From 06ca14ea45271c7032d27b596edb4e6e787d354d Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Tue, 26 Oct 2010 16:41:15 -0400 Subject: [PATCH 01/54] Updated SSL analyzer and Bro script with lots of new ciphers. --- policy/ssl-ciphers.bro | 1009 ++++++++++++++++++++++++---------------- policy/ssl.bro | 41 +- src/SSLCiphers.cc | 454 +++++++++++++++++- src/SSLCiphers.h | 310 +++++++++--- 4 files changed, 1316 insertions(+), 498 deletions(-) diff --git a/policy/ssl-ciphers.bro b/policy/ssl-ciphers.bro index 143244d364..307565eb36 100644 --- a/policy/ssl-ciphers.bro +++ b/policy/ssl-ciphers.bro @@ -11,154 +11,218 @@ const SSLv20_CK_IDEA_128_CBC_WITH_MD5 = 0x050080; const SSLv20_CK_DES_64_CBC_WITH_MD5 = 0x060040; const SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0; -# --- sslv3x --- - -const SSLv3x_NULL_WITH_NULL_NULL = 0x0000; - -# The following CipherSuite definitions require that the server -# provide an RSA certificate that can be used for key exchange. The -# server may request either an RSA or a DSS signature-capable -# certificate in the certificate request message. - -const SSLv3x_RSA_WITH_NULL_MD5 = 0x0001; -const SSLv3x_RSA_WITH_NULL_SHA = 0x0002; -const SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003; -const SSLv3x_RSA_WITH_RC4_128_MD5 = 0x0004; -const SSLv3x_RSA_WITH_RC4_128_SHA = 0x0005; -const SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006; -const SSLv3x_RSA_WITH_IDEA_CBC_SHA = 0x0007; -const SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008; -const SSLv3x_RSA_WITH_DES_CBC_SHA = 0x0009; -const SSLv3x_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A; - -# The following CipherSuite definitions are used for -# server-authenticated (and optionally client-authenticated) -# Diffie-Hellman. DH denotes cipher suites in which the server's -# certificate contains the Diffie-Hellman parameters signed by the -# certificate authority (CA). DHE denotes ephemeral Diffie-Hellman, -# where the Diffie-Hellman parameters are signed by a DSS or RSA -# certificate, which has been signed by the CA. The signing -# algorithm used is specified after the DH or DHE parameter. In all -# cases, the client must have the same type of certificate, and must -# use the Diffie-Hellman parameters chosen by the server. - -const SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B; -const SSLv3x_DH_DSS_WITH_DES_CBC_SHA = 0x000C; -const SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D; -const SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E; -const SSLv3x_DH_RSA_WITH_DES_CBC_SHA = 0x000F; -const SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010; -const SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011; -const SSLv3x_DHE_DSS_WITH_DES_CBC_SHA = 0x0012; -const SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013; -const SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014; -const SSLv3x_DHE_RSA_WITH_DES_CBC_SHA = 0x0015; -const SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016; - -# The following cipher suites are used for completely anonymous -# Diffie-Hellman communications in which neither party is -# authenticated. Note that this mode is vulnerable to -# man-in-the-middle attacks and is therefore strongly discouraged. - -const SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017; -const SSLv3x_DH_anon_WITH_RC4_128_MD5 = 0x0018; -const SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019; -const SSLv3x_DH_anon_WITH_DES_CBC_SHA = 0x001A; -const SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B; - -# The final cipher suites are for the FORTEZZA token. - -const SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C; -const SSLv3x_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D; -# This seems to be assigned to a Kerberos cipher in TLS 1.1 -#const SSLv3x_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E; - - -# Following are some newer ciphers defined in RFC 4346 (TLS 1.1) - -# Kerberos ciphers - -const SSLv3x_KRB5_WITH_DES_CBC_SHA = 0x001E; -const SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F; -const SSLv3x_KRB5_WITH_RC4_128_SHA = 0x0020; -const SSLv3x_KRB5_WITH_IDEA_CBC_SHA = 0x0021; -const SSLv3x_KRB5_WITH_DES_CBC_MD5 = 0x0022; -const SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023; -const SSLv3x_KRB5_WITH_RC4_128_MD5 = 0x0024; -const SSLv3x_KRB5_WITH_IDEA_CBC_MD5 = 0x0025; - -# Kerberos export ciphers - -const SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026; -const SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027; -const SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028; -const SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029; -const SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A; -const SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B; - - -# AES ciphers - -const SSLv3x_RSA_WITH_AES_128_CBC_SHA = 0x002F; -const SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030; -const SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031; -const SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032; -const SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033; -const SSLv3x_DH_anon_WITH_AES_128_CBC_SHA = 0x0034; -const SSLv3x_RSA_WITH_AES_256_CBC_SHA = 0x0035; -const SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036; -const SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037; -const SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038; -const SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039; -const SSLv3x_DH_anon_WITH_AES_256_CBC_SHA = 0x003A; - -# Mostly more RFC defined suites -const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041; # [RFC4132] -const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042; # [RFC4132] -const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043; # [RFC4132] -const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044; # [RFC4132] -const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045; # [RFC4132] -const TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046; # [RFC4132] - -# The following are tagged as "Widely Deployed implementation": -const TLS_ECDH_ECDSA_WITH_NULL_SHA = 0x0047; -const TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x0048; -const TLS_ECDH_ECDSA_WITH_DES_CBC_SHA = 0x0049; -const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x004A; -const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x004B; -const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x004C; -const TLS_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060; -const TLS_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061; -const TLS_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062; -const TLS_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063; -const TLS_CK_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064; -const TLS_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065; -const TLS_CK_DHE_DSS_WITH_RC4_128_SHA = 0x0066; - -const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084; # [RFC4132] -const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085; # [RFC4132] -const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086; # [RFC4132] -const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087; # [RFC4132] -const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088; # [RFC4132] -const TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089; # [RFC4132] -const TLS_PSK_WITH_RC4_128_SHA = 0x008A; # [RFC4279] -const TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B; # [RFC4279] -const TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C; # [RFC4279] -const TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D; # [RFC4279] -const TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E; # [RFC4279] -const TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F; # [RFC4279] -const TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090; # [RFC4279] -const TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091; # [RFC4279] -const TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092; # [RFC4279] -const TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093; # [RFC4279] -const TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094; # [RFC4279] -const TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095; # [RFC4279] -const TLS_RSA_WITH_SEED_CBC_SHA = 0x0096; # [RFC4162] -const TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097; # [RFC4162] -const TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098; # [RFC4162] -const TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099; # [RFC4162] -const TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A; # [RFC4162] -const TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B; # [RFC4162] +# --- TLS --- +const TLS_NULL_WITH_NULL_NULL = 0x0000; +const TLS_RSA_WITH_NULL_MD5 = 0x0001; +const TLS_RSA_WITH_NULL_SHA = 0x0002; +const TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003; +const TLS_RSA_WITH_RC4_128_MD5 = 0x0004; +const TLS_RSA_WITH_RC4_128_SHA = 0x0005; +const TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006; +const TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007; +const TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008; +const TLS_RSA_WITH_DES_CBC_SHA = 0x0009; +const TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A; +const TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B; +const TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C; +const TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D; +const TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E; +const TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F; +const TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010; +const TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011; +const TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012; +const TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013; +const TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014; +const TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015; +const TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016; +const TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017; +const TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018; +const TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019; +const TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A; +const TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B; +const SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C; +const SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D; +const TLS_KRB5_WITH_DES_CBC_SHA = 0x001E; +const TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F; +const TLS_KRB5_WITH_RC4_128_SHA = 0x0020; +const TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021; +const TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022; +const TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023; +const TLS_KRB5_WITH_RC4_128_MD5 = 0x0024; +const TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025; +const TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026; +const TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027; +const TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028; +const TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029; +const TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A; +const TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B; +const TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F; +const TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030; +const TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031; +const TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032; +const TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033; +const TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034; +const TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035; +const TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036; +const TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037; +const TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038; +const TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039; +const TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A; +const TLS_RSA_WITH_NULL_SHA256 = 0x003B; +const TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C; +const TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D; +const TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E; +const TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F; +const TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040; +const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041; +const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042; +const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043; +const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044; +const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045; +const TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046; +const TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060; +const TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061; +const TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062; +const TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063; +const TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064; +const TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065; +const TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066; +const TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067; +const TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068; +const TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069; +const TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A; +const TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B; +const TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C; +const TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D; +const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084; +const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085; +const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086; +const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087; +const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088; +const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089; +const TLS_PSK_WITH_RC4_128_SHA = 0x008A; +const TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B; +const TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C; +const TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D; +const TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E; +const TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F; +const TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090; +const TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091; +const TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092; +const TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093; +const TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094; +const TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095; +const TLS_RSA_WITH_SEED_CBC_SHA = 0x0096; +const TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097; +const TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098; +const TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099; +const TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A; +const TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B; +const TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C; +const TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D; +const TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E; +const TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F; +const TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0; +const TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1; +const TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2; +const TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3; +const TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4; +const TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5; +const TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6; +const TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7; +const TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8; +const TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9; +const TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA; +const TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB; +const TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC; +const TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD; +const TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE; +const TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF; +const TLS_PSK_WITH_NULL_SHA256 = 0x00B0; +const TLS_PSK_WITH_NULL_SHA384 = 0x00B1; +const TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2; +const TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3; +const TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4; +const TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5; +const TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6; +const TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7; +const TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8; +const TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9; +const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA; +const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB; +const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC; +const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD; +const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE; +const TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF; +const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0; +const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1; +const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2; +const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3; +const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4; +const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5; +const TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001; +const TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002; +const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003; +const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004; +const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005; +const TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006; +const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007; +const TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008; +const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009; +const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A; +const TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B; +const TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C; +const TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D; +const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E; +const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F; +const TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010; +const TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011; +const TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012; +const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013; +const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014; +const TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015; +const TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016; +const TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017; +const TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018; +const TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019; +const TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A; +const TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B; +const TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C; +const TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D; +const TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E; +const TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F; +const TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020; +const TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021; +const TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022; +const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023; +const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024; +const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025; +const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026; +const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027; +const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028; +const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029; +const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A; +const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B; +const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C; +const TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D; +const TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E; +const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F; +const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030; +const TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031; +const TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032; +const TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033; +const TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034; +const TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035; +const TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036; +const TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037; +const TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038; +const TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039; +const TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A; +const TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B; +const SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE; +const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF; +const SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1; +const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0; # Cipher specifications native to TLS can be included in Version 2.0 client @@ -186,196 +250,218 @@ const ssl_cipher_desc: table[count] of string = { "SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5", [SSLv20_CK_DES_64_CBC_WITH_MD5] = "SSLv20_CK_DES_64_CBC_WITH_MD5", - # --- sslv3x --- - [SSLv3x_NULL_WITH_NULL_NULL] = "SSLv3x_NULL_WITH_NULL_NULL", - - [SSLv3x_RSA_WITH_NULL_MD5] = "SSLv3x_RSA_WITH_NULL_MD5", - [SSLv3x_RSA_WITH_NULL_SHA] = "SSLv3x_RSA_WITH_NULL_SHA", - [SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5] = - "SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5", - [SSLv3x_RSA_WITH_RC4_128_MD5] = "SSLv3x_RSA_WITH_RC4_128_MD5", - [SSLv3x_RSA_WITH_RC4_128_SHA] = "SSLv3x_RSA_WITH_RC4_128_SHA", - [SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5] = - "SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5", - [SSLv3x_RSA_WITH_IDEA_CBC_SHA] = "SSLv3x_RSA_WITH_IDEA_CBC_SHA", - [SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_RSA_WITH_DES_CBC_SHA] = "SSLv3x_RSA_WITH_DES_CBC_SHA", - [SSLv3x_RSA_WITH_3DES_EDE_CBC_SHA] = "SSLv3x_RSA_WITH_3DES_EDE_CBC_SHA", - - [SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_DH_DSS_WITH_DES_CBC_SHA] = "SSLv3x_DH_DSS_WITH_DES_CBC_SHA", - [SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA", - [SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_DH_RSA_WITH_DES_CBC_SHA] = "SSLv3x_DH_RSA_WITH_DES_CBC_SHA", - [SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA", - [SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_DHE_DSS_WITH_DES_CBC_SHA] = "SSLv3x_DHE_DSS_WITH_DES_CBC_SHA", - [SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA", - [SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_DHE_RSA_WITH_DES_CBC_SHA] = "SSLv3x_DHE_RSA_WITH_DES_CBC_SHA", - [SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA", - - [SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5] = - "SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5", - [SSLv3x_DH_anon_WITH_RC4_128_MD5] = "SSLv3x_DH_anon_WITH_RC4_128_MD5", - [SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA] = - "SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA", - [SSLv3x_DH_anon_WITH_DES_CBC_SHA] = "SSLv3x_DH_anon_WITH_DES_CBC_SHA", - [SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA", - - [SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA] = - "SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA", - [SSLv3x_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA] = - "SSLv3x_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA", - [SSLv3x_KRB5_WITH_DES_CBC_SHA] = - "SSLv3x_KRB5_WITH_DES_CBC_SHA", - [SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA] = - "SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA", - [SSLv3x_KRB5_WITH_RC4_128_SHA] = - "SSLv3x_KRB5_WITH_RC4_128_SHA", - [SSLv3x_KRB5_WITH_IDEA_CBC_SHA] = - "SSLv3x_KRB5_WITH_IDEA_CBC_SHA", - [SSLv3x_KRB5_WITH_DES_CBC_MD5] = - "SSLv3x_KRB5_WITH_DES_CBC_MD5", - [SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5] = - "SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5", - [SSLv3x_KRB5_WITH_RC4_128_MD5] = - "SSLv3x_KRB5_WITH_RC4_128_MD5", - [SSLv3x_KRB5_WITH_IDEA_CBC_MD5] = - "SSLv3x_KRB5_WITH_IDEA_CBC_MD5", - [SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA] = - "SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA", - [SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA] = - "SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", - [SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA] = - "SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA", - [SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5] = - "SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5", - [SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5] = - "SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", - [SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5] = - "SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5", - [SSLv3x_RSA_WITH_AES_128_CBC_SHA] = - "SSLv3x_RSA_WITH_AES_128_CBC_SHA", - [SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA] = - "SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA", - [SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA] = - "SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA", - [SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA] = - "SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA", - [SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA] = - "SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA", - [SSLv3x_DH_anon_WITH_AES_128_CBC_SHA] = - "SSLv3x_DH_anon_WITH_AES_128_CBC_SHA", - [SSLv3x_RSA_WITH_AES_256_CBC_SHA] = - "SSLv3x_RSA_WITH_AES_256_CBC_SHA", - [SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA] = - "SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA", - [SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA] = - "SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA", - [SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA] = - "SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA", - [SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA] = - "SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA", - [SSLv3x_DH_anon_WITH_AES_256_CBC_SHA] = - "SSLv3x_DH_anon_WITH_AES_256_CBC_SHA", - - [TLS_RSA_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", - [TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", - [TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", - [TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", - [TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", - [TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA] = - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", - [TLS_ECDH_ECDSA_WITH_NULL_SHA] = - "TLS_ECDH_ECDSA_WITH_NULL_SHA", - [TLS_ECDH_ECDSA_WITH_RC4_128_SHA] = - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", - [TLS_ECDH_ECDSA_WITH_DES_CBC_SHA] = - "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA", - [TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA] = - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", - [TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA] = - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", - [TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA] = - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", - [TLS_CK_RSA_EXPORT1024_WITH_RC4_56_MD5] = - "TLS_CK_RSA_EXPORT1024_WITH_RC4_56_MD5", - [TLS_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5] = - "TLS_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5", - [TLS_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA] = - "TLS_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA", - [TLS_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA] = - "TLS_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", - [TLS_CK_RSA_EXPORT1024_WITH_RC4_56_SHA] = - "TLS_CK_RSA_EXPORT1024_WITH_RC4_56_SHA", - [TLS_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA] = - "TLS_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", - [TLS_CK_DHE_DSS_WITH_RC4_128_SHA] = - "TLS_CK_DHE_DSS_WITH_RC4_128_SHA", - [TLS_RSA_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", - [TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", - [TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", - [TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", - [TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", - [TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA] = - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", - [TLS_PSK_WITH_RC4_128_SHA] = - "TLS_PSK_WITH_RC4_128_SHA", - [TLS_PSK_WITH_3DES_EDE_CBC_SHA] = - "TLS_PSK_WITH_3DES_EDE_CBC_SHA", - [TLS_PSK_WITH_AES_128_CBC_SHA] = - "TLS_PSK_WITH_AES_128_CBC_SHA", - [TLS_PSK_WITH_AES_256_CBC_SHA] = - "TLS_PSK_WITH_AES_256_CBC_SHA", - [TLS_DHE_PSK_WITH_RC4_128_SHA] = - "TLS_DHE_PSK_WITH_RC4_128_SHA", - [TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA] = - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", - [TLS_DHE_PSK_WITH_AES_128_CBC_SHA] = - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA", - [TLS_DHE_PSK_WITH_AES_256_CBC_SHA] = - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA", - [TLS_RSA_PSK_WITH_RC4_128_SHA] = - "TLS_RSA_PSK_WITH_RC4_128_SHA", - [TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA] = - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", - [TLS_RSA_PSK_WITH_AES_128_CBC_SHA] = - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA", - [TLS_RSA_PSK_WITH_AES_256_CBC_SHA] = - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA", - [TLS_RSA_WITH_SEED_CBC_SHA] = - "TLS_RSA_WITH_SEED_CBC_SHA", - [TLS_DH_DSS_WITH_SEED_CBC_SHA] = - "TLS_DH_DSS_WITH_SEED_CBC_SHA", - [TLS_DH_RSA_WITH_SEED_CBC_SHA] = - "TLS_DH_RSA_WITH_SEED_CBC_SHA", - [TLS_DHE_DSS_WITH_SEED_CBC_SHA] = - "TLS_DHE_DSS_WITH_SEED_CBC_SHA", - [TLS_DHE_RSA_WITH_SEED_CBC_SHA] = - "TLS_DHE_RSA_WITH_SEED_CBC_SHA", - [TLS_DH_anon_WITH_SEED_CBC_SHA] = - "TLS_DH_anon_WITH_SEED_CBC_SHA" + # --- TLS --- + [TLS_NULL_WITH_NULL_NULL] = "TLS_NULL_WITH_NULL_NULL", + [TLS_RSA_WITH_NULL_MD5] = "TLS_RSA_WITH_NULL_MD5", + [TLS_RSA_WITH_NULL_SHA] = "TLS_RSA_WITH_NULL_SHA", + [TLS_RSA_EXPORT_WITH_RC4_40_MD5] = "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + [TLS_RSA_WITH_RC4_128_MD5] = "TLS_RSA_WITH_RC4_128_MD5", + [TLS_RSA_WITH_RC4_128_SHA] = "TLS_RSA_WITH_RC4_128_SHA", + [TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5] = "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + [TLS_RSA_WITH_IDEA_CBC_SHA] = "TLS_RSA_WITH_IDEA_CBC_SHA", + [TLS_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + [TLS_RSA_WITH_DES_CBC_SHA] = "TLS_RSA_WITH_DES_CBC_SHA", + [TLS_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", + [TLS_DH_DSS_WITH_DES_CBC_SHA] = "TLS_DH_DSS_WITH_DES_CBC_SHA", + [TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + [TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", + [TLS_DH_RSA_WITH_DES_CBC_SHA] = "TLS_DH_RSA_WITH_DES_CBC_SHA", + [TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + [TLS_DHE_DSS_WITH_DES_CBC_SHA] = "TLS_DHE_DSS_WITH_DES_CBC_SHA", + [TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + [TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + [TLS_DHE_RSA_WITH_DES_CBC_SHA] = "TLS_DHE_RSA_WITH_DES_CBC_SHA", + [TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5] = "TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5", + [TLS_DH_ANON_WITH_RC4_128_MD5] = "TLS_DH_ANON_WITH_RC4_128_MD5", + [TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA", + [TLS_DH_ANON_WITH_DES_CBC_SHA] = "TLS_DH_ANON_WITH_DES_CBC_SHA", + [TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA", + [SSL_FORTEZZA_KEA_WITH_NULL_SHA] = "SSL_FORTEZZA_KEA_WITH_NULL_SHA", + [SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA] = "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA", + [TLS_KRB5_WITH_DES_CBC_SHA] = "TLS_KRB5_WITH_DES_CBC_SHA", + [TLS_KRB5_WITH_3DES_EDE_CBC_SHA] = "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", + [TLS_KRB5_WITH_RC4_128_SHA] = "TLS_KRB5_WITH_RC4_128_SHA", + [TLS_KRB5_WITH_IDEA_CBC_SHA] = "TLS_KRB5_WITH_IDEA_CBC_SHA", + [TLS_KRB5_WITH_DES_CBC_MD5] = "TLS_KRB5_WITH_DES_CBC_MD5", + [TLS_KRB5_WITH_3DES_EDE_CBC_MD5] = "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", + [TLS_KRB5_WITH_RC4_128_MD5] = "TLS_KRB5_WITH_RC4_128_MD5", + [TLS_KRB5_WITH_IDEA_CBC_MD5] = "TLS_KRB5_WITH_IDEA_CBC_MD5", + [TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", + [TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", + [TLS_KRB5_EXPORT_WITH_RC4_40_SHA] = "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", + [TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", + [TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", + [TLS_KRB5_EXPORT_WITH_RC4_40_MD5] = "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", + [TLS_RSA_WITH_AES_128_CBC_SHA] = "TLS_RSA_WITH_AES_128_CBC_SHA", + [TLS_DH_DSS_WITH_AES_128_CBC_SHA] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + [TLS_DH_RSA_WITH_AES_128_CBC_SHA] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + [TLS_DHE_DSS_WITH_AES_128_CBC_SHA] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + [TLS_DHE_RSA_WITH_AES_128_CBC_SHA] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + [TLS_DH_ANON_WITH_AES_128_CBC_SHA] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA", + [TLS_RSA_WITH_AES_256_CBC_SHA] = "TLS_RSA_WITH_AES_256_CBC_SHA", + [TLS_DH_DSS_WITH_AES_256_CBC_SHA] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + [TLS_DH_RSA_WITH_AES_256_CBC_SHA] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + [TLS_DHE_DSS_WITH_AES_256_CBC_SHA] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + [TLS_DHE_RSA_WITH_AES_256_CBC_SHA] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + [TLS_DH_ANON_WITH_AES_256_CBC_SHA] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA", + [TLS_RSA_WITH_NULL_SHA256] = "TLS_RSA_WITH_NULL_SHA256", + [TLS_RSA_WITH_AES_128_CBC_SHA256] = "TLS_RSA_WITH_AES_128_CBC_SHA256", + [TLS_RSA_WITH_AES_256_CBC_SHA256] = "TLS_RSA_WITH_AES_256_CBC_SHA256", + [TLS_DH_DSS_WITH_AES_128_CBC_SHA256] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", + [TLS_DH_RSA_WITH_AES_128_CBC_SHA256] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", + [TLS_DHE_DSS_WITH_AES_128_CBC_SHA256] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + [TLS_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + [TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + [TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + [TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + [TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + [TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA", + [TLS_RSA_EXPORT1024_WITH_RC4_56_MD5] = "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", + [TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5] = "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5", + [TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA] = "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", + [TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA] = "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", + [TLS_RSA_EXPORT1024_WITH_RC4_56_SHA] = "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", + [TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA] = "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", + [TLS_DHE_DSS_WITH_RC4_128_SHA] = "TLS_DHE_DSS_WITH_RC4_128_SHA", + [TLS_DHE_RSA_WITH_AES_128_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + [TLS_DH_DSS_WITH_AES_256_CBC_SHA256] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", + [TLS_DH_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", + [TLS_DHE_DSS_WITH_AES_256_CBC_SHA256] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + [TLS_DHE_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + [TLS_DH_ANON_WITH_AES_128_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA256", + [TLS_DH_ANON_WITH_AES_256_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA256", + [TLS_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + [TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + [TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + [TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + [TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + [TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA", + [TLS_PSK_WITH_RC4_128_SHA] = "TLS_PSK_WITH_RC4_128_SHA", + [TLS_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_PSK_WITH_3DES_EDE_CBC_SHA", + [TLS_PSK_WITH_AES_128_CBC_SHA] = "TLS_PSK_WITH_AES_128_CBC_SHA", + [TLS_PSK_WITH_AES_256_CBC_SHA] = "TLS_PSK_WITH_AES_256_CBC_SHA", + [TLS_DHE_PSK_WITH_RC4_128_SHA] = "TLS_DHE_PSK_WITH_RC4_128_SHA", + [TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", + [TLS_DHE_PSK_WITH_AES_128_CBC_SHA] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA", + [TLS_DHE_PSK_WITH_AES_256_CBC_SHA] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA", + [TLS_RSA_PSK_WITH_RC4_128_SHA] = "TLS_RSA_PSK_WITH_RC4_128_SHA", + [TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", + [TLS_RSA_PSK_WITH_AES_128_CBC_SHA] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA", + [TLS_RSA_PSK_WITH_AES_256_CBC_SHA] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA", + [TLS_RSA_WITH_SEED_CBC_SHA] = "TLS_RSA_WITH_SEED_CBC_SHA", + [TLS_DH_DSS_WITH_SEED_CBC_SHA] = "TLS_DH_DSS_WITH_SEED_CBC_SHA", + [TLS_DH_RSA_WITH_SEED_CBC_SHA] = "TLS_DH_RSA_WITH_SEED_CBC_SHA", + [TLS_DHE_DSS_WITH_SEED_CBC_SHA] = "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + [TLS_DHE_RSA_WITH_SEED_CBC_SHA] = "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + [TLS_DH_ANON_WITH_SEED_CBC_SHA] = "TLS_DH_ANON_WITH_SEED_CBC_SHA", + [TLS_RSA_WITH_AES_128_GCM_SHA256] = "TLS_RSA_WITH_AES_128_GCM_SHA256", + [TLS_RSA_WITH_AES_256_GCM_SHA384] = "TLS_RSA_WITH_AES_256_GCM_SHA384", + [TLS_DHE_RSA_WITH_AES_128_GCM_SHA256] = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + [TLS_DHE_RSA_WITH_AES_256_GCM_SHA384] = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + [TLS_DH_RSA_WITH_AES_128_GCM_SHA256] = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", + [TLS_DH_RSA_WITH_AES_256_GCM_SHA384] = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", + [TLS_DHE_DSS_WITH_AES_128_GCM_SHA256] = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", + [TLS_DHE_DSS_WITH_AES_256_GCM_SHA384] = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + [TLS_DH_DSS_WITH_AES_128_GCM_SHA256] = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", + [TLS_DH_DSS_WITH_AES_256_GCM_SHA384] = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", + [TLS_DH_ANON_WITH_AES_128_GCM_SHA256] = "TLS_DH_ANON_WITH_AES_128_GCM_SHA256", + [TLS_DH_ANON_WITH_AES_256_GCM_SHA384] = "TLS_DH_ANON_WITH_AES_256_GCM_SHA384", + [TLS_PSK_WITH_AES_128_GCM_SHA256] = "TLS_PSK_WITH_AES_128_GCM_SHA256", + [TLS_PSK_WITH_AES_256_GCM_SHA384] = "TLS_PSK_WITH_AES_256_GCM_SHA384", + [TLS_DHE_PSK_WITH_AES_128_GCM_SHA256] = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", + [TLS_DHE_PSK_WITH_AES_256_GCM_SHA384] = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", + [TLS_RSA_PSK_WITH_AES_128_GCM_SHA256] = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", + [TLS_RSA_PSK_WITH_AES_256_GCM_SHA384] = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", + [TLS_PSK_WITH_AES_128_CBC_SHA256] = "TLS_PSK_WITH_AES_128_CBC_SHA256", + [TLS_PSK_WITH_AES_256_CBC_SHA384] = "TLS_PSK_WITH_AES_256_CBC_SHA384", + [TLS_PSK_WITH_NULL_SHA256] = "TLS_PSK_WITH_NULL_SHA256", + [TLS_PSK_WITH_NULL_SHA384] = "TLS_PSK_WITH_NULL_SHA384", + [TLS_DHE_PSK_WITH_AES_128_CBC_SHA256] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", + [TLS_DHE_PSK_WITH_AES_256_CBC_SHA384] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", + [TLS_DHE_PSK_WITH_NULL_SHA256] = "TLS_DHE_PSK_WITH_NULL_SHA256", + [TLS_DHE_PSK_WITH_NULL_SHA384] = "TLS_DHE_PSK_WITH_NULL_SHA384", + [TLS_RSA_PSK_WITH_AES_128_CBC_SHA256] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", + [TLS_RSA_PSK_WITH_AES_256_CBC_SHA384] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", + [TLS_RSA_PSK_WITH_NULL_SHA256] = "TLS_RSA_PSK_WITH_NULL_SHA256", + [TLS_RSA_PSK_WITH_NULL_SHA384] = "TLS_RSA_PSK_WITH_NULL_SHA384", + [TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256", + [TLS_ECDH_ECDSA_WITH_NULL_SHA] = "TLS_ECDH_ECDSA_WITH_NULL_SHA", + [TLS_ECDH_ECDSA_WITH_RC4_128_SHA] = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + [TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + [TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + [TLS_ECDHE_ECDSA_WITH_NULL_SHA] = "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + [TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + [TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + [TLS_ECDH_RSA_WITH_NULL_SHA] = "TLS_ECDH_RSA_WITH_NULL_SHA", + [TLS_ECDH_RSA_WITH_RC4_128_SHA] = "TLS_ECDH_RSA_WITH_RC4_128_SHA", + [TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDH_RSA_WITH_AES_128_CBC_SHA] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + [TLS_ECDH_RSA_WITH_AES_256_CBC_SHA] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + [TLS_ECDHE_RSA_WITH_NULL_SHA] = "TLS_ECDHE_RSA_WITH_NULL_SHA", + [TLS_ECDHE_RSA_WITH_RC4_128_SHA] = "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + [TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + [TLS_ECDH_ANON_WITH_NULL_SHA] = "TLS_ECDH_ANON_WITH_NULL_SHA", + [TLS_ECDH_ANON_WITH_RC4_128_SHA] = "TLS_ECDH_ANON_WITH_RC4_128_SHA", + [TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDH_ANON_WITH_AES_128_CBC_SHA] = "TLS_ECDH_ANON_WITH_AES_128_CBC_SHA", + [TLS_ECDH_ANON_WITH_AES_256_CBC_SHA] = "TLS_ECDH_ANON_WITH_AES_256_CBC_SHA", + [TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", + [TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", + [TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", + [TLS_SRP_SHA_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_WITH_AES_128_CBC_SHA", + [TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", + [TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", + [TLS_SRP_SHA_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_WITH_AES_256_CBC_SHA", + [TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", + [TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", + [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + [TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + [TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + [TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + [TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", + [TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", + [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + [TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + [TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", + [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + [TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", + [TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", + [TLS_ECDHE_PSK_WITH_RC4_128_SHA] = "TLS_ECDHE_PSK_WITH_RC4_128_SHA", + [TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", + [TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", + [TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", + [TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", + [TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", + [TLS_ECDHE_PSK_WITH_NULL_SHA] = "TLS_ECDHE_PSK_WITH_NULL_SHA", + [TLS_ECDHE_PSK_WITH_NULL_SHA256] = "TLS_ECDHE_PSK_WITH_NULL_SHA256", + [TLS_ECDHE_PSK_WITH_NULL_SHA384] = "TLS_ECDHE_PSK_WITH_NULL_SHA384", + [SSL_RSA_FIPS_WITH_DES_CBC_SHA] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA", + [SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", + [SSL_RSA_FIPS_WITH_DES_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA_2", + [SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2", }; @@ -385,101 +471,218 @@ const ssl_cipher_desc: table[count] of string = { const ssl_cipherset_EXPORT: set[count] = { SSLv20_CK_RC4_128_EXPORT40_WITH_MD5, SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5, - SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5, - SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5, - SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, - SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5 + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, + TLS_KRB5_EXPORT_WITH_RC4_40_SHA, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_KRB5_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, + TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, }; # --- this set holds all DES ciphers const ssl_cipherset_DES: set[count] = { SSLv20_CK_DES_64_CBC_WITH_MD5, - SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_RSA_WITH_DES_CBC_SHA, - SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_DSS_WITH_DES_CBC_SHA, - SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_RSA_WITH_DES_CBC_SHA, - SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_DSS_WITH_DES_CBC_SHA, - SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_RSA_WITH_DES_CBC_SHA, - SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_anon_WITH_DES_CBC_SHA, - SSLv3x_KRB5_WITH_DES_CBC_SHA, - SSLv3x_KRB5_WITH_DES_CBC_MD5, - SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5 + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_RSA_WITH_DES_CBC_SHA, + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_DSS_WITH_DES_CBC_SHA, + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_RSA_WITH_DES_CBC_SHA, + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_DSS_WITH_DES_CBC_SHA, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_RSA_WITH_DES_CBC_SHA, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_ANON_WITH_DES_CBC_SHA, + TLS_KRB5_WITH_DES_CBC_SHA, + TLS_KRB5_WITH_DES_CBC_MD5, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + SSL_RSA_FIPS_WITH_DES_CBC_SHA, + SSL_RSA_FIPS_WITH_DES_CBC_SHA_2, }; # --- this set holds all 3DES ciphers const ssl_cipherset_3DES: set[count] = { SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5, - SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA, - SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA, - SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA, - SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA, - SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA, - SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5 + TLS_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, + TLS_KRB5_WITH_3DES_EDE_CBC_SHA, + TLS_KRB5_WITH_3DES_EDE_CBC_MD5, + TLS_PSK_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA, + TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2, }; # --- this set holds all RC2 ciphers const ssl_cipherset_RC2: set[count] = { SSLv20_CK_RC2_128_CBC_WITH_MD5, SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, }; # --- this set holds all RC4 ciphers const ssl_cipherset_RC4: set[count] = { SSLv20_CK_RC4_128_WITH_MD5, SSLv20_CK_RC4_128_EXPORT40_WITH_MD5, - SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5, - SSLv3x_RSA_WITH_RC4_128_MD5, - SSLv3x_RSA_WITH_RC4_128_SHA, - SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5, - SSLv3x_DH_anon_WITH_RC4_128_MD5, - SSLv3x_KRB5_WITH_RC4_128_SHA, - SSLv3x_KRB5_WITH_RC4_128_MD5, - SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA, - SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5 + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_WITH_RC4_128_MD5, + TLS_RSA_WITH_RC4_128_SHA, + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + TLS_DH_ANON_WITH_RC4_128_MD5, + TLS_KRB5_WITH_RC4_128_SHA, + TLS_KRB5_WITH_RC4_128_MD5, + TLS_KRB5_EXPORT_WITH_RC4_40_SHA, + TLS_KRB5_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + TLS_DHE_DSS_WITH_RC4_128_SHA, + TLS_PSK_WITH_RC4_128_SHA, + TLS_DHE_PSK_WITH_RC4_128_SHA, + TLS_RSA_PSK_WITH_RC4_128_SHA, + TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDH_RSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + TLS_ECDH_ANON_WITH_RC4_128_SHA, + TLS_ECDHE_PSK_WITH_RC4_128_SHA, }; # --- this set holds all IDEA ciphers const ssl_cipherset_IDEA: set[count] = { SSLv20_CK_IDEA_128_CBC_WITH_MD5, - SSLv3x_RSA_WITH_IDEA_CBC_SHA, - SSLv3x_KRB5_WITH_IDEA_CBC_SHA, - SSLv3x_KRB5_WITH_IDEA_CBC_MD5 + TLS_RSA_WITH_IDEA_CBC_SHA, + TLS_KRB5_WITH_IDEA_CBC_SHA, + TLS_KRB5_WITH_IDEA_CBC_MD5 }; # --- this set holds all AES ciphers const ssl_cipherset_AES: set[count] = { - SSLv3x_RSA_WITH_AES_128_CBC_SHA, - SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA, - SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA, - SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA, - SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA, - SSLv3x_DH_anon_WITH_AES_128_CBC_SHA, - SSLv3x_RSA_WITH_AES_256_CBC_SHA, - SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA, - SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA, - SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA, - SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA, - SSLv3x_DH_anon_WITH_AES_256_CBC_SHA + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_DH_DSS_WITH_AES_128_CBC_SHA, + TLS_DH_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DH_ANON_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_DH_DSS_WITH_AES_256_CBC_SHA, + TLS_DH_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DH_ANON_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_DH_DSS_WITH_AES_128_CBC_SHA256, + TLS_DH_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DH_DSS_WITH_AES_256_CBC_SHA256, + TLS_DH_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DH_ANON_WITH_AES_128_CBC_SHA256, + TLS_DH_ANON_WITH_AES_256_CBC_SHA256, + TLS_PSK_WITH_AES_128_CBC_SHA, + TLS_PSK_WITH_AES_256_CBC_SHA, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_DH_RSA_WITH_AES_128_GCM_SHA256, + TLS_DH_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS_DH_DSS_WITH_AES_128_GCM_SHA256, + TLS_DH_DSS_WITH_AES_256_GCM_SHA384, + TLS_DH_ANON_WITH_AES_128_GCM_SHA256, + TLS_DH_ANON_WITH_AES_256_GCM_SHA384, + TLS_PSK_WITH_AES_128_GCM_SHA256, + TLS_PSK_WITH_AES_256_GCM_SHA384, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, + TLS_PSK_WITH_AES_128_CBC_SHA256, + TLS_PSK_WITH_AES_256_CBC_SHA384, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_ANON_WITH_AES_128_CBC_SHA, + TLS_ECDH_ANON_WITH_AES_256_CBC_SHA, + TLS_SRP_SHA_WITH_AES_128_CBC_SHA, + TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + TLS_SRP_SHA_WITH_AES_256_CBC_SHA, + TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, }; diff --git a/policy/ssl.bro b/policy/ssl.bro index 216abb2d10..6a347a14cc 100644 --- a/policy/ssl.bro +++ b/policy/ssl.bro @@ -85,29 +85,28 @@ const myWeakCiphers: set[count] = { SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5, SSLv20_CK_DES_64_CBC_WITH_MD5, - SSLv3x_NULL_WITH_NULL_NULL, - SSLv3x_RSA_WITH_NULL_MD5, - SSLv3x_RSA_WITH_NULL_SHA, - SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5, - SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_RSA_WITH_DES_CBC_SHA, + TLS_NULL_WITH_NULL_NULL, + TLS_RSA_WITH_NULL_MD5, + TLS_RSA_WITH_NULL_SHA, + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_RSA_WITH_DES_CBC_SHA, - SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_DSS_WITH_DES_CBC_SHA, - SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_RSA_WITH_DES_CBC_SHA, - SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_DSS_WITH_DES_CBC_SHA, - SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DHE_RSA_WITH_DES_CBC_SHA, + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_DSS_WITH_DES_CBC_SHA, + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_RSA_WITH_DES_CBC_SHA, + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_DSS_WITH_DES_CBC_SHA, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_RSA_WITH_DES_CBC_SHA, - SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5, - SSLv3x_DH_anon_WITH_RC4_128_MD5, - SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA, - SSLv3x_DH_anon_WITH_DES_CBC_SHA, - SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA, - SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + TLS_DH_ANON_WITH_RC4_128_MD5, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_ANON_WITH_DES_CBC_SHA, + TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, }; const x509_ignore_errors: set[int] = { diff --git a/src/SSLCiphers.cc b/src/SSLCiphers.cc index 1eaf3898e2..e8972beb21 100644 --- a/src/SSLCiphers.cc +++ b/src/SSLCiphers.cc @@ -389,16 +389,16 @@ SSL_CipherSpec SSL_CipherSpecs[] = { 96, 160 }, - { SSL_FORTEZZA_KEA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv30, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_FORTEZZA_KEA, - 0, - 128, - 160 - }, + //{ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA, + // SSL_CIPHER_TYPE_STREAM, + // SSL_FLAG_SSLv30, + // SSL_CIPHER_RC4, + // SSL_MAC_SHA, + // SSL_KEY_EXCHANGE_FORTEZZA_KEA, + // 0, + // 128, + // 160 + //}, // --- special SSLv3 FIPS ciphers { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_CIPHER_TYPE_BLOCK, @@ -591,7 +591,439 @@ SSL_CipherSpec SSL_CipherSpecs[] = { 0, 256, 160 - } + }, + { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_RSA, + 0, + 128, + 160 + }, + { TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_DSS, + 0, + 128, + 160 + }, + { TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_RSA, + 0, + 128, + 160 + }, + { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_DSS, + 0, + 128, + 160 + }, + { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_RSA, + 0, + 128, + 160 + }, + { TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_ANON, + 0, + 128, + 160 + }, + { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_RSA, + 0, + 256, + 160 + }, + { TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_DSS, + 0, + 256, + 160 + }, + { TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_RSA, + 0, + 256, + 160 + }, + { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_DSS, + 0, + 256, + 160 + }, + { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_RSA, + 0, + 256, + 160 + }, + { TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_CAMELLIA, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_ANON, + 0, + 256, + 160 + }, + { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_3DES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + 0, + 168, + 160 + }, + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + 0, + 128, + 160 + }, + { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + 0, + 256, + 160 + }, + { TLS_ECDHE_ECDSA_WITH_NULL_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_NULL, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + 0, + 0, + 160 + }, + { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_RC4, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + 0, + 128, + 160 + }, + { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_3DES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + 0, + 168, + 160 + }, + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + 0, + 128, + 160 + }, + { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + 0, + 256, + 160 + }, + { TLS_ECDHE_RSA_WITH_NULL_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_NULL, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + 0, + 0, + 160 + }, + { TLS_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_RC4, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + 0, + 128, + 160 + }, + { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_3DES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ECDSA, + 0, + 168, + 160 + }, + { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ECDSA, + 0, + 128, + 160 + }, + { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ECDSA, + 0, + 256, + 160 + }, + { TLS_ECDH_ECDSA_WITH_NULL_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_NULL, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ECDSA, + 0, + 0, + 160 + }, + { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_RC4, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ECDSA, + 0, + 128, + 160 + }, + { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_3DES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_RSA, + 0, + 168, + 160 + }, + { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_RSA, + 0, + 128, + 160 + }, + { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_RSA, + 0, + 256, + 160 + }, + { TLS_ECDH_RSA_WITH_NULL_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_NULL, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_RSA, + 0, + 0, + 160 + }, + { TLS_ECDH_RSA_WITH_RC4_128_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_RC4, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_RSA, + 0, + 128, + 160 + }, + { TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_3DES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ANON, + 0, + 168, + 160 + }, + { TLS_ECDH_anon_WITH_AES_128_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ANON, + 0, + 128, + 160 + }, + { TLS_ECDH_anon_WITH_AES_256_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_AES, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ANON, + 0, + 256, + 160 + }, + { TLS_ECDH_anon_WITH_NULL_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_NULL, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ANON, + 0, + 0, + 160 + }, + { TLS_ECDH_anon_WITH_RC4_128_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_RC4, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_ECDH_ANON, + 0, + 128, + 160 + }, + { TLS_RSA_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_RSA, + 0, + 128, + 160 + }, + { TLS_DH_DSS_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_DSS, + 0, + 128, + 160 + }, + { TLS_DH_RSA_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_RSA, + 0, + 128, + 160 + }, + { TLS_DHE_DSS_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_DSS, + 0, + 128, + 160 + }, + { TLS_DHE_RSA_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DHE_RSA, + 0, + 128, + 160 + }, + { TLS_DH_anon_WITH_SEED_CBC_SHA, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_SEED, + SSL_MAC_SHA, + SSL_KEY_EXCHANGE_DH_ANON, + 0, + 128, + 160 + }, + + }; const uint SSL_CipherSpecs_Count = diff --git a/src/SSLCiphers.h b/src/SSLCiphers.h index 389c4d1992..5d13b5b8b6 100644 --- a/src/SSLCiphers.h +++ b/src/SSLCiphers.h @@ -12,14 +12,14 @@ */ enum SSLv2_CipherSpec { // --- standard SSLv2 ciphers - SSL_CK_RC4_128_WITH_MD5 = 0x010080, - SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080, - SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080, - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080, - SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080, - SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040, - SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0, - SSL_CK_RC4_64_WITH_MD5 = 0x080080 + SSL_CK_RC4_128_WITH_MD5 = 0x010080, + SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080, + SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080, + SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080, + SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080, + SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040, + SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0, + SSL_CK_RC4_64_WITH_MD5 = 0x080080 }; @@ -28,60 +28,236 @@ enum SSLv2_CipherSpec { */ enum SSL3_1_CipherSpec { // --- standard SSLv3x ciphers - TLS_NULL_WITH_NULL_NULL = 0x0000, - TLS_RSA_WITH_NULL_MD5 = 0x0001, - TLS_RSA_WITH_NULL_SHA = 0x0002, - TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, - TLS_RSA_WITH_RC4_128_MD5 = 0x0004, - TLS_RSA_WITH_RC4_128_SHA = 0x0005, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006, - TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007, - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, - TLS_RSA_WITH_DES_CBC_SHA = 0x0009, - TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B, - TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C, - TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E, - TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F, - TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011, - TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, - TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, - TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017, - TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018, - TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019, - TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A, - TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B, - // --- special SSLv3 ciphers - SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C, - SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D, - SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E, - // --- special SSLv3 FIPS ciphers - SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE, - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0XFEFF, - // --- new 56 bit export ciphers - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062, - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064, - TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063, - TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065, - TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066, + TLS_NULL_WITH_NULL_NULL = 0x0000, + TLS_RSA_WITH_NULL_MD5 = 0x0001, + TLS_RSA_WITH_NULL_SHA = 0x0002, + TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, + TLS_RSA_WITH_RC4_128_MD5 = 0x0004, + TLS_RSA_WITH_RC4_128_SHA = 0x0005, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006, + TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007, + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, + TLS_RSA_WITH_DES_CBC_SHA = 0x0009, + TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B, + TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C, + TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E, + TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F, + TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011, + TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, + TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017, + TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019, + TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A, + TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B, + // --- special SSLv3 ciphers + SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C, + SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D, + //SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E, + // -- RFC 2712 (ciphers not fully described in SSLCiphers.cc) + TLS_KRB5_WITH_DES_CBC_SHA = 0x001E, + TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F, + TLS_KRB5_WITH_RC4_128_SHA = 0x0020, + TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021, + TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022, + TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023, + TLS_KRB5_WITH_RC4_128_MD5 = 0x0024, + TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027, + TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A, + TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B, + // --- new AES ciphers - TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, - TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, - TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, - TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034, - TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, - TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, - TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, - TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A + TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, + TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, + TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, + TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034, + TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, + TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, + TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, + TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A, + TLS_RSA_WITH_NULL_SHA256 = 0x003B, + TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, + TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, + TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E, + TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, + // -- RFC 4132 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041, + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042, + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045, + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046, + // -- Non-RFC. Widely deployed implementation (ciphers not fully described in SSLCiphers.cc) + TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060, + TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061, + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062, + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063, + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064, + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065, + TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066, + // -- RFC 5246 (ciphers not fully described in SSLCiphers.cc) + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, + TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068, + TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, + TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C, + TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D, + // -- RFC 5932 + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084, + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085, + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088, + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089, + // -- RFC 4279 (ciphers not fully described in SSLCiphers.cc) + TLS_PSK_WITH_RC4_128_SHA = 0x008A, + TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, + TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C, + TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D, + TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E, + TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091, + TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092, + TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095, + // -- RFC 4162 + TLS_RSA_WITH_SEED_CBC_SHA = 0x0096, + TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097, + TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098, + TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099, + TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A, + TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B, + // -- RFC 5288 (ciphers not fully described in SSLCiphers.cc) + TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, + TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F, + TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0, + TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, + TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4, + TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5, + TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6, + TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7, + // -- RFC 5487 (ciphers not fully described in SSLCiphers.cc) + TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, + TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB, + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC, + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD, + TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE, + TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF, + TLS_PSK_WITH_NULL_SHA256 = 0x00B0, + TLS_PSK_WITH_NULL_SHA384 = 0x00B1, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3, + TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4, + TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7, + TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8, + TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9, + // -- RFC 5932 (ciphers not fully described in SSLCiphers.cc) + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA, + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB, + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE, + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0, + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1, + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4, + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5, + // -- RFC 4492 + TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001, + TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005, + TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A, + TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B, + TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F, + TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010, + TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, + TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015, + TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016, + TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017, + TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018, + TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019, + // -- RFC 5054 (ciphers not fully described in SSLCiphers.cc) + TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A, + TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B, + TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C, + TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D, + TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E, + TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F, + TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020, + TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021, + TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022, + // -- RFC 5289 (ciphers not fully described in SSLCiphers.cc) + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C, + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D, + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030, + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031, + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032, + // -- RFC 5489 (ciphers not fully described in SSLCiphers.cc) + TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033, + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038, + TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039, + TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A, + TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B, + // --- special SSLv3 FIPS ciphers + SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE, + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF, + SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1, + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFe0, }; enum SSL_CipherType { @@ -99,7 +275,9 @@ enum SSL_BulkCipherAlgorithm { SSL_CIPHER_DES40, SSL_CIPHER_FORTEZZA, SSL_CIPHER_IDEA, - SSL_CIPHER_AES + SSL_CIPHER_AES, + SSL_CIPHER_CAMELLIA, + SSL_CIPHER_SEED, }; enum SSL_MACAlgorithm { @@ -126,7 +304,13 @@ enum SSL_KeyExchangeAlgorithm { SSL_KEY_EXCHANGE_FORTEZZA_KEA, // --- new 56 bit export ciphers SSL_KEY_EXCHANGE_RSA_EXPORT1024, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 + SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024, + // -- Elliptic Curve key change algorithms (rfc4492) + SSL_KEY_EXCHANGE_ECDH_ECDSA, + SSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_KEY_EXCHANGE_ECDH_RSA, + SSL_KEY_EXCHANGE_ECDHE_RSA, + SSL_KEY_EXCHANGE_ECDH_ANON, }; #if 0 From 5edf0eb75d2af64602f29b4e99e64c172c2892ea Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Tue, 26 Oct 2010 16:41:57 -0400 Subject: [PATCH 02/54] Modification from rmkml to support SSL extensions. --- src/SSLv3.cc | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/SSLv3.cc b/src/SSLv3.cc index 4d89f27ad8..d4b558ba79 100644 --- a/src/SSLv3.cc +++ b/src/SSLv3.cc @@ -941,9 +941,9 @@ TableVal* SSLv3_Interpreter::analyzeCiphers(const SSLv3_Endpoint* s, int length, if ( length > ssl_max_cipherspec_size ) { if ( is_orig ) - Weird("SSLv2: Client has CipherSpecs > ssl_max_cipherspec_size"); + Weird("SSLv3: Client has CipherSpecs > ssl_max_cipherspec_size"); else - Weird("SSLv2: Server has CipherSpecs > ssl_max_cipherspec_size"); + Weird("SSLv3: Server has CipherSpecs > ssl_max_cipherspec_size"); } const u_char* pCipher = data; @@ -1357,8 +1357,16 @@ int SSLv3_HandshakeRecord::checkClientHello() if ( sessionIDLength + cipherSuiteLength + compressionMethodLength + 38 != length ) { - endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Client hello!"); - return 0; + uint16 sslExtensionsLength = + uint16(data[41 + sessionIDLength + cipherSuiteLength + compressionMethodLength + 1 ] << 8 ) | data[41 + sessionIDLength + cipherSuiteLength + compressionMethodLength + 2 ]; + if ( sslExtensionsLength < 4 ) + endp->Interpreter()->Weird("SSLv3x: Extensions length too small!"); + if ( sessionIDLength + cipherSuiteLength + + compressionMethodLength + 2 + sslExtensionsLength + 38 != length ) + { + endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Client hello!"); + return 0; + } } return 1; @@ -1384,7 +1392,7 @@ int SSLv3_HandshakeRecord::checkServerHello() return 0; } - if ( (sessionIDLength + 38) != length ) + if ( (sessionIDLength + 45) != length ) { endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Server hello!"); return 0; From a598bdb5556a9f2038a52a473c53a7429d8b2491 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 9 Dec 2010 15:23:54 -0500 Subject: [PATCH 03/54] Fixed the problem with do_split function which caused it to bail 1 separator early. --- src/strings.bif | 75 +++++++++++++++++++++---------------------------- 1 file changed, 32 insertions(+), 43 deletions(-) diff --git a/src/strings.bif b/src/strings.bif index 44b0c57eb6..2820726e30 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -198,7 +198,6 @@ static int match_prefix(int s_len, const char* s, int t_len, const char* t) Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, int incl_sep, int max_num_sep) { - const BroString* str = str_val->AsString(); TableVal* a = new TableVal(internal_type("string_array")->AsTableType()); ListVal* other_strings = 0; @@ -209,66 +208,56 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, // the future we expect to change this by giving RE_Matcher a // const char* segment. - const char* s = str->CheckString(); - int len = strlen(s); - const char* end_of_s = s + len; + const u_char* s = str_val->Bytes(); + int n = str_val->Len(); + const u_char* end_of_s = s + n; int num = 0; int num_sep = 0; + + int offset = 0; - while ( 1 ) + while ( n > 0 ) { - int offset = 0; - const char* t; - - if ( max_num_sep > 0 && num_sep >= max_num_sep ) - t = end_of_s; - else + offset = 0; + // Find next match offset. + int end_of_match; + while ( n > 0 && + (end_of_match = re->MatchPrefix(&s[offset], n)) <= 0 ) { - for ( t = s; t < end_of_s; ++t ) - { - offset = re->MatchPrefix(t); - - if ( other_strings ) - { - val_list* vl = other_strings->Vals(); - loop_over_list(*vl, i) - { - const BroString* sub = - (*vl)[i]->AsString(); - if ( sub->Len() > offset && - match_prefix(end_of_s - t, - t, sub->Len(), - (const char*) (sub->Bytes())) ) - { - offset = sub->Len(); - } - } - } - - if ( offset > 0 ) - break; - } + printf("character %d\n", offset); + // Move on to next character. + ++offset; + --n; } - + Val* ind = new Val(++num, TYPE_COUNT); - a->Assign(ind, new StringVal(t - s, s)); + a->Assign(ind, new StringVal(offset, (const char*) s)); Unref(ind); - if ( t >= end_of_s ) + // No more separators will be needed if this is the end of string. + if ( n <= 0 ) break; - ++num_sep; - if ( incl_sep ) { // including the part that matches the pattern ind = new Val(++num, TYPE_COUNT); - a->Assign(ind, new StringVal(offset, t)); + a->Assign(ind, new StringVal(end_of_match, (const char*) s+offset)); Unref(ind); } - - s = t + offset; + + if ( max_num_sep && num_sep >= max_num_sep ) + break; + + ++num_sep; + + offset += end_of_match; + n -= end_of_match; + s += offset; + if ( s > end_of_s ) + { internal_error("RegMatch in split goes beyond the string"); + } } if ( other_strings ) From 61c99176ad9e8ca43bf7711ea385f5c97d507b33 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 9 Dec 2010 15:59:08 -0500 Subject: [PATCH 04/54] Readded the other changes to remove CheckString calls from strings.bif. --- src/strings.bif | 107 ++++++++++++++++++++++-------------------------- 1 file changed, 49 insertions(+), 58 deletions(-) diff --git a/src/strings.bif b/src/strings.bif index 2820726e30..d3c1ca2e5d 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -138,27 +138,27 @@ function sort_string_array%(a: string_array%): string_array function edit%(arg_s: string, arg_edit_char: string%): string %{ - const char* s = arg_s->AsString()->CheckString(); - const char* edit_s = arg_edit_char->AsString()->CheckString(); - - if ( strlen(edit_s) != 1 ) + if ( arg_edit_char->Len() != 1 ) builtin_run_time("not exactly one edit character", @ARG@[1]); + + const u_char* s = arg_s->Bytes(); + const u_char* edit_s = arg_edit_char->Bytes(); - char edit_c = *edit_s; + u_char edit_c = *edit_s; - int n = strlen(s) + 1; - char* new_s = new char[n]; + int n = arg_s->Len(); + u_char* new_s = new u_char[n+1]; int ind = 0; - for ( ; *s; ++s ) + for ( int i=0; iCheckString(); - int n = strlen(s) + 1; + const u_char* s = str->Bytes(); + int n = str->Len(); char* lower_s = new char[n]; + char* ls = lower_s; - char* ls; - for ( ls = lower_s; *s; ++s ) + for (int i=0; iCheckString(); - int n = strlen(s) + 1; + const u_char* s = str->Bytes(); + int n = str->Len(); char* upper_s = new char[n]; - - char* us; - for ( us = upper_s; *s; ++s ) + char* us = upper_s; + + for (int i=0; iCheckString(); + const u_char* s = str->Bytes(); + int n = str->Len(); - int n = strlen(s) + 1; - char* strip_s = new char[n]; - - if ( n == 1 ) + if ( n == 0 ) // Empty string. - return new StringVal(new BroString(1, byte_vec(strip_s), 0)); + return new StringVal(new BroString(s, n, 1)); - while ( isspace(*s) ) - ++s; - - strncpy(strip_s, s, n); - - char* s2 = strip_s; - char* e = &s2[strlen(s2) - 1]; - - while ( e > s2 && isspace(*e) ) + const u_char* sp = s; + // Move a pointer to the end of the string + const u_char* e = &sp[n-1]; + while ( e > sp && isspace(*e) ) --e; - e[1] = '\0'; // safe even if e hasn't changed, due to n = strlen + 1 + // Move the pointer for the beginning of the string + while ( isspace(*sp) ) + ++sp; - return new StringVal(new BroString(1, byte_vec(s2), (e-s2)+1)); + return new StringVal(new BroString(sp, e-sp+1, 1)); %} function string_fill%(len: int, source: string%): string %{ - const char* src = source->CheckString(); - - int sn = strlen(src); + const u_char* src = source->Bytes(); + int n = source->Len(); char* dst = new char[len]; - for ( int i = 0; i < len; i += sn ) - ::memcpy((dst + i), src, min(sn, len - i)); + for ( int i = 0; i < len; i += n ) + ::memcpy((dst + i), src, min(n, len - i)); dst[len - 1] = 0; @@ -639,11 +629,12 @@ function string_fill%(len: int, source: string%): string # function str_shell_escape%(source: string%): string %{ - unsigned j = 0; - const char* src = source->CheckString(); - char* dst = new char[strlen(src) * 2 + 1]; + uint j = 0; + const u_char* src = source->Bytes(); + uint n = source->Len(); + byte_vec dst = new u_char[n * 2 + 1]; - for ( unsigned i = 0; i < strlen(src); ++i ) + for ( uint i = 0; i < n; ++i ) { switch ( src[i] ) { case '`': case '"': case '\\': case '$': @@ -661,7 +652,7 @@ function str_shell_escape%(source: string%): string } dst[j] = '\0'; - return new StringVal(new BroString(1, byte_vec(dst), j)); + return new StringVal(new BroString(1, dst, j)); %} # Returns all occurrences of the given pattern in the given string (an empty From 266acde342227a699e0639c53a04fbf1490f4435 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 9 Dec 2010 16:01:19 -0500 Subject: [PATCH 05/54] Removed an accidental debugging printf. --- src/strings.bif | 1 - 1 file changed, 1 deletion(-) diff --git a/src/strings.bif b/src/strings.bif index d3c1ca2e5d..253709e858 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -224,7 +224,6 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, while ( n > 0 && (end_of_match = re->MatchPrefix(&s[offset], n)) <= 0 ) { - printf("character %d\n", offset); // Move on to next character. ++offset; --n; From a5632aff4e971b89f216c6a1b0b19fa3ea1a7a73 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Wed, 12 Jan 2011 09:38:13 -0800 Subject: [PATCH 06/54] TCP Reassembler hotfix for conns > 2GB. The TCP Reassembler does not deliver any data to analyzers after the first 2GB due to signed integer overflow (Actually it will deliver again between 4--6GB, etc.) This happens silently, i.e., without content_gap events or Undelivered calls. See Comments in TCP_Reassembler.cc for more details. As a hotfix that seems to work I disabled the seq_to_skip features. It wasn't used by any analyzer or policy script (Note, that seq_to_skip is different from skip_deliveries). See also ticket #348 --- src/Reassem.cc | 4 ++- src/Reassem.h | 2 +- src/TCP_Reassembler.cc | 70 ++++++++++++++++++++++++++++++++++-------- src/TCP_Reassembler.h | 14 ++++++++- 4 files changed, 74 insertions(+), 16 deletions(-) diff --git a/src/Reassem.cc b/src/Reassem.cc index c6ec6a3420..51e39ce83d 100644 --- a/src/Reassem.cc +++ b/src/Reassem.cc @@ -195,8 +195,10 @@ void Reassembler::Describe(ODesc* d) const d->Add("reassembler"); } -void Reassembler::Undelivered(int /* up_to_seq */) +void Reassembler::Undelivered(int up_to_seq) { + // TrimToSeq() expects this. + last_reassem_seq = up_to_seq; } DataBlock* Reassembler::AddAndCheck(DataBlock* b, int seq, int upper, diff --git a/src/Reassem.h b/src/Reassem.h index 0200f8577b..ee70d70b15 100644 --- a/src/Reassem.h +++ b/src/Reassem.h @@ -11,7 +11,7 @@ class DataBlock { public: DataBlock(const u_char* data, int size, int seq, - DataBlock* next, DataBlock* prev); + DataBlock* prev, DataBlock* next); ~DataBlock(); diff --git a/src/TCP_Reassembler.cc b/src/TCP_Reassembler.cc index c6adec2294..e4fd7077c7 100644 --- a/src/TCP_Reassembler.cc +++ b/src/TCP_Reassembler.cc @@ -9,6 +9,30 @@ // Only needed for gap_report events. #include "Event.h" +// Note, sequence numbers are relative. I.e., they start with 1. + +// The Reassembler uses 32 bit ints for keeping track of sequence numbers. +// This means that the seq numbers will become negative once we exceed +// 2 GB of data. The Reassembler seems to mostly work despite negative +// sequence numbers, since seq_delta() will handle them gracefully. +// However, there are a couple of issues. E.g., seq_to_skip doesn't work +// (which is now disabled with an ifdef, since it wasn't used) +// Also, a check in Undelivered() had a problem with negative sequence +// numbers. +// +// There are numerous counters (e.g., number of total bytes, etc.) that are +// incorrect due to overflow too. However, these seem to be for informative +// purposes only, so we currently ignore them. +// +// There might be other problems hidden somewhere, that I haven't discovered +// yet...... +// +// Ideally the Reassembler should start using 64 bit ints for keeping track +// of sequence numbers +// +// Reassem.{cc|h} and other "Reassemblers" that inherit from it (e.g., Frag) +// need to be updated too. + const bool DEBUG_tcp_contents = false; const bool DEBUG_tcp_connection_close = false; const bool DEBUG_tcp_match_undelivered = false; @@ -35,7 +59,9 @@ TCP_Reassembler::TCP_Reassembler(Analyzer* arg_dst_analyzer, deliver_tcp_contents = 0; skip_deliveries = 0; did_EOF = 0; +#ifdef XXX_USE_SEQ_TO_SKIP seq_to_skip = 0; +#endif in_delivery = false; if ( tcp_contents ) @@ -120,7 +146,7 @@ void TCP_Reassembler::Undelivered(int up_to_seq) TCP_Endpoint* endpoint = endp; TCP_Endpoint* peer = endpoint->peer; - if ( up_to_seq <= 2 && tcp_analyzer->IsPartial() ) + if ( up_to_seq <= 2 && tcp_analyzer->IsPartial() ) { // Since it was a partial connection, we faked up its // initial sequence numbers as though we'd seen a SYN. // We've now received the first ack and are getting a @@ -129,7 +155,17 @@ void TCP_Reassembler::Undelivered(int up_to_seq) // (if up_to_seq is 2). The latter can occur when the // first packet we saw instantiating the partial connection // was a keep-alive. So, in either case, just ignore it. - return; + + // TODO: Don't we need to update last_reassm_seq ???? + + if (up_to_seq >=0 ) + // Since seq are currently only 32 bit signed integers, they + // will become negative if a connection has more than 2GB of + // data..... + // Remove the above if and always return here, + // once we're using 64 bit ints + return; + } #if 0 if ( endpoint->FIN_cnt > 0 ) @@ -144,16 +180,20 @@ void TCP_Reassembler::Undelivered(int up_to_seq) if ( DEBUG_tcp_contents ) { - DEBUG_MSG("%.6f Undelivered: up_to_seq=%d, last_reassm=%d, " + DEBUG_MSG("%.6f Undelivered: is_orig=%d up_to_seq=%d, last_reassm=%d, " "endp: FIN_cnt=%d, RST_cnt=%d, " "peer: FIN_cnt=%d, RST_cnt=%d\n", - network_time, up_to_seq, last_reassem_seq, + network_time, is_orig, up_to_seq, last_reassem_seq, endpoint->FIN_cnt, endpoint->RST_cnt, peer->FIN_cnt, peer->RST_cnt); } if ( seq_delta(up_to_seq, last_reassem_seq) <= 0 ) + { + // This should never happen. + internal_error("Calling Undelivered for data that has already been delivered (or has already been marked as undelivered"); return; + } if ( last_reassem_seq == 1 && (endpoint->FIN_cnt > 0 || endpoint->RST_cnt > 0 || @@ -177,9 +217,9 @@ void TCP_Reassembler::Undelivered(int up_to_seq) { if ( DEBUG_tcp_contents ) { - DEBUG_MSG("%.6f Undelivered: seq=%d, len=%d, " + DEBUG_MSG("%.6f Undelivered: is_orig=%d, seq=%d, len=%d, " "skip_deliveries=%d\n", - network_time, last_reassem_seq, + network_time, is_orig, last_reassem_seq, seq_delta(up_to_seq, last_reassem_seq), skip_deliveries); } @@ -376,7 +416,7 @@ void TCP_Reassembler::BlockInserted(DataBlock* start_block) void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, int n) { if ( DEBUG_tcp_contents ) - DEBUG_MSG("%.6f TCP contents overlap: %d\n", network_time, n); + DEBUG_MSG("%.6f TCP contents overlap: %d is_orig=%d\n", network_time, n, is_orig); if ( rexmit_inconsistency && memcmp((const void*) b1, (const void*) b2, n) && @@ -419,8 +459,8 @@ int TCP_Reassembler::DataSent(double t, int seq, int len, if ( DEBUG_tcp_contents ) { - DEBUG_MSG("%.6f DataSent: seq=%d upper=%d ack=%d\n", - network_time, seq, upper_seq, ack); + DEBUG_MSG("%.6f DataSent: is_orig=%d seq=%d upper=%d ack=%d\n", + network_time, is_orig, seq, upper_seq, ack); } if ( skip_deliveries ) @@ -477,8 +517,7 @@ void TCP_Reassembler::AckReceived(int seq) // Zero, or negative in sequence-space terms. Nothing to do. return; - bool test_active = - ! skip_deliveries && ! tcp_analyzer->Skipping() && + bool test_active = ! skip_deliveries && ! tcp_analyzer->Skipping() && endp->state == TCP_ENDPOINT_ESTABLISHED && endp->peer->state == TCP_ENDPOINT_ESTABLISHED; @@ -569,7 +608,8 @@ void TCP_Reassembler::CheckEOF() void TCP_Reassembler::DeliverBlock(int seq, int len, const u_char* data) { - if ( seq_delta(seq + len, seq_to_skip) <= 0 ) +#ifdef XXX_USE_SEQ_TO_SKIP + if ( seq_delta(seq + len, seq_to_skip) <= 0 ) return; if ( seq_delta(seq, seq_to_skip) < 0 ) @@ -579,6 +619,7 @@ void TCP_Reassembler::DeliverBlock(int seq, int len, const u_char* data) data += to_skip; seq = seq_to_skip; } +#endif if ( deliver_tcp_contents ) { @@ -603,11 +644,13 @@ void TCP_Reassembler::DeliverBlock(int seq, int len, const u_char* data) in_delivery = true; Deliver(seq, len, data); in_delivery = false; - +#ifdef XXX_USE_SEQ_TO_SKIP if ( seq_delta(seq + len, seq_to_skip) < 0 ) SkipToSeq(seq_to_skip); +#endif } +#ifdef XXX_USE_SEQ_TO_SKIP void TCP_Reassembler::SkipToSeq(int seq) { if ( seq_delta(seq, seq_to_skip) > 0 ) @@ -617,6 +660,7 @@ void TCP_Reassembler::SkipToSeq(int seq) TrimToSeq(seq); } } +#endif int TCP_Reassembler::DataPending() const { diff --git a/src/TCP_Reassembler.h b/src/TCP_Reassembler.h index 3e8426c9fb..e6c9e35d16 100644 --- a/src/TCP_Reassembler.h +++ b/src/TCP_Reassembler.h @@ -6,6 +6,13 @@ #include "Reassem.h" #include "TCP_Endpoint.h" +// The skip_to_seq feature does not work correctly with +// connections >2GB due to use of 32 bit signed ints (see +// comments in TCP_Reassembler.cc) +// Since it's not used by any analyzer or policy script we disable +// it. Could be added back in once we start using 64bit integers. +// #define XXX_USE_SEQ_TO_SKIP + class BroFile; class Connection; class TCP_Analyzer; @@ -60,9 +67,11 @@ public: void MatchUndelivered(int up_to_seq = -1); +#ifdef XXX_USE_SEQ_TO_SKIP // Skip up to seq, as if there's a content gap. // Can be used to skip HTTP data for performance considerations. void SkipToSeq(int seq); +#endif int DataSent(double t, int seq, int len, const u_char* data, bool replaying=true); @@ -85,9 +94,10 @@ public: const TCP_Endpoint* Endpoint() const { return endp; } int IsOrig() const { return endp->IsOrig(); } - +#ifdef XXX_USE_SEQ_TO_SKIP bool IsSkippedContents(int seq, int length) const { return seq + length <= seq_to_skip; } +#endif private: TCP_Reassembler() { } @@ -110,7 +120,9 @@ private: unsigned int did_EOF:1; unsigned int skip_deliveries:1; +#ifdef XXX_USE_SEQ_TO_SKIP int seq_to_skip; +#endif bool in_delivery; BroFile* record_contents_file; // file on which to reassemble contents From 9cfef93522a55087814eab8c13ad866f19e1e439 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Tue, 18 Jan 2011 14:40:37 -0500 Subject: [PATCH 07/54] Fixed bug in do_split implementation. Test suite succeeds! --- src/strings.bif | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/src/strings.bif b/src/strings.bif index 253709e858..2e499ca0c4 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -204,10 +204,6 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, if ( other_sep && other_sep->Size() > 0 ) other_strings = other_sep->ConvertToPureList(); - // Currently let us assume that str is NUL-terminated. In - // the future we expect to change this by giving RE_Matcher a - // const char* segment. - const u_char* s = str_val->Bytes(); int n = str_val->Len(); const u_char* end_of_s = s + n; @@ -215,7 +211,6 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, int num_sep = 0; int offset = 0; - while ( n > 0 ) { offset = 0; @@ -224,7 +219,7 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, while ( n > 0 && (end_of_match = re->MatchPrefix(&s[offset], n)) <= 0 ) { - // Move on to next character. + // Move on to next byte. ++offset; --n; } @@ -249,7 +244,6 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, ++num_sep; - offset += end_of_match; n -= end_of_match; s += offset; From c7a5bf071db9ba141405983b2ab7b27f78603403 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 19 Jan 2011 11:46:35 -0500 Subject: [PATCH 08/54] Prepared the old analyzer for extracting SSL extensions. --- src/SSLCiphers.cc | 44 +++++++++++++++++++++---------------------- src/SSLCiphers.h | 48 +++++++++++++++++++++++------------------------ src/SSLv3.cc | 46 +++++++++++++++++++++++++-------------------- 3 files changed, 72 insertions(+), 66 deletions(-) diff --git a/src/SSLCiphers.cc b/src/SSLCiphers.cc index e8972beb21..002262d853 100644 --- a/src/SSLCiphers.cc +++ b/src/SSLCiphers.cc @@ -319,52 +319,52 @@ SSL_CipherSpec SSL_CipherSpecs[] = { 168, 160 }, - { TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + { TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_CIPHER_TYPE_STREAM, SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_RC4, SSL_MAC_MD5, - SSL_KEY_EXCHANGE_DH_ANON_EXPORT, + SSL_KEY_EXCHANGE_DH_anon_EXPORT, 0, 40, 128 }, - { TLS_DH_ANON_WITH_RC4_128_MD5, + { TLS_DH_anon_WITH_RC4_128_MD5, SSL_CIPHER_TYPE_STREAM, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_RC4, SSL_MAC_MD5, - SSL_KEY_EXCHANGE_DH_ANON, + SSL_KEY_EXCHANGE_DH_anon, 0, 128, 128 }, - { TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + { TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, SSL_CIPHER_TYPE_BLOCK, SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_DES40, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_ANON, + SSL_KEY_EXCHANGE_DH_anon, 0, 40, 160 }, - { TLS_DH_ANON_WITH_DES_CBC_SHA, + { TLS_DH_anon_WITH_DES_CBC_SHA, SSL_CIPHER_TYPE_BLOCK, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_DES, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_ANON, + SSL_KEY_EXCHANGE_DH_anon, 0, 56, 160 }, - { TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, + { TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_CIPHER_TYPE_BLOCK, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_3DES, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_ANON, + SSL_KEY_EXCHANGE_DH_anon, 0, 168, 160 @@ -522,12 +522,12 @@ SSL_CipherSpec SSL_CipherSpecs[] = { 128, 160 }, - { TLS_DH_ANON_WITH_AES_128_CBC_SHA, + { TLS_DH_anon_WITH_AES_128_CBC_SHA, SSL_CIPHER_TYPE_BLOCK, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_AES, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_ANON, + SSL_KEY_EXCHANGE_DH_anon, 0, 128, 160 @@ -582,12 +582,12 @@ SSL_CipherSpec SSL_CipherSpecs[] = { 256, 160 }, - { TLS_DH_ANON_WITH_AES_256_CBC_SHA, + { TLS_DH_anon_WITH_AES_256_CBC_SHA, SSL_CIPHER_TYPE_BLOCK, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_AES, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_ANON, + SSL_KEY_EXCHANGE_DH_anon, 0, 256, 160 @@ -647,7 +647,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = { SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_CAMELLIA, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_ANON, + SSL_KEY_EXCHANGE_DH_anon, 0, 128, 160 @@ -707,7 +707,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = { SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_CAMELLIA, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_ANON, + SSL_KEY_EXCHANGE_DH_anon, 0, 256, 160 @@ -917,7 +917,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = { SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_3DES, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ANON, + SSL_KEY_EXCHANGE_ECDH_anon, 0, 168, 160 @@ -927,7 +927,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = { SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_AES, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ANON, + SSL_KEY_EXCHANGE_ECDH_anon, 0, 128, 160 @@ -937,7 +937,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = { SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_AES, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ANON, + SSL_KEY_EXCHANGE_ECDH_anon, 0, 256, 160 @@ -947,7 +947,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = { SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_NULL, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ANON, + SSL_KEY_EXCHANGE_ECDH_anon, 0, 0, 160 @@ -957,7 +957,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = { SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_RC4, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ANON, + SSL_KEY_EXCHANGE_ECDH_anon, 0, 128, 160 @@ -1017,7 +1017,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = { SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_CIPHER_SEED, SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_ANON, + SSL_KEY_EXCHANGE_DH_anon, 0, 128, 160 diff --git a/src/SSLCiphers.h b/src/SSLCiphers.h index 5d13b5b8b6..408a3b1567 100644 --- a/src/SSLCiphers.h +++ b/src/SSLCiphers.h @@ -51,11 +51,11 @@ enum SSL3_1_CipherSpec { TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, - TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017, - TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018, - TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019, - TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A, - TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B, + TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017, + TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018, + TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019, + TLS_DH_anon_WITH_DES_CBC_SHA = 0x001A, + TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B, // --- special SSLv3 ciphers SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C, SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D, @@ -82,13 +82,13 @@ enum SSL3_1_CipherSpec { TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, - TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034, + TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034, TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, - TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A, + TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A, TLS_RSA_WITH_NULL_SHA256 = 0x003B, TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, @@ -101,7 +101,7 @@ enum SSL3_1_CipherSpec { TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045, - TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046, + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046, // -- Non-RFC. Widely deployed implementation (ciphers not fully described in SSLCiphers.cc) TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060, TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061, @@ -116,15 +116,15 @@ enum SSL3_1_CipherSpec { TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, - TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C, - TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D, + TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C, + TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D, // -- RFC 5932 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088, - TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089, + TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089, // -- RFC 4279 (ciphers not fully described in SSLCiphers.cc) TLS_PSK_WITH_RC4_128_SHA = 0x008A, TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, @@ -144,7 +144,7 @@ enum SSL3_1_CipherSpec { TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098, TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099, TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A, - TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B, + TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B, // -- RFC 5288 (ciphers not fully described in SSLCiphers.cc) TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, @@ -156,8 +156,8 @@ enum SSL3_1_CipherSpec { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4, TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5, - TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6, - TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7, + TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6, + TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7, // -- RFC 5487 (ciphers not fully described in SSLCiphers.cc) TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, @@ -183,13 +183,13 @@ enum SSL3_1_CipherSpec { TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE, - TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF, + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4, - TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5, + TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5, // -- RFC 4492 TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001, TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002, @@ -211,11 +211,11 @@ enum SSL3_1_CipherSpec { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, - TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015, - TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016, - TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017, - TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018, - TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019, + TLS_ECDH_anon_WITH_NULL_SHA = 0xC015, + TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016, + TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017, + TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018, + TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019, // -- RFC 5054 (ciphers not fully described in SSLCiphers.cc) TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A, TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B, @@ -299,8 +299,8 @@ enum SSL_KeyExchangeAlgorithm { SSL_KEY_EXCHANGE_DHE_DSS_EXPORT, SSL_KEY_EXCHANGE_DHE_RSA, SSL_KEY_EXCHANGE_DHE_RSA_EXPORT, - SSL_KEY_EXCHANGE_DH_ANON, - SSL_KEY_EXCHANGE_DH_ANON_EXPORT, + SSL_KEY_EXCHANGE_DH_anon, + SSL_KEY_EXCHANGE_DH_anon_EXPORT, SSL_KEY_EXCHANGE_FORTEZZA_KEA, // --- new 56 bit export ciphers SSL_KEY_EXCHANGE_RSA_EXPORT1024, @@ -310,7 +310,7 @@ enum SSL_KeyExchangeAlgorithm { SSL_KEY_EXCHANGE_ECDHE_ECDSA, SSL_KEY_EXCHANGE_ECDH_RSA, SSL_KEY_EXCHANGE_ECDHE_RSA, - SSL_KEY_EXCHANGE_ECDH_ANON, + SSL_KEY_EXCHANGE_ECDH_anon, }; #if 0 diff --git a/src/SSLv3.cc b/src/SSLv3.cc index d4b558ba79..92d18c6f26 100644 --- a/src/SSLv3.cc +++ b/src/SSLv3.cc @@ -195,7 +195,7 @@ void SSLv3_Interpreter::printStats() printf( "SSLv3x:\n" ); printf( "Note: Because handshake messages may be coalesced into a \n"); printf( " single SSLv3x record, the number of total messages for SSLv3x plus \n"); - printf( " the number of total records seen for SSLv2 won't match \n"); + printf( " the number of total records seen for SSLv3 won't match \n"); printf( " SSLProxy_Analyzer::totalRecords! \n"); printf( "total connections = %u\n", totalConnections ); printf( "opened connections (complete handshake) = %u\n", openedConnections ); @@ -554,7 +554,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec) } else { - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 ) + if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 ) { if ( rec->length < 2 ) { @@ -595,11 +595,11 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec) switch (cipherSuite) { case TLS_NULL_WITH_NULL_NULL: - case TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5: - case TLS_DH_ANON_WITH_RC4_128_MD5: - case TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: - case TLS_DH_ANON_WITH_DES_CBC_SHA: - case TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA: + case TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: + case TLS_DH_anon_WITH_RC4_128_MD5: + case TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: + case TLS_DH_anon_WITH_DES_CBC_SHA: + case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: { Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!"); break; @@ -618,7 +618,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec) break; } - if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT ) + if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT ) Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!"); // FIXME: Insert weird checks! @@ -654,7 +654,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec) } else { - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 ) + if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 ) { if ( rec->length < 2 ) { @@ -1328,7 +1328,9 @@ int SSLv3_HandshakeRecord::checkClientHello() version != SSLProxy_Analyzer::SSLv31 ) endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Client hello!"); - uint8 sessionIDLength = uint8(data[38]); + uint16 offset = 38; + uint8 sessionIDLength = uint8(data[offset]); + offset += (1 + sessionIDLength); if ( sessionIDLength > 32 ) { endp->Interpreter()->Weird("SSLv3x: SessionID too long in Client hello!"); @@ -1336,33 +1338,37 @@ int SSLv3_HandshakeRecord::checkClientHello() } uint16 cipherSuiteLength = - uint16(data[39 + sessionIDLength] << 8 ) | - data[40 + sessionIDLength]; + uint16(data[offset] << 8) | data[offset+1]; + offset += (2 + cipherSuiteLength); if ( cipherSuiteLength < 2 ) endp->Interpreter()->Weird("SSLv3x: CipherSuite length too small!"); - if ( cipherSuiteLength + sessionIDLength + 41 > recordLength ) + if ( offset > recordLength ) { endp->Interpreter()->Weird("SSLv3x: Client hello too small, corrupt length fields!"); return 0; } - uint8 compressionMethodLength = - uint8(data[41 + sessionIDLength + cipherSuiteLength]); + uint8 compressionMethodLength = uint8(data[offset]); + offset += (1 + compressionMethodLength); if ( compressionMethodLength < 1 ) endp->Interpreter()->Weird("SSLv3x: CompressionMethod length too small!"); - if ( sessionIDLength + cipherSuiteLength + - compressionMethodLength + 38 != length ) + if ( offset != length ) { uint16 sslExtensionsLength = - uint16(data[41 + sessionIDLength + cipherSuiteLength + compressionMethodLength + 1 ] << 8 ) | data[41 + sessionIDLength + cipherSuiteLength + compressionMethodLength + 2 ]; + uint16(data[offset] << 8 ) | data[offset+1]; + offset += 2; + if ( sslExtensionsLength < 4 ) endp->Interpreter()->Weird("SSLv3x: Extensions length too small!"); - if ( sessionIDLength + cipherSuiteLength + - compressionMethodLength + 2 + sslExtensionsLength + 38 != length ) + + // TODO: extract SSL extensions here + + offset += sslExtensionsLength; + if ( offset != length+4 ) { endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Client hello!"); return 0; From ef1650f6a2072bc686b265e1d0a5e5ec3529b80a Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 20 Jan 2011 15:07:24 -0500 Subject: [PATCH 09/54] Cleaned up g++ warnings. --- src/DCE_RPC.cc | 2 +- src/PrefixTable.cc | 4 ++-- src/RemoteSerializer.cc | 26 +++++++++++++------------- src/SMB.cc | 2 +- src/cq.c | 2 +- src/dce_rpc.pac | 4 ++-- src/patricia.c | 2 +- 7 files changed, 21 insertions(+), 21 deletions(-) diff --git a/src/DCE_RPC.cc b/src/DCE_RPC.cc index fe163f2632..62f7806c51 100644 --- a/src/DCE_RPC.cc +++ b/src/DCE_RPC.cc @@ -82,7 +82,7 @@ UUID::UUID(const char* str) } if ( i != 16 ) - internal_error(fmt("invalid UUID string: %s", str)); + internal_error("invalid UUID string: %s", str); } typedef map uuid_map_t; diff --git a/src/PrefixTable.cc b/src/PrefixTable.cc index e654b8440e..b3313c82e5 100644 --- a/src/PrefixTable.cc +++ b/src/PrefixTable.cc @@ -99,8 +99,8 @@ void* PrefixTable::Lookup(const Val* value, bool exact) const break; default: - internal_error(fmt("Wrong index type %d for PrefixTable", - value->Type()->Tag())); + internal_error("Wrong index type %d for PrefixTable", + value->Type()->Tag()); return 0; } } diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index a9329cc9cb..6709ea0456 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -1505,13 +1505,13 @@ bool RemoteSerializer::DoMessage() { // We shut the connection to this peer down, // so we ignore all further messages. - DEBUG_COMM(fmt("parent: ignoring %s due to shutdown of peer #%d", + DEBUG_COMM(fmt("parent: ignoring %s due to shutdown of peer #%llu", msgToStr(current_msgtype), current_peer ? current_peer->id : 0)); return true; } - DEBUG_COMM(fmt("parent: %s from child; peer is #%d", + DEBUG_COMM(fmt("parent: %s from child; peer