Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Renamed LL-Analyzers to Packet Analyzers.

Browse source
This commit is contained in:
Jan Grashoefer 2020-07-13 16:44:39 +02:00 committed by Tim Wojtulewicz
parent b2e6c9ac9a
commit e53ec46c23
148 changed files with 587 additions and 587 deletions
Download patch file Download diff file Expand all files Collapse all files

0
testing/btest/plugins/packet-protocol-plugin/.btest-ignore Normal file
View file

18
testing/btest/plugins/packet-protocol-plugin/CMakeLists.txt Normal file
View file

@ -0,0 +1,18 @@
project(Zeek-Packet-Plugin-Demo-Bar)
cmake_minimum_required(VERSION 2.6.3)
if ( NOT ZEEK_DIST )
message(FATAL_ERROR "ZEEK_DIST not set")
endif ()
set(CMAKE_MODULE_PATH ${ZEEK_DIST}/cmake)
include(ZeekPlugin)
zeek_plugin_begin(PacketDemo Bar)
zeek_plugin_cc(src/Plugin.cc)
zeek_plugin_cc(src/Bar.cc)
zeek_plugin_bif(src/events.bif)
zeek_plugin_end()

5
testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/Bar/base/main.zeek Normal file
View file

@ -0,0 +1,5 @@
module Packet_BAR;
redef PacketAnalyzer::config_map += {
PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=1501, $analyzer=PacketAnalyzer::ANALYZER_BAR),
};

1
testing/btest/plugins/packet-protocol-plugin/scripts/__load__.zeek Normal file
View file

@ -0,0 +1 @@
@load PacketDemo/Bar/base/main

35
testing/btest/plugins/packet-protocol-plugin/src/Bar.cc Normal file
View file

@ -0,0 +1,35 @@
#include "Bar.h"
#include "Event.h"
#include "Val.h"
#include "events.bif.h"
using namespace zeek::packet_analysis::PacketDemo;
Bar::Bar()
: zeek::packet_analysis::Analyzer("Bar")
{
}
std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> Bar::Analyze(Packet* packet)
{
auto& pdata = packet->cur_pos;
auto end_of_data = packet->GetEndOfData();
// Rudimentary parsing of 802.2 LLC
if ( pdata + 17 >= end_of_data )
{
packet->Weird("truncated_llc_header");
return { AnalyzerResult::Failed, 0 };
}
auto dsap = pdata[14];
auto ssap = pdata[15];
auto control = pdata[16];
mgr.Enqueue(bar_message,
val_mgr->Count(dsap),
val_mgr->Count(ssap),
val_mgr->Count(control));
return std::make_tuple(AnalyzerResult::Terminate, 0);
}

22
testing/btest/plugins/packet-protocol-plugin/src/Bar.h Normal file
View file

@ -0,0 +1,22 @@
#pragma once
#include <packet_analysis/Analyzer.h>
#include <packet_analysis/Component.h>
namespace zeek::packet_analysis::PacketDemo {
class Bar : public Analyzer {
public:
Bar();
~Bar() override = default;
std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
static Analyzer* Instantiate()
{
return new Bar();
}
};
}

27
testing/btest/plugins/packet-protocol-plugin/src/Plugin.cc Normal file
View file

@ -0,0 +1,27 @@
#include "Plugin.h"
#include "packet_analysis/Component.h"
#include "Bar.h"
namespace zeek::plugin::PacketDemo_Bar {
class Plugin : public zeek::plugin::Plugin {
public:
zeek::plugin::Configuration Configure()
{
AddComponent(new zeek::packet_analysis::Component("Bar",
zeek::packet_analysis::PacketDemo::Bar::Instantiate));
zeek::plugin::Configuration config;
config.name = "PacketDemo::Bar";
config.description = "A Bar packet analyzer.";
config.version.major = 1;
config.version.minor = 0;
config.version.patch = 0;
return config;
}
} plugin;
}

2
testing/btest/plugins/packet-protocol-plugin/src/events.bif Normal file
View file

@ -0,0 +1,2 @@
event bar_message%(dsap: count, ssap: count, control: count%);