mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 16:18:19 +00:00
430cd9b146
- Large rework on packet filter framework to make many things easier.
- Removed the PacketFilter::all_packets variable because it was confusing.
- New variable (PacketFilter::enable_auto_protocol_capture_filters) to re-enable the old filtering model of only sniffing ports for analyzed protocols.
- In progress plugin model for adding filtering mechanisms.
- New default single item for capture_filters = { ["default"] = PacketFilter::default_capture_filter };
- Mechanism and helper functions to "shunt" traffic with filters.
- Created the Protocols framework to assist with reworking how base protocol scripts are registered with DPD and other things.
- Protocols framework creates BPF filters for registered analyzers. (if using PacketFilter framework in that mode).
42 lines
1.3 KiB
Text
42 lines
1.3 KiB
Text
##! This script loads everything in the base/ script directory. If you want
|
|
##! to run Bro without all of these scripts loaded by default, you can use
|
|
##! the -b (--bare-mode) command line argument. You can also copy the "@load"
|
|
##! lines from this script to your own script to load only the scripts that
|
|
##! you actually want.
|
|
|
|
@load base/utils/site
|
|
@load base/utils/addrs
|
|
@load base/utils/conn-ids
|
|
@load base/utils/directions-and-hosts
|
|
@load base/utils/files
|
|
@load base/utils/numbers
|
|
@load base/utils/paths
|
|
@load base/utils/patterns
|
|
@load base/utils/strings
|
|
@load base/utils/thresholds
|
|
|
|
# This has some deep interplay between types and BiFs so it's
|
|
# loaded in base/init-bare.bro
|
|
#@load base/frameworks/logging
|
|
@load base/frameworks/notice
|
|
@load base/frameworks/dpd
|
|
@load base/frameworks/signatures
|
|
@load base/frameworks/packet-filter
|
|
@load base/frameworks/software
|
|
@load base/frameworks/communication
|
|
@load base/frameworks/control
|
|
@load base/frameworks/cluster
|
|
@load base/frameworks/metrics
|
|
@load base/frameworks/intel
|
|
@load base/frameworks/reporter
|
|
@load base/frameworks/protocols
|
|
|
|
@load base/protocols/conn
|
|
@load base/protocols/dns
|
|
@load base/protocols/ftp
|
|
@load base/protocols/http
|
|
@load base/protocols/irc
|
|
@load base/protocols/smtp
|
|
@load base/protocols/ssh
|
|
@load base/protocols/ssl
|
|
@load base/protocols/syslog
|