├── LICENSE.txt ├── README.md ├── bro-pkg.meta └── interfacesetup.py /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017 University of Illinois/NCSA 2 | All rights reserved. 3 | 4 | Developed by: NCSA Cyber Security 5 | NCSA 6 | www.ncsa.illinois.edu 7 | 8 | Permission is hereby granted, free of charge, to any person obtaining a copy of 9 | this software and associated documentation files (the "Software"), to deal with 10 | the Software without restriction, including without limitation the rights to 11 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 12 | of the Software, and to permit persons to whom the Software is furnished to do 13 | so, subject to the following conditions: 14 | 15 | * Redistributions of source code must retain the above copyright notice, this 16 | list of conditions and the following disclaimers. 17 | 18 | * Redistributions in binary form must reproduce the above copyright notice, 19 | this list of conditions and the following disclaimers in the documentation 20 | and/or other materials provided with the distribution. 21 | 22 | * Neither the names of , nor 23 | the names of its contributors may be used to endorse or promote products 24 | derived from this Software without specific prior written permission. 25 | 26 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 27 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 28 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 29 | CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 30 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 31 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE 32 | SOFTWARE. 33 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Bro Interface Setup 2 | 3 | A broctl plugin that helps you setup capture interfaces. 4 | 5 | ## Configuration 6 | 7 | The plugin is off by default. To enable it, add "interfacesetup.enabled=1" to broctl.cfg. 8 | 9 | ### broctl.cfg example 10 | 11 | ``` 12 | interfacesetup.enabled=1 13 | #To change the default mtu that is configured 14 | #interfacesetup.mtu=9000 15 | 16 | #To change the default commands that are used to bring up the interface 17 | #interfacesetup.up_command=/sbin/ifconfig {interface} up mtu {mtu} 18 | #interfacesetup.flags_command=/sbin/ethtool -K {interface} gro off lro off rx off tx off gso off 19 | 20 | #For FreeBSD systems uncomment this line 21 | #interfacesetup.flags_command=/sbin/ifconfig {interface} -rxcsum -txcsum -tso4 -tso6 -lro -rxcsum6 -txcsum6 -vlanhwcsum -vlanhwtso 22 | 23 | ``` 24 | -------------------------------------------------------------------------------- /bro-pkg.meta: -------------------------------------------------------------------------------- 1 | [package] 2 | description=A broctl plugin that helps you setup capture interfaces 3 | plugin_dir = . 4 | tags = bro plugin, interface, mtu 5 | -------------------------------------------------------------------------------- /interfacesetup.py: -------------------------------------------------------------------------------- 1 | # 2 | # A plugin to setup capture interfaces 3 | # The plugin is off by default. To enable it, add "interfacesetup.enabled=1" to broctl.cfg. 4 | # 5 | try: 6 | import ZeekControl.plugin as PluginBase 7 | except ImportError: 8 | import BroControl.plugin as PluginBase 9 | 10 | def extract_interfaces(intf): 11 | #Handle interfaces that look like multi:p1p1,p1p2 12 | if intf.startswith("pf_ring::multi:"): 13 | return intf.replace("pf_ring::multi:", "").split(",") 14 | #Handle interfaces that look like myricom::p1p1:4 15 | if '::' in intf: 16 | intf = intf.split('::')[1] 17 | if ':' in intf: 18 | intf = intf.split(':')[0] 19 | return intf.split(',') 20 | 21 | class InterfaceSetupPlugin(PluginBase.Plugin): 22 | def __init__(self): 23 | super(InterfaceSetupPlugin, self).__init__(apiversion=1) 24 | 25 | def name(self): 26 | return "InterfaceSetupPlugin" 27 | 28 | def prefix(self): 29 | return "interfacesetup" 30 | 31 | def pluginVersion(self): 32 | return 1 33 | 34 | def init(self): 35 | if self.getOption("enabled") == "0": 36 | return False 37 | 38 | return True 39 | 40 | def options(self): 41 | return [("mtu", "int", 9216, "Interface MTU"), 42 | ("enabled", "string", "0", "Set to enable plugin"), 43 | ("up_command", "string", "/sbin/ifconfig {interface} up mtu {mtu}", "Command to bring the interface up"), 44 | ("flags_command", "string", "/sbin/ethtool -K {interface} gro off lro off rx off tx off gso off", "Command to setup the interface for capturing"), 45 | ] 46 | 47 | def cmd_start_pre(self, nodes): 48 | if not nodes: 49 | return 50 | 51 | mtu = self.getOption("mtu") 52 | up_template = self.getOption("up_command") 53 | flags_template = self.getOption("flags_command") 54 | self.message("InterfaceSetupPlugin: bringing up interfaces with an mtu of %s" % (mtu)) 55 | 56 | host_interfaces = {} 57 | for n in nodes: 58 | intf = n.interface 59 | if not intf: 60 | continue 61 | if '*' in intf: 62 | self.error("Interface setup can't handle wildcard interfaces") 63 | continue 64 | for intf in extract_interfaces(intf): 65 | host_interfaces[(n.host, intf)] = (n, intf) 66 | 67 | cmds = [] 68 | for (n, intf) in host_interfaces.values(): 69 | cmd = up_template.format(interface=intf, mtu=mtu) 70 | cmds.append((n, cmd)) 71 | cmd = flags_template.format(interface=intf) 72 | cmds.append((n, cmd)) 73 | 74 | for (n, success, output) in self.executeParallel(cmds): 75 | if not success: 76 | self.message("Failed to run command on {}:".format(n.host)) 77 | self.message(output) 78 | --------------------------------------------------------------------------------