BinPAC SSH analyzer basic functionality.

2025-10-16 05:28:20 +00:00 · 2014-04-02 23:03:24 -04:00 · 2014-04-02 23:03:24 -04:00 · 78b5f6b94b
commit 78b5f6b94b
parent 9d6c8769ea
12 changed files with 465 additions and 301 deletions
--- a/src/analyzer/protocol/ssh/ssh-analyzer.pac
+++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac
@ -0,0 +1,25 @@
+# Generated by binpac_quickstart
+
+refine flow SSH_Flow += {
+	function proc_ssh_version(msg: SSH_Version): bool
+		%{
+		BifEvent::generate_ssh_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.is_orig},
+					       bytestring_to_val(${msg.version}));
+		return true;
+		%}
+
+	function proc_newkeys(): bool
+		%{
+		connection()->bro_analyzer()->ProtocolConfirmation();
+		return true;
+		%}
+
+};
+
+refine typeattr SSH_Version += &let {
+	proc: bool = $context.flow.proc_ssh_version(this);
+};
+
+refine typeattr SSH_Message += &let {
+	proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH_MSG_NEWKEYS);
+};