Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 23:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
5990 commits 384 branches 195 tags 258 MiB
Commit graph

20 commits

Author SHA1 Message Date
Johanna Amann
17796182c6 fix acld plugin to use address instead of subnet (and add functions for 
conversion)
 2015-06-05 00:00:20 -07:00
Johanna Amann
ee645dfce9 Acld implementation for Pacf - Bro side. 
Still needs a few small fixes to deal with the fact that acld does not
always accept subnets.
 2015-06-03 11:06:01 -07:00
Johanna Amann
2f1ebed2e9 set the default idle timeout to 0 (= disable), because pacf actually 
does not directly support this concept. If someone wants idle timeouts,
they can just re-enable them with a redef.
 2015-06-01 10:46:39 -07:00
Johanna Amann
99dcb40c67 Clusterize pacf 
This changes the type of user-exposed IDs from counts to strings.
Also makes the init functions work for the first time.
 2015-05-27 18:01:53 -07:00
Johanna Amann
ad2361b7ac remove (disfunctional) notifications from pacf 2015-05-27 07:37:50 -07:00
Johanna Amann
0a49b8cdf6 add pacf plugin that directly outputs messages to broker. 
Also fix a few problems in pacf in the process of doing this.
 2015-05-26 11:19:55 -07:00
Johanna Amann
30e305cf4b we also really want to get notifications upon flow removal 2015-05-22 19:19:11 -07:00
Johanna Amann
870acea8a9 deal with the fact that some pacf rules create two openflow messages 
and that the return events need to unify them again...

More or less untested.
 2015-05-22 18:59:40 -07:00
Johanna Amann
b9953e7048 change type of flow_mod entries to count - the type is defined in other 
records and this leads to unfortunate problems with external scripts that would
have to convert values into bro port types themseves.
 2015-05-22 13:37:57 -07:00
Johanna Amann
5f0a630116 add support for switches notifying openflow and pacf about flow removal. 
I just noticed - the OpenFlow events also really should send the
instance of openflow that they are with them. That is a... tad
complicated though due to a number of reasons (among others how the
events are currently generated), so this will have to wait for a bit.
 2015-05-18 13:38:38 -07:00
Johanna Amann
c0111bc4d2 add flow modification to pacf and openflow. 
More or less untested, but there should not be any big problems.
 2015-05-15 13:29:44 -07:00
Johanna Amann
6014b395b8 handle the notification events correctly. 
Now if a rule is inserted correctly (or fails to be inserted) into
openflow, we actually get the corresponding Pacf events that everything
worked.
 2015-05-15 11:24:18 -07:00
Johanna Amann
8c292ddd49 Allow pacf openflow plugin to speficy a priority offset. 2015-05-14 08:15:43 -07:00
Johanna Amann
73d22a2dbd add Pacf plugin for the internal Bro PacketFilter (not BPF) 2015-05-12 15:12:16 -07:00
Johanna Amann
ed65fdb6ba Make Flow a separate, more flexible type in PACF. 
This allows the use of wildcards, etc. in rules and removes the need
for a few entity types that were separate so far.
 2015-05-12 13:37:16 -07:00
Johanna Amann
a403dbd83e add broker output plugin for openflow (at the moment we more or less 
just send the flow_mod event along - there still is no feedback) and add
a testcase for it.

Also fix a few other small problems.
 2015-04-20 16:07:00 -07:00
Johanna Amann
e21238d454 add a few more flow_mod options and the option to check via a predicate 
if a module wants to be responsible for a certain rule...
 2015-04-16 15:44:46 -07:00
Johanna Amann
a3bfa92125 introduce more mac address mac types, support them in OpenFlow plugin, 
add support for a few rule types in OpenFlow plugin and add predicates
for matches and flow_mod modifiers.
 2015-04-15 11:11:40 -07:00
Johanna Amann
7d7578146f Add basic OpenFlow plugin for Pacf. 
This also changes a few types in pacf and adds a few needed bits and
pieces to the OpenFlow framework.

And - it even has a testcase...
 2015-04-14 15:24:22 -07:00
Robin Sommer
9f0bc0fdf1 Starting to implement the proposed PACF API. 2014-07-22 03:57:05 +02:00