Hello everyone,
I was wondering if is it possible to make an analyzer of OSPF with Binpac. The problem that I face is that OSPF is a layer 4 (there’s no tcp or udp below it).
Can anyone give me a solution to my problem?
Regards
Zakaria
ᐧ
Anything that's not on top of TCP/UDP remains problematic to support
in Bro currently, unfortunately. It's less a limitation of BinPAC; the
problem is that Bro's lower layers (before BinPAC even comes into the
picture) still pretty much hardcode the transport-layer protocols.
Changing that has been on the TODO list for a while, but nobody's
tackled it yet.
If one just wanted to hack something in to get data to a
proof-of-concept OSPF analyzer, that probably wouldn't be too hard.
But the real solution would require some internal refactoring first.
Robin