Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Bump Spicy.

Browse source
This commit is contained in:
Robin Sommer 2024-06-14 10:55:16 +02:00
parent 345fc31dcc
commit 956e147f70
No known key found for this signature in database
GPG key ID: D8187293B3FFE5D0
8 changed files with 35 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

2
auxil/spicy

@ -1 +1 @@
Subproject commit 83bc845b8daf82fa22b783261d4c339627d55c09 Subproject commit 5ff0cfea39ece44d1ef94f9762926b4bb4138d58

6
src/analyzer/protocol/ldap/ldap.evt
View file

@ -14,9 +14,9 @@ import LDAP;
on LDAP::Message -> event LDAP::message($conn, on LDAP::Message -> event LDAP::message($conn,
self.messageID, self.messageID,
self.opcode, self.opcode,
self.result.code, self.result_.code,
self.result.matchedDN, self.result_.matchedDN,
self.result.diagnosticMessage, self.result_.diagnosticMessage,
self.obj, self.obj,
self.arg); self.arg);

16
src/analyzer/protocol/ldap/ldap.spicy
View file

@ -223,7 +223,7 @@ public type Message = unit {
var opcode: ProtocolOpcode = ProtocolOpcode::Undef; var opcode: ProtocolOpcode = ProtocolOpcode::Undef;
var applicationBytes: bytes; var applicationBytes: bytes;
var unsetResultDefault: Result; var unsetResultDefault: Result;
var result: Result& = self.unsetResultDefault; var result_: Result& = self.unsetResultDefault;
var obj: string = ""; var obj: string = "";
var arg: string = ""; var arg: string = "";
var success: bool = False; var success: bool = False;
@ -328,7 +328,7 @@ type BindRequest = unit(inout message: Message) {
type BindResponse = unit(inout message: Message) { type BindResponse = unit(inout message: Message) {
: Result { : Result {
message.result = $$; message.result_ = $$;
} }
# TODO: if we want to parse SASL credentials returned # TODO: if we want to parse SASL credentials returned
@ -777,7 +777,7 @@ type SearchResultEntry = unit(inout message: Message) {
type SearchResultDone = unit(inout message: Message) { type SearchResultDone = unit(inout message: Message) {
: Result { : Result {
message.result = $$; message.result_ = $$;
} }
}; };
@ -800,7 +800,7 @@ type ModifyRequest = unit(inout message: Message) {
type ModifyResponse = unit(inout message: Message) { type ModifyResponse = unit(inout message: Message) {
: Result { : Result {
message.result = $$; message.result_ = $$;
} }
}; };
@ -816,7 +816,7 @@ type ModifyResponse = unit(inout message: Message) {
type AddResponse = unit(inout message: Message) { type AddResponse = unit(inout message: Message) {
: Result { : Result {
message.result = $$; message.result_ = $$;
} }
}; };
@ -832,7 +832,7 @@ type DelRequest = unit(inout message: Message) {
type DelResponse = unit(inout message: Message) { type DelResponse = unit(inout message: Message) {
: Result { : Result {
message.result = $$; message.result_ = $$;
} }
}; };
@ -847,7 +847,7 @@ type DelResponse = unit(inout message: Message) {
type ModDNResponse = unit(inout message: Message) { type ModDNResponse = unit(inout message: Message) {
: Result { : Result {
message.result = $$; message.result_ = $$;
} }
}; };
@ -862,7 +862,7 @@ type ModDNResponse = unit(inout message: Message) {
type CompareResponse = unit(inout message: Message) { type CompareResponse = unit(inout message: Message) {
: Result { : Result {
message.result = $$; message.result_ = $$;
} }
}; };

2
src/analyzer/protocol/quic/QUIC.evt
View file

@ -19,6 +19,6 @@ on QUIC::HandshakePacket -> event QUIC::handshake_packet($conn, $is_orig, self.h
on QUIC::ZeroRTTPacket -> event QUIC::zero_rtt_packet($conn, $is_orig, self.header.version, self.header.dest_conn_id, self.header.src_conn_id); on QUIC::ZeroRTTPacket -> event QUIC::zero_rtt_packet($conn, $is_orig, self.header.version, self.header.dest_conn_id, self.header.src_conn_id);
on QUIC::ConnectionClosePayload -> event QUIC::connection_close_frame($conn, $is_orig, self.header.version, self.header.dest_conn_id, self.header.src_conn_id, on QUIC::ConnectionClosePayload -> event QUIC::connection_close_frame($conn, $is_orig, self.header.version, self.header.dest_conn_id, self.header.src_conn_id,
self.error_code.result, self.reason_phrase); self.error_code.result_, self.reason_phrase);
on QUIC::UnhandledVersion -> event QUIC::unhandled_version($conn, $is_orig, self.header.version, self.header.dest_conn_id, self.header.src_conn_id); on QUIC::UnhandledVersion -> event QUIC::unhandled_version($conn, $is_orig, self.header.version, self.header.dest_conn_id, self.header.src_conn_id);

30
src/analyzer/protocol/quic/QUIC.spicy
View file

@ -157,7 +157,7 @@ type FrameType = enum {
type VariableLengthInteger = unit { type VariableLengthInteger = unit {
var bytes_to_parse: uint64; var bytes_to_parse: uint64;
var result: uint64; var result_: uint64;
# Value of the two most significant bits indicates number of bytes # Value of the two most significant bits indicates number of bytes
# to parse for the variable length integer. # to parse for the variable length integer.
@ -166,11 +166,11 @@ type VariableLengthInteger = unit {
# Section 16 and Appendix A # Section 16 and Appendix A
: uint8 { : uint8 {
self.bytes_to_parse = 2**((0xC0 & $$) >> 6); self.bytes_to_parse = 2**((0xC0 & $$) >> 6);
self.result = $$ & 0x3F; self.result_ = $$ & 0x3F;
} }
: uint8[self.bytes_to_parse - 1] if (self.bytes_to_parse > 1) foreach { : uint8[self.bytes_to_parse - 1] if (self.bytes_to_parse > 1) foreach {
self.result = (self.result << 8) | $$; self.result_ = (self.result_ << 8) | $$;
} }
}; };
@ -185,8 +185,8 @@ public type LongHeaderPacketV1 = unit(inout outer: LongHeaderPacket) {
outer.encrypted_offset = outer.offset() + outer.encrypted_offset = outer.offset() +
self.initial_hdr.length.bytes_to_parse + self.initial_hdr.length.bytes_to_parse +
self.initial_hdr.token_length.bytes_to_parse + self.initial_hdr.token_length.bytes_to_parse +
self.initial_hdr.token_length.result; self.initial_hdr.token_length.result_;
outer.payload_length = self.initial_hdr.length.result; outer.payload_length = self.initial_hdr.length.result_;
} }
LongPacketTypeV1::ZERO_RTT -> zerortt_hdr : ZeroRTTPacket(outer); LongPacketTypeV1::ZERO_RTT -> zerortt_hdr : ZeroRTTPacket(outer);
@ -204,8 +204,8 @@ public type LongHeaderPacketV2 = unit(inout outer: LongHeaderPacket) {
outer.encrypted_offset = outer.offset() + outer.encrypted_offset = outer.offset() +
self.initial_hdr.length.bytes_to_parse + self.initial_hdr.length.bytes_to_parse +
self.initial_hdr.token_length.bytes_to_parse + self.initial_hdr.token_length.bytes_to_parse +
self.initial_hdr.token_length.result; self.initial_hdr.token_length.result_;
outer.payload_length = self.initial_hdr.length.result; outer.payload_length = self.initial_hdr.length.result_;
} }
LongPacketTypeV2::ZERO_RTT -> zerortt_hdr : ZeroRTTPacket(outer); LongPacketTypeV2::ZERO_RTT -> zerortt_hdr : ZeroRTTPacket(outer);
@ -281,7 +281,7 @@ public type Frame = unit(header: LongHeaderPacket, from_client: bool, crypto_sin
FrameType::ACK2 -> b: ACKPayload; FrameType::ACK2 -> b: ACKPayload;
FrameType::CRYPTO -> c: CRYPTOPayload(from_client) { FrameType::CRYPTO -> c: CRYPTOPayload(from_client) {
# Have the sink re-assemble potentially out-of-order cryptodata # Have the sink re-assemble potentially out-of-order cryptodata
crypto_sink.write(self.c.cryptodata, self.c.offset.result); crypto_sink.write(self.c.cryptodata, self.c.offset.result_);
} }
FrameType::CONNECTION_CLOSE1 -> : ConnectionClosePayload(header); FrameType::CONNECTION_CLOSE1 -> : ConnectionClosePayload(header);
FrameType::PADDING -> : skip /\x00*/; # eat the padding FrameType::PADDING -> : skip /\x00*/; # eat the padding
@ -295,7 +295,7 @@ public type Frame = unit(header: LongHeaderPacket, from_client: bool, crypto_sin
type CRYPTOPayload = unit(from_client: bool) { type CRYPTOPayload = unit(from_client: bool) {
offset: VariableLengthInteger; offset: VariableLengthInteger;
length: VariableLengthInteger; length: VariableLengthInteger;
cryptodata: bytes &size=self.length.result; cryptodata: bytes &size=self.length.result_;
}; };
type ACKPayload = unit { type ACKPayload = unit {
@ -313,7 +313,7 @@ type ConnectionClosePayload = unit(header: LongHeaderPacket) {
-> frame_type: VariableLengthInteger; -> frame_type: VariableLengthInteger;
}; };
reason_phrase_length: VariableLengthInteger; reason_phrase_length: VariableLengthInteger;
reason_phrase: bytes &size=self.reason_phrase_length.result; reason_phrase: bytes &size=self.reason_phrase_length.result_;
}; };
@ -326,7 +326,7 @@ type ConnectionClosePayload = unit(header: LongHeaderPacket) {
type InitialPacket = unit(header: LongHeaderPacket) { type InitialPacket = unit(header: LongHeaderPacket) {
var header: LongHeaderPacket = header; var header: LongHeaderPacket = header;
token_length: VariableLengthInteger; token_length: VariableLengthInteger;
token: bytes &size=self.token_length.result; token: bytes &size=self.token_length.result_;
# 5.4.2. Header Protection Sample # 5.4.2. Header Protection Sample
# #
@ -336,25 +336,25 @@ type InitialPacket = unit(header: LongHeaderPacket) {
# #
# Enforce 4 bytes Packet Number length + 16 bytes sample # Enforce 4 bytes Packet Number length + 16 bytes sample
# ciphertext available. # ciphertext available.
length: VariableLengthInteger &requires=self.length.result >= 20; length: VariableLengthInteger &requires=self.length.result_ >= 20;
# Consume the remainder of payload. This # Consume the remainder of payload. This
# includes the packet number field, but we # includes the packet number field, but we
# do not know its length yet. We need the # do not know its length yet. We need the
# payload for sampling, however. # payload for sampling, however.
payload: skip bytes &size=self.length.result; payload: skip bytes &size=self.length.result_;
}; };
type ZeroRTTPacket = unit(header: LongHeaderPacket) { type ZeroRTTPacket = unit(header: LongHeaderPacket) {
var header: LongHeaderPacket = header; var header: LongHeaderPacket = header;
length: VariableLengthInteger; length: VariableLengthInteger;
payload: skip bytes &size=self.length.result; payload: skip bytes &size=self.length.result_;
}; };
type HandshakePacket = unit(header: LongHeaderPacket) { type HandshakePacket = unit(header: LongHeaderPacket) {
var header: LongHeaderPacket = header; var header: LongHeaderPacket = header;
length: VariableLengthInteger; length: VariableLengthInteger;
payload: skip bytes &size=self.length.result; payload: skip bytes &size=self.length.result_;
}; };

6
testing/btest/spicy/double-types.zeek
View file

@ -32,7 +32,7 @@ protocol analyzer spicy::dtest over TCP:
on dtest::Message -> event dtest_message(self.func); on dtest::Message -> event dtest_message(self.func);
on dtest::Message -> event dtest_result(self.sub.result); on dtest::Message -> event dtest_result(self.sub.result_);
on dtest::Message -> event dtest_result_tuple(dtest::bro_result(self)); on dtest::Message -> event dtest_result_tuple(dtest::bro_result(self));
@ -56,11 +56,11 @@ public type Message = unit {
}; };
public type SubMessage = unit { public type SubMessage = unit {
result: uint8 &convert=RESULT($$); result_: uint8 &convert=RESULT($$);
}; };
public function bro_result(entry: Message) : tuple<FUNCS, RESULT> { public function bro_result(entry: Message) : tuple<FUNCS, RESULT> {
return (entry.func, entry.sub.result); return (entry.func, entry.sub.result_);
} }
# @TEST-END-FILE # @TEST-END-FILE

2
testing/btest/spicy/export-protocol-enum.zeek
View file

@ -41,7 +41,7 @@ import spicy;
public type Message = unit { public type Message = unit {
sswitch: uint8; sswitch: uint8;
result: uint8; result_: uint8;
var p_tcp: spicy::Protocol = spicy::Protocol::TCP; var p_tcp: spicy::Protocol = spicy::Protocol::TCP;
var p_udp: spicy::Protocol = spicy::Protocol::UDP; var p_udp: spicy::Protocol = spicy::Protocol::UDP;

6
testing/btest/spicy/multiple-enum.zeek
View file

@ -22,10 +22,10 @@ protocol analyzer spicy::dtest over TCP:
parse originator with dtest::Message; parse originator with dtest::Message;
on dtest::Message if ( self.sswitch == 83 ) on dtest::Message if ( self.sswitch == 83 )
-> event dtest_one(self.result); -> event dtest_one(self.result_);
on dtest::Message if ( self.sswitch != 83 ) on dtest::Message if ( self.sswitch != 83 )
-> event dtest_two(self.result); -> event dtest_two(self.result_);
# @TEST-END-FILE # @TEST-END-FILE
# @TEST-START-FILE dtest.spicy # @TEST-START-FILE dtest.spicy
@ -38,7 +38,7 @@ public type RESULT = enum {
public type Message = unit { public type Message = unit {
sswitch: uint8; sswitch: uint8;
result: uint8 &convert=RESULT($$); result_: uint8 &convert=RESULT($$);
}; };
# @TEST-END-FILE # @TEST-END-FILE