mqtt: Move from policy/ into base/

Register dpd signatures and the analyzer when running in default mode. Closes #2583
2025-10-02 06:38:20 +00:00 · 2022-11-29 12:41:52 +01:00 · 2022-11-29 12:41:52 +01:00 · eb3bea4e4a
commit eb3bea4e4a
parent 0e97c29eb8
13 changed files with 362 additions and 284 deletions
--- a/3
+++ b/3
@ -146,6 +146,9 @@ Changed Functionality
  stopped. This fixes a few cases where we already had the logic to
  continue in place, but we still ended up considering them partial.

+- The MQTT scripts registering the analyzer and DPD signatures have
+  been moved from the policy folder to base and are loaded by default.
+
 Deprecated Functionality
 ------------------------

--- a/scripts/base/protocols/mqtt/README
+++ b/scripts/base/protocols/mqtt/README
@ -1 +1 @@
-Definitions of constants used by the MQTT protocol
+Support for MQTT protocol analysis.
--- a/scripts/base/protocols/mqtt/load.zeek
+++ b/scripts/base/protocols/mqtt/load.zeek
@ -1 +1,4 @@
@load ./consts
+@load ./main
+
+@load-sigs ./dpd.sig
--- a/scripts/policy/protocols/mqtt/dpd.sig
+++ b/scripts/policy/protocols/mqtt/dpd.sig
--- a/scripts/policy/protocols/mqtt/main.zeek
+++ b/scripts/policy/protocols/mqtt/main.zeek
--- a/scripts/policy/protocols/mqtt/README
+++ b/scripts/policy/protocols/mqtt/README
@ -1 +0,0 @@
-Support for MQTT protocol analysis.
--- a/scripts/policy/protocols/mqtt/load.zeek
+++ b/scripts/policy/protocols/mqtt/load.zeek
@ -1,2 +1,4 @@
-@load ./main
-@load-sigs ./dpd.sig
+@deprecated "Remove in v6.1. The MQTT scripts have been moved out of policy/ into base and are loaded by default"
+
+# For those running bare-mode and loading protocols/mqtt from policy.
+@load base/protocols/mqtt
--- a/scripts/test-all-policy.zeek
+++ b/scripts/test-all-policy.zeek
@ -110,8 +110,7 @@
@load protocols/krb/ticket-logging.zeek
@load protocols/modbus/known-masters-slaves.zeek
@load protocols/modbus/track-memmap.zeek
-@load protocols/mqtt/__load__.zeek
-@load protocols/mqtt/main.zeek
+#@load protocols/mqtt/__load__.zeek
@load protocols/mysql/software.zeek
@load protocols/rdp/indicate_ssl.zeek
@load protocols/smb/log-cmds.zeek
--- a/scripts/zeekygen/load.zeek
+++ b/scripts/zeekygen/load.zeek
@ -1,6 +1,7 @@
@load test-all-policy.zeek

 # Scripts which are commented out in test-all-policy.zeek.
+@load protocols/mqtt/__load__.zeek
@load protocols/ssl/decryption.zeek
@load frameworks/control/controllee.zeek
@load frameworks/control/controller.zeek
--- a/testing/btest/Baseline/core.print-bpf-filters/output2
+++ b/testing/btest/Baseline/core.print-bpf-filters/output2
@ -9,6 +9,7 @@
 1 161
 1 162
 1 1812
+1 1883
 2 20000
 1 21
 1 2123
@ -58,8 +59,8 @@
 1 992
 1 993
 1 995
-65 and
-64 or
-65 port
-42 tcp
+66 and
+65 or
+66 port
+43 tcp
 23 udp
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@ -397,6 +397,7 @@ scripts/base/init-default.zeek
    scripts/base/protocols/modbus/main.zeek
  scripts/base/protocols/mqtt/__load__.zeek
    scripts/base/protocols/mqtt/consts.zeek
+    scripts/base/protocols/mqtt/main.zeek
  scripts/base/protocols/mysql/__load__.zeek
    scripts/base/protocols/mysql/main.zeek
      scripts/base/protocols/mysql/consts.zeek
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
--- a/testing/btest/coverage/bare-mode-errors.test
+++ b/testing/btest/coverage/bare-mode-errors.test
@ -6,4 +6,4 @@
 #
 # @TEST-EXEC: test -d $DIST/scripts
 # @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do zeek -b --parse-only $script >>errors 2>&1; done
-# @TEST-EXEC: TEST_DIFF_CANONIFIER="grep -v 'Use the external.*bro-simple-scan package' | $SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="grep -v -e 'Use the external.*bro-simple-scan package' -e 'The MQTT scripts have been moved out of policy/' | $SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors