A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit

src/analyzer/protocol/mysql/MySQL.h

@@ -33,7 +33,7 @@ public:
 
 	static bool Available()
 		{
-		return ( mysql_command_response || mysql_server_version || mysql_debug || mysql_handshake_response || mysql_login || mysql_command_request );
+		return ( mysql_command_request || mysql_error || mysql_ok || mysql_server_version || mysql_handshake );
 		}
 
 protected:

src/analyzer/protocol/mysql/events.bif

@@ -1,10 +1,65 @@
-event mysql_command_response%(c: connection, response: count%);
-event mysql_server_version%(c: connection, ver: string%);
-event mysql_debug%(c: connection, ver: count%);
-event mysql_handshake_response%(c: connection, username: string%);
-
-event mysql_login%(c: connection, username: string, success: bool%);
+## Generated for a command request from a MySQL client.
+##
+## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## for more information about the MySQL protocol.
+##
+## c: The connection.
+##
+## command: The numerical code of the command issued.
+##
+## arg: The argument for the command (empty string if not provided).
+##
+## .. bro:see:: mysql_error mysql_ok mysql_server_version mysql_handshake_response
 event mysql_command_request%(c: connection, command: count, arg: string%);
 
+## Generated for an unsuccessful MySQL response.
+##
+## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## for more information about the MySQL protocol.
+##
+## c: The connection.
+##
+## code: The error code.
+##
+## msg: Any extra details about the error (empty string if not provided).
+##
+## .. bro:see:: mysql_command_request mysql_ok mysql_server_version mysql_handshake_response
 event mysql_error%(c: connection, code: count, msg: string%);
+
+## Generated for a successful MySQL response.
+##
+## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## for more information about the MySQL protocol.
+##
+## c: The connection.
+##
+## affected_rows: The number of rows that were affected.
+##
+## .. bro:see:: mysql_command_request mysql_error mysql_server_version mysql_handshake_response
 event mysql_ok%(c: connection, affected_rows: count%);
+
+## Generated for the initial server handshake packet, which includes the MySQL server version.
+##
+## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## for more information about the MySQL protocol.
+##
+## c: The connection.
+##
+## ver: The server version string.
+##
+## .. bro:see:: mysql_command_request mysql_error mysql_ok mysql_handshake_response
+event mysql_server_version%(c: connection, ver: string%);
+
+## Generated for a client handshake response packet, which includes the username the client is attempting
+## to connect as.
+##
+## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## for more information about the MySQL protocol.
+##
+## c: The connection.
+##
+## username: The username supplied by the client
+##
+## .. bro:see:: mysql_command_request mysql_error mysql_ok mysql_server_version
+event mysql_handshake%(c: connection, username: string%);
+

src/analyzer/protocol/mysql/mysql-analyzer.pac

@@ -1,25 +1,32 @@
 refine flow MySQL_Flow += {
-	function proc_mysql_handshakev10(msg: Handshake_v10): bool
+	function proc_mysql_initial_handshake_packet(msg: Initial_Handshake_Packet): bool
 		%{
-		if ( mysql_server_version ) 
-			BifEvent::generate_mysql_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
-								bytestring_to_val(${msg.server_version}));
-		connection()->bro_analyzer()->ProtocolConfirmation();
+		if ( mysql_server_version )
+			{
+			if ( ${msg.version} == 10 )
+				BifEvent::generate_mysql_server_version(connection()->bro_analyzer(),
+														connection()->bro_analyzer()->Conn(),
+														bytestring_to_val(${msg.handshake10.server_version}));
+			if ( ${msg.version} == 9 )
+				BifEvent::generate_mysql_server_version(connection()->bro_analyzer(),
+														connection()->bro_analyzer()->Conn(),
+														bytestring_to_val(${msg.handshake9.server_version}));
+			}
 		return true;
 		%}
 
 	function proc_mysql_handshake_response_packet(msg: Handshake_Response_Packet): bool
 		%{
-		if ( mysql_handshake_response )
+		if ( mysql_handshake )
 			{
 			if ( ${msg.version} == 10 )
-				BifEvent::generate_mysql_handshake_response(connection()->bro_analyzer(), 
-									    connection()->bro_analyzer()->Conn(),
-								    	    bytestring_to_val(${msg.v10_response.username}));
+				BifEvent::generate_mysql_handshake(connection()->bro_analyzer(), 
+									    		   connection()->bro_analyzer()->Conn(),
+													bytestring_to_val(${msg.v10_response.username}));
 			if ( ${msg.version} == 9 )
-				BifEvent::generate_mysql_handshake_response(connection()->bro_analyzer(), 
-									    connection()->bro_analyzer()->Conn(),
-								    	    bytestring_to_val(${msg.v9_response.username}));
+				BifEvent::generate_mysql_handshake(connection()->bro_analyzer(), 
+									    		   connection()->bro_analyzer()->Conn(),
+								    	    	   bytestring_to_val(${msg.v9_response.username}));
 			}
 		return true;
 		%}
@@ -27,37 +34,45 @@ refine flow MySQL_Flow += {
 	function proc_mysql_command_request_packet(msg: Command_Request_Packet): bool
 		%{
 		if ( mysql_command_request )
-			BifEvent::generate_mysql_command_request(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
-								${msg.command}, bytestring_to_val(${msg.arg}));
+			BifEvent::generate_mysql_command_request(connection()->bro_analyzer(),
+													 connection()->bro_analyzer()->Conn(),
+													 ${msg.command},
+													 bytestring_to_val(${msg.arg}));
 		return true;
 		%}
 
 	function proc_err_packet(msg: ERR_Packet): bool
 		%{
 		if ( mysql_error )
-			BifEvent::generate_mysql_error(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
-						       ${msg.code}, bytestring_to_val(${msg.msg}));
+			BifEvent::generate_mysql_error(connection()->bro_analyzer(),
+										   connection()->bro_analyzer()->Conn(),
+						       			   ${msg.code},
+										   bytestring_to_val(${msg.msg}));
 		return true;
 		%}
 
 	function proc_ok_packet(msg: OK_Packet): bool
 		%{
 		if ( mysql_ok )
-			BifEvent::generate_mysql_ok(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.rows});
+			BifEvent::generate_mysql_ok(connection()->bro_analyzer(),
+										connection()->bro_analyzer()->Conn(),
+										${msg.rows});
 		return true;
 		%}
 	
 	function proc_resultset(msg: Resultset): bool
 		%{
-		if ( mysql_command_response )
-			BifEvent::generate_mysql_command_response(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.rows}->size());
+		if ( mysql_ok )
+			BifEvent::generate_mysql_ok(connection()->bro_analyzer(),
+										connection()->bro_analyzer()->Conn(),
+										${msg.rows}->size());
 		return true;
 		%}
 
 };
 
-refine typeattr Handshake_v10 += &let {
-	proc = $context.flow.proc_mysql_handshakev10(this);
+refine typeattr Initial_Handshake_Packet += &let {
+	proc = $context.flow.proc_mysql_initial_handshake_packet(this);
 };
 
 refine typeattr Handshake_Response_Packet += &let {
@@ -77,5 +92,5 @@ refine typeattr OK_Packet += &let {
 };
 
 refine typeattr Resultset += &let {
-	debug = $context.flow.proc_resultset(this);
+	proc = $context.flow.proc_resultset(this);
 };

src/analyzer/protocol/mysql/mysql-protocol.pac

@@ -159,14 +159,14 @@ type Client_Message(state: int) = case state of {
 # Handshake Request
 
 type Initial_Handshake_Packet = record {
-	protocol_version: uint8;
-	pkt				: case protocol_version of {
+	version : uint8;
+	pkt		: case version of {
 		10      -> handshake10 : Handshake_v10;
 		9       -> handshake9  : Handshake_v9;
 		default -> error       : ERR_Packet;
 	};
 } &let {
-	set_version		: bool = $context.connection.set_version(protocol_version);
+	set_version		: bool = $context.connection.set_version(version);
 };
 
 type Handshake_v10 = record {