Add support for more commands, and support quit

2025-10-02 14:48:21 +00:00 · 2014-08-08 13:53:16 -05:00 · 2014-08-08 13:53:16 -05:00 · 250360eb55
commit 250360eb55
parent 1ceeafcb32
2 changed files with 36 additions and 8 deletions
--- a/scripts/base/protocols/mysql/main.bro
+++ b/scripts/base/protocols/mysql/main.bro
@ -34,12 +34,39 @@ redef record connection += {
 const ports = { 1434/tcp, 3306/tcp };

 const commands: table[count] of string = {
-	[0] = "sleep",
-	[1] = "quit",
-	[2] = "init_db",
-	[3] = "query",
-	[4] = "field_list",
-};
+	[0]  = "sleep",
+	[1]  = "quit",
+	[2]  = "init_db",
+	[3]  = "query",
+	[4]  = "field_list",
+	[5]  = "create_db",
+	[6]  = "drop_db",
+	[7]  = "refresh",
+	[8]  = "shutdown",
+	[9]  = "statistics",
+	[10] = "process_info",
+	[11] = "connect",
+	[12] = "process_kill",
+	[13] = "debug",
+	[14] = "ping",
+	[15] = "time",
+	[16] = "delayed_insert",
+	[17] = "change_user",
+	[18] = "binlog_dump",
+	[19] = "table_dump",
+	[20] = "connect_out",
+	[21] = "register_slave",
+	[22] = "stmt_prepare",
+	[23] = "stmt_execute",
+	[24] = "stmt_send_long_data",
+	[25] = "stmt_close",
+	[26] = "stmt_reset",
+	[27] = "set_option",
+	[28] = "stmt_fetch",
+	[29] = "daemon",
+	[30] = "binlog_dump_gtid",
+	[31] = "reset_connection",
+} &default=function(i: count): string { return fmt("unknown-%d", i); };

 event bro_init() &priority=5
 	{
--- a/testing/btest/Baseline/scripts.base.protocols.mysql.auth/mysql.log
+++ b/testing/btest/Baseline/scripts.base.protocols.mysql.auth/mysql.log
@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	mysql
-#open	2014-09-05-02-09-40
+#open	2014-09-05-02-57-27
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	cmd	arg	result	response
 #types	time	string	addr	port	addr	port	string	string	string	string
 1362452327.618353	CsRx2w45OKnoww6xl4	192.168.1.3	55845	192.168.1.8	3306	login	root_nope	error	Access denied for user 'root_nope'@'lumberjack.home' (using password: NO)
@ -17,4 +17,5 @@
 1362452361.886123	Caby8b1slFea8xwSmb	192.168.1.3	55864	192.168.1.8	3306	login	root	error	Access denied for user 'root'@'lumberjack.home' (using password: YES)
 1362452372.452858	Che1bq3i2rO3KD1Syg	192.168.1.3	55865	192.168.1.8	3306	login	root	ok	Affected rows: 0
 1362452372.454995	Che1bq3i2rO3KD1Syg	192.168.1.3	55865	192.168.1.8	3306	query	select @@version_comment limit 1	ok	Affected rows: 1
-#close	2014-09-05-02-09-40
+1362452372.991997	Che1bq3i2rO3KD1Syg	192.168.1.3	55865	192.168.1.8	3306	quit	(empty)	-	-
+#close	2014-09-05-02-57-27