Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
5990 commits 385 branches 195 tags 258 MiB
Commit graph

31 commits

Author SHA1 Message Date
Johanna Amann
17796182c6 fix acld plugin to use address instead of subnet (and add functions for 
conversion)
 2015-06-05 00:00:20 -07:00
Johanna Amann
cedb80ff74 implement quarantine 2015-06-04 16:21:30 -07:00
Johanna Amann
e6834367fd miscelaneous missing bits and pieces 2015-06-04 11:16:42 -07:00
Johanna Amann
ee645dfce9 Acld implementation for Pacf - Bro side. 
Still needs a few small fixes to deal with the fact that acld does not
always accept subnets.
 2015-06-03 11:06:01 -07:00
Johanna Amann
f88a1337c0 add basic catch-and-release functionality (without own logging so far). 2015-06-02 15:04:11 -07:00
Johanna Amann
1439c244fc add hook to pacf that allows users to modify all rules or implement 
whitelists or similar.
 2015-06-02 14:23:25 -07:00
Johanna Amann
ed40855152 add support for multiple backends with same priority 2015-06-02 12:34:44 -07:00
Johanna Amann
269e80b3e1 make pacf logging deal with wildcards in flows. 2015-06-01 18:57:16 -07:00
Johanna Amann
ae18062761 add whitelist and redirect high-level functions 2015-06-01 15:57:58 -07:00
Johanna Amann
2f1ebed2e9 set the default idle timeout to 0 (= disable), because pacf actually 
does not directly support this concept. If someone wants idle timeouts,
they can just re-enable them with a redef.
 2015-06-01 10:46:39 -07:00
Johanna Amann
3bd513785f make rule id generation in non-cluster mode work again 2015-05-28 16:58:55 -07:00
Johanna Amann
99dcb40c67 Clusterize pacf 
This changes the type of user-exposed IDs from counts to strings.
Also makes the init functions work for the first time.
 2015-05-27 18:01:53 -07:00
Johanna Amann
ad2361b7ac remove (disfunctional) notifications from pacf 2015-05-27 07:37:50 -07:00
Johanna Amann
f2be226a5a make openflow framework work in clusters. 2015-05-26 13:55:16 -07:00
Johanna Amann
0a49b8cdf6 add pacf plugin that directly outputs messages to broker. 
Also fix a few problems in pacf in the process of doing this.
 2015-05-26 11:19:55 -07:00
Johanna Amann
30e305cf4b we also really want to get notifications upon flow removal 2015-05-22 19:19:11 -07:00
Johanna Amann
870acea8a9 deal with the fact that some pacf rules create two openflow messages 
and that the return events need to unify them again...

More or less untested.
 2015-05-22 18:59:40 -07:00
Johanna Amann
93b79c87bd it makes much more sense for the high level api to still return rule 
numbers.
 2015-05-22 18:07:57 -07:00
Johanna Amann
b9953e7048 change type of flow_mod entries to count - the type is defined in other 
records and this leads to unfortunate problems with external scripts that would
have to convert values into bro port types themseves.
 2015-05-22 13:37:57 -07:00
Johanna Amann
5f0a630116 add support for switches notifying openflow and pacf about flow removal. 
I just noticed - the OpenFlow events also really should send the
instance of openflow that they are with them. That is a... tad
complicated though due to a number of reasons (among others how the
events are currently generated), so this will have to wait for a bit.
 2015-05-18 13:38:38 -07:00
Johanna Amann
c0111bc4d2 add flow modification to pacf and openflow. 
More or less untested, but there should not be any big problems.
 2015-05-15 13:29:44 -07:00
Johanna Amann
6014b395b8 handle the notification events correctly. 
Now if a rule is inserted correctly (or fails to be inserted) into
openflow, we actually get the corresponding Pacf events that everything
worked.
 2015-05-15 11:24:18 -07:00
Johanna Amann
8c292ddd49 Allow pacf openflow plugin to speficy a priority offset. 2015-05-14 08:15:43 -07:00
Johanna Amann
73d22a2dbd add Pacf plugin for the internal Bro PacketFilter (not BPF) 2015-05-12 15:12:16 -07:00
Johanna Amann
ed65fdb6ba Make Flow a separate, more flexible type in PACF. 
This allows the use of wildcards, etc. in rules and removes the need
for a few entity types that were separate so far.
 2015-05-12 13:37:16 -07:00
Johanna Amann
a403dbd83e add broker output plugin for openflow (at the moment we more or less 
just send the flow_mod event along - there still is no feedback) and add
a testcase for it.

Also fix a few other small problems.
 2015-04-20 16:07:00 -07:00
Johanna Amann
e21238d454 add a few more flow_mod options and the option to check via a predicate 
if a module wants to be responsible for a certain rule...
 2015-04-16 15:44:46 -07:00
Johanna Amann
a3bfa92125 introduce more mac address mac types, support them in OpenFlow plugin, 
add support for a few rule types in OpenFlow plugin and add predicates
for matches and flow_mod modifiers.
 2015-04-15 11:11:40 -07:00
Johanna Amann
7d7578146f Add basic OpenFlow plugin for Pacf. 
This also changes a few types in pacf and adds a few needed bits and
pieces to the OpenFlow framework.

And - it even has a testcase...
 2015-04-14 15:24:22 -07:00
Johanna Amann
00204ab8a6 introduce &weaken attribute, which basically only prevents 
the describe function for types to descend into record fields that
are marked with it.

With this, we can actually load the pacf scripts without crashing Bro
when running tests :)
 2015-04-13 16:05:55 -07:00
Robin Sommer
9f0bc0fdf1 Starting to implement the proposed PACF API. 2014-07-22 03:57:05 +02:00