mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 23:58:20 +00:00
Adapt SSL analyzer to generate file analysis handles itself.
This commit is contained in:
Jon Siwek
parent
de8f8f87b6
commit
58efa09426
4 changed files with 29 additions and 20 deletions
|
|
@ -52,22 +52,8 @@ export {
|
|||
|
||||
function get_file_handle(c: connection, is_orig: bool): string
|
||||
{
|
||||
set_session(c);
|
||||
|
||||
local depth: count;
|
||||
|
||||
if ( is_orig )
|
||||
{
|
||||
depth = c$ssl$client_depth;
|
||||
++c$ssl$client_depth;
|
||||
}
|
||||
else
|
||||
{
|
||||
depth = c$ssl$server_depth;
|
||||
++c$ssl$server_depth;
|
||||
}
|
||||
|
||||
return cat(Analyzer::ANALYZER_SSL, c$start_time, is_orig, id_string(c$id), depth);
|
||||
# Unused. File handles are generated in the analyzer.
|
||||
return "";
|
||||
}
|
||||
|
||||
function describe_file(f: fa_file): string
|
||||
|
|
|
|||
11
src/Conn.cc
11
src/Conn.cc
|
|
@ -811,6 +811,17 @@ void Connection::Describe(ODesc* d) const
|
|||
d->NL();
|
||||
}
|
||||
|
||||
void Connection::IDString(ODesc* d) const
|
||||
{
|
||||
d->Add(orig_addr);
|
||||
d->AddRaw(":", 1);
|
||||
d->Add(ntohs(orig_port));
|
||||
d->AddRaw(" > ", 3);
|
||||
d->Add(resp_addr);
|
||||
d->AddRaw(":", 1);
|
||||
d->Add(ntohs(resp_port));
|
||||
}
|
||||
|
||||
bool Connection::Serialize(SerialInfo* info) const
|
||||
{
|
||||
return SerialObj::Serialize(info);
|
||||
|
|
|
|||
|
|
@ -204,6 +204,7 @@ public:
|
|||
bool IsPersistent() { return persistent; }
|
||||
|
||||
void Describe(ODesc* d) const;
|
||||
void IDString(ODesc* d) const;
|
||||
|
||||
TimerMgr* GetTimerMgr() const;
|
||||
|
||||
|
|
|
|||
|
|
@ -231,15 +231,26 @@ refine connection SSL_Conn += {
|
|||
if ( certificates->size() == 0 )
|
||||
return true;
|
||||
|
||||
ODesc common;
|
||||
common.AddRaw("Analyzer::ANALYZER_SSL");
|
||||
common.Add(bro_analyzer()->Conn()->StartTime());
|
||||
common.AddRaw(${rec.is_orig} ? "T" : "F", 1);
|
||||
bro_analyzer()->Conn()->IDString(&common);
|
||||
|
||||
for ( unsigned int i = 0; i < certificates->size(); ++i )
|
||||
{
|
||||
const bytestring& cert = (*certificates)[i];
|
||||
|
||||
string fid = file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()), cert.length(),
|
||||
bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(),
|
||||
${rec.is_orig});
|
||||
ODesc file_handle;
|
||||
file_handle.Add(common.Description());
|
||||
file_handle.Add(i);
|
||||
|
||||
file_mgr->EndOfFile(fid);
|
||||
string file_id = file_mgr->HashHandle(file_handle.Description());
|
||||
|
||||
file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()),
|
||||
cert.length(), bro_analyzer()->GetAnalyzerTag(),
|
||||
bro_analyzer()->Conn(), ${rec.is_orig}, file_id);
|
||||
file_mgr->EndOfFile(file_id);
|
||||
}
|
||||
return true;
|
||||
%}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue