Merge remote-tracking branch 'origin/topic/awelzel/quic-ldap-event-prototypes'

* origin/topic/awelzel/quic-ldap-event-prototypes:
  ldap: Use longer event names
  ldap: Add spicy-events.zeek
  quic: Add spicy-events.zeek

scripts/base/protocols/ldap/__load__.zeek

@@ -1,4 +1,5 @@
 @if ( have_spicy_analyzers() )
+@load ./spicy-events.zeek
 @load-sigs ./dpd.sig
 @load ./consts
 @load ./main.zeek

scripts/base/protocols/ldap/main.zeek

@@ -113,16 +113,6 @@ export {
   # to the logging framework.
   global log_ldap: event(rec: LDAP::MessageInfo);
   global log_ldap_search: event(rec: LDAP::SearchInfo);
-
-  # Event called for each LDAP message (either direction)
-  global LDAP::message: event(c: connection,
-                              message_id: int,
-                              opcode: LDAP::ProtocolOpcode,
-                              result: LDAP::ResultCode,
-                              matched_dn: string,
-                              diagnostic_message: string,
-                              object: string,
-                              argument: string);
 }
 
 redef record connection += {
@@ -268,16 +258,16 @@ event LDAP::message(c: connection,
 }
 
 #############################################################################
-event LDAP::searchreq(c: connection,
-                      message_id: int,
-                      base_object: string,
-                      scope: LDAP::SearchScope,
-                      deref: LDAP::SearchDerefAlias,
-                      size_limit: int,
-                      time_limit: int,
-                      types_only: bool,
-                      filter: string,
-                      attributes: vector of string) {
+event LDAP::search_request(c: connection,
+                           message_id: int,
+                           base_object: string,
+                           scope: LDAP::SearchScope,
+                           deref: LDAP::SearchDerefAlias,
+                           size_limit: int,
+                           time_limit: int,
+                           types_only: bool,
+                           filter: string,
+                           attributes: vector of string) {
 
   set_session(c, message_id, LDAP::ProtocolOpcode_SEARCH_REQUEST);
 
@@ -306,9 +296,9 @@ event LDAP::searchreq(c: connection,
 }
 
 #############################################################################
-event LDAP::searchres(c: connection,
-                      message_id: int,
-                      object_name: string) {
+event LDAP::search_result(c: connection,
+                          message_id: int,
+                          object_name: string) {
 
   set_session(c, message_id, LDAP::ProtocolOpcode_SEARCH_RESULT_ENTRY);
 
@@ -316,12 +306,12 @@ event LDAP::searchres(c: connection,
 }
 
 #############################################################################
-event LDAP::bindreq(c: connection,
-                    message_id: int,
-                    version: int,
-                    name: string,
-                    authType: LDAP::BindAuthType,
-                    authInfo: string) {
+event LDAP::bind_request(c: connection,
+                         message_id: int,
+                         version: int,
+                         name: string,
+                         authType: LDAP::BindAuthType,
+                         authInfo: string) {
   set_session(c, message_id, LDAP::ProtocolOpcode_BIND_REQUEST);
 
   if ( ! c$ldap$messages[message_id]?$version )

scripts/base/protocols/ldap/spicy-events.zeek

@@ -0,0 +1,100 @@
+##! Events generated by the LDAP analyzer.
+##!
+##! See See `RFC4511 <https://tools.ietf.org/html/rfc4511>`__.
+
+## Event generated for each LDAPMessage (either direction).
+##
+## c: The connection.
+##
+## message_id: The messageID element.
+##
+## opcode: The protocolOp field in the message.
+##
+## result: The result code if the message contains a result.
+##
+## matched_dn: The DN if the message contains a result.
+##
+## diagnostic_message: Diagnostic message if the LDAP message contains a result.
+##
+## object: The object name this message refers to.
+##
+## argument: Additional arguments this message includes.
+global LDAP::message: event(
+  c: connection,
+  message_id: int,
+  opcode: LDAP::ProtocolOpcode,
+  result: LDAP::ResultCode,
+  matched_dn: string,
+  diagnostic_message: string,
+  object: string,
+  argument: string
+);
+
+## Event generated for each LDAPMessage containing a BindRequest.
+##
+## c: The connection.
+##
+## message_id: The messageID element.
+##
+## version: The version field in the BindRequest.
+##
+## name: The name field in the BindRequest.
+##
+## auth_type: The auth type field in the BindRequest.
+##
+## auth_info: Additional information related to the used auth type.
+global LDAP::bind_request: event(
+  c: connection,
+  message_id: int,
+  version: int,
+  name: string,
+  auth_type: LDAP::BindAuthType,
+  auth_info: string
+);
+
+## Event generated for each LDAPMessage containing a SearchRequest.
+##
+## c: The connection.
+##
+## message_id: The messageID element.
+##
+## base_object: The baseObject field in the SearchRequest.
+##
+## scope: The scope field in the SearchRequest.
+##
+## deref_alias: The derefAlias field in the SearchRequest
+##
+## size_limit: The sizeLimit field in the SearchRequest.
+##
+## time_limit: The timeLimit field in the SearchRequest.
+##
+## types_only: The typesOnly field in the SearchRequest.
+##
+## filter: The string representation of the filter field in the SearchRequest.
+##
+## attributes: Additional attributes of the SearchRequest.
+global LDAP::search_request: event (
+  c: connection,
+  message_id: int,
+  base_object: string,
+  scope: LDAP::SearchScope,
+  deref: LDAP::SearchDerefAlias,
+  size_limit: int,
+  time_limit: int,
+  types_only: bool,
+  filter: string,
+  attributes: vector of string
+);
+
+## Event generated for each SearchResultEntry in LDAP messages.
+##
+## c: The connection.
+##
+## message_id: The messageID element.
+##
+## object_name: The object name in the SearchResultEntry.
+global LDAP::search_result: event (
+  c: connection,
+  message_id: int,
+  object_name: string
+);