Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 04:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Some cleanup and refactoring on SSH main.bro.

Browse source 
Specifically, an overhaul of how the algorithm negotiation is
calculated, to simplify a lot of the code.
This commit is contained in:
Vlad Grigorescu 2015-03-09 16:04:35 -04:00
parent 8ca0067363
commit d9b4693240
4 changed files with 125 additions and 133 deletions
Download patch file Download diff file Expand all files Collapse all files

40
src/analyzer/protocol/ssh/ssh-analyzer.pac
View file

@ -73,17 +73,35 @@ refine flow SSH_Flow += {
RecordVal* result = new RecordVal(BifType::Record::SSH::Capabilities);
result->Assign(0, name_list_to_vector(${msg.kex_algorithms.val}));
result->Assign(1, name_list_to_vector(${msg.server_host_key_algorithms.val}));
result->Assign(2, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val}));
result->Assign(3, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val}));
result->Assign(4, name_list_to_vector(${msg.mac_algorithms_client_to_server.val}));
result->Assign(5, name_list_to_vector(${msg.mac_algorithms_server_to_client.val}));
result->Assign(6, name_list_to_vector(${msg.compression_algorithms_client_to_server.val}));
result->Assign(7, name_list_to_vector(${msg.compression_algorithms_server_to_client.val}));
if ( ${msg.languages_client_to_server.len} )
result->Assign(8, name_list_to_vector(${msg.languages_client_to_server.val}));
if ( ${msg.languages_server_to_client.len} )
result->Assign(9, name_list_to_vector(${msg.languages_server_to_client.val}));
result->Assign(10, new Val(${msg.is_orig}, TYPE_BOOL));
RecordVal* encryption_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
encryption_algs->Assign(0, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val}));
encryption_algs->Assign(1, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val}));
result->Assign(2, encryption_algs);
RecordVal* mac_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
mac_algs->Assign(0, name_list_to_vector(${msg.mac_algorithms_client_to_server.val}));
mac_algs->Assign(1, name_list_to_vector(${msg.mac_algorithms_server_to_client.val}));
result->Assign(3, mac_algs);
RecordVal* compression_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
compression_algs->Assign(0, name_list_to_vector(${msg.compression_algorithms_client_to_server.val}));
compression_algs->Assign(1, name_list_to_vector(${msg.compression_algorithms_server_to_client.val}));
result->Assign(4, compression_algs);
if ( ${msg.languages_client_to_server.len} || ${msg.languages_server_to_client.len} )
{
RecordVal* languages = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
if ( ${msg.languages_client_to_server.len} )
languages->Assign(0, name_list_to_vector(${msg.languages_client_to_server.val}));
if ( ${msg.languages_server_to_client.len} )
languages->Assign(1, name_list_to_vector(${msg.languages_server_to_client.val}));
result->Assign(5, languages);
}
result->Assign(6, new Val(${msg.is_orig}, TYPE_BOOL));
BifEvent::generate_ssh_capabilities(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.cookie}),