Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

A bit of code cleanup.

Browse source
This commit is contained in:
Vlad Grigorescu 2014-12-27 17:19:43 -06:00
parent 51373b0592
commit 3ed6dd5585
2 changed files with 99 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

55
src/analyzer/protocol/ssh/ssh-analyzer.pac
View file

@ -1,36 +1,49 @@
# Generated by binpac_quickstart
refine flow SSH_Flow += {
function proc_ssh_version(msg: SSH_Version): bool
%{
if ( ssh_client_version && ${msg.is_orig } )
BifEvent::generate_ssh_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.version}));
else if ( ssh_server_version )
BifEvent::generate_ssh_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.version}));
{
BifEvent::generate_ssh_client_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.version}));
}
else if ( ssh_server_version )
{
BifEvent::generate_ssh_server_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.version}));
}
return true;
%}
function proc_ssh_kexinit(msg: SSH_KEXINIT): bool
%{
if ( ssh_server_capabilities )
BifEvent::generate_ssh_server_capabilities(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.kex_algorithms}), bytestring_to_val(${msg.server_host_key_algorithms}),
bytestring_to_val(${msg.encryption_algorithms_client_to_server}),
bytestring_to_val(${msg.encryption_algorithms_server_to_client}),
bytestring_to_val(${msg.mac_algorithms_client_to_server}),
bytestring_to_val(${msg.mac_algorithms_server_to_client}),
bytestring_to_val(${msg.compression_algorithms_client_to_server}),
bytestring_to_val(${msg.compression_algorithms_server_to_client}),
bytestring_to_val(${msg.languages_client_to_server}),
bytestring_to_val(${msg.languages_server_to_client}));
{
BifEvent::generate_ssh_server_capabilities(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.kex_algorithms.val}),
bytestring_to_val(${msg.server_host_key_algorithms.val}),
bytestring_to_val(${msg.encryption_algorithms_client_to_server.val}),
bytestring_to_val(${msg.encryption_algorithms_server_to_client.val}),
bytestring_to_val(${msg.mac_algorithms_client_to_server.val}),
bytestring_to_val(${msg.mac_algorithms_server_to_client.val}),
bytestring_to_val(${msg.compression_algorithms_client_to_server.val}),
bytestring_to_val(${msg.compression_algorithms_server_to_client.val}),
bytestring_to_val(${msg.languages_client_to_server.val}),
bytestring_to_val(${msg.languages_server_to_client.val}));
}
return true;
%}
function proc_ssh_server_host_key(key: bytestring): bool
%{
if ( ssh_server_host_key )
BifEvent::generate_ssh_server_host_key(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
bytestring_to_val(${key}));
{
BifEvent::generate_ssh_server_host_key(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${key}));
}
return true;
%}
@ -40,12 +53,6 @@ refine flow SSH_Flow += {
return true;
%}
function debug(loc: uint8): bool
%{
printf("DEBUG: %d", loc);
return true;
%}
};
refine typeattr SSH_Version += &let {
@ -61,5 +68,5 @@ refine typeattr SSH_DH_GEX_REPLY += &let {
};
refine typeattr SSH_Message += &let {
proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH_MSG_NEWKEYS);
proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH2_MSG_NEWKEYS);
};