Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 05:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/zeekygen/__load__.zeek
Christian Kreibich 30cb62362a Add VLAN-aware connection tuples. 
Loading policy/protocols/conntuple/vlan adapts Zeek's flow hashing and the
script-layer conn_id record to show VLAN tags when present.

I'm using script-layer ints for the VLAN tag representation for consistency with
what we alrady do elsewhere, but it seems odd since they can never be negative.

I'm currently skipping protocols/conntuple/vlan in test-all-policy since it
otherwise affects the external testsuites -- could revisit if people feel it
should run on these.
2025-04-13 23:45:01 -07:00

41 lines
1.5 KiB
Text
Raw Blame History

@load test-all-policy.zeek
# Scripts which are commented out in test-all-policy.zeek.
@load protocols/ssl/decryption.zeek
@ifdef ( Cluster::CLUSTER_BACKEND_ZEROMQ )
@load frameworks/cluster/backend/zeromq/connect.zeek
@endif
@load frameworks/cluster/nodes-experimental/manager.zeek
@load frameworks/control/controllee.zeek
@load frameworks/control/controller.zeek
@load frameworks/management/agent/main.zeek
@load frameworks/management/controller/main.zeek
@load frameworks/management/node/__load__.zeek
@load frameworks/management/node/main.zeek
@load frameworks/files/extract-all-files.zeek
@load frameworks/signatures/iso-9660.zeek
@load policy/misc/dump-events.zeek
@load policy/protocols/conn/speculative-service.zeek
@load policy/protocols/conntuple/vlan.zeek
@if ( have_spicy() )
# Loading this messes up documentation of some elements defined elsewhere.
# @load frameworks/spicy/record-spicy-batch.zeek
@load frameworks/spicy/resource-usage.zeek
@endif
@load ./example.zeek
event zeek_init() &priority=1000
{
# Disable events in modules that use zeek_init() to do stuff and may
# fail when run under zeekygen. For the purpose of zeekygen, we could
# probably disable all modules, too.
disable_module_events("Control");
disable_module_events("Cluster::Backend::ZeroMQ");
disable_module_events("Cluster::Experimental");
disable_module_events("Management::Agent::Runtime");
disable_module_events("Management::Controller::Runtime");
disable_module_events("Management::Node");
terminate();
}
Reference in a new issue View git blame Copy permalink