mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 16:18:19 +00:00
Deleting scripts that aren't ready to be included.
- scan.bro and hot.conn.bro will be returning soon. - The rest are going to return as updated protocol analysis scripts and new/updated frameworks later.
This commit is contained in:
Seth Hall
parent
827dcea586
commit
19f1e34408
5 changed files with 0 additions and 1054 deletions
|
|
@ -1,98 +0,0 @@
|
|||
##! This script makes it possible for the HTTP analysis scripts to analyze
|
||||
##! the apparent normal case of "206 Partial Content" responses.
|
||||
##!
|
||||
##! This script doesn't work yet and isn't loaded by default.
|
||||
|
||||
@load base/frameworks/notice
|
||||
@load ./main
|
||||
@load ./utils
|
||||
|
||||
module HTTP;
|
||||
|
||||
export {
|
||||
redef enum Notice::Type += {
|
||||
Partial_Content_Out_Of_Order,
|
||||
};
|
||||
|
||||
type Range: record {
|
||||
from: count;
|
||||
to: count;
|
||||
} &log;
|
||||
|
||||
redef record Info += {
|
||||
current_range: count &default=0;
|
||||
request_ranges: vector of Range &optional;
|
||||
response_range: Range &optional;
|
||||
};
|
||||
|
||||
## Index is client IP address, server IP address, and URL being requested. The
|
||||
## URL is tracked as part of the index in case multiple partial content segmented
|
||||
## files are being transferred simultaneously between the server and client.
|
||||
global partial_content_files: table[addr, addr, string] of Info &read_expire=5mins &redef;
|
||||
}
|
||||
|
||||
event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=2
|
||||
{
|
||||
local parts: table[count] of string;
|
||||
if ( is_orig && name == "RANGE" )
|
||||
{
|
||||
# Example --> Range: bytes=1-1,2336-4951
|
||||
parts = split(value, /[=]/);
|
||||
if ( 2 in parts )
|
||||
{
|
||||
local ranges = split(parts[2], /,/);
|
||||
for ( i in ranges )
|
||||
{
|
||||
if ( ! c$http?$request_ranges )
|
||||
c$http$request_ranges = vector();
|
||||
parts = split(ranges[i], /-/);
|
||||
local r: Range = [$from=extract_count(parts[1]), $to=extract_count(parts[2])];
|
||||
print r;
|
||||
c$http$request_ranges[|c$http$request_ranges|] = r;
|
||||
}
|
||||
}
|
||||
}
|
||||
else if ( ! is_orig && name == "CONTENT-RANGE" )
|
||||
{
|
||||
# Example --> Content-Range: bytes 2336-4951/489528
|
||||
parts = split(value, /[0-9]*/);
|
||||
|
||||
c$http$response_range = [$from=extract_count(parts[2]), $to=extract_count(parts[4])];
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
event http_reply(c: connection, version: string, code: count, reason: string) &priority=5
|
||||
{
|
||||
if ( code != 206 || ! c$http?$request_ranges )
|
||||
return;
|
||||
|
||||
local url = build_url(c$http);
|
||||
if ( [c$id$orig_h, c$id$resp_h, url] !in partial_content_files )
|
||||
{
|
||||
partial_content_files[c$id$orig_h, c$id$resp_h, url] = copy(c$http);
|
||||
}
|
||||
}
|
||||
|
||||
event http_entity_data(c: connection, is_orig: bool, length: count, data: string)
|
||||
{
|
||||
if ( is_orig || c$http$status_code != 206 || ! c$http?$request_ranges )
|
||||
return;
|
||||
|
||||
local url = build_url(c$http);
|
||||
local http = partial_content_files[c$id$orig_h, c$id$resp_h, url];
|
||||
local range = http$request_ranges[http$current_range];
|
||||
|
||||
print http$current_range;
|
||||
if ( http$current_range == 0 &&
|
||||
c$http$response_range$from == 0 )
|
||||
{
|
||||
print "correct file beginning!";
|
||||
}
|
||||
}
|
||||
|
||||
event http_end_entity(c: connection, is_orig: bool)
|
||||
{
|
||||
print "end entity";
|
||||
++c$http$current_range;
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue