;
|
||||
const config_map : vector of PacketAnalyzer::ConfigEntry &redef;
|
||||
}
|
||||
|
||||
@load base/llprotocols
|
||||
@load base/packet-protocols
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
@load base/llprotocols/default
|
||||
@load base/llprotocols/ethernet
|
||||
@load base/llprotocols/fddi
|
||||
@load base/llprotocols/ieee802_11
|
||||
@load base/llprotocols/ieee802_11_radio
|
||||
@load base/llprotocols/linux_sll
|
||||
@load base/llprotocols/nflog
|
||||
@load base/llprotocols/null
|
||||
@load base/llprotocols/ppp_serial
|
||||
@load base/llprotocols/pppoe
|
||||
@load base/llprotocols/vlan
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
module LL_DEFAULT;
|
||||
|
||||
redef LLAnalyzer::config_map += {
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_DEFAULTANALYZER, $identifier=4, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_DEFAULTANALYZER, $identifier=6, $analyzer=LLAnalyzer::LLANALYZER_IPV6)
|
||||
};
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
module LL_ETHERNET;
|
||||
|
||||
const DLT_EN10MB : count = 1;
|
||||
|
||||
redef LLAnalyzer::config_map += {
|
||||
LLAnalyzer::ConfigEntry($identifier=DLT_EN10MB, $analyzer=LLAnalyzer::LLANALYZER_ETHERNET),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8847, $analyzer=LLAnalyzer::LLANALYZER_MPLS),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8100, $analyzer=LLAnalyzer::LLANALYZER_VLAN),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x88A8, $analyzer=LLAnalyzer::LLANALYZER_VLAN),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x9100, $analyzer=LLAnalyzer::LLANALYZER_VLAN),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8864, $analyzer=LLAnalyzer::LLANALYZER_PPPOE)
|
||||
};
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
module LL_FDDI;
|
||||
|
||||
const DLT_FDDI : count = 10;
|
||||
|
||||
redef LLAnalyzer::config_map += {
|
||||
LLAnalyzer::ConfigEntry($identifier=DLT_FDDI, $analyzer=LLAnalyzer::LLANALYZER_FDDI)
|
||||
};
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
module LL_IEEE802_11;
|
||||
|
||||
const DLT_IEEE802_11 : count = 105;
|
||||
|
||||
redef LLAnalyzer::config_map += {
|
||||
LLAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11, $analyzer=LLAnalyzer::LLANALYZER_IEEE802_11),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP)
|
||||
};
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
module LL_IEEE802_11_RADIO;
|
||||
|
||||
const DLT_IEEE802_11_RADIO : count = 127;
|
||||
const DLT_IEEE802_11 : count = 105;
|
||||
|
||||
redef LLAnalyzer::config_map += {
|
||||
LLAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11_RADIO, $analyzer=LLAnalyzer::LLANALYZER_IEEE802_11_RADIO),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11_RADIO, $identifier=DLT_IEEE802_11, $analyzer=LLAnalyzer::LLANALYZER_IEEE802_11)
|
||||
};
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
module LL_LINUX_SLL;
|
||||
|
||||
const DLT_LINUX_SLL : count = 113;
|
||||
|
||||
redef LLAnalyzer::config_map += {
|
||||
LLAnalyzer::ConfigEntry($identifier=DLT_LINUX_SLL, $analyzer=LLAnalyzer::LLANALYZER_LINUXSLL),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP),
|
||||
# RARP
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP)
|
||||
};
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
module LL_NFLOG;
|
||||
|
||||
const DLT_NFLOG : count = 239;
|
||||
const AF_INET : count = 2;
|
||||
const AF_INET6 : count = 10;
|
||||
|
||||
redef LLAnalyzer::config_map += {
|
||||
LLAnalyzer::ConfigEntry($identifier=DLT_NFLOG, $analyzer=LLAnalyzer::LLANALYZER_NFLOG),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NFLOG, $identifier=AF_INET, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NFLOG, $identifier=AF_INET6, $analyzer=LLAnalyzer::LLANALYZER_IPV6)
|
||||
};
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
module LL_NULL;
|
||||
|
||||
const DLT_NULL : count = 0;
|
||||
const AF_INET : count = 2;
|
||||
const AF_INET6 : count = 10;
|
||||
|
||||
redef LLAnalyzer::config_map += {
|
||||
LLAnalyzer::ConfigEntry($identifier=DLT_NULL, $analyzer=LLAnalyzer::LLANALYZER_NULL),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=AF_INET, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
