Renamed LL-Analyzers to Packet Analyzers.

scripts/base/packet-protocols/__load__.zeek

@@ -0,0 +1,11 @@
+@load base/packet-protocols/default
+@load base/packet-protocols/ethernet
+@load base/packet-protocols/fddi
+@load base/packet-protocols/ieee802_11
+@load base/packet-protocols/ieee802_11_radio
+@load base/packet-protocols/linux_sll
+@load base/packet-protocols/nflog
+@load base/packet-protocols/null
+@load base/packet-protocols/ppp_serial
+@load base/packet-protocols/pppoe
+@load base/packet-protocols/vlan

scripts/base/packet-protocols/default/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/default/main.zeek

@@ -0,0 +1,6 @@
+module LL_DEFAULT;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=4, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
+};

scripts/base/packet-protocols/ethernet/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/ethernet/main.zeek

@@ -0,0 +1,16 @@
+module LL_ETHERNET;
+
+const DLT_EN10MB : count = 1;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_EN10MB, $analyzer=PacketAnalyzer::ANALYZER_ETHERNET),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8847, $analyzer=PacketAnalyzer::ANALYZER_MPLS),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x88A8, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x9100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE)
+};

scripts/base/packet-protocols/fddi/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/fddi/main.zeek

@@ -0,0 +1,7 @@
+module LL_FDDI;
+
+const DLT_FDDI : count = 10;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_FDDI, $analyzer=PacketAnalyzer::ANALYZER_FDDI)
+};

scripts/base/packet-protocols/ieee802_11/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/ieee802_11/main.zeek

@@ -0,0 +1,11 @@
+module LL_IEEE802_11;
+
+const DLT_IEEE802_11 : count = 105;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP)
+};

scripts/base/packet-protocols/ieee802_11_radio/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/ieee802_11_radio/main.zeek

@@ -0,0 +1,9 @@
+module LL_IEEE802_11_RADIO;
+
+const DLT_IEEE802_11_RADIO : count = 127;
+const DLT_IEEE802_11 : count = 105;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11_RADIO, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, $identifier=DLT_IEEE802_11, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11)
+};

scripts/base/packet-protocols/linux_sll/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/linux_sll/main.zeek

@@ -0,0 +1,12 @@
+module LL_LINUX_SLL;
+
+const DLT_LINUX_SLL : count = 113;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_LINUX_SLL, $analyzer=PacketAnalyzer::ANALYZER_LINUXSLL),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+	# RARP
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP)
+};

scripts/base/packet-protocols/nflog/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/nflog/main.zeek

@@ -0,0 +1,11 @@
+module LL_NFLOG;
+
+const DLT_NFLOG : count = 239;
+const AF_INET : count = 2;
+const AF_INET6 : count = 10;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_NFLOG, $analyzer=PacketAnalyzer::ANALYZER_NFLOG),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NFLOG, $identifier=AF_INET, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NFLOG, $identifier=AF_INET6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
+};

scripts/base/packet-protocols/null/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/null/main.zeek

@@ -0,0 +1,19 @@
+module LL_NULL;
+
+const DLT_NULL : count = 0;
+const AF_INET : count = 2;
+const AF_INET6 : count = 10;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_NULL, $analyzer=PacketAnalyzer::ANALYZER_NULL),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=AF_INET, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	
+	## From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different values in
+	## {NetBSD,OpenBSD,BSD/OS}, {FreeBSD,DragonFlyBSD}, and {Darwin/Mac OS X}, so an IPv6
+	## packet might have a link-layer header with 24, 28, or 30 as the AF_ value. As we
+	## may be reading traces captured on platforms other than what we're running on, we
+	## accept them all here.
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=24, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=28, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=30, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
+};

scripts/base/packet-protocols/ppp_serial/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/ppp_serial/main.zeek

@@ -0,0 +1,10 @@
+module LL_PPP_SERIAL;
+
+const DLT_PPP_SERIAL : count = 50;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_PPP_SERIAL, $analyzer=PacketAnalyzer::ANALYZER_PPPSERIAL),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0281, $analyzer=PacketAnalyzer::ANALYZER_MPLS),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0021, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0057, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
+};

scripts/base/packet-protocols/pppoe/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/pppoe/main.zeek

@@ -0,0 +1,6 @@
+module LL_PPPOE;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPOE, $identifier=0x0021, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPOE, $identifier=0x0057, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
+};

scripts/base/packet-protocols/vlan/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/vlan/main.zeek

@@ -0,0 +1,11 @@
+module LL_VLAN;
+
+redef PacketAnalyzer::config_map += {
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8847, $analyzer=PacketAnalyzer::ANALYZER_MPLS),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE)
+};