Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

mqtt: Move from policy/ into base/

Browse source 
Register dpd signatures and the analyzer when running in default mode.

Closes #2583
This commit is contained in:
Arne Welzel 2022-11-29 12:41:52 +01:00
parent 0e97c29eb8
commit eb3bea4e4a
13 changed files with 362 additions and 284 deletions
Download patch file Download diff file Expand all files Collapse all files

3
NEWS
View file

@ -146,6 +146,9 @@ Changed Functionality
stopped. This fixes a few cases where we already had the logic to stopped. This fixes a few cases where we already had the logic to
continue in place, but we still ended up considering them partial. continue in place, but we still ended up considering them partial.
- The MQTT scripts registering the analyzer and DPD signatures have
been moved from the policy folder to base and are loaded by default.
Deprecated Functionality Deprecated Functionality
------------------------ ------------------------

2
scripts/base/protocols/mqtt/README
View file

@ -1 +1 @@
Definitions of constants used by the MQTT protocol Support for MQTT protocol analysis.

3
scripts/base/protocols/mqtt/__load__.zeek
View file

@ -1 +1,4 @@
@load ./consts @load ./consts
@load ./main
@load-sigs ./dpd.sig

0
scripts/policy/protocols/mqtt/dpd.sig → scripts/base/protocols/mqtt/dpd.sig
View file

0
scripts/policy/protocols/mqtt/main.zeek → scripts/base/protocols/mqtt/main.zeek
View file

1
scripts/policy/protocols/mqtt/README
View file

@ -1 +0,0 @@
Support for MQTT protocol analysis.

6
scripts/policy/protocols/mqtt/__load__.zeek
View file

@ -1,2 +1,4 @@
@load ./main @deprecated "Remove in v6.1. The MQTT scripts have been moved out of policy/ into base and are loaded by default"
@load-sigs ./dpd.sig
# For those running bare-mode and loading protocols/mqtt from policy.
@load base/protocols/mqtt

3
scripts/test-all-policy.zeek
View file

@ -110,8 +110,7 @@
@load protocols/krb/ticket-logging.zeek @load protocols/krb/ticket-logging.zeek
@load protocols/modbus/known-masters-slaves.zeek @load protocols/modbus/known-masters-slaves.zeek
@load protocols/modbus/track-memmap.zeek @load protocols/modbus/track-memmap.zeek
@load protocols/mqtt/__load__.zeek #@load protocols/mqtt/__load__.zeek
@load protocols/mqtt/main.zeek
@load protocols/mysql/software.zeek @load protocols/mysql/software.zeek
@load protocols/rdp/indicate_ssl.zeek @load protocols/rdp/indicate_ssl.zeek
@load protocols/smb/log-cmds.zeek @load protocols/smb/log-cmds.zeek

1
scripts/zeekygen/__load__.zeek
View file

@ -1,6 +1,7 @@
@load test-all-policy.zeek @load test-all-policy.zeek
# Scripts which are commented out in test-all-policy.zeek. # Scripts which are commented out in test-all-policy.zeek.
@load protocols/mqtt/__load__.zeek
@load protocols/ssl/decryption.zeek @load protocols/ssl/decryption.zeek
@load frameworks/control/controllee.zeek @load frameworks/control/controllee.zeek
@load frameworks/control/controller.zeek @load frameworks/control/controller.zeek

9
testing/btest/Baseline/core.print-bpf-filters/output2
View file

@ -9,6 +9,7 @@
1 161 1 161
1 162 1 162
1 1812 1 1812
1 1883
2 20000 2 20000
1 21 1 21
1 2123 1 2123
@ -58,8 +59,8 @@
1 992 1 992
1 993 1 993
1 995 1 995
65 and 66 and
64 or 65 or
65 port 66 port
42 tcp 43 tcp
23 udp 23 udp

1
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -397,6 +397,7 @@ scripts/base/init-default.zeek
scripts/base/protocols/modbus/main.zeek scripts/base/protocols/modbus/main.zeek
scripts/base/protocols/mqtt/__load__.zeek scripts/base/protocols/mqtt/__load__.zeek
scripts/base/protocols/mqtt/consts.zeek scripts/base/protocols/mqtt/consts.zeek
scripts/base/protocols/mqtt/main.zeek
scripts/base/protocols/mysql/__load__.zeek scripts/base/protocols/mysql/__load__.zeek
scripts/base/protocols/mysql/main.zeek scripts/base/protocols/mysql/main.zeek
scripts/base/protocols/mysql/consts.zeek scripts/base/protocols/mysql/consts.zeek

615
testing/btest/Baseline/plugins.hooks/output
View file

File diff suppressed because one or more lines are too long

2
testing/btest/coverage/bare-mode-errors.test
View file

@ -6,4 +6,4 @@
# #
# @TEST-EXEC: test -d $DIST/scripts # @TEST-EXEC: test -d $DIST/scripts
# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do zeek -b --parse-only $script >>errors 2>&1; done # @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do zeek -b --parse-only $script >>errors 2>&1; done
# @TEST-EXEC: TEST_DIFF_CANONIFIER="grep -v 'Use the external.*bro-simple-scan package' | $SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors # @TEST-EXEC: TEST_DIFF_CANONIFIER="grep -v -e 'Use the external.*bro-simple-scan package' -e 'The MQTT scripts have been moved out of policy/' | $SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors