Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 19:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote branch 'origin/master' into topic/gregor/reassmbler-hotfix

Browse source
This commit is contained in:
Gregor Maier 2011-02-22 16:58:05 -08:00
commit 6af01a205f
77 changed files with 2933 additions and 1284 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/CMakeLists.txt
View file

@ -160,7 +160,7 @@ macro(BINPAC_TARGET pacFile)
add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.h
${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.cc
COMMAND ${BinPAC_EXE}
ARGS -d ${CMAKE_CURRENT_BINARY_DIR}
ARGS -q -d ${CMAKE_CURRENT_BINARY_DIR}
-I ${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/${pacFile}
DEPENDS ${BinPAC_EXE} ${pacFile}
@ -177,9 +177,9 @@ binpac_target(binpac_bro-lib.pac)
binpac_target(bittorrent.pac
bittorrent-protocol.pac bittorrent-analyzer.pac)
binpac_target(dce_rpc.pac
dce_rpc-protocol.pac dce_rpc-analyzer.pac)
dce_rpc-protocol.pac dce_rpc-analyzer.pac epmapper.pac)
binpac_target(dce_rpc_simple.pac
dce_rpc-protocol.pac)
dce_rpc-protocol.pac epmapper.pac)
binpac_target(dhcp.pac
dhcp-protocol.pac dhcp-analyzer.pac)
binpac_target(dns.pac
@ -217,6 +217,8 @@ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
)
set(dns_SRCS nb_dns.c nb_dns.h)
set_source_files_properties(nb_dns.c PROPERTIES COMPILE_FLAGS
-fno-strict-aliasing)
set(openssl_SRCS X509.cc SSLCiphers.cc SSLInterpreter.cc SSLProxy.cc
SSLv2.cc SSLv3.cc SSLv3Automaton.cc)
@ -320,6 +322,7 @@ set(bro_SRCS
PrefixTable.cc
PriorityQueue.cc
Queue.cc
RandTest.cc
RE.cc
RPC.cc
Reassem.cc

31
src/ConnCompressor.cc
View file

@ -391,26 +391,6 @@ Connection* ConnCompressor::NextFromOrig(PendingConn* pending, double t,
{
if ( (tp->th_flags & TH_ACK) && ! pending->ACK )
Weird(pending, t, "repeated_SYN_with_ack");
else
{
// We adjust the start-time. Unfortunately
// this means that we have to create a new
// PendingConn as all of them need to be
// monotonically increasing in time. This
// leads to some inconsistencies with TCP.cc,
// as by doing this we basically restart our
// attempt_timer.
pending = MoveState(t, pending);
// Removing is necessary because the key
// will be destroyed at some point.
conns.Remove(&pending->key, sizeof(pending->key),
pending->hash, true);
conns.Dictionary::Insert(&pending->key,
sizeof(pending->key), pending->hash,
MakeMapPtr(pending), 0);
}
}
else
@ -715,17 +695,6 @@ uint8 ConnCompressor::MakeFlags(const PendingConn* c) const
return tcp_flags;
}
ConnCompressor::PendingConn* ConnCompressor::MoveState(double time,
PendingConn* c)
{
PendingConn* nc = MakeNewState(time);
memcpy(nc, c, sizeof(PendingConn));
c->invalid = 1;
nc->time = time;
++sizes.pending_in_mem;
return nc;
}
ConnCompressor::PendingConn* ConnCompressor::MakeNewState(double t)
{
// See if there is enough space in the current block.

4
src/ConnCompressor.h
View file

@ -138,10 +138,6 @@ private:
// Fakes a TCP packet based on the available information.
const IP_Hdr* PendingConnToPacket(const PendingConn* c);
// For changing the timestamp of PendingConn - allocates a new one,
// sets the given time, and copies all other data from old.
PendingConn* MoveState(double time, PendingConn* old);
// Construct a TCP-flags byte.
uint8 MakeFlags(const PendingConn* c) const;

2
src/DCE_RPC.cc
View file

@ -82,7 +82,7 @@ UUID::UUID(const char* str)
}
if ( i != 16 )
internal_error(fmt("invalid UUID string: %s", str));
internal_error("invalid UUID string: %s", str);
}
typedef map<UUID, BroEnum::dce_rpc_if_id> uuid_map_t;

50
src/Expr.cc
View file

@ -2611,7 +2611,6 @@ Val* AssignExpr::Eval(Frame* f) const
if ( v )
{
op1->Assign(f, v);
//### op1->SetAttribs();
return val ? val->Ref() : v->Ref();
}
else
@ -3062,13 +3061,6 @@ FieldExpr::FieldExpr(Expr* arg_op, const char* arg_field_name)
if ( IsError() )
return;
if ( streq(arg_field_name, "attr") )
{
field = -1;
SetType(op->Type()->AttributesType()->Ref());
return;
}
if ( ! IsRecord(op->Type()->Tag()) )
ExprError("not a record");
else
@ -3106,12 +3098,7 @@ void FieldExpr::Assign(Frame* f, Val* v, Opcode opcode)
return;
if ( field < 0 )
{
Val* lhs = op->Eval(f);
lhs->SetAttribs(v->AsRecordVal());
Unref(lhs);
return;
}
ExprError("no such field in record");
Val* op_v = op->Eval(f);
if ( op_v )
@ -3124,9 +3111,6 @@ void FieldExpr::Assign(Frame* f, Val* v, Opcode opcode)
Val* FieldExpr::Fold(Val* v) const
{
if ( field < 0 )
return v->GetAttribs(true)->Ref();
Val* result = v->AsRecordVal()->Lookup(field);
if ( result )
return result->Ref();
@ -3179,24 +3163,20 @@ bool FieldExpr::DoUnserialize(UnserialInfo* info)
return td != 0;
}
HasFieldExpr::HasFieldExpr(Expr* arg_op, const char* arg_field_name,
bool arg_is_attr)
HasFieldExpr::HasFieldExpr(Expr* arg_op, const char* arg_field_name)
: UnaryExpr(EXPR_HAS_FIELD, arg_op)
{
field_name = arg_field_name;
is_attr = arg_is_attr;
field = 0;
if ( IsError() )
return;
if ( ! is_attr && ! IsRecord(op->Type()->Tag()) )
if ( ! IsRecord(op->Type()->Tag()) )
ExprError("not a record");
else
{
RecordType* rt = is_attr ?
op->Type()->AttributesType() :
op->Type()->AsRecordType();
RecordType* rt = op->Type()->AsRecordType();
field = rt->FieldOffset(field_name);
if ( field < 0 )
@ -3215,10 +3195,7 @@ Val* HasFieldExpr::Fold(Val* v) const
{
RecordVal* rec_to_look_at;
if ( is_attr )
rec_to_look_at = v->GetAttribs(false);
else
rec_to_look_at = v->AsRecordVal();
rec_to_look_at = v->AsRecordVal();
if ( ! rec_to_look_at )
return new Val(0, TYPE_BOOL);
@ -3235,12 +3212,7 @@ void HasFieldExpr::ExprDescribe(ODesc* d) const
op->Describe(d);
if ( d->IsReadable() )
{
if ( is_attr )
d->Add("?$$");
else
d->Add("?$");
}
d->Add("?$");
if ( IsError() )
d->Add("<error>");
@ -3255,13 +3227,17 @@ IMPLEMENT_SERIAL(HasFieldExpr, SER_HAS_FIELD_EXPR);
bool HasFieldExpr::DoSerialize(SerialInfo* info) const
{
DO_SERIALIZE(SER_HAS_FIELD_EXPR, UnaryExpr);
return SERIALIZE(is_attr) && SERIALIZE(field_name) && SERIALIZE(field);
// Serialize the former "bool is_attr" first for backwards compatibility.
return SERIALIZE(false) && SERIALIZE(field_name) && SERIALIZE(field);
}
bool HasFieldExpr::DoUnserialize(UnserialInfo* info)
{
DO_UNSERIALIZE(UnaryExpr);
return UNSERIALIZE(&is_attr) && UNSERIALIZE_STR(&field_name, 0) && UNSERIALIZE(&field);
// Unserialize the former "bool is_attr" first for backwards compatibility.
bool not_used;
return UNSERIALIZE(&not_used) && UNSERIALIZE_STR(&field_name, 0) && UNSERIALIZE(&field);
}
RecordConstructorExpr::RecordConstructorExpr(ListExpr* constructor_list)
@ -3507,8 +3483,6 @@ Val* SetConstructorExpr::Eval(Frame* f) const
aggr->Assign(element, 0);
}
aggr->AsTableVal()->SetAttrs(attrs);
return aggr;
}

2
src/Expr.h
View file

@ -709,7 +709,7 @@ protected:
// "rec?$$attrname" is true if the attribute attrname is not nil.
class HasFieldExpr : public UnaryExpr {
public:
HasFieldExpr(Expr* op, const char* field_name, bool is_attr);
HasFieldExpr(Expr* op, const char* field_name);
~HasFieldExpr();
protected:

5
src/File.cc
View file

@ -195,10 +195,9 @@ bool BroFile::Open(FILE* file)
InstallRotateTimer();
if ( ! f )
{
f = fopen(name, access);
SetBuf(buffered);
}
SetBuf(buffered);
if ( f )
{

46
src/HTTP.cc
View file

@ -16,16 +16,20 @@
const bool DEBUG_http = false;
// The EXPECT_*_NOTHING states are used to prevent further parsing. Used if a
// message was interrupted.
enum {
EXPECT_REQUEST_LINE,
EXPECT_REQUEST_MESSAGE,
EXPECT_REQUEST_TRAILER,
EXPECT_REQUEST_NOTHING,
};
enum {
EXPECT_REPLY_LINE,
EXPECT_REPLY_MESSAGE,
EXPECT_REPLY_TRAILER,
EXPECT_REPLY_NOTHING,
};
HTTP_Entity::HTTP_Entity(HTTP_Message *arg_message, MIME_Entity* parent_entity, int arg_expect_body)
@ -851,7 +855,23 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
HTTP_Event("crud_trailing_HTTP_request",
new_string_val(line, end_of_line));
else
ProtocolViolation("not a http request line");
{
// We do see HTTP requests with a
// trailing EOL that's not accounted
// for by the content-length. This
// will lead to a call to this method
// with len==0 while we are expecting
// a new request. Since HTTP servers
// handle such requests gracefully,
// we should do so as well.
if ( len == 0 )
Weird("empty_http_request");
else
{
ProtocolViolation("not a http request line");
request_state = EXPECT_REQUEST_NOTHING;
}
}
}
break;
@ -861,6 +881,9 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
case EXPECT_REQUEST_TRAILER:
break;
case EXPECT_REQUEST_NOTHING:
break;
}
}
else
@ -873,6 +896,8 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
if ( unanswered_requests.empty() )
Weird("unmatched_HTTP_reply");
else
ProtocolConfirmation();
reply_state = EXPECT_REPLY_MESSAGE;
reply_ongoing = 1;
@ -884,8 +909,11 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
ExpectReplyMessageBody(),
len);
}
else
else
{
ProtocolViolation("not a http reply line");
reply_state = EXPECT_REPLY_NOTHING;
}
break;
@ -895,6 +923,9 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
case EXPECT_REPLY_TRAILER:
break;
case EXPECT_REPLY_NOTHING:
break;
}
}
}
@ -1042,6 +1073,7 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line)
// HTTP methods for distributed authoring.
"PROPFIND", "PROPPATCH", "MKCOL", "DELETE", "PUT",
"COPY", "MOVE", "LOCK", "UNLOCK",
"POLL", "REPORT", "SUBSCRIBE", "BMOVE",
"SEARCH",
@ -1256,7 +1288,10 @@ void HTTP_Analyzer::RequestMade(const int interrupted, const char* msg)
num_request_lines = 0;
request_state = EXPECT_REQUEST_LINE;
if ( interrupted )
request_state = EXPECT_REQUEST_NOTHING;
else
request_state = EXPECT_REQUEST_LINE;
}
void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg)
@ -1285,7 +1320,10 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg)
reply_reason_phrase = 0;
}
reply_state = EXPECT_REPLY_LINE;
if ( interrupted )
reply_state = EXPECT_REPLY_NOTHING;
else
reply_state = EXPECT_REPLY_LINE;
}
void HTTP_Analyzer::RequestClash(Val* /* clash_val */)

4
src/NetVar.cc
View file

@ -126,6 +126,8 @@ TableType* smb_negotiate;
RecordType* geo_location;
RecordType* entropy_test_result;
TableType* dhcp_router_list;
RecordType* dhcp_msg;
@ -460,6 +462,8 @@ void init_net_var()
geo_location = internal_type("geo_location")->AsRecordType();
entropy_test_result = internal_type("entropy_test_result")->AsRecordType();
dhcp_router_list = internal_type("dhcp_router_list")->AsTableType();
dhcp_msg = internal_type("dhcp_msg")->AsRecordType();

2
src/NetVar.h
View file

@ -133,6 +133,8 @@ extern TableType* smb_negotiate;
extern RecordType* geo_location;
extern RecordType* entropy_test_result;
extern TableType* dhcp_router_list;
extern RecordType* dhcp_msg;

6
src/PersistenceSerializer.cc
View file

@ -348,9 +348,6 @@ bool PersistenceSerializer::RunSerialization(SerialStatus* status)
status->conn_cookie = status->conns->InitForIteration();
status->conns->MakeRobustCookie(status->conn_cookie);
}
if ( status->info.may_suspend )
bro_logger->Log("Starting incremental serialization...");
}
else if ( cont->ChildSuspended() )
@ -480,9 +477,6 @@ bool PersistenceSerializer::RunSerialization(SerialStatus* status)
}
}
if ( status->info.may_suspend )
bro_logger->Log("Finished incremental serialization.");
delete status;
return ret;
}

4
src/PrefixTable.cc
View file

@ -99,8 +99,8 @@ void* PrefixTable::Lookup(const Val* value, bool exact) const
break;
default:
internal_error(fmt("Wrong index type %d for PrefixTable",
value->Type()->Tag()));
internal_error("Wrong index type %d for PrefixTable",
value->Type()->Tag());
return 0;
}
}

132
src/RandTest.cc Normal file
View file

@ -0,0 +1,132 @@
/*
Apply various randomness tests to a stream of bytes
by John Walker -- September 1996
http://www.fourmilab.ch/random
This software is in the public domain. Permission to use, copy, modify,
and distribute this software and its documentation for any purpose and
without fee is hereby granted, without any conditions or restrictions.
This software is provided as is without express or implied warranty.
Modified for Bro by Seth Hall - July 2010
*/
#include <RandTest.h>
RandTest::RandTest()
{
totalc = 0;
mp = 0;
sccfirst = 1;
inmont = mcount = 0;
cexp = montex = montey = montepi = sccu0 = scclast = scct1 = scct2 = scct3 = 0.0;
for (int i = 0; i < 256; i++)
{
ccount[i] = 0;
}
}
void RandTest::add(void *buf, int bufl)
{
unsigned char *bp = (unsigned char*)buf;
int oc;
while (bufl-- > 0)
{
oc = *bp++;
ccount[oc]++; /* Update counter for this bin */
totalc++;
/* Update inside / outside circle counts for Monte Carlo
computation of PI */
monte[mp++] = oc; /* Save character for Monte Carlo */
if (mp >= RT_MONTEN) /* Calculate every RT_MONTEN character */
{
mp = 0;
mcount++;
montex = 0;
montey = 0;
for (int mj=0; mj < RT_MONTEN/2; mj++)
{
montex = (montex * 256.0) + monte[mj];
montey = (montey * 256.0) + monte[(RT_MONTEN / 2) + mj];
}
if (montex*montex + montey*montey <= RT_INCIRC)
{
inmont++;
}
}
/* Update calculation of serial correlation coefficient */
if (sccfirst)
{
sccfirst = 0;
scclast = 0;
sccu0 = oc;
}
else
{
scct1 = scct1 + scclast * oc;
}
scct2 = scct2 + oc;
scct3 = scct3 + (oc * oc);
scclast = oc;
oc <<= 1;
}
}
void RandTest::end(double *r_ent, double *r_chisq,
double *r_mean, double *r_montepicalc, double *r_scc)
{
int i;
double ent, chisq, scc, datasum;
ent = 0.0; chisq = 0.0; scc = 0.0; datasum = 0.0;
double prob[256]; /* Probabilities per bin for entropy */
/* Complete calculation of serial correlation coefficient */
scct1 = scct1 + scclast * sccu0;
scct2 = scct2 * scct2;
scc = totalc * scct3 - scct2;
if (scc == 0.0)
scc = -100000;
else
scc = (totalc * scct1 - scct2) / scc;
/* Scan bins and calculate probability for each bin and
Chi-Square distribution. The probability will be reused
in the entropy calculation below. While we're at it,
we sum of all the data which will be used to compute the
mean. */
cexp = totalc / 256.0; /* Expected count per bin */
for (i = 0; i < 256; i++)
{
double a = ccount[i] - cexp;
prob[i] = ((double) ccount[i]) / totalc;
chisq += (a * a) / cexp;
datasum += ((double) i) * ccount[i];
}
/* Calculate entropy */
for (i = 0; i < 256; i++)
{
if (prob[i] > 0.0)
{
ent += prob[i] * rt_log2(1 / prob[i]);
}
}
/* Calculate Monte Carlo value for PI from percentage of hits
within the circle */
montepi = 4.0 * (((double) inmont) / mcount);
/* Return results through arguments */
*r_ent = ent;
*r_chisq = chisq;
*r_mean = datasum / totalc;
*r_montepicalc = montepi;
*r_scc = scc;
}

34
src/RandTest.h Normal file
View file

@ -0,0 +1,34 @@
#include <math.h>
#define log2of10 3.32192809488736234787
/* RT_LOG2 -- Calculate log to the base 2 */
static double rt_log2(double x)
{
return log2of10 * log10(x);
}
#define RT_MONTEN 6 /* Bytes used as Monte Carlo
co-ordinates. This should be no more
bits than the mantissa of your "double"
floating point type. */
// RT_INCIRC = pow(pow(256.0, (double) (RT_MONTEN / 2)) - 1, 2.0);
#define RT_INCIRC 281474943156225.0
class RandTest {
public:
RandTest();
void add(void *buf, int bufl);
void end(double *r_ent, double *r_chisq, double *r_mean,
double *r_montepicalc, double *r_scc);
private:
long ccount[256]; /* Bins to count occurrences of values */
long totalc; /* Total bytes counted */
int mp;
int sccfirst;
unsigned int monte[RT_MONTEN];
long inmont, mcount;
double cexp, montex, montey, montepi,
sccu0, scclast, scct1, scct2, scct3;
};

99
src/RemoteSerializer.cc
View file

@ -544,6 +544,36 @@ void RemoteSerializer::Init()
initialized = 1;
}
void RemoteSerializer::SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose)
{
int defsize = 0;
socklen_t len = sizeof(defsize);
if ( getsockopt(fd, SOL_SOCKET, opt, (void *)&defsize, &len) < 0 )
{
if ( verbose )
Log(LogInfo, fmt("warning: cannot get socket buffer size (%s): %s", what, strerror(errno)));
return;
}
for ( int trysize = size; trysize > defsize; trysize -= 1024 )
{
if ( setsockopt(fd, SOL_SOCKET, opt, &trysize, sizeof(trysize)) >= 0 )
{
if ( verbose )
{
if ( trysize == size )
Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK", defsize / 1024, trysize / 1024));
else
Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK (%dK was requested)", defsize / 1024, trysize / 1024, size / 1024));
}
return;
}
}
Log(LogInfo, fmt("warning: cannot increase %s socket buffer size from %dK (%dK was requested)", what, defsize / 1024, size / 1024));
}
void RemoteSerializer::Fork()
{
if ( child_pid )
@ -562,25 +592,11 @@ void RemoteSerializer::Fork()
return;
}
int bufsize;
socklen_t len = sizeof(bufsize);
if ( getsockopt(pipe[0], SOL_SOCKET, SO_SNDBUF, &bufsize, &len ) < 0 )
Log(LogInfo, fmt("warning: cannot get socket buffer size: %s", strerror(errno)));
else
Log(LogInfo, fmt("pipe's socket buffer size is %d, setting to %d", bufsize, SOCKBUF_SIZE));
bufsize = SOCKBUF_SIZE;
if ( setsockopt(pipe[0], SOL_SOCKET, SO_SNDBUF,
&bufsize, sizeof(bufsize) ) < 0 ||
setsockopt(pipe[0], SOL_SOCKET, SO_RCVBUF,
&bufsize, sizeof(bufsize) ) < 0 ||
setsockopt(pipe[1], SOL_SOCKET, SO_SNDBUF,
&bufsize, sizeof(bufsize) ) < 0 ||
setsockopt(pipe[1], SOL_SOCKET, SO_RCVBUF,
&bufsize, sizeof(bufsize) ) < 0 )
Log(LogInfo, fmt("warning: cannot set socket buffer size to %dK: %s", bufsize / 1024, strerror(errno)));
// Try to increase the size of the socket send and receive buffers.
SetSocketBufferSize(pipe[0], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 1);
SetSocketBufferSize(pipe[0], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0);
SetSocketBufferSize(pipe[1], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 0);
SetSocketBufferSize(pipe[1], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0);
child_pid = 0;
@ -823,14 +839,9 @@ bool RemoteSerializer::SendCall(SerialInfo* info, PeerID id,
if ( ! peer )
return false;
// Do not send events back to originating peer.
if ( current_peer == peer )
return true;
return SendCall(info, peer, name, vl);
}
bool RemoteSerializer::SendCall(SerialInfo* info, Peer* peer,
const char* name, val_list* vl)
{
@ -1505,13 +1516,13 @@ bool RemoteSerializer::DoMessage()
{
// We shut the connection to this peer down,
// so we ignore all further messages.
DEBUG_COMM(fmt("parent: ignoring %s due to shutdown of peer #%d",
DEBUG_COMM(fmt("parent: ignoring %s due to shutdown of peer #%" PRI_SOURCE_ID,
msgToStr(current_msgtype),
current_peer ? current_peer->id : 0));
return true;
}
DEBUG_COMM(fmt("parent: %s from child; peer is #%d",
DEBUG_COMM(fmt("parent: %s from child; peer is #%" PRI_SOURCE_ID,
msgToStr(current_msgtype),
current_peer ? current_peer->id : 0));
@ -1841,10 +1852,9 @@ bool RemoteSerializer::EnterPhaseRunning(Peer* peer)
if ( in_sync == peer )
in_sync = 0;
current_peer->phase = Peer::RUNNING;
peer->phase = Peer::RUNNING;
Log(LogInfo, "phase: running", peer);
RaiseEvent(remote_connection_handshake_done, current_peer);
RaiseEvent(remote_connection_handshake_done, peer);
if ( remote_trace_sync_interval )
{
@ -2008,12 +2018,11 @@ bool RemoteSerializer::HandshakeDone(Peer* peer)
return false;
#endif
if ( ! (current_peer->caps & Peer::PID_64BIT) )
Log(LogInfo, "peer does not support 64bit PIDs; using compatibility mode", current_peer);
if ( ! (peer->caps & Peer::PID_64BIT) )
Log(LogInfo, "peer does not support 64bit PIDs; using compatibility mode", peer);
if ( (current_peer->caps & Peer::NEW_CACHE_STRATEGY) )
Log(LogInfo, "peer supports keep-in-cache; using that",
current_peer);
if ( (peer->caps & Peer::NEW_CACHE_STRATEGY) )
Log(LogInfo, "peer supports keep-in-cache; using that", peer);
if ( peer->sync_requested != Peer::NONE )
{
@ -2030,7 +2039,7 @@ bool RemoteSerializer::HandshakeDone(Peer* peer)
{
Log(LogError, "misconfiguration: authoritative state on both sides",
current_peer);
CloseConnection(current_peer);
CloseConnection(peer);
return false;
}
@ -2610,7 +2619,7 @@ bool RemoteSerializer::SendCMsgToChild(char msg_type, Peer* peer)
bool RemoteSerializer::SendToChild(char type, Peer* peer, char* str, int len)
{
DEBUG_COMM(fmt("parent: (->child) %s (#%d, %s)", msgToStr(type), peer ? peer->id : PEER_NONE, str));
DEBUG_COMM(fmt("parent: (->child) %s (#%" PRI_SOURCE_ID ", %s)", msgToStr(type), peer ? peer->id : PEER_NONE, str));
if ( ! child_pid )
return false;
@ -2634,7 +2643,7 @@ bool RemoteSerializer::SendToChild(char type, Peer* peer, int nargs, ...)
#ifdef DEBUG
va_start(ap, nargs);
DEBUG_COMM(fmt("parent: (->child) %s (#%d,%s)",
DEBUG_COMM(fmt("parent: (->child) %s (#%" PRI_SOURCE_ID ",%s)",
msgToStr(type), peer ? peer->id : PEER_NONE, fmt_uint32s(nargs, ap)));
va_end(ap);
#endif
@ -3065,7 +3074,7 @@ bool SocketComm::ProcessParentMessage()
}
default:
internal_error(fmt("unknown msg type %d", parent_msgtype));
internal_error("unknown msg type %d", parent_msgtype);
return true;
}
@ -3235,7 +3244,7 @@ bool SocketComm::ForwardChunkToPeer()
{
#ifdef DEBUG
if ( parent_peer )
DEBUG_COMM(fmt("child: not connected to #%d", parent_id));
DEBUG_COMM(fmt("child: not connected to #%" PRI_SOURCE_ID, parent_id));
#endif
}
@ -3318,7 +3327,7 @@ bool SocketComm::ProcessRemoteMessage(SocketComm::Peer* peer)
CMsg* msg = (CMsg*) c->data;
DEBUG_COMM(fmt("child: %s from peer #%d",
DEBUG_COMM(fmt("child: %s from peer #%" PRI_SOURCE_ID,
msgToStr(msg->Type()), peer->id));
switch ( msg->Type() ) {
@ -3795,7 +3804,7 @@ bool SocketComm::SendToParent(char type, Peer* peer, const char* str, int len)
#ifdef DEBUG
// str may already by constructed with fmt()
const char* tmp = copy_string(str);
DEBUG_COMM(fmt("child: (->parent) %s (#%d, %s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, tmp));
DEBUG_COMM(fmt("child: (->parent) %s (#%" PRI_SOURCE_ID ", %s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, tmp));
delete [] tmp;
#endif
if ( sendToIO(io, type, peer ? peer->id : RemoteSerializer::PEER_NONE,
@ -3814,7 +3823,7 @@ bool SocketComm::SendToParent(char type, Peer* peer, int nargs, ...)
#ifdef DEBUG
va_start(ap,nargs);
DEBUG_COMM(fmt("child: (->parent) %s (#%d,%s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, fmt_uint32s(nargs, ap)));
DEBUG_COMM(fmt("child: (->parent) %s (#%" PRI_SOURCE_ID ",%s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, fmt_uint32s(nargs, ap)));
va_end(ap);
#endif
@ -3850,7 +3859,7 @@ bool SocketComm::SendToPeer(Peer* peer, char type, const char* str, int len)
#ifdef DEBUG
// str may already by constructed with fmt()
const char* tmp = copy_string(str);
DEBUG_COMM(fmt("child: (->peer) %s to #%d (%s)", msgToStr(type), peer->id, tmp));
DEBUG_COMM(fmt("child: (->peer) %s to #%" PRI_SOURCE_ID " (%s)", msgToStr(type), peer->id, tmp));
delete [] tmp;
#endif
@ -3869,7 +3878,7 @@ bool SocketComm::SendToPeer(Peer* peer, char type, int nargs, ...)
#ifdef DEBUG
va_start(ap,nargs);
DEBUG_COMM(fmt("child: (->peer) %s to #%d (%s)",
DEBUG_COMM(fmt("child: (->peer) %s to #%" PRI_SOURCE_ID " (%s)",
msgToStr(type), peer->id, fmt_uint32s(nargs, ap)));
va_end(ap);
#endif
@ -3890,7 +3899,7 @@ bool SocketComm::SendToPeer(Peer* peer, char type, int nargs, ...)
bool SocketComm::SendToPeer(Peer* peer, ChunkedIO::Chunk* c)
{
DEBUG_COMM(fmt("child: (->peer) chunk of size %d to #%d", c->len, peer->id));
DEBUG_COMM(fmt("child: (->peer) chunk of size %d to #%" PRI_SOURCE_ID, c->len, peer->id));
if ( ! sendToIO(peer->io, c) )
{
Error(fmt("child: write error %s", io->Error()), peer);

2
src/RemoteSerializer.h
View file

@ -297,6 +297,8 @@ protected:
bool SendToChild(char type, Peer* peer, int nargs, ...); // can send uints32 only
bool SendToChild(ChunkedIO::Chunk* c);
void SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose);
private:
enum { TYPE, ARGS } msgstate; // current state of reading comm.
Peer* current_peer;

6
src/SMB.cc
View file

@ -166,7 +166,7 @@ void SMB_Session::Deliver(int is_orig, int len, const u_char* data)
const u_char* tmp = data_start + next;
if ( data_start + next < data + body.length() )
{
Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %d", next, data + body.length() - data_start));
Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %" PRIuPTR, next, data + body.length() - data_start));
break;
}
@ -480,8 +480,8 @@ int SMB_Session::ParseTreeConnectAndx(binpac::SMB::SMB_header const& hdr,
r->Assign(0, new Val(req.flags(), TYPE_COUNT));
r->Assign(1, new StringVal(req.password_length(),
(const char*) req.password()));
r->Assign(3, new StringVal(path));
r->Assign(4, new StringVal(service));
r->Assign(2, new StringVal(path));
r->Assign(3, new StringVal(service));
if ( strstr_n(norm_path->Len(), norm_path->Bytes(), 5,
(const u_char*) "\\IPC$") != -1 )

517
src/SSLCiphers.cc
View file

@ -319,52 +319,52 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
168,
160
},
{ TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5,
{ TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,
SSL_CIPHER_TYPE_STREAM,
SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_RC4,
SSL_MAC_MD5,
SSL_KEY_EXCHANGE_DH_ANON_EXPORT,
SSL_KEY_EXCHANGE_DH_anon_EXPORT,
0,
40,
128
},
{ TLS_DH_ANON_WITH_RC4_128_MD5,
{ TLS_DH_anon_WITH_RC4_128_MD5,
SSL_CIPHER_TYPE_STREAM,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_RC4,
SSL_MAC_MD5,
SSL_KEY_EXCHANGE_DH_ANON,
SSL_KEY_EXCHANGE_DH_anon,
0,
128,
128
},
{ TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
{ TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_DES40,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON,
SSL_KEY_EXCHANGE_DH_anon,
0,
40,
160
},
{ TLS_DH_ANON_WITH_DES_CBC_SHA,
{ TLS_DH_anon_WITH_DES_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_DES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON,
SSL_KEY_EXCHANGE_DH_anon,
0,
56,
160
},
{ TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
{ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_3DES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON,
SSL_KEY_EXCHANGE_DH_anon,
0,
168,
160
@ -389,16 +389,48 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
96,
160
},
{ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA,
SSL_CIPHER_TYPE_STREAM,
SSL_FLAG_SSLv30,
SSL_CIPHER_RC4,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_FORTEZZA_KEA,
{ SSL_RSA_WITH_RC2_CBC_MD5,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv20,
SSL_CIPHER_RC2,
SSL_MAC_MD5,
SSL_KEY_EXCHANGE_RSA,
0,
56,
160
},
{ SSL_RSA_WITH_IDEA_CBC_MD5,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv20,
SSL_CIPHER_IDEA,
SSL_MAC_MD5,
SSL_KEY_EXCHANGE_RSA,
0,
128,
160
},
{ SSL_RSA_WITH_DES_CBC_MD5,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv20,
SSL_CIPHER_DES,
SSL_MAC_MD5,
SSL_KEY_EXCHANGE_RSA,
0,
56,
160
},
{ SSL_RSA_WITH_3DES_EDE_CBC_MD5,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv20,
SSL_CIPHER_3DES,
SSL_MAC_MD5,
SSL_KEY_EXCHANGE_RSA,
0,
168,
160
},
// --- special SSLv3 FIPS ciphers
{ SSL_RSA_FIPS_WITH_DES_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
@ -522,12 +554,12 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
128,
160
},
{ TLS_DH_ANON_WITH_AES_128_CBC_SHA,
{ TLS_DH_anon_WITH_AES_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON,
SSL_KEY_EXCHANGE_DH_anon,
0,
128,
160
@ -582,16 +614,459 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
256,
160
},
{ TLS_DH_ANON_WITH_AES_256_CBC_SHA,
{ TLS_DH_anon_WITH_AES_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON,
SSL_KEY_EXCHANGE_DH_anon,
0,
256,
160
}
},
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_RSA,
0,
128,
160
},
{ TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_DSS,
0,
128,
160
},
{ TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_RSA,
0,
128,
160
},
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DHE_DSS,
0,
128,
160
},
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DHE_RSA,
0,
128,
160
},
{ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_anon,
0,
128,
160
},
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_RSA,
0,
256,
160
},
{ TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_DSS,
0,
256,
160
},
{ TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_RSA,
0,
256,
160
},
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DHE_DSS,
0,
256,
160
},
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DHE_RSA,
0,
256,
160
},
{ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_anon,
0,
256,
160
},
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_3DES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDHE_ECDSA,
0,
168,
160
},
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDHE_ECDSA,
0,
128,
160
},
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDHE_ECDSA,
0,
256,
160
},
{ TLS_ECDHE_ECDSA_WITH_NULL_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_NULL,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDHE_ECDSA,
0,
0,
160
},
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_RC4,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDHE_ECDSA,
0,
128,
160
},
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_3DES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDHE_RSA,
0,
168,
160
},
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDHE_RSA,
0,
128,
160
},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDHE_RSA,
0,
256,
160
},
{ TLS_ECDHE_RSA_WITH_NULL_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_NULL,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDHE_RSA,
0,
0,
160
},
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_RC4,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDHE_RSA,
0,
128,
160
},
{ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_3DES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_ECDSA,
0,
168,
160
},
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_ECDSA,
0,
128,
160
},
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_ECDSA,
0,
256,
160
},
{ TLS_ECDH_ECDSA_WITH_NULL_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_NULL,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_ECDSA,
0,
0,
160
},
{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_RC4,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_ECDSA,
0,
128,
160
},
{ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_3DES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_RSA,
0,
168,
160
},
{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_RSA,
0,
128,
160
},
{ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_RSA,
0,
256,
160
},
{ TLS_ECDH_RSA_WITH_NULL_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_NULL,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_RSA,
0,
0,
160
},
{ TLS_ECDH_RSA_WITH_RC4_128_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_RC4,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_RSA,
0,
128,
160
},
{ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_3DES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_anon,
0,
168,
160
},
{ TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_anon,
0,
128,
160
},
{ TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_anon,
0,
256,
160
},
{ TLS_ECDH_anon_WITH_NULL_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_NULL,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_anon,
0,
0,
160
},
{ TLS_ECDH_anon_WITH_RC4_128_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_RC4,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_anon,
0,
128,
160
},
{ TLS_RSA_WITH_SEED_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_SEED,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_RSA,
0,
128,
160
},
{ TLS_DH_DSS_WITH_SEED_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_SEED,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_DSS,
0,
128,
160
},
{ TLS_DH_RSA_WITH_SEED_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_SEED,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_RSA,
0,
128,
160
},
{ TLS_DHE_DSS_WITH_SEED_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_SEED,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DHE_DSS,
0,
128,
160
},
{ TLS_DHE_RSA_WITH_SEED_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_SEED,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DHE_RSA,
0,
128,
160
},
{ TLS_DH_anon_WITH_SEED_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_SEED,
SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_anon,
0,
128,
160
},
{ TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
SSL_CIPHER_TYPE_NULL,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_NULL,
SSL_MAC_NULL,
SSL_KEY_EXCHANGE_NULL,
0,
0,
0
},
};
const uint SSL_CipherSpecs_Count =

323
src/SSLCiphers.h
View file

@ -12,14 +12,14 @@
*/
enum SSLv2_CipherSpec {
// --- standard SSLv2 ciphers
SSL_CK_RC4_128_WITH_MD5 = 0x010080,
SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080,
SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080,
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080,
SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080,
SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040,
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0,
SSL_CK_RC4_64_WITH_MD5 = 0x080080
SSL_CK_RC4_128_WITH_MD5 = 0x010080,
SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080,
SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080,
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080,
SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080,
SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040,
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0,
SSL_CK_RC4_64_WITH_MD5 = 0x080080
};
@ -28,60 +28,245 @@ enum SSLv2_CipherSpec {
*/
enum SSL3_1_CipherSpec {
// --- standard SSLv3x ciphers
TLS_NULL_WITH_NULL_NULL = 0x0000,
TLS_RSA_WITH_NULL_MD5 = 0x0001,
TLS_RSA_WITH_NULL_SHA = 0x0002,
TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
TLS_RSA_WITH_RC4_128_SHA = 0x0005,
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007,
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
TLS_RSA_WITH_DES_CBC_SHA = 0x0009,
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017,
TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018,
TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A,
TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B,
// --- special SSLv3 ciphers
SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C,
SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D,
SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E,
// --- special SSLv3 FIPS ciphers
SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE,
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0XFEFF,
// --- new 56 bit export ciphers
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062,
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064,
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063,
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065,
TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066,
TLS_NULL_WITH_NULL_NULL = 0x0000,
TLS_RSA_WITH_NULL_MD5 = 0x0001,
TLS_RSA_WITH_NULL_SHA = 0x0002,
TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
TLS_RSA_WITH_RC4_128_SHA = 0x0005,
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007,
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
TLS_RSA_WITH_DES_CBC_SHA = 0x0009,
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017,
TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
TLS_DH_anon_WITH_DES_CBC_SHA = 0x001A,
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
// --- special SSLv3 ciphers
SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C,
SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D,
//SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E,
// -- RFC 2712 (ciphers not fully described in SSLCiphers.cc)
TLS_KRB5_WITH_DES_CBC_SHA = 0x001E,
TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F,
TLS_KRB5_WITH_RC4_128_SHA = 0x0020,
TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021,
TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022,
TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023,
TLS_KRB5_WITH_RC4_128_MD5 = 0x0024,
TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025,
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026,
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027,
TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028,
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029,
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A,
TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B,
// --- new AES ciphers
TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034,
TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A
TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
TLS_RSA_WITH_NULL_SHA256 = 0x003B,
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
// -- RFC 4132
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041,
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042,
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043,
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044,
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045,
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046,
// -- Non-RFC. Widely deployed implementation (ciphers not fully described in SSLCiphers.cc)
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060,
TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061,
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062,
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063,
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064,
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065,
TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066,
// -- RFC 5246 (ciphers not fully described in SSLCiphers.cc)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068,
TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
// -- RFC 5932
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084,
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085,
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088,
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089,
// -- RFC 4279 (ciphers not fully described in SSLCiphers.cc)
TLS_PSK_WITH_RC4_128_SHA = 0x008A,
TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
// -- RFC 4162
TLS_RSA_WITH_SEED_CBC_SHA = 0x0096,
TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097,
TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098,
TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099,
TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A,
TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B,
// -- RFC 5288 (ciphers not fully described in SSLCiphers.cc)
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F,
TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0,
TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6,
TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7,
// -- RFC 5487 (ciphers not fully described in SSLCiphers.cc)
TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
// -- RFC 5932 (ciphers not fully described in SSLCiphers.cc)
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA,
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB,
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC,
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD,
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE,
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF,
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0,
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1,
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4,
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5,
// -- RFC 4492
TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005,
TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B,
TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F,
TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010,
TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
TLS_ECDH_anon_WITH_NULL_SHA = 0xC015,
TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016,
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017,
TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018,
TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019,
// -- RFC 5054 (ciphers not fully described in SSLCiphers.cc)
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A,
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B,
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C,
TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D,
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E,
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F,
TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020,
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021,
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022,
// -- RFC 5289 (ciphers not fully described in SSLCiphers.cc)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D,
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
// -- RFC 5489 (ciphers not fully described in SSLCiphers.cc)
TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033,
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034,
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035,
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036,
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037,
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038,
TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039,
TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A,
TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B,
// --- special SSLv3 FIPS ciphers
SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE,
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF,
SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1,
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0,
// Tags for SSL 2 cipher kinds which are not specified for SSL 3.
SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80,
SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81,
SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82,
SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
};
enum SSL_CipherType {
@ -99,7 +284,9 @@ enum SSL_BulkCipherAlgorithm {
SSL_CIPHER_DES40,
SSL_CIPHER_FORTEZZA,
SSL_CIPHER_IDEA,
SSL_CIPHER_AES
SSL_CIPHER_AES,
SSL_CIPHER_CAMELLIA,
SSL_CIPHER_SEED,
};
enum SSL_MACAlgorithm {
@ -121,12 +308,18 @@ enum SSL_KeyExchangeAlgorithm {
SSL_KEY_EXCHANGE_DHE_DSS_EXPORT,
SSL_KEY_EXCHANGE_DHE_RSA,
SSL_KEY_EXCHANGE_DHE_RSA_EXPORT,
SSL_KEY_EXCHANGE_DH_ANON,
SSL_KEY_EXCHANGE_DH_ANON_EXPORT,
SSL_KEY_EXCHANGE_DH_anon,
SSL_KEY_EXCHANGE_DH_anon_EXPORT,
SSL_KEY_EXCHANGE_FORTEZZA_KEA,
// --- new 56 bit export ciphers
SSL_KEY_EXCHANGE_RSA_EXPORT1024,
SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024
SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024,
// -- Elliptic Curve key change algorithms (rfc4492)
SSL_KEY_EXCHANGE_ECDH_ECDSA,
SSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_KEY_EXCHANGE_ECDH_RSA,
SSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_KEY_EXCHANGE_ECDH_anon,
};
#if 0

4
src/SSLProxy.cc
View file

@ -174,7 +174,6 @@ bool SSL_RecordBuilder::addSegment(const u_char* data, int length)
if ( ! computeExpectedSize(data, length) )
return false;
// Insert weird here replacing assert.
if ( neededSize > expectedSize )
{
sslEndpoint->Weird("SSL_RecordBuilder::addSegment neededSize > expectedSize");
@ -277,8 +276,7 @@ bool SSL_RecordBuilder::addSegment(const u_char* data, int length)
else if ( currentSize + length < expectedSize )
{ // another (middle) segment
if ( length <= MIN_FRAGMENT_SIZE )
sslEndpoint->Parent()->Weird( "SSLProxy: Excessive small TCP Segment!" );
sslEndpoint->Parent()->Weird("SSLProxy: Excessive small TCP Segment!");
addData(data, length);
break;
}

224
src/SSLv3.cc
View file

@ -195,7 +195,7 @@ void SSLv3_Interpreter::printStats()
printf( "SSLv3x:\n" );
printf( "Note: Because handshake messages may be coalesced into a \n");
printf( " single SSLv3x record, the number of total messages for SSLv3x plus \n");
printf( " the number of total records seen for SSLv2 won't match \n");
printf( " the number of total records seen for SSLv3 won't match \n");
printf( " SSLProxy_Analyzer::totalRecords! \n");
printf( "total connections = %u\n", totalConnections );
printf( "opened connections (complete handshake) = %u\n", openedConnections );
@ -383,84 +383,71 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
case SSL3_1_CERTIFICATE:
{
if ( rec->length >= 3 )
const u_char* pData = rec->data;
uint32 certListLength =
uint32((pData[4] << 16) |
pData[5] << 8) | pData[6];
// Sum of all cert sizes has to match
// certListLength.
uint tempLength = 0;
uint certCount = 0;
while ( tempLength < certListLength )
{
const u_char* pData = rec->data;
uint32 certListLength =
uint32((pData[4] << 16) |
pData[5] << 8) | pData[6];
// Size consistency checks.
if ( certListLength + 3 != uint32(rec->length) )
if ( tempLength + 3 <= certListLength )
{
if ( rec->endp->IsOrig() )
Weird("SSLv3x: Corrupt length field in client certificate list!");
else
Weird("SSLv3x: Corrupt length field in server certificate list!");
return;
}
// Sum of all cert sizes has to match
// certListLength.
uint tempLength = 0;
uint certCount = 0;
while ( tempLength < certListLength )
{
if ( tempLength + 3 <= certListLength )
{
++certCount;
uint32 certLength =
uint32((pData[tempLength + 7] << 16) | pData[tempLength + 8] << 8) | pData[tempLength + 9];
tempLength += certLength + 3;
}
else
{
Weird("SSLv3x: Corrupt length field in certificate list!");
return;
}
}
if ( tempLength > certListLength )
{
Weird("SSLv3x: sum of size of certificates doesn't match size of certificate chain");
return;
}
SSL_InterpreterEndpoint* pEp =
(SSL_InterpreterEndpoint*) rec->endp;
if ( certCount == 0 )
{ // we don't have a certificate...
if ( rec->endp->IsOrig() )
{
Weird("SSLv3x: Client certificate is missing!");
break;
}
else
{
Weird("SSLv3x: Server certificate is missing!");
break;
}
}
if ( certCount > 1 )
{ // we have a chain
analyzeCertificate(pEp,
rec->data + 7,
certListLength, 1, true);
++certCount;
uint32 certLength =
uint32((pData[tempLength + 7] << 16) | pData[tempLength + 8] << 8) | pData[tempLength + 9];
tempLength += certLength + 3;
}
else
{
// We have a single certificate.
// FIXME.
analyzeCertificate(pEp,
rec->data + 10,
certListLength-3, 1, false);
Weird("SSLv3x: Corrupt length field in certificate list!");
return;
}
}
if ( tempLength > certListLength )
{
Weird("SSLv3x: sum of size of certificates doesn't match size of certificate chain");
return;
}
SSL_InterpreterEndpoint* pEp =
(SSL_InterpreterEndpoint*) rec->endp;
if ( certCount == 0 )
{
// we don't have a certificate, but this is valid
// according to RFC2246
if ( rec->endp->IsOrig() )
{
Weird("SSLv3x: Client certificate is missing!");
break;
}
else
{
Weird("SSLv3x: Server certificate is missing!");
break;
}
}
if ( certCount > 1 )
{ // we have a chain
analyzeCertificate(pEp,
rec->data + 7,
certListLength, 1, true);
}
else
Weird("SSLv3x: Certificate record too small!" );
{
// We have a single certificate.
// FIXME.
analyzeCertificate(pEp,
rec->data + 10,
certListLength-3, 1, false);
}
break;
}
@ -554,7 +541,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
}
else
{
if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
{
if ( rec->length < 2 )
{
@ -595,11 +582,11 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
switch (cipherSuite)
{
case TLS_NULL_WITH_NULL_NULL:
case TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5:
case TLS_DH_ANON_WITH_RC4_128_MD5:
case TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA:
case TLS_DH_ANON_WITH_DES_CBC_SHA:
case TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA:
case TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:
case TLS_DH_anon_WITH_RC4_128_MD5:
case TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
case TLS_DH_anon_WITH_DES_CBC_SHA:
case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
{
Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!");
break;
@ -618,7 +605,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
break;
}
if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT )
if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT )
Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!");
// FIXME: Insert weird checks!
@ -654,7 +641,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
}
else
{
if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
{
if ( rec->length < 2 )
{
@ -938,14 +925,6 @@ TableVal* SSLv3_Interpreter::analyzeCiphers(const SSLv3_Endpoint* s, int length,
{
int is_orig = (SSL_InterpreterEndpoint*) s == orig;
if ( length > ssl_max_cipherspec_size )
{
if ( is_orig )
Weird("SSLv2: Client has CipherSpecs > ssl_max_cipherspec_size");
else
Weird("SSLv2: Server has CipherSpecs > ssl_max_cipherspec_size");
}
const u_char* pCipher = data;
SSL_CipherSpec* pCipherSuiteTemp = 0;
uint16 cipherSuite;
@ -1236,16 +1215,6 @@ SSLv3_HandshakeRecord::SSLv3_HandshakeRecord(const u_char* data, int len,
uint16 version, SSLv3_Endpoint const* e)
: SSLv3_Record(data, len, version, e)
{
// Weird-check for minimum handshake length header.
if ( len < 4 )
{
e->Interpreter()->Weird("SSLv3x: Handshake-header-length too small!");
type = 255;
length = 0;
next = 0;
return;
}
// Don't analyze encrypted client handshake messages.
if ( e->IsOrig() &&
((SSLv3_Interpreter*) e->Interpreter())->change_cipher_client_seen &&
@ -1270,7 +1239,10 @@ SSLv3_HandshakeRecord::SSLv3_HandshakeRecord(const u_char* data, int len,
type = uint8(*(this->data));
length = ExtractInt24(data, len, 1);
if ( length + 4 < len )
if ( length == 0 ) // this is a special case to deal with 0 length certs
next = 0;
else if ( length + 4 < len )
next = new SSLv3_HandshakeRecord(data + length + 4,
len - (length + 4), version, e);
else if ( length + 4 > len )
@ -1328,7 +1300,9 @@ int SSLv3_HandshakeRecord::checkClientHello()
version != SSLProxy_Analyzer::SSLv31 )
endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Client hello!");
uint8 sessionIDLength = uint8(data[38]);
uint16 offset = 38;
uint8 sessionIDLength = uint8(data[offset]);
offset += (1 + sessionIDLength);
if ( sessionIDLength > 32 )
{
endp->Interpreter()->Weird("SSLv3x: SessionID too long in Client hello!");
@ -1336,29 +1310,38 @@ int SSLv3_HandshakeRecord::checkClientHello()
}
uint16 cipherSuiteLength =
uint16(data[39 + sessionIDLength] << 8 ) |
data[40 + sessionIDLength];
uint16(data[offset] << 8) | data[offset+1];
offset += (2 + cipherSuiteLength);
if ( cipherSuiteLength < 2 )
endp->Interpreter()->Weird("SSLv3x: CipherSuite length too small!");
if ( cipherSuiteLength + sessionIDLength + 41 > recordLength )
if ( offset > recordLength )
{
endp->Interpreter()->Weird("SSLv3x: Client hello too small, corrupt length fields!");
return 0;
}
uint8 compressionMethodLength =
uint8(data[41 + sessionIDLength + cipherSuiteLength]);
uint8 compressionMethodLength = uint8(data[offset]);
offset += (1 + compressionMethodLength);
if ( compressionMethodLength < 1 )
endp->Interpreter()->Weird("SSLv3x: CompressionMethod length too small!");
if ( sessionIDLength + cipherSuiteLength +
compressionMethodLength + 38 != length )
if ( offset < length )
{
endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Client hello!");
return 0;
uint16 sslExtensionsLength =
uint16(data[offset] << 8) | data[offset+1];
offset += 2;
if ( sslExtensionsLength < 4 )
endp->Interpreter()->Weird("SSLv3x: Extensions length too small!");
// TODO: extract SSL extensions here
offset += sslExtensionsLength;
if ( offset != length+4 )
{
endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Client hello!");
return 0;
}
}
return 1;
@ -1377,16 +1360,33 @@ int SSLv3_HandshakeRecord::checkServerHello()
version != SSLProxy_Analyzer::SSLv31 )
endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Server hello!");
uint8 sessionIDLength = uint8(data[38]);
uint16 offset = 38;
uint8 sessionIDLength = uint8(data[offset]);
if ( sessionIDLength > 32 )
{
endp->Interpreter()->Weird("SSLv3x: SessionID too long in Server hello!");
return 0;
}
offset += (1 + sessionIDLength);
if ( (sessionIDLength + 38) != length )
offset += 3; // account for cipher and compression method
if ( offset < length )
{
endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Server hello!");
uint16 sslExtensionsLength =
uint16(data[offset] << 8) | data[offset+1];
offset += 2;
if ( sslExtensionsLength < 4 )
endp->Interpreter()->Weird("SSLv3x: Extensions length too small!");
// TODO: extract SSL extensions here
offset += sslExtensionsLength;
if ( offset != length+4 )
{
endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Server hello!");
return 0;
}
return 0;
}

3
src/Scope.cc
View file

@ -11,9 +11,6 @@
static scope_list scopes;
static Scope* top_scope;
extern const char* GLOBAL_MODULE_NAME = "GLOBAL";
// Returns it without trailing "::".
string extract_module_name(const char* name)
{

2
src/Scope.h
View file

@ -59,7 +59,7 @@ protected:
id_list* inits;
};
extern const char* GLOBAL_MODULE_NAME;
static const char* GLOBAL_MODULE_NAME = "GLOBAL";
extern string extract_module_name(const char* name);
extern string normalized_module_name(const char* module_name); // w/o ::

6
src/Trigger.cc
View file

@ -130,11 +130,17 @@ Trigger::Trigger(Expr* arg_cond, Stmt* arg_body, Stmt* arg_timeout_stmts,
Val* timeout = arg_timeout ? arg_timeout->ExprVal() : 0;
// Make sure we don't get deleted if somebody calls a method like
// Timeout() while evaluating the trigger.
Ref(this);
if ( ! Eval() && timeout )
{
timer = new TriggerTimer(timeout->AsInterval(), this);
timer_mgr->Add(timer);
}
Unref(this);
}
Trigger::~Trigger()

73
src/Type.cc
View file

@ -10,20 +10,6 @@
#include "Scope.h"
#include "Serializer.h"
RecordType* init_global_attrs();
bool in_global_attr_decl = false;
RecordType* global_attributes_type = init_global_attrs();
RecordType* init_global_attrs()
{
in_global_attr_decl = true;
RecordType* rt = new RecordType(new type_decl_list);
in_global_attr_decl = false;
rt->MakeGlobalAttributeType();
return rt;
}
const char* type_name(TypeTag t)
{
static char errbuf[512];
@ -58,7 +44,6 @@ BroType::BroType(TypeTag t, bool arg_base_type)
tag = t;
is_network_order = 0;
base_type = arg_base_type;
is_global_attributes_type = false;
switch ( tag ) {
case TYPE_VOID:
@ -118,28 +103,6 @@ BroType::BroType(TypeTag t, bool arg_base_type)
break;
}
// Kind of hacky; we don't want an error while we're defining
// the global attrs!
if ( in_global_attr_decl )
{
attributes_type = 0;
return;
}
if ( ! global_attributes_type )
SetError();
else
attributes_type = global_attributes_type;
}
bool BroType::SetAttributesType(type_decl_list* attr_types)
{
TypeList* global = new TypeList();
global->Append(global_attributes_type);
attributes_type = refine_type(global, attr_types)->AsRecordType();
return (attributes_type != 0);
}
int BroType::MatchesIndex(ListExpr*& /* index */) const
@ -241,16 +204,6 @@ BroType* BroType::Unserialize(UnserialInfo* info, TypeTag want)
return t2;
}
// For the global_attribute_type, we also return our current instance.
if ( t->is_global_attributes_type )
{
BroType* t2 = global_attributes_type;
Unref(t);
t2->Ref();
assert(t2);
return t2;
}
assert(t);
return t;
}
@ -267,10 +220,15 @@ bool BroType::DoSerialize(SerialInfo* info) const
return false;
if ( ! (SERIALIZE(is_network_order) && SERIALIZE(base_type) &&
SERIALIZE(is_global_attributes_type)) )
// Serialize the former "bool is_global_attributes_type" for
// backwards compatibility.
SERIALIZE(false)) )
return false;
SERIALIZE_OPTIONAL(attributes_type);
// Likewise, serialize the former optional "RecordType* attributes_type"
// for backwards compatibility.
void* null = NULL;
SERIALIZE(null);
info->s->WriteCloseTag("Type");
@ -288,13 +246,19 @@ bool BroType::DoUnserialize(UnserialInfo* info)
tag = (TypeTag) c1;
internal_tag = (InternalTypeTag) c2;
bool not_used;
if ( ! (UNSERIALIZE(&is_network_order) && UNSERIALIZE(&base_type)
&& UNSERIALIZE(&is_global_attributes_type)) )
// Unerialize the former "bool is_global_attributes_type" for
// backwards compatibility.
&& UNSERIALIZE(&not_used)) )
return 0;
BroType* type;
UNSERIALIZE_OPTIONAL(type, BroType::Unserialize(info, TYPE_RECORD));
attributes_type = (RecordType*) type;
BroType* not_used_either;
// Likewise, unserialize the former optional "RecordType*
// attributes_type" for backwards compatibility.
UNSERIALIZE_OPTIONAL(not_used_either, BroType::Unserialize(info, TYPE_RECORD));
return true;
}
@ -721,9 +685,6 @@ TypeDecl::TypeDecl(BroType* t, const char* i, attr_list* arg_attrs)
type = t;
attrs = arg_attrs ? new Attributes(arg_attrs, t) : 0;
id = i;
if ( in_global_attr_decl && ! attrs->FindAttr(ATTR_DEFAULT) )
error("global attribute types must have default values");
}
TypeDecl::~TypeDecl()

18
src/Type.h
View file

@ -60,9 +60,6 @@ class EnumType;
class Serializer;
class VectorType;
extern bool in_global_attr_decl;
extern RecordType* global_attributes_type;
const int DOES_NOT_MATCH_INDEX = 0;
const int MATCHES_INDEX_SCALAR = 1;
const int MATCHES_INDEX_VECTOR = 2;
@ -74,15 +71,6 @@ public:
TypeTag Tag() const { return tag; }
InternalTypeTag InternalType() const { return internal_tag; }
// Type for the attributes (metadata) on this type.
RecordType* AttributesType()
{
if ( ! attributes_type )
attributes_type = global_attributes_type;
return attributes_type;
}
bool SetAttributesType(type_decl_list* attr_types);
// Whether it's stored in network order.
int IsNetworkOrder() const { return is_network_order; }
@ -211,8 +199,6 @@ public:
BroType* Ref() { ::Ref(this); return this; }
void MakeGlobalAttributeType() { is_global_attributes_type = true; }
virtual void Describe(ODesc* d) const;
virtual unsigned MemoryAllocation() const;
@ -221,7 +207,7 @@ public:
static BroType* Unserialize(UnserialInfo* info, TypeTag want = TYPE_ANY);
protected:
BroType() { attributes_type = 0; }
BroType() { }
void SetError();
@ -232,8 +218,6 @@ private:
InternalTypeTag internal_tag;
bool is_network_order;
bool base_type;
bool is_global_attributes_type;
RecordType* attributes_type;
};
class TypeList : public BroType {

13
src/Val.cc
View file

@ -414,15 +414,6 @@ bool Val::DoUnserialize(UnserialInfo* info)
return false;
}
RecordVal* Val::GetAttribs(bool instantiate)
{
if ( ! instantiate || attribs )
return attribs;
attribs = new RecordVal(type->AttributesType());
return attribs;
}
int Val::IsZero() const
{
switch ( type->InternalType() ) {
@ -524,7 +515,11 @@ Val* Val::SizeVal() const
{
switch ( type->InternalType() ) {
case TYPE_INTERNAL_INT:
#ifdef DARWIN_NO_LLABS
return new Val(abs(val.int_val), TYPE_COUNT);
#else
return new Val(llabs(val.int_val), TYPE_COUNT);
#endif
case TYPE_INTERNAL_UNSIGNED:
return new Val(val.uint_val, TYPE_COUNT);

7
src/Val.h
View file

@ -178,13 +178,6 @@ public:
Val* Ref() { ::Ref(this); return this; }
virtual Val* Clone() const;
RecordVal* GetAttribs(bool instantiate);
void SetAttribs(RecordVal* arg_attribs)
{
Unref((Val*) attribs);
attribs = arg_attribs;
}
int IsZero() const;
int IsOne() const;

131
src/bro.bif
View file

@ -1365,12 +1365,17 @@ function skip_http_entity_data%(c: connection, is_orig: bool%): any
{
Analyzer* ha = c->FindAnalyzer(id);
if ( ha->GetTag() == AnalyzerTag::HTTP )
static_cast<HTTP_Analyzer*>(ha)->SkipEntityData(is_orig);
if ( ha )
{
if ( ha->GetTag() == AnalyzerTag::HTTP )
static_cast<HTTP_Analyzer*>(ha)->SkipEntityData(is_orig);
else
run_time("non-HTTP analyzer associated with connection record");
}
else
run_time("non-HTTP analyzer associated with connection record");
}
run_time("could not find analyzer for skip_http_entity_data");
}
else
run_time("no analyzer associated with connection record");
@ -1725,7 +1730,7 @@ function md5_hmac%(...%): string
%%{
static map<BroString, md5_state_s> md5_states;
BroString* convert_md5_index_to_string(Val* index)
BroString* convert_index_to_string(Val* index)
{
ODesc d;
index->Describe(&d);
@ -1735,7 +1740,7 @@ BroString* convert_md5_index_to_string(Val* index)
function md5_hash_init%(index: any%): bool
%{
BroString* s = convert_md5_index_to_string(index);
BroString* s = convert_index_to_string(index);
int status = 0;
if ( md5_states.count(*s) < 1 )
@ -1752,7 +1757,7 @@ function md5_hash_init%(index: any%): bool
function md5_hash_update%(index: any, data: string%): bool
%{
BroString* s = convert_md5_index_to_string(index);
BroString* s = convert_index_to_string(index);
int status = 0;
if ( md5_states.count(*s) > 0 )
@ -1767,7 +1772,7 @@ function md5_hash_update%(index: any, data: string%): bool
function md5_hash_finish%(index: any%): string
%{
BroString* s = convert_md5_index_to_string(index);
BroString* s = convert_index_to_string(index);
StringVal* printable_digest;
if ( md5_states.count(*s) > 0 )
@ -1848,15 +1853,15 @@ function uuid_to_string%(uuid: string%): string
%}
# The following functions are attempts to convert strings into
# patterns at run-time. These attempts were later *abandoned* because
# NFA and DFA cannot be cleanly deallocated.
# The following functions convert strings into patterns at run-time. As the
# computed NFAs and DFAs cannot be cleanly deallocated (at least for now),
# they can only be used at initialization time.
function merge_pattern%(p1: pattern, p2: pattern%): pattern
%{
if ( reading_live )
if ( bro_start_network_time != 0.0 )
{
builtin_run_time("should not call merge_pattern while reading live traffic");
builtin_run_time("merge_pattern can only be called at init time");
return 0;
}
@ -1900,9 +1905,9 @@ function convert_for_pattern%(s: string%): string
function string_to_pattern%(s: string, convert: bool%): pattern
%{
if ( reading_live )
if ( bro_start_network_time != 0.0 )
{
builtin_run_time("should not call merge_pattern while reading live traffic");
builtin_run_time("string_to_pattern can only be called at init time");
return 0;
}
@ -2808,7 +2813,7 @@ private:
# function result. Therefore, they can only be called inside a when-condition.
function lookup_addr%(host: addr%) : string
%{
// FIXME: Is should be easy to adapt the function to synchronous
// FIXME: It should be easy to adapt the function to synchronous
// lookups if we're reading a trace.
Trigger* trigger = frame->GetTrigger();
@ -2824,8 +2829,18 @@ function lookup_addr%(host: addr%) : string
#ifdef BROv6
if ( ! is_v4_addr(host) )
{
builtin_run_time("lookup_addr() only supports IPv4 addresses");
return new StringVal("<ipv6-address>");
// FIXME: This is a temporary work-around until we get this
// fixed. We warn the user once, and always trigger a timeout.
// Ticket #355 records the problem.
static bool warned = false;
if ( ! warned )
{
warn("lookup_addr() only supports IPv4 addresses currently");
warned = true;
}
trigger->Timeout();
return 0;
}
dns_mgr->AsyncLookupAddr(to_v4_addr(host),
@ -3196,3 +3211,83 @@ function disable_event_group%(group: string%) : any
event_registry->EnableGroup(group->CheckString(), false);
return 0;
%}
%%{
#include <RandTest.h>
static map<BroString, RandTest*> entropy_states;
%%}
function find_entropy%(data: string%): entropy_test_result
%{
double montepi, scc, ent, mean, chisq;
montepi = scc = ent = mean = chisq = 0.0;
RecordVal* ent_result = new RecordVal(entropy_test_result);
RandTest *rt = new RandTest();
rt->add((char*) data->Bytes(), data->Len());
rt->end(&ent, &chisq, &mean, &montepi, &scc);
delete rt;
ent_result->Assign(0, new Val(ent, TYPE_DOUBLE));
ent_result->Assign(1, new Val(chisq, TYPE_DOUBLE));
ent_result->Assign(2, new Val(mean, TYPE_DOUBLE));
ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE));
ent_result->Assign(4, new Val(scc, TYPE_DOUBLE));
return ent_result;
%}
function entropy_test_init%(index: any%): bool
%{
BroString* s = convert_index_to_string(index);
int status = 0;
if ( entropy_states.count(*s) < 1 )
{
entropy_states[*s] = new RandTest();
status = 1;
}
delete s;
return new Val(status, TYPE_BOOL);
%}
function entropy_test_add%(index: any, data: string%): bool
%{
BroString* s = convert_index_to_string(index);
int status = 0;
if ( entropy_states.count(*s) > 0 )
{
entropy_states[*s]->add((char*) data->Bytes(), data->Len());
status = 1;
}
delete s;
return new Val(status, TYPE_BOOL);
%}
function entropy_test_finish%(index: any%): entropy_test_result
%{
BroString* s = convert_index_to_string(index);
double montepi, scc, ent, mean, chisq;
montepi = scc = ent = mean = chisq = 0.0;
RecordVal* ent_result = new RecordVal(entropy_test_result);
if ( entropy_states.count(*s) > 0 )
{
RandTest *rt = entropy_states[*s];
rt->end(&ent, &chisq, &mean, &montepi, &scc);
entropy_states.erase(*s);
delete rt;
}
ent_result->Assign(0, new Val(ent, TYPE_DOUBLE));
ent_result->Assign(1, new Val(chisq, TYPE_DOUBLE));
ent_result->Assign(2, new Val(mean, TYPE_DOUBLE));
ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE));
ent_result->Assign(4, new Val(scc, TYPE_DOUBLE));
delete s;
return ent_result;
%}

4
src/cq.c
View file

@ -570,8 +570,8 @@ cq_debugbucket(register struct cq_handle *hp,
bp2 = hp->buckets + PRI2BUCKET(hp, bp->pri);
if (bp2 != buckets) {
fprintf(stderr,
"%f in wrong bucket! (off by %d)\n",
bp->pri, bp2 - buckets);
"%f in wrong bucket! (off by %ld)\n",
bp->pri, (long)(bp2 - buckets));
cq_dump(hp);
abort();
}

4
src/dce_rpc.pac
View file

@ -8,5 +8,5 @@ analyzer DCE_RPC withcontext {
flow: DCE_RPC_Flow;
};
%include "dce_rpc-protocol.pac"
%include "dce_rpc-analyzer.pac"
%include dce_rpc-protocol.pac
%include dce_rpc-analyzer.pac

12
src/main.cc
View file

@ -8,6 +8,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <string.h>
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
@ -122,6 +123,14 @@ const char* bro_version()
#endif
}
const char* bro_dns_fake()
{
if ( ! getenv("BRO_DNS_FAKE") )
return "off";
else
return "on";
}
void usage()
{
fprintf(stderr, "bro version %s\n", bro_version());
@ -184,6 +193,7 @@ void usage()
fprintf(stderr, " $BROPATH | file search path (%s)\n", bro_path());
fprintf(stderr, " $BRO_PREFIXES | prefix list (%s)\n", bro_prefixes());
fprintf(stderr, " $BRO_DNS_FAKE | disable DNS lookups (%s)\n", bro_dns_fake());
exit(1);
}
@ -412,7 +422,7 @@ int main(int argc, char** argv)
prog = argv[0];
prefixes.append(""); // "" = "no prefix"
prefixes.append(strdup("")); // "" = "no prefix"
char* p = getenv("BRO_PREFIXES");
if ( p )

4
src/net_util.cc
View file

@ -97,7 +97,9 @@ int udp6_checksum(const struct ip6_hdr* ip6, const struct udphdr* up, int len)
sum = ones_complement_checksum((void*) ip6->ip6_src.s6_addr, 16, sum);
sum = ones_complement_checksum((void*) ip6->ip6_dst.s6_addr, 16, sum);
sum = ones_complement_checksum((void*) &len, 4, sum);
uint32 l = htonl(len);
sum = ones_complement_checksum((void*) &l, 4, sum);
uint32 addl_pseudo = htons(IPPROTO_UDP);
sum = ones_complement_checksum((void*) &addl_pseudo, 4, sum);
sum = ones_complement_checksum((void*) up, len, sum);

31
src/parse.y
View file

@ -3,12 +3,14 @@
// See the file "COPYING" in the main distribution directory for copyright.
%}
%expect 71
%token TOK_ADD TOK_ADD_TO TOK_ADDR TOK_ALARM TOK_ANY
%token TOK_ATENDIF TOK_ATELSE TOK_ATIF TOK_ATIFDEF TOK_ATIFNDEF
%token TOK_BOOL TOK_BREAK TOK_CASE TOK_CONST
%token TOK_CONSTANT TOK_COPY TOK_COUNT TOK_COUNTER TOK_DEFAULT TOK_DELETE
%token TOK_DOUBLE TOK_ELSE TOK_ENUM TOK_EVENT TOK_EXPORT TOK_FILE TOK_FOR
%token TOK_FUNCTION TOK_GLOBAL TOK_GLOBAL_ATTR TOK_ID TOK_IF TOK_INT
%token TOK_FUNCTION TOK_GLOBAL TOK_ID TOK_IF TOK_INT
%token TOK_INTERVAL TOK_LIST TOK_LOCAL TOK_MODULE TOK_MATCH TOK_NET
%token TOK_NEXT TOK_OF TOK_PATTERN TOK_PATTERN_TEXT
%token TOK_PORT TOK_PRINT TOK_RECORD TOK_REDEF
@ -53,7 +55,7 @@
%type <func_type> func_hdr func_params
%type <type_l> type_list
%type <type_decl> type_decl formal_args_decl
%type <type_decl_l> type_decl_list formal_args_decl_list opt_attr_attr
%type <type_decl_l> type_decl_list formal_args_decl_list
%type <record> formal_args
%type <list> expr_list opt_expr_list
%type <c_case> case
@ -417,13 +419,7 @@ expr:
| expr TOK_HAS_FIELD TOK_ID
{
set_location(@1, @3);
$$ = new HasFieldExpr($1, $3, false);
}
| expr TOK_HAS_ATTR TOK_ID
{
set_location(@1, @3);
$$ = new HasFieldExpr($1, $3, true);
$$ = new HasFieldExpr($1, $3);
}
| anonymous_function
@ -821,17 +817,9 @@ decl:
}
}
| TOK_TYPE global_id ':' refined_type opt_attr opt_attr_attr ';'
| TOK_TYPE global_id ':' refined_type opt_attr ';'
{
add_type($2, $4, $5, 0);
if ( $6 )
$2->AsType()->SetAttributesType($6);
}
| TOK_GLOBAL_ATTR ':' { in_global_attr_decl = true; }
'{' type_decl_list '}' ';' { in_global_attr_decl = false; }
{
global_attributes_type = new RecordType($5);
}
| TOK_EVENT event_id ':' refined_type opt_attr ';'
@ -856,13 +844,6 @@ conditional:
{ do_atelse(); }
;
opt_attr_attr:
TOK_ATTR_ATTR '=' '{' type_decl_list '}'
{ $$ = $4; }
|
{ $$ = 0; }
;
func_hdr:
TOK_FUNCTION global_id func_params
{

2
src/patricia.c
View file

@ -1027,7 +1027,7 @@ lookup_then_remove (patricia_tree_t *tree, char *string)
{
patricia_node_t *node;
if (node = try_search_exact (tree, string))
if ( (node = try_search_exact(tree, string)) )
patricia_remove (tree, node);
}

4
src/portmap-analyzer.pac
View file

@ -79,6 +79,10 @@ function PortmapBuildDumpVal(params: PortmapDumpResults): BroVal
for ( int i = 0; i < params->size(); ++i )
{
// The last element has cont()!=1 and this element doesn't contain a
// mapping.
if ((*params)[i]->cont() != 1)
continue;
Val* m = PortmapBuildMappingVal((*params)[i]->mapping());
Val* index = new Val(i + 1, TYPE_COUNT);
mappings->Assign(index, m);

1
src/portmap-protocol.pac
View file

@ -68,6 +68,7 @@ type PortmapDumpEntry = record {
};
};
# The final element that has cont!=1 will be included in the array.
type PortmapDumpResults = PortmapDumpEntry[] &until($element.cont != 1);
type PortmapCallItResults = record {