|
||||
|
||||
## From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different values in
|
||||
## {NetBSD,OpenBSD,BSD/OS}, {FreeBSD,DragonFlyBSD}, and {Darwin/Mac OS X}, so an IPv6
|
||||
## packet might have a link-layer header with 24, 28, or 30 as the AF_ value. As we
|
||||
## may be reading traces captured on platforms other than what we're running on, we
|
||||
## accept them all here.
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=24, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=28, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=30, $analyzer=LLAnalyzer::LLANALYZER_IPV6)
|
||||
};
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
module LL_PPP_SERIAL;
|
||||
|
||||
const DLT_PPP_SERIAL : count = 50;
|
||||
|
||||
redef LLAnalyzer::config_map += {
|
||||
LLAnalyzer::ConfigEntry($identifier=DLT_PPP_SERIAL, $analyzer=LLAnalyzer::LLANALYZER_PPPSERIAL),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPSERIAL, $identifier=0x0281, $analyzer=LLAnalyzer::LLANALYZER_MPLS),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPSERIAL, $identifier=0x0021, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPSERIAL, $identifier=0x0057, $analyzer=LLAnalyzer::LLANALYZER_IPV6)
|
||||
};
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
module LL_PPPOE;
|
||||
|
||||
redef LLAnalyzer::config_map += {
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPOE, $identifier=0x0021, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPOE, $identifier=0x0057, $analyzer=LLAnalyzer::LLANALYZER_IPV6)
|
||||
};
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
module LL_VLAN;
|
||||
|
||||
redef LLAnalyzer::config_map += {
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8847, $analyzer=LLAnalyzer::LLANALYZER_MPLS),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8100, $analyzer=LLAnalyzer::LLANALYZER_VLAN),
|
||||
LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8864, $analyzer=LLAnalyzer::LLANALYZER_PPPOE)
|
||||
};
|
||||
11
scripts/base/packet-protocols/__load__.zeek
Normal file
11
scripts/base/packet-protocols/__load__.zeek
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
@load base/packet-protocols/default
|
||||
@load base/packet-protocols/ethernet
|
||||
@load base/packet-protocols/fddi
|
||||
@load base/packet-protocols/ieee802_11
|
||||
@load base/packet-protocols/ieee802_11_radio
|
||||
@load base/packet-protocols/linux_sll
|
||||
@load base/packet-protocols/nflog
|
||||
@load base/packet-protocols/null
|
||||
@load base/packet-protocols/ppp_serial
|
||||
@load base/packet-protocols/pppoe
|
||||
@load base/packet-protocols/vlan
|
||||
6
scripts/base/packet-protocols/default/main.zeek
Normal file
6
scripts/base/packet-protocols/default/main.zeek
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
module LL_DEFAULT;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=4, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
|
||||
};
|
||||
16
scripts/base/packet-protocols/ethernet/main.zeek
Normal file
16
scripts/base/packet-protocols/ethernet/main.zeek
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
module LL_ETHERNET;
|
||||
|
||||
const DLT_EN10MB : count = 1;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($identifier=DLT_EN10MB, $analyzer=PacketAnalyzer::ANALYZER_ETHERNET),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8847, $analyzer=PacketAnalyzer::ANALYZER_MPLS),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x88A8, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x9100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE)
|
||||
};
|
||||
7
scripts/base/packet-protocols/fddi/main.zeek
Normal file
7
scripts/base/packet-protocols/fddi/main.zeek
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
module LL_FDDI;
|
||||
|
||||
const DLT_FDDI : count = 10;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($identifier=DLT_FDDI, $analyzer=PacketAnalyzer::ANALYZER_FDDI)
|
||||
};
|
||||
11
scripts/base/packet-protocols/ieee802_11/main.zeek
Normal file
11
scripts/base/packet-protocols/ieee802_11/main.zeek
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
module LL_IEEE802_11;
|
||||
|
||||
const DLT_IEEE802_11 : count = 105;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP)
|
||||
};
|
||||
9
scripts/base/packet-protocols/ieee802_11_radio/main.zeek
Normal file
9
scripts/base/packet-protocols/ieee802_11_radio/main.zeek
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
module LL_IEEE802_11_RADIO;
|
||||
|
||||
const DLT_IEEE802_11_RADIO : count = 127;
|
||||
const DLT_IEEE802_11 : count = 105;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11_RADIO, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, $identifier=DLT_IEEE802_11, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11)
|
||||
};
|
||||
12
scripts/base/packet-protocols/linux_sll/main.zeek
Normal file
12
scripts/base/packet-protocols/linux_sll/main.zeek
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
module LL_LINUX_SLL;
|
||||
|
||||
const DLT_LINUX_SLL : count = 113;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($identifier=DLT_LINUX_SLL, $analyzer=PacketAnalyzer::ANALYZER_LINUXSLL),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
|
||||
# RARP
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP)
|
||||
};
|
||||
11
scripts/base/packet-protocols/nflog/main.zeek
Normal file
11
scripts/base/packet-protocols/nflog/main.zeek
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
module LL_NFLOG;
|
||||
|
||||
const DLT_NFLOG : count = 239;
|
||||
const AF_INET : count = 2;
|
||||
const AF_INET6 : count = 10;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($identifier=DLT_NFLOG, $analyzer=PacketAnalyzer::ANALYZER_NFLOG),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NFLOG, $identifier=AF_INET, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NFLOG, $identifier=AF_INET6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
|
||||
};
|
||||
19
scripts/base/packet-protocols/null/main.zeek
Normal file
19
scripts/base/packet-protocols/null/main.zeek
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
module LL_NULL;
|
||||
|
||||
const DLT_NULL : count = 0;
|
||||
const AF_INET : count = 2;
|
||||
const AF_INET6 : count = 10;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($identifier=DLT_NULL, $analyzer=PacketAnalyzer::ANALYZER_NULL),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=AF_INET, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
|
||||
|
||||
## From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different values in
|
||||
## {NetBSD,OpenBSD,BSD/OS}, {FreeBSD,DragonFlyBSD}, and {Darwin/Mac OS X}, so an IPv6
|
||||
## packet might have a link-layer header with 24, 28, or 30 as the AF_ value. As we
|
||||
## may be reading traces captured on platforms other than what we're running on, we
|
||||
## accept them all here.
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=24, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=28, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=30, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
|
||||
};
|
||||
10
scripts/base/packet-protocols/ppp_serial/main.zeek
Normal file
10
scripts/base/packet-protocols/ppp_serial/main.zeek
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
module LL_PPP_SERIAL;
|
||||
|
||||
const DLT_PPP_SERIAL : count = 50;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($identifier=DLT_PPP_SERIAL, $analyzer=PacketAnalyzer::ANALYZER_PPPSERIAL),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0281, $analyzer=PacketAnalyzer::ANALYZER_MPLS),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0021, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0057, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
|
||||
};
|
||||
6
scripts/base/packet-protocols/pppoe/main.zeek
Normal file
6
scripts/base/packet-protocols/pppoe/main.zeek
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
module LL_PPPOE;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPOE, $identifier=0x0021, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPOE, $identifier=0x0057, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
|
||||
};
|
||||
11
scripts/base/packet-protocols/vlan/main.zeek
Normal file
11
scripts/base/packet-protocols/vlan/main.zeek
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
module LL_VLAN;
|
||||
|
||||
redef PacketAnalyzer::config_map += {
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8847, $analyzer=PacketAnalyzer::ANALYZER_MPLS),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
|
||||
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE)
|
||||
};
|
||||
Loading…
Add table
Add a link
Reference in a new issue