is #%llu", msgToStr(current_msgtype), current_peer ? current_peer->id : 0)); @@ -2610,7 +2610,7 @@ bool RemoteSerializer::SendCMsgToChild(char msg_type, Peer* peer) bool RemoteSerializer::SendToChild(char type, Peer* peer, char* str, int len) { - DEBUG_COMM(fmt("parent: (->child) %s (#%d, %s)", msgToStr(type), peer ? peer->id : PEER_NONE, str)); + DEBUG_COMM(fmt("parent: (->child) %s (#%d, %s)", msgToStr(type), (uint32_t) (peer ? peer->id : PEER_NONE), str)); if ( ! child_pid ) return false; @@ -2635,7 +2635,7 @@ bool RemoteSerializer::SendToChild(char type, Peer* peer, int nargs, ...) #ifdef DEBUG va_start(ap, nargs); DEBUG_COMM(fmt("parent: (->child) %s (#%d,%s)", - msgToStr(type), peer ? peer->id : PEER_NONE, fmt_uint32s(nargs, ap))); + msgToStr(type), (uint32_t) (peer ? peer->id : PEER_NONE), fmt_uint32s(nargs, ap))); va_end(ap); #endif @@ -2715,7 +2715,7 @@ void RemoteSerializer::InternalCommError(const char* msg) #ifdef DEBUG_COMMUNICATION DumpDebugData(); #else - internal_error(msg); + internal_error(msg, ""); #endif } @@ -3065,7 +3065,7 @@ bool SocketComm::ProcessParentMessage() } default: - internal_error(fmt("unknown msg type %d", parent_msgtype)); + internal_error("unknown msg type %d", parent_msgtype); return true; } @@ -3235,7 +3235,7 @@ bool SocketComm::ForwardChunkToPeer() { #ifdef DEBUG if ( parent_peer ) - DEBUG_COMM(fmt("child: not connected to #%d", parent_id)); + DEBUG_COMM(fmt("child: not connected to #%d", (uint) parent_id)); #endif } @@ -3319,7 +3319,7 @@ bool SocketComm::ProcessRemoteMessage(SocketComm::Peer* peer) CMsg* msg = (CMsg*) c->data; DEBUG_COMM(fmt("child: %s from peer #%d", - msgToStr(msg->Type()), peer->id)); + msgToStr(msg->Type()), (uint) peer->id)); switch ( msg->Type() ) { case MSG_PHASE_DONE: @@ -3795,7 +3795,7 @@ bool SocketComm::SendToParent(char type, Peer* peer, const char* str, int len) #ifdef DEBUG // str may already by constructed with fmt() const char* tmp = copy_string(str); - DEBUG_COMM(fmt("child: (->parent) %s (#%d, %s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, tmp)); + DEBUG_COMM(fmt("child: (->parent) %s (#%d, %s)", msgToStr(type), (uint) (peer ? peer->id : RemoteSerializer::PEER_NONE), tmp)); delete [] tmp; #endif if ( sendToIO(io, type, peer ? peer->id : RemoteSerializer::PEER_NONE, @@ -3814,7 +3814,7 @@ bool SocketComm::SendToParent(char type, Peer* peer, int nargs, ...) #ifdef DEBUG va_start(ap,nargs); - DEBUG_COMM(fmt("child: (->parent) %s (#%d,%s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, fmt_uint32s(nargs, ap))); + DEBUG_COMM(fmt("child: (->parent) %s (#%d,%s)", msgToStr(type), (uint) (peer ? peer->id : RemoteSerializer::PEER_NONE), fmt_uint32s(nargs, ap))); va_end(ap); #endif @@ -3850,7 +3850,7 @@ bool SocketComm::SendToPeer(Peer* peer, char type, const char* str, int len) #ifdef DEBUG // str may already by constructed with fmt() const char* tmp = copy_string(str); - DEBUG_COMM(fmt("child: (->peer) %s to #%d (%s)", msgToStr(type), peer->id, tmp)); + DEBUG_COMM(fmt("child: (->peer) %s to #%d (%s)", msgToStr(type), (uint) peer->id, tmp)); delete [] tmp; #endif @@ -3870,7 +3870,7 @@ bool SocketComm::SendToPeer(Peer* peer, char type, int nargs, ...) #ifdef DEBUG va_start(ap,nargs); DEBUG_COMM(fmt("child: (->peer) %s to #%d (%s)", - msgToStr(type), peer->id, fmt_uint32s(nargs, ap))); + msgToStr(type), (uint) peer->id, fmt_uint32s(nargs, ap))); va_end(ap); #endif @@ -3890,7 +3890,7 @@ bool SocketComm::SendToPeer(Peer* peer, char type, int nargs, ...) bool SocketComm::SendToPeer(Peer* peer, ChunkedIO::Chunk* c) { - DEBUG_COMM(fmt("child: (->peer) chunk of size %d to #%d", c->len, peer->id)); + DEBUG_COMM(fmt("child: (->peer) chunk of size %d to #%d", c->len, (uint) peer->id)); if ( ! sendToIO(peer->io, c) ) { Error(fmt("child: write error %s", io->Error()), peer); diff --git a/src/SMB.cc b/src/SMB.cc index 7ee6986d3d..a950302090 100644 --- a/src/SMB.cc +++ b/src/SMB.cc @@ -166,7 +166,7 @@ void SMB_Session::Deliver(int is_orig, int len, const u_char* data) const u_char* tmp = data_start + next; if ( data_start + next < data + body.length() ) { - Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %d", next, data + body.length() - data_start)); + Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %ld", next, data + body.length() - data_start)); break; } diff --git a/src/cq.c b/src/cq.c index 63e4275369..5263fb17b1 100644 --- a/src/cq.c +++ b/src/cq.c @@ -570,7 +570,7 @@ cq_debugbucket(register struct cq_handle *hp, bp2 = hp->buckets + PRI2BUCKET(hp, bp->pri); if (bp2 != buckets) { fprintf(stderr, - "%f in wrong bucket! (off by %d)\n", + "%f in wrong bucket! (off by %ld)\n", bp->pri, bp2 - buckets); cq_dump(hp); abort(); diff --git a/src/dce_rpc.pac b/src/dce_rpc.pac index 0aa689b532..58c2250c26 100644 --- a/src/dce_rpc.pac +++ b/src/dce_rpc.pac @@ -8,5 +8,5 @@ analyzer DCE_RPC withcontext { flow: DCE_RPC_Flow; }; -%include "dce_rpc-protocol.pac" -%include "dce_rpc-analyzer.pac" +%include dce_rpc-protocol.pac +%include dce_rpc-analyzer.pac diff --git a/src/patricia.c b/src/patricia.c index c9d271803c..8e40cb5ef6 100644 --- a/src/patricia.c +++ b/src/patricia.c @@ -1027,7 +1027,7 @@ lookup_then_remove (patricia_tree_t *tree, char *string) { patricia_node_t *node; - if (node = try_search_exact (tree, string)) + if ( (node = try_search_exact(tree, string)) ) patricia_remove (tree, node); } From b7b29c6f92bd5ffa5ba4053e7fa9041ec8840d6c Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 20 Jan 2011 15:08:54 -0500 Subject: [PATCH 10/54] Added line to expect shift/reduce errors in parse.in This is the resolution that Gregor brought up in December, 2010 on the bro-dev list. --- src/parse.y | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/parse.y b/src/parse.y index b0bb39f0ea..1eed09cbf1 100644 --- a/src/parse.y +++ b/src/parse.y @@ -3,6 +3,8 @@ // See the file "COPYING" in the main distribution directory for copyright. %} +%expect 71 + %token TOK_ADD TOK_ADD_TO TOK_ADDR TOK_ALARM TOK_ANY %token TOK_ATENDIF TOK_ATELSE TOK_ATIF TOK_ATIFDEF TOK_ATIFNDEF %token TOK_BOOL TOK_BREAK TOK_CASE TOK_CONST From fbf7d5ccc0c6566e6a195b400bbe99548dca49cf Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 20 Jan 2011 15:10:31 -0500 Subject: [PATCH 11/54] Cleaned up the output from running binpac. Added an extra dependency to the dce_rpc pac files and running binpac with the -q (quiet) flag which requires changes to binpac which will be committed soon. --- src/CMakeLists.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 81ed0d81af..927f5e660b 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -160,7 +160,7 @@ macro(BINPAC_TARGET pacFile) add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.h ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.cc COMMAND ${BinPAC_EXE} - ARGS -d ${CMAKE_CURRENT_BINARY_DIR} + ARGS -q -d ${CMAKE_CURRENT_BINARY_DIR} -I ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/${pacFile} DEPENDS ${BinPAC_EXE} ${pacFile} @@ -177,9 +177,9 @@ binpac_target(binpac_bro-lib.pac) binpac_target(bittorrent.pac bittorrent-protocol.pac bittorrent-analyzer.pac) binpac_target(dce_rpc.pac - dce_rpc-protocol.pac dce_rpc-analyzer.pac) + dce_rpc-protocol.pac dce_rpc-analyzer.pac epmapper.pac) binpac_target(dce_rpc_simple.pac - dce_rpc-protocol.pac) + dce_rpc-protocol.pac epmapper.pac) binpac_target(dhcp.pac dhcp-protocol.pac dhcp-analyzer.pac) binpac_target(dns.pac From 668824d1b608079e629c755c917b594395e71187 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 20 Jan 2011 14:36:07 -0800 Subject: [PATCH 12/54] A few smaller tweaks. --- src/strings.bif | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/src/strings.bif b/src/strings.bif index 2e499ca0c4..76e4200b79 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -140,7 +140,7 @@ function edit%(arg_s: string, arg_edit_char: string%): string %{ if ( arg_edit_char->Len() != 1 ) builtin_run_time("not exactly one edit character", @ARG@[1]); - + const u_char* s = arg_s->Bytes(); const u_char* edit_s = arg_edit_char->Bytes(); @@ -150,7 +150,7 @@ function edit%(arg_s: string, arg_edit_char: string%): string u_char* new_s = new u_char[n+1]; int ind = 0; - for ( int i=0; i 0 ) { @@ -217,13 +217,13 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, // Find next match offset. int end_of_match; while ( n > 0 && - (end_of_match = re->MatchPrefix(&s[offset], n)) <= 0 ) + (end_of_match = re->MatchPrefix(s + offset, n)) <= 0 ) { // Move on to next byte. ++offset; --n; } - + Val* ind = new Val(++num, TYPE_COUNT); a->Assign(ind, new StringVal(offset, (const char*) s)); Unref(ind); @@ -238,19 +238,17 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, a->Assign(ind, new StringVal(end_of_match, (const char*) s+offset)); Unref(ind); } - + if ( max_num_sep && num_sep >= max_num_sep ) break; - + ++num_sep; - + n -= end_of_match; s += offset; - + if ( s > end_of_s ) - { internal_error("RegMatch in split goes beyond the string"); - } } if ( other_strings ) @@ -463,7 +461,7 @@ function to_lower%(str: string%): string char* lower_s = new char[n]; char* ls = lower_s; - for (int i=0; iLen(); char* upper_s = new char[n]; char* us = upper_s; - - for (int i=0; i sp && isspace(*e) ) --e; - // Move the pointer for the beginning of the string - while ( isspace(*sp) ) + // Move the pointer for the beginning of the string. + while ( isspace(*sp) && sp <= e ) ++sp; - return new StringVal(new BroString(sp, e-sp+1, 1)); + if ( sp > e ) + return new StringVal(new BroString()); + else + return new StringVal(new BroString(sp, (e - sp + 1), 1)); %} function string_fill%(len: int, source: string%): string @@ -622,12 +624,12 @@ function string_fill%(len: int, source: string%): string # function str_shell_escape%(source: string%): string %{ - uint j = 0; + unsigned j = 0; const u_char* src = source->Bytes(); - uint n = source->Len(); + unsigned n = source->Len(); byte_vec dst = new u_char[n * 2 + 1]; - for ( uint i = 0; i < n; ++i ) + for ( unsigned i = 0; i < n; ++i ) { switch ( src[i] ) { case '`': case '"': case '\\': case '$': From 0fe30453cf9dfe92bafb2b8c993ef540a8468a1f Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 21 Jan 2011 20:59:51 -0500 Subject: [PATCH 13/54] Removing some apparently unnecessary lines. --- src/strings.bif | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/strings.bif b/src/strings.bif index 76e4200b79..77ac90ddd4 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -598,10 +598,7 @@ function strip%(str: string%): string while ( isspace(*sp) && sp <= e ) ++sp; - if ( sp > e ) - return new StringVal(new BroString()); - else - return new StringVal(new BroString(sp, (e - sp + 1), 1)); + return new StringVal(new BroString(sp, (e - sp + 1), 1)); %} function string_fill%(len: int, source: string%): string From 64182833717f803e9f45c0f9d050a9732caf92e8 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Mon, 24 Jan 2011 13:43:49 -0500 Subject: [PATCH 14/54] Two more small compile time error fixes. --- src/Sessions.cc | 2 +- src/main.cc | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Sessions.cc b/src/Sessions.cc index fd443d4dcc..ffa5cd22f5 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -1354,7 +1354,7 @@ void NetSessions::Internal(const char* msg, const struct pcap_pkthdr* hdr, const u_char* pkt) { DumpPacket(hdr, pkt); - internal_error(msg); + internal_error("%s", msg); } void NetSessions::Weird(const char* name, diff --git a/src/main.cc b/src/main.cc index 82866302fd..a8f283dcbc 100644 --- a/src/main.cc +++ b/src/main.cc @@ -8,6 +8,7 @@ #include #include #include +#include #ifdef HAVE_GETOPT_H #include #endif @@ -421,7 +422,7 @@ int main(int argc, char** argv) prog = argv[0]; - prefixes.append(""); // "" = "no prefix" + prefixes.append(strdup("")); // "" = "no prefix" char* p = getenv("BRO_PREFIXES"); if ( p ) From c8076619ce54177def38e515c6466ebda237798f Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 28 Jan 2011 16:18:57 -0500 Subject: [PATCH 15/54] Added new TLS ciphers --- policy/bro.init | 2 +- policy/ssl-ciphers.bro | 5 ++++ src/SSLCiphers.cc | 53 ++++++++++++++++++++++++++++++++++++++++++ src/SSLCiphers.h | 11 ++++++++- 4 files changed, 69 insertions(+), 2 deletions(-) diff --git a/policy/bro.init b/policy/bro.init index 1ba8f59b4d..e8f208bb6b 100644 --- a/policy/bro.init +++ b/policy/bro.init @@ -905,7 +905,7 @@ global dns_max_queries = 5; # The maxiumum size in bytes for an SSL cipherspec. If we see a packet that # has bigger cipherspecs, we warn and won't do a comparisons of cipherspecs. -const ssl_max_cipherspec_size = 45 &redef; +const ssl_max_cipherspec_size = 68 &redef; # SSL and X.509 types. type cipher_suites_list: set[count]; diff --git a/policy/ssl-ciphers.bro b/policy/ssl-ciphers.bro index 307565eb36..3926d591cd 100644 --- a/policy/ssl-ciphers.bro +++ b/policy/ssl-ciphers.bro @@ -223,6 +223,11 @@ const SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE; const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF; const SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1; const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0; +const SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80; +const SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81; +const SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82; +const SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83; +const TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF; # Cipher specifications native to TLS can be included in Version 2.0 client diff --git a/src/SSLCiphers.cc b/src/SSLCiphers.cc index 002262d853..400f7421ce 100644 --- a/src/SSLCiphers.cc +++ b/src/SSLCiphers.cc @@ -399,6 +399,48 @@ SSL_CipherSpec SSL_CipherSpecs[] = { // 128, // 160 //}, + + { SSL_RSA_WITH_RC2_CBC_MD5, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv20, + SSL_CIPHER_RC2, + SSL_MAC_MD5, + SSL_KEY_EXCHANGE_RSA, + 0, + 56, + 160 + }, + { SSL_RSA_WITH_IDEA_CBC_MD5, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv20, + SSL_CIPHER_IDEA, + SSL_MAC_MD5, + SSL_KEY_EXCHANGE_RSA, + 0, + 128, + 160 + }, + { SSL_RSA_WITH_DES_CBC_MD5, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv20, + SSL_CIPHER_DES, + SSL_MAC_MD5, + SSL_KEY_EXCHANGE_RSA, + 0, + 56, + 160 + }, + { SSL_RSA_WITH_3DES_EDE_CBC_MD5, + SSL_CIPHER_TYPE_BLOCK, + SSL_FLAG_SSLv20, + SSL_CIPHER_3DES, + SSL_MAC_MD5, + SSL_KEY_EXCHANGE_RSA, + 0, + 168, + 160 + }, + // --- special SSLv3 FIPS ciphers { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_CIPHER_TYPE_BLOCK, @@ -1023,6 +1065,17 @@ SSL_CipherSpec SSL_CipherSpecs[] = { 160 }, + { TLS_EMPTY_RENEGOTIATION_INFO_SCSV, + SSL_CIPHER_TYPE_NULL, + SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, + SSL_CIPHER_NULL, + SSL_MAC_NULL, + SSL_KEY_EXCHANGE_NULL, + 0, + 0, + 0 + }, + }; diff --git a/src/SSLCiphers.h b/src/SSLCiphers.h index 408a3b1567..12b3ecc0aa 100644 --- a/src/SSLCiphers.h +++ b/src/SSLCiphers.h @@ -253,11 +253,20 @@ enum SSL3_1_CipherSpec { TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039, TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A, TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B, + // --- special SSLv3 FIPS ciphers SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF, SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1, - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFe0, + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0, + + // Tags for SSL 2 cipher kinds which are not specified for SSL 3. + SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80, + SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81, + SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82, + SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83, + + TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF, }; enum SSL_CipherType { From 1ccfca09ac6f04e508de764686c40670915d732c Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 28 Jan 2011 16:24:07 -0500 Subject: [PATCH 16/54] Fixes to SSL/TLS analyzer Analyzer can cope with zero length client and server certificates. It does still generate a weird though. Extended cipherspec_size weirds are not thrown anymore, they are incredibly overwhelming and should be handled completely at the scripting in my opinion. Integrated and expanded on patch Rmkml from ticket #209 that fixes problem with not parsing or expecting SSL extensions. SSL extensions still are not extracted and passed to script land, but the analyzer doesn't fail anymore. --- src/SSLProxy.cc | 2 - src/SSLv3.cc | 188 ++++++++++++++++++++++++------------------------ 2 files changed, 92 insertions(+), 98 deletions(-) diff --git a/src/SSLProxy.cc b/src/SSLProxy.cc index a0cf73b8fb..38ce3ba085 100644 --- a/src/SSLProxy.cc +++ b/src/SSLProxy.cc @@ -174,7 +174,6 @@ bool SSL_RecordBuilder::addSegment(const u_char* data, int length) if ( ! computeExpectedSize(data, length) ) return false; - // Insert weird here replacing assert. if ( neededSize > expectedSize ) { sslEndpoint->Weird("SSL_RecordBuilder::addSegment neededSize > expectedSize"); @@ -278,7 +277,6 @@ bool SSL_RecordBuilder::addSegment(const u_char* data, int length) { // another (middle) segment if ( length <= MIN_FRAGMENT_SIZE ) sslEndpoint->Parent()->Weird( "SSLProxy: Excessive small TCP Segment!" ); - addData(data, length); break; } diff --git a/src/SSLv3.cc b/src/SSLv3.cc index 92d18c6f26..9343b5076f 100644 --- a/src/SSLv3.cc +++ b/src/SSLv3.cc @@ -383,84 +383,71 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec) case SSL3_1_CERTIFICATE: { - if ( rec->length >= 3 ) + const u_char* pData = rec->data; + uint32 certListLength = + uint32((pData[4] << 16) | + pData[5] << 8) | pData[6]; + + // Sum of all cert sizes has to match + // certListLength. + uint tempLength = 0; + uint certCount = 0; + while ( tempLength < certListLength ) { - const u_char* pData = rec->data; - uint32 certListLength = - uint32((pData[4] << 16) | - pData[5] << 8) | pData[6]; - - // Size consistency checks. - if ( certListLength + 3 != uint32(rec->length) ) + if ( tempLength + 3 <= certListLength ) { - if ( rec->endp->IsOrig() ) - Weird("SSLv3x: Corrupt length field in client certificate list!"); - else - Weird("SSLv3x: Corrupt length field in server certificate list!"); - return; - } - - // Sum of all cert sizes has to match - // certListLength. - uint tempLength = 0; - uint certCount = 0; - while ( tempLength < certListLength ) - { - if ( tempLength + 3 <= certListLength ) - { - ++certCount; - uint32 certLength = - uint32((pData[tempLength + 7] << 16) | pData[tempLength + 8] << 8) | pData[tempLength + 9]; - tempLength += certLength + 3; - } - else - { - Weird("SSLv3x: Corrupt length field in certificate list!"); - return; - } - } - - if ( tempLength > certListLength ) - { - Weird("SSLv3x: sum of size of certificates doesn't match size of certificate chain"); - return; - } - - SSL_InterpreterEndpoint* pEp = - (SSL_InterpreterEndpoint*) rec->endp; - - if ( certCount == 0 ) - { // we don't have a certificate... - if ( rec->endp->IsOrig() ) - { - Weird("SSLv3x: Client certificate is missing!"); - break; - } - else - { - Weird("SSLv3x: Server certificate is missing!"); - break; - } - } - - if ( certCount > 1 ) - { // we have a chain - analyzeCertificate(pEp, - rec->data + 7, - certListLength, 1, true); + ++certCount; + uint32 certLength = + uint32((pData[tempLength + 7] << 16) | pData[tempLength + 8] << 8) | pData[tempLength + 9]; + tempLength += certLength + 3; } else { - // We have a single certificate. - // FIXME. - analyzeCertificate(pEp, - rec->data + 10, - certListLength-3, 1, false); + Weird("SSLv3x: Corrupt length field in certificate list!"); + return; } + } + if ( tempLength > certListLength ) + { + Weird("SSLv3x: sum of size of certificates doesn't match size of certificate chain"); + return; + } + + SSL_InterpreterEndpoint* pEp = + (SSL_InterpreterEndpoint*) rec->endp; + + if ( certCount == 0 ) + { + // we don't have a certificate, but this is valid + // according to RFC2246 + if ( rec->endp->IsOrig() ) + { + Weird("SSLv3x: Client certificate is missing!"); + break; + } + else + { + Weird("SSLv3x: Server certificate is missing!"); + break; + } + } + + if ( certCount > 1 ) + { // we have a chain + analyzeCertificate(pEp, + rec->data + 7, + certListLength, 1, true); } else - Weird("SSLv3x: Certificate record too small!" ); + { + // We have a single certificate. + // FIXME. + analyzeCertificate(pEp, + rec->data + 10, + certListLength-3, 1, false); + } + break; } @@ -938,13 +925,15 @@ TableVal* SSLv3_Interpreter::analyzeCiphers(const SSLv3_Endpoint* s, int length, { int is_orig = (SSL_InterpreterEndpoint*) s == orig; - if ( length > ssl_max_cipherspec_size ) - { - if ( is_orig ) - Weird("SSLv3: Client has CipherSpecs > ssl_max_cipherspec_size"); - else - Weird("SSLv3: Server has CipherSpecs > ssl_max_cipherspec_size"); - } + // This probably shouldn't be a weird. This data should be passed to + // script layer and dealt with there as appropriate. + //if ( length > ssl_max_cipherspec_size ) + // { + // if ( is_orig ) + // Weird("SSLv3: Client has CipherSpecs > ssl_max_cipherspec_size"); + // else + // Weird("SSLv3: Server has CipherSpecs > ssl_max_cipherspec_size"); + // } const u_char* pCipher = data; SSL_CipherSpec* pCipherSuiteTemp = 0; @@ -1236,16 +1225,6 @@ SSLv3_HandshakeRecord::SSLv3_HandshakeRecord(const u_char* data, int len, uint16 version, SSLv3_Endpoint const* e) : SSLv3_Record(data, len, version, e) { - // Weird-check for minimum handshake length header. - if ( len < 4 ) - { - e->Interpreter()->Weird("SSLv3x: Handshake-header-length