2
src/scan.l
View file

@ -151,9 +151,7 @@ file return TOK_FILE;
for return TOK_FOR;
function return TOK_FUNCTION;
global return TOK_GLOBAL;
global_attr return TOK_GLOBAL_ATTR;
"?$" return TOK_HAS_FIELD;
"?$$" return TOK_HAS_ATTR;
if return TOK_IF;
in return TOK_IN;
"!"{OWS}in/[^A-Za-z0-9] return TOK_NOT_IN; /* don't confuse w "! infoo"! */

172
src/strings.bif
View file

@ -138,27 +138,27 @@ function sort_string_array%(a: string_array%): string_array
function edit%(arg_s: string, arg_edit_char: string%): string
%{
const char* s = arg_s->AsString()->CheckString();
const char* edit_s = arg_edit_char->AsString()->CheckString();
if ( strlen(edit_s) != 1 )
if ( arg_edit_char->Len() != 1 )
builtin_run_time("not exactly one edit character", @ARG@[1]);
char edit_c = *edit_s;
const u_char* s = arg_s->Bytes();
const u_char* edit_s = arg_edit_char->Bytes();
int n = strlen(s) + 1;
char* new_s = new char[n];
u_char edit_c = *edit_s;
int n = arg_s->Len();
u_char* new_s = new u_char[n+1];
int ind = 0;
for ( ; *s; ++s )
for ( int i = 0; i < n; ++i )
{
if ( *s == edit_c )
if ( s[i] == edit_c )
{ // Delete last character
if ( --ind < 0 )
ind = 0;
}
else
new_s[ind++] = *s;
new_s[ind++] = s[i];
}
new_s[ind] = '\0';
@ -198,75 +198,55 @@ static int match_prefix(int s_len, const char* s, int t_len, const char* t)
Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep,
int incl_sep, int max_num_sep)
{
const BroString* str = str_val->AsString();
TableVal* a = new TableVal(internal_type("string_array")->AsTableType());
ListVal* other_strings = 0;
if ( other_sep && other_sep->Size() > 0 )
other_strings = other_sep->ConvertToPureList();
// Currently let us assume that str is NUL-terminated. In
// the future we expect to change this by giving RE_Matcher a
// const char* segment.
const char* s = str->CheckString();
int len = strlen(s);
const char* end_of_s = s + len;
const u_char* s = str_val->Bytes();
int n = str_val->Len();
const u_char* end_of_s = s + n;
int num = 0;
int num_sep = 0;
while ( 1 )
int offset = 0;
while ( n >= 0 )
{
int offset = 0;
const char* t;
if ( max_num_sep > 0 && num_sep >= max_num_sep )
t = end_of_s;
else
offset = 0;
// Find next match offset.
int end_of_match = 0;
while ( n > 0 &&
(end_of_match = re->MatchPrefix(s + offset, n)) <= 0 )
{
for ( t = s; t < end_of_s; ++t )
{
offset = re->MatchPrefix(t);
if ( other_strings )
{
val_list* vl = other_strings->Vals();
loop_over_list(*vl, i)
{
const BroString* sub =
(*vl)[i]->AsString();
if ( sub->Len() > offset &&
match_prefix(end_of_s - t,
t, sub->Len(),
(const char*) (sub->Bytes())) )
{
offset = sub->Len();
}
}
}
if ( offset > 0 )
break;
}
// Move on to next byte.
++offset;
--n;
}
Val* ind = new Val(++num, TYPE_COUNT);
a->Assign(ind, new StringVal(t - s, s));
a->Assign(ind, new StringVal(offset, (const char*) s));
Unref(ind);
if ( t >= end_of_s )
// No more separators will be needed if this is the end of string.
if ( n <= 0 )
break;
++num_sep;
if ( incl_sep )
{ // including the part that matches the pattern
ind = new Val(++num, TYPE_COUNT);
a->Assign(ind, new StringVal(offset, t));
a->Assign(ind, new StringVal(end_of_match, (const char*) s+offset));
Unref(ind);
}
s = t + offset;
if ( max_num_sep && num_sep >= max_num_sep )
break;
++num_sep;
n -= end_of_match;
s += offset + end_of_match;;
if ( s > end_of_s )
internal_error("RegMatch in split goes beyond the string");
}
@ -476,42 +456,38 @@ function subst_string%(s: string, from: string, to: string%): string
function to_lower%(str: string%): string
%{
const char* s = str->CheckString();
int n = strlen(s) + 1;
const u_char* s = str->Bytes();
int n = str->Len();
char* lower_s = new char[n];
char* ls = lower_s;
char* ls;
for ( ls = lower_s; *s; ++s )
for ( int i = 0; i < n; ++i)
{
if ( isascii(*s) && isupper(*s) )
*ls++ = tolower(*s);
if ( isascii(s[i]) && isupper(s[i]) )
*ls++ = tolower(s[i]);
else
*ls++ = *s;
*ls++ = s[i];
}
*ls = '\0';
return new StringVal(new BroString(1, byte_vec(lower_s), n-1));
return new StringVal(new BroString(1, byte_vec(lower_s), n));
%}
function to_upper%(str: string%): string
%{
const char* s = str->CheckString();
int n = strlen(s) + 1;
const u_char* s = str->Bytes();
int n = str->Len();
char* upper_s = new char[n];
char* us = upper_s;
char* us;
for ( us = upper_s; *s; ++s )
for ( int i = 0; i < n; ++i)
{
if ( isascii(*s) && islower(*s) )
*us++ = toupper(*s);
if ( isascii(s[i]) && islower(s[i]) )
*us++ = toupper(s[i]);
else
*us++ = *s;
*us++ = s[i];
}
*us = '\0';
return new StringVal(new BroString(1, byte_vec(upper_s), n-1));
return new StringVal(new BroString(1, byte_vec(upper_s), n));
%}
function clean%(str: string%): string
@ -604,40 +580,35 @@ function str_split%(s: string, idx: index_vec%): string_vec
function strip%(str: string%): string
%{
const char* s = str->CheckString();
const u_char* s = str->Bytes();
int n = str->Len();
int n = strlen(s) + 1;
char* strip_s = new char[n];
if ( n == 1 )
if ( n == 0 )
// Empty string.
return new StringVal(new BroString(1, byte_vec(strip_s), 0));
return new StringVal(new BroString(s, n, 1));
while ( isspace(*s) )
++s;
const u_char* sp = s;
strncpy(strip_s, s, n);
char* s2 = strip_s;
char* e = &s2[strlen(s2) - 1];
while ( e > s2 && isspace(*e) )
// Move a pointer from the end of the string.
const u_char* e = sp + n - 1;
while ( e > sp && isspace(*e) )
--e;
e[1] = '\0'; // safe even if e hasn't changed, due to n = strlen + 1
// Move the pointer for the beginning of the string.
while ( isspace(*sp) && sp <= e )
++sp;
return new StringVal(new BroString(1, byte_vec(s2), (e-s2)+1));
return new StringVal(new BroString(sp, (e - sp + 1), 1));
%}
function string_fill%(len: int, source: string%): string
%{
const char* src = source->CheckString();
int sn = strlen(src);
const u_char* src = source->Bytes();
int n = source->Len();
char* dst = new char[len];
for ( int i = 0; i < len; i += sn )
::memcpy((dst + i), src, min(sn, len - i));
for ( int i = 0; i < len; i += n )
::memcpy((dst + i), src, min(n, len - i));
dst[len - 1] = 0;
@ -651,10 +622,11 @@ function string_fill%(len: int, source: string%): string
function str_shell_escape%(source: string%): string
%{
unsigned j = 0;
const char* src = source->CheckString();
char* dst = new char[strlen(src) * 2 + 1];
const u_char* src = source->Bytes();
unsigned n = source->Len();
byte_vec dst = new u_char[n * 2 + 1];
for ( unsigned i = 0; i < strlen(src); ++i )
for ( unsigned i = 0; i < n; ++i )
{
switch ( src[i] ) {
case '`': case '"': case '\\': case '$':
@ -672,7 +644,7 @@ function str_shell_escape%(source: string%): string
}
dst[j] = '\0';
return new StringVal(new BroString(1, byte_vec(dst), j));
return new StringVal(new BroString(1, dst, j));
%}
# Returns all occurrences of the given pattern in the given string (an empty

39
src/util.h
View file

@ -11,6 +11,11 @@
#include <stdarg.h>
#include "config.h"
// Expose C99 functionality from inttypes.h, which would otherwise not be
// available in C++.
#define __STDC_FORMAT_MACROS
#include <inttypes.h>
#if __STDC__
#define myattribute __attribute__
#else
@ -39,24 +44,21 @@
extern HeapLeakChecker* heap_checker;
#endif
typedef unsigned long long int uint64;
typedef unsigned int uint32;
typedef unsigned short uint16;
typedef unsigned char uint8;
typedef long long int int64;
#include <stdint.h>
typedef uint64_t uint64;
typedef uint32_t uint32;
typedef uint16_t uint16;
typedef uint8_t uint8;
typedef int64_t int64;
typedef int32_t int32;
typedef int16_t int16;
typedef int8_t int8;
typedef int64 bro_int_t;
typedef uint64 bro_uint_t;
#if SIZEOF_LONG_LONG == 8
typedef unsigned long long uint64;
typedef long long int64;
#elif SIZEOF_LONG_INT == 8
typedef unsigned long int uint64;
typedef long int int64;
#else
# error "Couldn't reliably identify 64-bit type. Please report to bro@bro-ids.org."
#endif
// "ptr_compat_uint" and "ptr_compat_int" are (un)signed integers of
// pointer size. They can be cast safely to a pointer, e.g. in Lists,
// which represent their entities as void* pointers.
@ -64,9 +66,13 @@ typedef long int int64;
#if SIZEOF_VOID_P == 8
typedef uint64 ptr_compat_uint;
typedef int64 ptr_compat_int;
#define PRI_PTR_COMPAT_INT PRId64 // Format to use with printf.
#define PRI_PTR_COMPAT_UINT PRIu64
#elif SIZEOF_VOID_P == 4
typedef uint32 ptr_compat_uint;
typedef int ptr_compat_int;
typedef int32 ptr_compat_int;
#define PRI_PTR_COMPAT_INT PRId32
#define PRI_PTR_COMPAT_UINT PRIu32
#else
# error "Unusual pointer size. Please report to bro@bro-ids.org."
#endif
@ -157,6 +163,7 @@ extern uint8 uhash_key[UHASH_KEY_SIZE];
// the obvious places (like Event.h or RemoteSerializer.h)
typedef ptr_compat_uint SourceID;
#define PRI_SOURCE_ID PRI_PTR_COMPAT_UINT
static const SourceID SOURCE_LOCAL = 0;
class BroObj;