Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
14688 commits 386 branches 195 tags 256 MiB
Commit graph

34 commits

Author SHA1 Message Date
Eldon Koyle
32afbae9db Use a default analyzer 
Use a default analyzer instead of hardcoding a protocol number.
 2023-02-16 19:39:27 -07:00
Eldon Koyle
56aa03031d Simplify PBB analyzer by using Ethernet analyzer 
After the first 4 bytes, this traffic actually just looks like Ethernet.
Rather than try to re-implement the ethernet analyzer, just check the
length, skip 4 bytes, and pass it on.
 2023-02-16 08:19:30 -07:00
Eldon Koyle
269cc15888 Cleanup and add customer MAC addresses 
* Put c-dst/c-src in l2_dst/l2_src
 * use #define instead of const int and move to PBB.h
 2023-02-10 17:42:25 -07:00
Eldon Koyle
28d540483e Add PBB (802.1ah) support 2023-02-10 15:30:01 -07:00
Arne Welzel
42be2444a7 gtpv1: Do not register for protocol detection 
While reviewing/understanding the analyzer setup, it didn't seem like
GTPv1 implements packet_analysis::Analyzer::DetectProtocol(), so
should not register it for protocol_detection either.

Alternatively, maybe DetectProtocol() should've been implemented in
which case maybe this should be an issue?
 2022-08-26 10:47:38 +02:00
Simeon Miteff
b8f0acb5f1 Add support for DLT_LINUX_SLL2 PCAP link-type 2022-08-24 10:38:31 +10:00
Tim Wojtulewicz
248325e301 Fix ethertype for ARP in Geneve forwarding rules 2021-12-09 14:58:08 -07:00
Tim Wojtulewicz
368dec8372 GH-1764: Update mappings for Geneve analyzer to IP4/IP6/ARP 2021-12-06 12:26:16 -07:00
Tim Wojtulewicz
2044fbe53b Add GTPv1 packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00
Tim Wojtulewicz
dc0ecf9811 Add Teredo packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00
Tim Wojtulewicz
05574ecce1 Add VXLAN packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00
Tim Wojtulewicz
cbb0bcd49c Add Geneve packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00
Tim Wojtulewicz
7e40094f2c Add AYIYA packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00
Tim Wojtulewicz
44e0760e96 Add PacketAnalyzer::register_for_port(s) functions 
These allow packet analyzers to register ports as identifiers to forward from
parent analyzers, while also adding those ports to the now-global
Analyzer::ports table at the same time.
 2021-11-23 19:36:50 -07:00
Johanna Amann
8192ad581d Do not lookup ignore_checksums_nets for every packet 
This could lead to a noticeable (single-percent) performance
improvement.

Most of the functionality for this is in the packet analyzers that now
cache ignore_chesksums_nets.

Based on a patch by Arne Welzel (Corelight).
 2021-08-06 10:32:53 +01:00
Tim Wojtulewicz
c1f0d312b5 Add base class for IP-based packet analyzers 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
0c3e3069d0 Added skeletons for TCP/UDP/ICMP packet analysis plugins. 
This includes integration into the IP plugin and calling of the sessions code from each plugin.
 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
f53448ccc9 GH-1389: Skip VN-Tag headers 2021-02-01 14:34:56 -07:00
Tim Wojtulewicz
efe42bc67b Remove default_analyzer for Ethernet packet analzyer 2020-11-09 19:54:45 -07:00
Tim Wojtulewicz
cd06bf34c7 GH-1215: Remove dispatch_map from packet analysis, replace with BIF methods for registering dispatches 2020-11-02 19:03:25 +00:00
Tim Wojtulewicz
1cf251d1ca Move IP and IP tunnel code from Sessions into packet analyzers 2020-10-15 12:18:30 -07:00
Jon Siwek
cee10b5dc6 Fix a Sphinx warning about misformatted packet analyzer comment 2020-09-23 22:52:35 -07:00
Jan Grashoefer
7ede4f48bd Simplify packet analyzer config. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
efa262a229 Make default packet analyzer definition explicit. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
8f951574d7 Add explicit root analyzer for packet analysis. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
3f3f00030d Simplify MPLS analysis. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
d5ca0f9da5 Rename DefaultAnalyzer to IP. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
fc814bd7e2 Add SkipAnalyzer. 
This is WIP: The test case would require a new pcap or the possibility
to overwrite analyzer mappings. The CustomEncapsulationSkip method and
the corresponding options need to be removed.
 2020-09-23 11:13:28 -07:00
Jan Grashoefer
4aeab7402d Improve naming in packet analysis. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
6365fa6d80 Migrate all packet analyzers to new API. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
cbdaa53f85 Remove magic identifiers from Ethernet analyzer. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
462b1fe3a2 Bring back default packet analysis. 
Default analyzers can be configured per packet analyzer by omitting the
identifier in the ConfigEntry.
 2020-09-23 11:13:28 -07:00
Jan Grashoefer
9feda100b9 Move dispatching into packet analyzers. 
WIP that updates only the Ethernet analyzer.
 2020-09-23 11:13:28 -07:00
Jan Grashoefer
e53ec46c23 Renamed LL-Analyzers to Packet Analyzers. 2020-09-23 11:13:28 -07:00