mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
Merge remote-tracking branch 'origin/topic/vladg/mysql'
* origin/topic/vladg/mysql: Update baselines. Fix a logic bug with handling quits after the cleanup. Integrate MySQL with the software framework A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit Move MySQL analyzer to the new plugin architecture. Add a btest for the Wireshark sample MySQL PCAP Add support for more commands, and support quit Redo the response handling.. Whitespace/readability fixes. Add memleak and auth btests. Update baselines. Get MySQL to compile and add basic v9 support. MySQL analyzer
This commit is contained in:
Robin Sommer
commit
e8e81043a1
37 changed files with 1390 additions and 348 deletions
65
src/analyzer/protocol/mysql/MySQL.cc
Normal file
65
src/analyzer/protocol/mysql/MySQL.cc
Normal file
|
|
@ -0,0 +1,65 @@
|
|||
// See the file "COPYING" in the main distribution directory for copyright.
|
||||
|
||||
#include "MySQL.h"
|
||||
#include "analyzer/protocol/tcp/TCP_Reassembler.h"
|
||||
#include "Reporter.h"
|
||||
#include "events.bif.h"
|
||||
|
||||
using namespace analyzer::MySQL;
|
||||
|
||||
MySQL_Analyzer::MySQL_Analyzer(Connection* c)
|
||||
: tcp::TCP_ApplicationAnalyzer("MySQL", c)
|
||||
{
|
||||
interp = new binpac::MySQL::MySQL_Conn(this);
|
||||
had_gap = false;
|
||||
}
|
||||
|
||||
MySQL_Analyzer::~MySQL_Analyzer()
|
||||
{
|
||||
delete interp;
|
||||
}
|
||||
|
||||
void MySQL_Analyzer::Done()
|
||||
{
|
||||
tcp::TCP_ApplicationAnalyzer::Done();
|
||||
|
||||
interp->FlowEOF(true);
|
||||
interp->FlowEOF(false);
|
||||
}
|
||||
|
||||
void MySQL_Analyzer::EndpointEOF(bool is_orig)
|
||||
{
|
||||
tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
|
||||
interp->FlowEOF(is_orig);
|
||||
}
|
||||
|
||||
void MySQL_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
|
||||
{
|
||||
tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
|
||||
|
||||
assert(TCP());
|
||||
if ( TCP()->IsPartial() )
|
||||
return;
|
||||
|
||||
if ( had_gap )
|
||||
// If only one side had a content gap, we could still try to
|
||||
// deliver data to the other side if the script layer can
|
||||
// handle this.
|
||||
return;
|
||||
|
||||
try
|
||||
{
|
||||
interp->NewData(orig, data, data + len);
|
||||
}
|
||||
catch ( const binpac::Exception& e )
|
||||
{
|
||||
reporter->Weird(e.msg().c_str());
|
||||
}
|
||||
}
|
||||
|
||||
void MySQL_Analyzer::Undelivered(uint64 seq, int len, bool orig)
|
||||
{
|
||||
tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
|
||||
had_gap = true;
|
||||
interp->NewGap(orig, len);
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue