Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/topic/jsiwek/bit-1343'

Browse source 
* origin/topic/jsiwek/bit-1343:
  BIT-1343: factor common ASN.1 code from RDP and SNMP analyzer.

BIT-1343 #merged
This commit is contained in:
Robin Sommer 2015-04-21 13:46:26 -07:00
commit cb767b9336
4 changed files with 71 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

2
aux/binpac

@ -1 +1 @@
Subproject commit 544330932e7cd4615d6d19f63907e8aa2acebb9e Subproject commit a1dddbb780bc45e1fb2ec3d7f11bec7a512c070d

62
src/analyzer/protocol/asn1/asn1.pac Normal file
View file

@ -0,0 +1,62 @@
############################## ASN.1 Encodings
enum ASN1TypeTag {
ASN1_INTEGER_TAG = 0x02,
ASN1_OCTET_STRING_TAG = 0x04,
ASN1_NULL_TAG = 0x05,
ASN1_OBJECT_IDENTIFIER_TAG = 0x06,
ASN1_SEQUENCE_TAG = 0x30,
};
type ASN1Encoding = record {
meta: ASN1EncodingMeta;
content: bytestring &length = meta.length;
};
type ASN1EncodingMeta = record {
tag: uint8;
len: uint8;
more_len: bytestring &length = long_len ? len & 0x7f : 0;
} &let {
long_len: bool = len & 0x80;
length: uint64 = long_len ? binary_to_int64(more_len) : len & 0x7f;
};
type ASN1SequenceMeta = record {
encoding: ASN1EncodingMeta;
};
type ASN1Integer = record {
encoding: ASN1Encoding;
};
type ASN1OctetString = record {
encoding: ASN1Encoding;
};
type ASN1ObjectIdentifier = record {
encoding: ASN1Encoding;
};
type ASN1Boolean = record {
encoding: ASN1Encoding;
};
type ASN1Enumerated = record {
encoding: ASN1Encoding;
};
############################## ASN.1 Conversion Functions
function binary_to_int64(bs: bytestring): int64
%{
int64 rval = 0;
for ( int i = 0; i < bs.length(); ++i )
{
uint64 byte = bs[i];
rval |= byte << (8 * (bs.length() - (i + 1)));
}
return rval;
%}

59
src/analyzer/protocol/rdp/rdp-protocol.pac
View file

@ -1,3 +1,4 @@
%include ../asn1/asn1.pac
type TPKT(is_orig: bool) = record { type TPKT(is_orig: bool) = record {
version: uint8; version: uint8;
@ -326,64 +327,6 @@ type X509_Cert_Data = record {
cert: bytestring &length=cert_len; cert: bytestring &length=cert_len;
} &byteorder=littleendian; } &byteorder=littleendian;
######################################################################
# ASN.1 Encodings
######################################################################
type ASN1Encoding = record {
meta: ASN1EncodingMeta;
content: bytestring &length = meta.length;
};
type ASN1EncodingMeta = record {
tag: uint8;
len: uint8;
more_len: bytestring &length = long_len ? len & 0x7f : 0;
} &let {
long_len: bool = (len & 0x80) > 0;
length: uint64 = long_len ? binary_to_int64(more_len) : len & 0x7f;
};
type ASN1SequenceMeta = record {
encoding: ASN1EncodingMeta;
};
type ASN1Integer = record {
encoding: ASN1Encoding;
};
type ASN1OctetString = record {
encoding: ASN1Encoding;
};
type ASN1ObjectIdentifier = record {
encoding: ASN1Encoding;
};
type ASN1Boolean = record {
encoding: ASN1Encoding;
};
type ASN1Enumerated = record {
encoding: ASN1Encoding;
};
######################################################################
# ASN.1 Conversion Functions
######################################################################
function binary_to_int64(bs: bytestring): int64
%{
int64 rval = 0;
for ( int i = 0; i < bs.length(); ++i )
{
uint64 byte = bs[i];
rval |= byte << (8 * (bs.length() - (i + 1)));
}
return rval;
%}
refine connection RDP_Conn += { refine connection RDP_Conn += {
%member{ %member{

57
src/analyzer/protocol/snmp/snmp-protocol.pac
View file

@ -8,6 +8,8 @@
# used. Primitive or non-constructor encodings are preferred over # used. Primitive or non-constructor encodings are preferred over
# constructor encodings. # constructor encodings.
%include ../asn1/asn1.pac
type TopLevelMessage(is_orig: bool) = record { type TopLevelMessage(is_orig: bool) = record {
asn1_sequence_meta: ASN1SequenceMeta; asn1_sequence_meta: ASN1SequenceMeta;
version: ASN1Integer; version: ASN1Integer;
@ -215,58 +217,3 @@ enum VarBindNullTag {
VARBIND_NOSUCHINSTANCE_TAG = 0x81, VARBIND_NOSUCHINSTANCE_TAG = 0x81,
VARBIND_ENDOFMIBVIEW_TAG = 0x82, VARBIND_ENDOFMIBVIEW_TAG = 0x82,
}; };
############################## ASN.1 Encodings
enum ASN1TypeTag {
ASN1_INTEGER_TAG = 0x02,
ASN1_OCTET_STRING_TAG = 0x04,
ASN1_NULL_TAG = 0x05,
ASN1_OBJECT_IDENTIFIER_TAG = 0x06,
ASN1_SEQUENCE_TAG = 0x30,
};
type ASN1Encoding = record {
meta: ASN1EncodingMeta;
content: bytestring &length = meta.length;
};
type ASN1EncodingMeta = record {
tag: uint8;
len: uint8;
more_len: bytestring &length = long_len ? len & 0x7f : 0;
} &let {
long_len: bool = len & 0x80;
length: uint64 = long_len ? binary_to_int64(more_len) : len & 0x7f;
};
type ASN1SequenceMeta = record {
encoding: ASN1EncodingMeta;
};
type ASN1Integer = record {
encoding: ASN1Encoding;
};
type ASN1OctetString = record {
encoding: ASN1Encoding;
};
type ASN1ObjectIdentifier = record {
encoding: ASN1Encoding;
};
############################## ASN.1 Conversion Functions
function binary_to_int64(bs: bytestring): int64
%{
int64 rval = 0;
for ( int i = 0; i < bs.length(); ++i )
{
uint64 byte = bs[i];
rval |= byte << (8 * (bs.length() - (i + 1)));
}
return rval;
%}