too small!"); - type = 255; - length = 0; - next = 0; - return; - } - // Don't analyze encrypted client handshake messages. if ( e->IsOrig() && ((SSLv3_Interpreter*) e->Interpreter())->change_cipher_client_seen && @@ -1270,7 +1249,10 @@ SSLv3_HandshakeRecord::SSLv3_HandshakeRecord(const u_char* data, int len, type = uint8(*(this->data)); length = ExtractInt24(data, len, 1); - if ( length + 4 < len ) + + if ( length == 0 ) // this is a special case to deal with 0 length certs + next = 0; + else if ( length + 4 < len ) next = new SSLv3_HandshakeRecord(data + length + 4, len - (length + 4), version, e); else if ( length + 4 > len ) @@ -1340,7 +1322,6 @@ int SSLv3_HandshakeRecord::checkClientHello() uint16 cipherSuiteLength = uint16(data[offset] << 8) | data[offset+1]; offset += (2 + cipherSuiteLength); - if ( cipherSuiteLength < 2 ) endp->Interpreter()->Weird("SSLv3x: CipherSuite length too small!"); @@ -1352,16 +1333,14 @@ int SSLv3_HandshakeRecord::checkClientHello() uint8 compressionMethodLength = uint8(data[offset]); offset += (1 + compressionMethodLength); - if ( compressionMethodLength < 1 ) endp->Interpreter()->Weird("SSLv3x: CompressionMethod length too small!"); - if ( offset != length ) + if ( offset < length ) { uint16 sslExtensionsLength = - uint16(data[offset] << 8 ) | data[offset+1]; + uint16(data[offset] << 8) | data[offset+1]; offset += 2; - if ( sslExtensionsLength < 4 ) endp->Interpreter()->Weird("SSLv3x: Extensions length too small!"); @@ -1391,16 +1370,33 @@ int SSLv3_HandshakeRecord::checkServerHello() version != SSLProxy_Analyzer::SSLv31 ) endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Server hello!"); - uint8 sessionIDLength = uint8(data[38]); + uint16 offset = 38; + uint8 sessionIDLength = uint8(data[offset]); if ( sessionIDLength > 32 ) { endp->Interpreter()->Weird("SSLv3x: SessionID too long in Server hello!"); return 0; } - - if ( (sessionIDLength + 45) != length ) + offset += (1 + sessionIDLength); + + offset += 3; // account for cipher and compression method + if ( offset < length ) { - endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Server hello!"); + uint16 sslExtensionsLength = + uint16(data[offset] << 8) | data[offset+1]; + offset += 2; + if ( sslExtensionsLength < 4 ) + endp->Interpreter()->Weird("SSLv3x: Extensions length too small!"); + + // TODO: extract SSL extensions here + offset += sslExtensionsLength; + + if ( offset != length+4 ) + { + endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Server hello!"); + return 0; + } + return 0; } From 65687d86d834e722b39164c5d0664b1906510804 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Mon, 31 Jan 2011 12:19:11 -0500 Subject: [PATCH 17/54] *Now* this passes the test suite. I got the last fix wrong and I was still misunderstanding one behavior of the existing do_split function. When a separator match goes to the last character of the string, a blank string element should be appended to the string_array to indicate that a successful split occurred. --- src/strings.bif | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/strings.bif b/src/strings.bif index 77ac90ddd4..af3ebed149 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -211,7 +211,7 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, int num_sep = 0; int offset = 0; - while ( n > 0 ) + while ( n >= 0 ) { offset = 0; // Find next match offset. @@ -227,25 +227,25 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, Val* ind = new Val(++num, TYPE_COUNT); a->Assign(ind, new StringVal(offset, (const char*) s)); Unref(ind); - + // No more separators will be needed if this is the end of string. if ( n <= 0 ) break; - + if ( incl_sep ) { // including the part that matches the pattern ind = new Val(++num, TYPE_COUNT); a->Assign(ind, new StringVal(end_of_match, (const char*) s+offset)); Unref(ind); } - + if ( max_num_sep && num_sep >= max_num_sep ) break; ++num_sep; n -= end_of_match; - s += offset; + s += offset + end_of_match;; if ( s > end_of_s ) internal_error("RegMatch in split goes beyond the string"); From ee6abcba72f5d64199928345740dd195a264296c Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 3 Feb 2011 21:57:11 -0800 Subject: [PATCH 18/54] Updating submodule(s). --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 572efd43cf..3910266eb0 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 572efd43cf52e4c41b32a9c5a4a015f783370b41 +Subproject commit 3910266eb016a6dd30616c13ebe93a925fda2a72 From 51b3efbb1a803f0d9f464babb696a9338c22c4d7 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 4 Feb 2011 17:39:38 -0800 Subject: [PATCH 19/54] Fixing bug with defining bro_int_t and bro_uint_t as 64-bit in some platforms. --- src/util.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/util.h b/src/util.h index f4f007a27d..43e0f2c6c1 100644 --- a/src/util.h +++ b/src/util.h @@ -39,13 +39,9 @@ extern HeapLeakChecker* heap_checker; #endif -typedef unsigned long long int uint64; typedef unsigned int uint32; typedef unsigned short uint16; typedef unsigned char uint8; -typedef long long int int64; -typedef int64 bro_int_t; -typedef uint64 bro_uint_t; #if SIZEOF_LONG_LONG == 8 typedef unsigned long long uint64; @@ -57,6 +53,9 @@ typedef long int int64; # error "Couldn't reliably identify 64-bit type. Please report to bro@bro-ids.org." #endif +typedef int64 bro_int_t; +typedef uint64 bro_uint_t; + // "ptr_compat_uint" and "ptr_compat_int" are (un)signed integers of // pointer size. They can be cast safely to a pointer, e.g. in Lists, // which represent their entities as void* pointers. From 4d12ac861da59ca13d009586da5f1624aaeb299f Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 4 Feb 2011 17:58:19 -0800 Subject: [PATCH 20/54] Smarter way to increase the parent/child pipe's socket buffer. (Craig Leres). This is from #383. --- src/RemoteSerializer.cc | 54 ++++++++++++++++++++++++++--------------- src/RemoteSerializer.h | 2 ++ 2 files changed, 37 insertions(+), 19 deletions(-) diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 51add7c3df..22e98b29ae 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -544,6 +544,36 @@ void RemoteSerializer::Init() initialized = 1; } +void RemoteSerializer::SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose) + { + int defsize = 0; + socklen_t len = sizeof(defsize); + + if ( getsockopt(fd, SOL_SOCKET, opt, (void *)&defsize, &len) < 0 ) + { + if ( verbose ) + Log(LogInfo, fmt("warning: cannot get socket buffer size (%s): %s", what, strerror(errno))); + return; + } + + for ( int trysize = size; trysize > defsize; trysize -= 1024 ) + { + if ( setsockopt(fd, SOL_SOCKET, opt, &trysize, sizeof(trysize)) >= 0 ) + { + if ( verbose ) + { + if ( trysize == size ) + Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK", defsize / 1024, trysize / 1024)); + else + Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK (%dK was requested)", defsize / 1024, trysize / 1024, size / 1024)); + } + return; + } + } + + Log(LogInfo, fmt("warning: cannot increase %s socket buffer size from %dK (%dK was requested)", what, defsize / 1024, size / 1024)); + } + void RemoteSerializer::Fork() { if ( child_pid ) @@ -562,25 +592,11 @@ void RemoteSerializer::Fork() return; } - int bufsize; - socklen_t len = sizeof(bufsize); - - if ( getsockopt(pipe[0], SOL_SOCKET, SO_SNDBUF, &bufsize, &len ) < 0 ) - Log(LogInfo, fmt("warning: cannot get socket buffer size: %s", strerror(errno))); - else - Log(LogInfo, fmt("pipe's socket buffer size is %d, setting to %d", bufsize, SOCKBUF_SIZE)); - - bufsize = SOCKBUF_SIZE; - - if ( setsockopt(pipe[0], SOL_SOCKET, SO_SNDBUF, - &bufsize, sizeof(bufsize) ) < 0 || - setsockopt(pipe[0], SOL_SOCKET, SO_RCVBUF, - &bufsize, sizeof(bufsize) ) < 0 || - setsockopt(pipe[1], SOL_SOCKET, SO_SNDBUF, - &bufsize, sizeof(bufsize) ) < 0 || - setsockopt(pipe[1], SOL_SOCKET, SO_RCVBUF, - &bufsize, sizeof(bufsize) ) < 0 ) - Log(LogInfo, fmt("warning: cannot set socket buffer size to %dK: %s", bufsize / 1024, strerror(errno))); + // Try to increase the size of the socket send and receive buffers. + SetSocketBufferSize(pipe[0], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 1); + SetSocketBufferSize(pipe[0], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0); + SetSocketBufferSize(pipe[1], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 0); + SetSocketBufferSize(pipe[1], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0); child_pid = 0; diff --git a/src/RemoteSerializer.h b/src/RemoteSerializer.h index a84a0619fa..6afec4ec6f 100644 --- a/src/RemoteSerializer.h +++ b/src/RemoteSerializer.h @@ -297,6 +297,8 @@ protected: bool SendToChild(char type, Peer* peer, int nargs, ...); // can send uints32 only bool SendToChild(ChunkedIO::Chunk* c); + void SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose); + private: enum { TYPE, ARGS } msgstate; // current state of reading comm. Peer* current_peer; From 0d9de7d71997c783c273b1e2b7b00c9cf864b037 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 7 Feb 2011 14:07:29 -0800 Subject: [PATCH 21/54] Updating submodule(s). --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 3910266eb0..fc940bbb72 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 3910266eb016a6dd30616c13ebe93a925fda2a72 +Subproject commit fc940bbb72abbaef2e5f10ea4ab616ec9b61fe0a From 275c6e64cce6a0a9e187c347864c909e04b4ef03 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Tue, 8 Feb 2011 12:47:10 -0500 Subject: [PATCH 22/54] PRI macros are currently not working for some reason. --- src/RemoteSerializer.cc | 29 +++++++++++++++-------------- src/SMB.cc | 4 +++- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 6709ea0456..7d731c5204 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -159,6 +159,7 @@ #include #include #include +#include #include "config.h" #ifdef TIME_WITH_SYS_TIME @@ -1505,13 +1506,13 @@ bool RemoteSerializer::DoMessage() { // We shut the connection to this peer down, // so we ignore all further messages. - DEBUG_COMM(fmt("parent: ignoring %s due to shutdown of peer #%llu", + DEBUG_COMM(fmt("parent: ignoring %s due to shutdown of peer #%" PRId64, msgToStr(current_msgtype), current_peer ? current_peer->id : 0)); return true; } - DEBUG_COMM(fmt("parent: %s from child; peer is #%llu", + DEBUG_COMM(fmt("parent: %s from child; peer is #%" PRId64, msgToStr(current_msgtype), current_peer ? current_peer->id : 0)); @@ -2610,7 +2611,7 @@ bool RemoteSerializer::SendCMsgToChild(char msg_type, Peer* peer) bool RemoteSerializer::SendToChild(char type, Peer* peer, char* str, int len) { - DEBUG_COMM(fmt("parent: (->child) %s (#%d, %s)", msgToStr(type), (uint32_t) (peer ? peer->id : PEER_NONE), str)); + DEBUG_COMM(fmt("parent: (->child) %s (#%" PRId64 ", %s)", msgToStr(type), peer ? peer->id : PEER_NONE, str)); if ( ! child_pid ) return false; @@ -2634,8 +2635,8 @@ bool RemoteSerializer::SendToChild(char type, Peer* peer, int nargs, ...) #ifdef DEBUG va_start(ap, nargs); - DEBUG_COMM(fmt("parent: (->child) %s (#%d,%s)", - msgToStr(type), (uint32_t) (peer ? peer->id : PEER_NONE), fmt_uint32s(nargs, ap))); + DEBUG_COMM(fmt("parent: (->child) %s (#%" PRId64 ",%s)", + msgToStr(type), peer ? peer->id : PEER_NONE, fmt_uint32s(nargs, ap))); va_end(ap); #endif @@ -3235,7 +3236,7 @@ bool SocketComm::ForwardChunkToPeer() { #ifdef DEBUG if ( parent_peer ) - DEBUG_COMM(fmt("child: not connected to #%d", (uint) parent_id)); + DEBUG_COMM(fmt("child: not connected to #%" PRId64, parent_id)); #endif } @@ -3318,8 +3319,8 @@ bool SocketComm::ProcessRemoteMessage(SocketComm::Peer* peer) CMsg* msg = (CMsg*) c->data; - DEBUG_COMM(fmt("child: %s from peer #%d", - msgToStr(msg->Type()), (uint) peer->id)); + DEBUG_COMM(fmt("child: %s from peer #%" PRId64, + msgToStr(msg->Type()), peer->id)); switch ( msg->Type() ) { case MSG_PHASE_DONE: @@ -3795,7 +3796,7 @@ bool SocketComm::SendToParent(char type, Peer* peer, const char* str, int len) #ifdef DEBUG // str may already by constructed with fmt() const char* tmp = copy_string(str); - DEBUG_COMM(fmt("child: (->parent) %s (#%d, %s)", msgToStr(type), (uint) (peer ? peer->id : RemoteSerializer::PEER_NONE), tmp)); + DEBUG_COMM(fmt("child: (->parent) %s (#%" PRId64 ", %s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, tmp)); delete [] tmp; #endif if ( sendToIO(io, type, peer ? peer->id : RemoteSerializer::PEER_NONE, @@ -3814,7 +3815,7 @@ bool SocketComm::SendToParent(char type, Peer* peer, int nargs, ...) #ifdef DEBUG va_start(ap,nargs); - DEBUG_COMM(fmt("child: (->parent) %s (#%d,%s)", msgToStr(type), (uint) (peer ? peer->id : RemoteSerializer::PEER_NONE), fmt_uint32s(nargs, ap))); + DEBUG_COMM(fmt("child: (->parent) %s (#%" PRId64 ",%s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, fmt_uint32s(nargs, ap))); va_end(ap); #endif @@ -3850,7 +3851,7 @@ bool SocketComm::SendToPeer(Peer* peer, char type, const char* str, int len) #ifdef DEBUG // str may already by constructed with fmt() const char* tmp = copy_string(str); - DEBUG_COMM(fmt("child: (->peer) %s to #%d (%s)", msgToStr(type), (uint) peer->id, tmp)); + DEBUG_COMM(fmt("child: (->peer) %s to #%" PRId64 " (%s)", msgToStr(type), peer->id, tmp)); delete [] tmp; #endif @@ -3869,8 +3870,8 @@ bool SocketComm::SendToPeer(Peer* peer, char type, int nargs, ...) #ifdef DEBUG va_start(ap,nargs); - DEBUG_COMM(fmt("child: (->peer) %s to #%d (%s)", - msgToStr(type), (uint) peer->id, fmt_uint32s(nargs, ap))); + DEBUG_COMM(fmt("child: (->peer) %s to #%" PRId64 " (%s)", + msgToStr(type), peer->id, fmt_uint32s(nargs, ap))); va_end(ap); #endif @@ -3890,7 +3891,7 @@ bool SocketComm::SendToPeer(Peer* peer, char type, int nargs, ...) bool SocketComm::SendToPeer(Peer* peer, ChunkedIO::Chunk* c) { - DEBUG_COMM(fmt("child: (->peer) chunk of size %d to #%d", c->len, (uint) peer->id)); + DEBUG_COMM(fmt("child: (->peer) chunk of size %d to #%" PRId64, c->len, peer->id)); if ( ! sendToIO(peer->io, c) ) { Error(fmt("child: write error %s", io->Error()), peer); diff --git a/src/SMB.cc b/src/SMB.cc index a950302090..5520ef4848 100644 --- a/src/SMB.cc +++ b/src/SMB.cc @@ -6,6 +6,7 @@ #include "SMB.h" #include "smb_pac.h" #include "Val.h" +#include "inttypes.h" namespace { const bool DEBUG_smb_ipc = true; @@ -166,7 +167,8 @@ void SMB_Session::Deliver(int is_orig, int len, const u_char* data) const u_char* tmp = data_start + next; if ( data_start + next < data + body.length() ) { - Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %ld", next, data + body.length() - data_start)); + //Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %" PRId32, next, data + body.length() - data_start)); + printf("ANDX buffer overlapping: next = %" PRId64 ", buffer_end = %" PRId32 " ", next, data + body.length() - data_start); break; } From 888719e922bd1cb154de17749825da184a969c8d Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 8 Feb 2011 14:22:23 -0800 Subject: [PATCH 23/54] Adding new aux/btest submodule. --- .gitmodules | 3 +++ aux/btest | 1 + 2 files changed, 4 insertions(+) create mode 160000 aux/btest diff --git a/.gitmodules b/.gitmodules index e2dcd2b8a4..326e1fe506 100644 --- a/.gitmodules +++ b/.gitmodules @@ -10,3 +10,6 @@ [submodule "aux/broctl"] path = aux/broctl url = git://git.icir.org/broctl +[submodule "aux/btest"] + path = aux/btest + url = git://git.icir.org/btest diff --git a/aux/btest b/aux/btest new file mode 160000 index 0000000000..a2b04952ae --- /dev/null +++ b/aux/btest @@ -0,0 +1 @@ +Subproject commit a2b04952ae91dcd27d5e68a42d5d26c291ecb1f5 From b54445b725609b8439a643325c1457d63382d07b Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Tue, 8 Feb 2011 20:28:56 -0500 Subject: [PATCH 24/54] Fixed problem with PRI macros. Thanks Gregor! --- src/RemoteSerializer.cc | 1 - src/SMB.cc | 4 +--- src/util.h | 6 ++++++ 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 7d731c5204..f185b0c4ff 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -159,7 +159,6 @@ #include #include #include -#include #include "config.h" #ifdef TIME_WITH_SYS_TIME diff --git a/src/SMB.cc b/src/SMB.cc index 5520ef4848..78caf55eab 100644 --- a/src/SMB.cc +++ b/src/SMB.cc @@ -6,7 +6,6 @@ #include "SMB.h" #include "smb_pac.h" #include "Val.h" -#include "inttypes.h" namespace { const bool DEBUG_smb_ipc = true; @@ -167,8 +166,7 @@ void SMB_Session::Deliver(int is_orig, int len, const u_char* data) const u_char* tmp = data_start + next; if ( data_start + next < data + body.length() ) { - //Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %" PRId32, next, data + body.length() - data_start)); - printf("ANDX buffer overlapping: next = %" PRId64 ", buffer_end = %" PRId32 " ", next, data + body.length() - data_start); + Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %" PRIdPTR, next, data + body.length() - data_start)); break; } diff --git a/src/util.h b/src/util.h index f4f007a27d..4e648cee5d 100644 --- a/src/util.h +++ b/src/util.h @@ -11,6 +11,12 @@ #include #include "config.h" +#define _ISOC99_SOURCE +#define __STDC_LIMIT_MACROS +#define __STDC_CONSTANT_MACROS +#define __STDC_FORMAT_MACROS +#include "inttypes.h" + #if __STDC__ #define myattribute __attribute__ #else From 104c7da205189fd060e5c63a0cacb574ea39a32b Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Wed, 9 Feb 2011 15:40:36 -0800 Subject: [PATCH 25/54] Revert "Fix for OS X 10.5 compile error wrt llabs()" This reverts commit 3f6aa735e96fcfd91e8fe187b26b74bf2c82bc9d. Using abs() does not work if the integer is >2^32 (or <2^32). Will add a new fix in next commit. --- cmake/OSSpecific.cmake | 27 +-------------------------- config.h.in | 3 --- src/Val.cc | 4 ---- 3 files changed, 1 insertion(+), 33 deletions(-) diff --git a/cmake/OSSpecific.cmake b/cmake/OSSpecific.cmake index b63ce54f6d..03788813c3 100644 --- a/cmake/OSSpecific.cmake +++ b/cmake/OSSpecific.cmake @@ -1,6 +1,3 @@ -include(CheckCSourceCompiles) -include(CheckCXXSourceCompiles) - if (${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD") # alternate malloc is faster for FreeBSD, but needs more testing # need to add way to set this from the command line @@ -10,28 +7,6 @@ elseif (${CMAKE_SYSTEM_NAME} MATCHES "OpenBSD") set(USE_NMALLOC true) elseif (${CMAKE_SYSTEM_NAME} MATCHES "Darwin") - # The following may have a greater scope than just Darwin - # (i.e. any platform w/ GCC < 4.1.0), but I've only seen - # it on OS X 10.5, which has GCC 4.0.1, so the workaround - # will be stuck here for now. - # - # See also http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13943 - - check_cxx_source_compiles(" - #include - #include - using namespace std; - int main() { - llabs(1); - return 0; - } - " darwin_llabs_works) - - if (NOT darwin_llabs_works) - # abs() should be used in this case, the long long version should - # exist in the __gnu_cxx namespace - set(DARWIN_NO_LLABS true) - endif () elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux") set(HAVE_LINUX true) @@ -50,7 +25,7 @@ elseif (${CMAKE_SYSTEM_NAME} MATCHES "irix") elseif (${CMAKE_SYSTEM_NAME} MATCHES "ultrix") list(APPEND CMAKE_C_FLAGS -std1 -g3) list(APPEND CMAKE_CXX_FLAGS -std1 -g3) - + include(CheckCSourceCompiles) check_c_source_compiles(" #include int main() { diff --git a/config.h.in b/config.h.in index 46915563a8..f1405813fc 100644 --- a/config.h.in +++ b/config.h.in @@ -146,6 +146,3 @@ /* Define u_int8_t */ #define u_int8_t @U_INT8_T@ - -/* Whether llabs will be ambiguous in stdlib.h and cstdlib headers */ -#cmakedefine DARWIN_NO_LLABS diff --git a/src/Val.cc b/src/Val.cc index 4519d76f30..4cb9d78023 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -515,11 +515,7 @@ Val* Val::SizeVal() const { switch ( type->InternalType() ) { case TYPE_INTERNAL_INT: -#ifdef DARWIN_NO_LLABS - return new Val(abs(val.int_val), TYPE_COUNT); -#else return new Val(llabs(val.int_val), TYPE_COUNT); -#endif case TYPE_INTERNAL_UNSIGNED: return new Val(val.uint_val, TYPE_COUNT); From 2aae4eaf91693b67eea6eae22138aef89d2e8aee Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Wed, 9 Feb 2011 15:52:32 -0800 Subject: [PATCH 26/54] New fix for OS X 10.5 compile error wrt llabs() --- src/Val.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/Val.cc b/src/Val.cc index 4cb9d78023..2a53a32674 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -515,7 +515,12 @@ Val* Val::SizeVal() const { switch ( type->InternalType() ) { case TYPE_INTERNAL_INT: - return new Val(llabs(val.int_val), TYPE_COUNT); + // Return abs value. However abs() only works on ints and llabs + // doesn't work on Mac OS X 10.5. So we do it by hand + if (val.int_val < 0) + return new Val(-val.int_val, TYPE_COUNT); + else + return new Val(val.int_val, TYPE_COUNT); case TYPE_INTERNAL_UNSIGNED: return new Val(val.uint_val, TYPE_COUNT); From 2ced4839e9e459fe21d13271f89220b8ee5194af Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Wed, 9 Feb 2011 15:53:49 -0800 Subject: [PATCH 27/54] Fix for Val constructor with new int64 typedefs. Val::Val had prototypes for int, long, int64, etc. But depending on the architecture some of those might be the same (int64 and long) thus yielding a compile error. Fix: only use int32, int64, etc. for prototype. ints and longs can still be passed, since they will match one of these fixed-width types regardless of platform. Also fix some more compiler warnings with format strings. --- src/SerializationFormat.cc | 8 ++++---- src/Val.h | 24 ++---------------------- 2 files changed, 6 insertions(+), 26 deletions(-) diff --git a/src/SerializationFormat.cc b/src/SerializationFormat.cc index d49233ec92..55e35eb30e 100644 --- a/src/SerializationFormat.cc +++ b/src/SerializationFormat.cc @@ -369,25 +369,25 @@ bool XMLSerializationFormat::Write(char v, const char* tag) bool XMLSerializationFormat::Write(uint16 v, const char* tag) { - const char* tmp = fmt("%u", v); + const char* tmp = fmt("%"PRIu16, v); return WriteElem(tag, "uint16", tmp, strlen(tmp)); } bool XMLSerializationFormat::Write(uint32 v, const char* tag) { - const char* tmp = fmt("%u", v); + const char* tmp = fmt("%"PRIu32, v); return WriteElem(tag, "uint32", tmp, strlen(tmp)); } bool XMLSerializationFormat::Write(uint64 v, const char* tag) { - const char* tmp = fmt("%llu", v); + const char* tmp = fmt("%"PRIu64, v); return WriteElem(tag, "uint64", tmp, strlen(tmp)); } bool XMLSerializationFormat::Write(int64 v, const char* tag) { - const char* tmp = fmt("%lld", v); + const char* tmp = fmt("%"PRId64, v); return WriteElem(tag, "int64", tmp, strlen(tmp)); } diff --git a/src/Val.h b/src/Val.h index d21562c907..39be5f0e6a 100644 --- a/src/Val.h +++ b/src/Val.h @@ -87,7 +87,7 @@ public: #endif } - Val(int i, TypeTag t) + Val(int32 i, TypeTag t) { val.int_val = bro_int_t(i); type = base_type(t); @@ -97,27 +97,7 @@ public: #endif } - Val(long i, TypeTag t) - { - val.int_val = bro_int_t(i); - type = base_type(t); - attribs = 0; -#ifdef DEBUG - bound_id = 0; -#endif - } - - Val(unsigned int u, TypeTag t) - { - val.uint_val = bro_uint_t(u); - type = base_type(t); - attribs = 0; -#ifdef DEBUG - bound_id = 0; -#endif - } - - Val(unsigned long u, TypeTag t) + Val(uint32 u, TypeTag t) { val.uint_val = bro_uint_t(u); type = base_type(t); From d6e6d6b650b3331d87ac9940ad170bb53a7d6990 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Wed, 15 Dec 2010 07:58:58 -0800 Subject: [PATCH 28/54] Fixing endianess error in XDR when data is not 4-byte aligned. --- src/XDR.cc | 6 +++--- src/XDR.h | 5 ----- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/src/XDR.cc b/src/XDR.cc index 4e6a05ff10..9e2074f1ac 100644 --- a/src/XDR.cc +++ b/src/XDR.cc @@ -17,13 +17,13 @@ uint32 extract_XDR_uint32(const u_char*& buf, int& len) return 0; } - uint32 bits32 = XDR_aligned(buf) ? *(uint32*) buf : - ((buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]); + // takes care of alignment and endianess differences. + uint32 bits32 = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; buf += 4; len -= 4; - return ntohl(bits32); + return bits32; } double extract_XDR_uint64_as_double(const u_char*& buf, int& len) diff --git a/src/XDR.h b/src/XDR.h index 070e13ee6c..047acd90f5 100644 --- a/src/XDR.h +++ b/src/XDR.h @@ -10,11 +10,6 @@ #include "util.h" -inline int XDR_aligned(const u_char* buf) - { - return (((unsigned long) buf) & 0x3) == 0; - } - extern uint32 extract_XDR_uint32(const u_char*& buf, int& len); extern double extract_XDR_uint64_as_double(const u_char*& buf, int& len); extern double extract_XDR_time(const u_char*& buf, int& len); From 72454c230b19f799327ea9da373b034bb01a644c Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Thu, 9 Dec 2010 18:29:47 -0800 Subject: [PATCH 29/54] Add support for enum with explicit enumerator values. * Adding support for enums with explicit enumerator values (see doc below) to bifcl and policy layer. * Bifcl: remove (partially written) output files on error and do a nice exit(1) instead of harsh abort() on parse errors. * CMakeText: if bifcl fails, remove output files (failsafe, in case bifcl fails to clean up after itself). Enum description ---------------- Enum's are supported in .bif and .bro scripts. An enum in a bif will become available in the event engine and the policy layer. Enums are "C-style". The first element in an enum will have a value of 0, the next value will be 1, etc. It is possible to assign an enumerator value to an element. If next element does not have an explicit value, its values will be the value of the last element + 1 Example:: type foo: enum { BAR_A, # value will be 0 BAR_B, # value will be 1 BAR_C = 10, # value will be 10 BAR_D, # value will be 11 }; Enumerator values can only by positive integer literals. The literals can be specified in (0x....), but not in octal (bro policy layer limitation). So, do not use 0123 as value in bifs! Each enumerator value can only be used once per enum (C allows to use the same value multiple times). This makes reverse mapping from value to name (e.g., in %s format strings) unambigious. This is enforced in by the policy script. Enums can be redef'ed, i.e., extended. Enumerator values will continue to increment. If there are multiple redefs in different policy scripts, then name <-> value mappings will obviously depend on the order in which scripts are loaded (which might not be obvious). Example:: redef enum foo += { BAR_E, # value will be 12 BAR_F = 5, # value will be 5 BAR_G, # value will be 6 }; --- src/CMakeLists.txt | 2 +- src/Type.cc | 54 +++++++++-------------- src/Type.h | 27 ++++++------ src/builtin-func.l | 84 ++++++++++++++++++++++++++++------- src/builtin-func.y | 16 +++++-- src/parse.y | 108 ++++++++++++++++++++++++++++++--------------- 6 files changed, 188 insertions(+), 103 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 9aab94cc6c..856e8cad4d 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -101,7 +101,7 @@ macro(BIF_TARGET bifInput) get_bif_output_files(${bifInput} bifOutputs) add_custom_command(OUTPUT ${bifOutputs} COMMAND bifcl - ARGS ${CMAKE_CURRENT_SOURCE_DIR}/${bifInput} + ARGS ${CMAKE_CURRENT_SOURCE_DIR}/${bifInput} || (rm -f ${bifOutputs} && exit 1) DEPENDS ${bifInput} COMMENT "[BIFCL] Processing ${bifInput}" ) diff --git a/src/Type.cc b/src/Type.cc index 55794dfce5..cb595a4428 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1082,10 +1082,9 @@ bool FileType::DoUnserialize(UnserialInfo* info) return yield != 0; } -EnumType::EnumType(bool arg_is_export) +EnumType::EnumType() : BroType(TYPE_ENUM) { - is_export = arg_is_export; counter = 0; } @@ -1095,9 +1094,18 @@ EnumType::~EnumType() delete [] iter->first; } -int EnumType::AddName(const string& module_name, const char* name) +bro_int_t EnumType::AddName(const string& module_name, const char* name, bool is_export) { - ID* id = lookup_ID(name, module_name.c_str()); + return AddName(module_name, name, counter, is_export); + } + +bro_int_t EnumType::AddName(const string& module_name, const char* name, bro_int_t val, bool is_export) + { + ID *id; + if ( Lookup(val) ) + return -1; + + id = lookup_ID(name, module_name.c_str()); if ( ! id ) { id = install_ID(name, module_name.c_str(), true, is_export); @@ -1105,32 +1113,15 @@ int EnumType::AddName(const string& module_name, const char* name) id->SetEnumConst(); } else - { - debug_msg("identifier already exists: %s\n", name); - return -1; - } + return -1; string fullname = make_full_var_name(module_name.c_str(), name); - names[copy_string(fullname.c_str())] = counter; - return counter++; + names[copy_string(fullname.c_str())] = val; + counter = val + 1; + return val; } -int EnumType::AddNamesFrom(const string& module_name, EnumType* et) - { - int last_added = counter; - for ( NameMap::iterator iter = et->names.begin(); - iter != et->names.end(); ++iter ) - { - ID* id = lookup_ID(iter->first, module_name.c_str()); - id->SetType(this->Ref()); - names[copy_string(id->Name())] = counter; - last_added = counter++; - } - - return last_added; - } - -int EnumType::Lookup(const string& module_name, const char* name) +bro_int_t EnumType::Lookup(const string& module_name, const char* name) { NameMap::iterator pos = names.find(make_full_var_name(module_name.c_str(), name).c_str()); @@ -1141,7 +1132,7 @@ int EnumType::Lookup(const string& module_name, const char* name) return pos->second; } -const char* EnumType::Lookup(int value) +const char* EnumType::Lookup(bro_int_t value) { for ( NameMap::iterator iter = names.begin(); iter != names.end(); ++iter ) @@ -1157,9 +1148,7 @@ bool EnumType::DoSerialize(SerialInfo* info) const { DO_SERIALIZE(SER_ENUM_TYPE, BroType); - // I guess we don't really need both ... - if ( ! (SERIALIZE(counter) && SERIALIZE((unsigned int) names.size()) && - SERIALIZE(is_export)) ) + if ( ! (SERIALIZE(counter) && SERIALIZE((unsigned int) names.size())) ) return false; for ( NameMap::const_iterator iter = names.begin(); @@ -1178,14 +1167,13 @@ bool EnumType::DoUnserialize(UnserialInfo* info) unsigned int len; if ( ! UNSERIALIZE(&counter) || - ! UNSERIALIZE(&len) || - ! UNSERIALIZE(&is_export) ) + ! UNSERIALIZE(&len) ) return false; while ( len-- ) { const char* name; - int val; + bro_int_t val; if ( ! (UNSERIALIZE_STR(&name, 0) && UNSERIALIZE(&val)) ) return false; diff --git a/src/Type.h b/src/Type.h index ff4d3df9e6..7865946a1d 100644 --- a/src/Type.h +++ b/src/Type.h @@ -452,31 +452,30 @@ protected: class EnumType : public BroType { public: - EnumType(bool arg_is_export); + EnumType(); ~EnumType(); // The value of this name is next counter value, which is returned. - // A return value of -1 means that the identifier already existed - // (and thus could not be used). - int AddName(const string& module_name, const char* name); + // A return value of -1 means that the identifier or the counter values + // already existed (and thus could not be used). + bro_int_t AddName(const string& module_name, const char* name, bool is_export); - // Add in names from the suppled EnumType; the return value is - // the value of the last enum added. - int AddNamesFrom(const string& module_name, EnumType* et); + // The value of this name is set to val, which is return. The counter will + // be updated, so the next name (without val) will have val+1 + // A return value of -1 means that the identifier or val + // already existed (and thus could not be used). + bro_int_t AddName(const string& module_name, const char* name, bro_int_t val, bool is_export); // -1 indicates not found. - int Lookup(const string& module_name, const char* name); - const char* Lookup(int value); // Returns 0 if not found + bro_int_t Lookup(const string& module_name, const char* name); + const char* Lookup(bro_int_t value); // Returns 0 if not found protected: - EnumType() {} - DECLARE_SERIAL(EnumType) - typedef std::map< const char*, int, ltstr > NameMap; + typedef std::map< const char*, bro_int_t, ltstr > NameMap; NameMap names; - int counter; - bool is_export; + bro_int_t counter; }; class VectorType : public BroType { diff --git a/src/builtin-func.l b/src/builtin-func.l index ca7923b852..cbd925819b 100644 --- a/src/builtin-func.l +++ b/src/builtin-func.l @@ -2,6 +2,7 @@ // $Id: builtin-func.l 6015 2008-07-23 05:42:37Z vern $ #include +#include #include "bif_arg.h" #include "bif_parse.h" @@ -29,6 +30,7 @@ int check_c_mode(int t) WS [ \t]+ ID [A-Za-z_][A-Za-z_0-9]* ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) +INT [[:digit:]]+ %option nodefault @@ -78,6 +80,11 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) "T" yylval.val = 1; return TOK_BOOL; "F" yylval.val = 0; return TOK_BOOL; +{INT} { + yylval.str = copy_string(yytext); + return TOK_INT; + } + {ID} { yylval.str = copy_string(yytext); return TOK_ID; @@ -111,6 +118,7 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) } %% + int yywrap() { yy_delete_buffer(YY_CURRENT_BUFFER); @@ -120,13 +128,21 @@ int yywrap() extern int yyparse(); char* input_filename = 0; -FILE* fp_bro_init; -FILE* fp_func_def; -FILE* fp_func_h; -FILE* fp_func_init; -FILE* fp_netvar_h; -FILE* fp_netvar_def; -FILE* fp_netvar_init; +FILE* fp_bro_init = 0; +FILE* fp_func_def = 0; +FILE* fp_func_h = 0; +FILE* fp_func_init = 0; +FILE* fp_netvar_h = 0; +FILE* fp_netvar_def = 0; +FILE* fp_netvar_init = 0; + + +void remove_file(const char *surfix); +void err_exit(void); +FILE* open_output_file(const char* surfix); +void close_if_open(FILE **fpp); +void close_all_output_files(void); + FILE* open_output_file(const char* surfix) { @@ -137,12 +153,13 @@ FILE* open_output_file(const char* surfix) if ( (fp = fopen(fn, "w")) == NULL ) { fprintf(stderr, "Error: cannot open file: %s\n", fn); - exit(1); + err_exit(); } return fp; } + int main(int argc, char* argv[]) { for ( int i = 1; i < argc; i++ ) @@ -156,6 +173,7 @@ int main(int argc, char* argv[]) if ( (fp_input = fopen(input_filename, "r")) == NULL ) { fprintf(stderr, "Error: cannot open file: %s\n", input_filename); + /* no output files open. can simply exit */ exit(1); } @@ -174,12 +192,48 @@ int main(int argc, char* argv[]) yyparse(); fclose(fp_input); - fclose(fp_bro_init); - fclose(fp_func_h); - fclose(fp_func_def); - fclose(fp_func_init); - fclose(fp_netvar_h); - fclose(fp_netvar_def); - fclose(fp_netvar_init); + close_all_output_files(); + } } + +void close_if_open(FILE **fpp) + { + if (*fpp) + fclose(*fpp); + *fpp = NULL; + } + +void close_all_output_files(void) + { + close_if_open(&fp_bro_init); + close_if_open(&fp_func_h); + close_if_open(&fp_func_def); + close_if_open(&fp_func_init); + close_if_open(&fp_netvar_h); + close_if_open(&fp_netvar_def); + close_if_open(&fp_netvar_init); + } + +void remove_file(const char *surfix) + { + char fn[1024]; + + snprintf(fn, sizeof(fn), "%s.%s", input_filename, surfix); + unlink(fn); + } + +void err_exit(void) + { + close_all_output_files(); + /* clean up. remove all output files we've generated so far */ + remove_file("bro"); + remove_file("func_h"); + remove_file("func_def"); + remove_file("func_init"); + remove_file("netvar_h"); + remove_file("netvar_def"); + remove_file("netvar_init"); + exit(1); + } + diff --git a/src/builtin-func.y b/src/builtin-func.y index 268288bc39..b3db17f82a 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -158,11 +158,11 @@ void print_event_c_body(FILE *fp) %token TOK_WRITE TOK_PUSH TOK_EOF TOK_TRACE %token TOK_ARGS TOK_ARG TOK_ARGC %token TOK_ID TOK_ATTR TOK_CSTR TOK_LF TOK_WS TOK_COMMENT -%token TOK_ATOM TOK_C_TOKEN +%token TOK_ATOM TOK_INT TOK_C_TOKEN %left ',' ':' -%type TOK_C_TOKEN TOK_ID TOK_CSTR TOK_WS TOK_COMMENT TOK_ATTR opt_ws +%type TOK_C_TOKEN TOK_ID TOK_CSTR TOK_WS TOK_COMMENT TOK_ATTR TOK_INT opt_ws %type TOK_ATOM TOK_BOOL %union { @@ -257,6 +257,11 @@ enum_list: enum_list TOK_ID opt_ws ',' opt_ws fprintf(fp_bro_init, "%s%s,%s", $2, $3, $5); fprintf(fp_netvar_h, "\t%s,\n", $2); } + | enum_list TOK_ID opt_ws '=' opt_ws TOK_INT opt_ws ',' opt_ws + { + fprintf(fp_bro_init, "%s = %s%s,%s", $2, $6, $7, $9); + fprintf(fp_netvar_h, "\t%s = %s,\n", $2, $6); + } | /* nothing */ ; @@ -543,6 +548,9 @@ c_atom: TOK_ID { fprintf(fp_func_def, "%s", $1); } | TOK_ATOM { fprintf(fp_func_def, "%c", $1); } + | TOK_INT + { fprintf(fp_func_def, "%s", $1); } + ; opt_ws: opt_ws TOK_WS @@ -566,6 +574,7 @@ extern char* yytext; extern char* input_filename; extern int line_number; const char* decl_name; +void err_exit(void); void print_msg(const char msg[]) { @@ -605,7 +614,6 @@ int yyerror(const char msg[]) { print_msg(msg); - abort(); - exit(1); + err_exit(); return 0; } diff --git a/src/parse.y b/src/parse.y index 82ee3cadfb..4338f6d788 100644 --- a/src/parse.y +++ b/src/parse.y @@ -51,7 +51,7 @@ %type expr init anonymous_function %type event %type stmt stmt_list func_body for_head -%type type opt_type refined_type enum_id_list +%type type opt_type refined_type enum_body %type func_hdr func_params %type type_list %type type_decl formal_args_decl @@ -104,6 +104,29 @@ bool in_debug = false; bool resolving_global_ID = false; ID* func_id = 0; +EnumType *cur_enum_type = 0; + +static void parser_new_enum (void) + { + /* starting a new enum definition. */ + assert(cur_enum_type == NULL); + cur_enum_type = new EnumType(); + } +static void parser_redef_enum (ID *id) + { + /* redef an enum. id points to the enum to be redefined. + let cur_enum_type point to it */ + assert(cur_enum_type == NULL); + if ( ! id->Type() ) + id->Error("unknown identifier"); + else + { + cur_enum_type = id->Type()->AsEnumType(); + if ( ! cur_enum_type ) + id->Error("not an enum"); + } + } + %} %union { @@ -546,27 +569,52 @@ single_pattern: { $$ = $3; } ; -enum_id_list: - TOK_ID +enum_body: + enum_body_list opt_comma { - set_location(@1); - - EnumType* et = new EnumType(is_export); - if ( et->AddName(current_module, $1) < 0 ) - error("identifier in enumerated type definition already exists"); - $$ = et; - } - - | enum_id_list ',' TOK_ID - { - set_location(@1, @3); - - if ( $1->AsEnumType()->AddName(current_module, $3) < 1 ) - error("identifier in enumerated type definition already exists"); - $$ = $1; + $$ = cur_enum_type; + cur_enum_type = NULL; } ; +enum_body_list: + enum_body_elem /* No action */ + | enum_body_list ',' enum_body_elem /* no action */ + ; + +enum_body_elem: + /* TODO: We could also define this as TOK_ID '=' expr, (or + TOK_ID '=' = TOK_ID) so that we can return more descriptive + error messages if someboy tries to use constant variables as + enumerator. + */ + TOK_ID '=' TOK_CONSTANT + { + set_location(@1, @3); + assert(cur_enum_type); + if ($3->Type()->Tag() != TYPE_COUNT) + error("enumerator is not a count constant"); + if ( cur_enum_type->AddName(current_module, $1, $3->InternalUnsigned(), is_export) < 0 ) + error("identifier or enumerator value in enumerated type definition already exists"); + } + | TOK_ID '=' '-' TOK_CONSTANT + { + /* We only accept counts as enumerator, but we want to return a nice + error message if users tries to use a negative integer (will also + catch other cases, but that's fine) + */ + error("enumerator is not a count constant"); + } + | TOK_ID + { + set_location(@1); + assert(cur_enum_type); + if ( cur_enum_type->AddName(current_module, $1, is_export) < 0 ) + error("identifier or enumerator value in enumerated type definition already exists"); + } + ; + + type: TOK_BOOL { set_location(@1); @@ -668,10 +716,10 @@ type: $$ = 0; } - | TOK_ENUM '{' enum_id_list opt_comma '}' + | TOK_ENUM '{' { parser_new_enum(); } enum_body '}' { - set_location(@1, @4); - $$ = $3; + set_location(@1, @5); + $$ = $4; } | TOK_LIST @@ -801,21 +849,9 @@ decl: | TOK_REDEF global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REDEF); } - | TOK_REDEF TOK_ENUM global_id TOK_ADD_TO - '{' enum_id_list opt_comma '}' ';' - { - if ( ! $3->Type() ) - $3->Error("unknown identifier"); - else - { - EnumType* add_to = $3->Type()->AsEnumType(); - if ( ! add_to ) - $3->Error("not an enum"); - else - add_to->AddNamesFrom(current_module, - $6->AsEnumType()); - } - } + | TOK_REDEF TOK_ENUM global_id TOK_ADD_TO + '{' { parser_redef_enum($3); } enum_body '}' ';' + { /* no action */ } | TOK_TYPE global_id ':' refined_type opt_attr ';' { From fdaeea0ea923d7ff9c29a0cea5086ffd039b85e6 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Sat, 11 Dec 2010 11:57:27 -0800 Subject: [PATCH 30/54] enum type: don't allow mixing of explicit value and auto-increment. Updated enum type. New description: Enum's are supported in .bif and .bro scripts. An enum in a bif will become available in the event engine and the policy layer. It is possible to assign an explicit value to an enum enumerator element, or the enum type can automatically assign values. However, the styles cannot be mixed. If automatic assignement is used, the first element will have a value of 0, the next will have a value of 1, etc. Enum type variables and identifiers can be formated using the "%s" format specifier, in which case the symbolic name will be printed. If the "%d" format specifier is used, the numerical value is printed. Example automatic assignment: type foo: enum { BAR_A, # value will be 0 BAR_B, # value will be 1 BAR_C, # value will be 2 }; Example with explicit assignment: type foobar: enum { BAR_X = 10, # value will be 10 BAR_Y = 23, # value will be 23 BAR_Z = 42, # value will be 42 }; Enumerator values can only by positive integer literals. The literals can be specified in (0x....), but not in octal (bro policy layer limitation). So, do not use 0123 as value in bifs! Each enumerator value can only be used once per enum (C allows to use the same value multiple times). All these restrictions are enforced by the policy script layer and not the bif compiler! Enums can be redef'ed, i.e., extended. If the enum is automatic increment assignment, then the value will continue to increment. If the enum uses explicit assignment, then the redef need to use explicit assignments as well. Example 1:: redef enum foo += { BAR_D, # value will be 3 BAR_E, # value will be 4 BAR_F, # value will be 5 }; Example 2:: redef enum foobar += { BAR_W = 100, }; --- src/Type.cc | 41 ++++++++++++++++++++++++++++++++++------- src/Type.h | 22 +++++++++++++--------- src/parse.y | 10 +++++----- 3 files changed, 52 insertions(+), 21 deletions(-) diff --git a/src/Type.cc b/src/Type.cc index cb595a4428..99debc3c9c 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1094,16 +1094,42 @@ EnumType::~EnumType() delete [] iter->first; } -bro_int_t EnumType::AddName(const string& module_name, const char* name, bool is_export) +// Note, we don't use Error() and SetError(( for EnumType because EnumTypes can +// be redefined, the location associated with it is ill-defined and might result +// in error messaging with confusing line numbers. +void EnumType::AddName(const string& module_name, const char* name, bool is_export) + { + /* implicit, auto-increment */ + if ( counter < 0) + { + error("cannot mix explicit enumerator assignment and implicit auto-increment"); + return; + } + AddNameInternal(module_name, name, counter, is_export); + counter++; + } + +void EnumType::AddName(const string& module_name, const char* name, bro_int_t val, bool is_export) { - return AddName(module_name, name, counter, is_export); + /* explicit value specified */ + error_t rv; + if ( counter > 0 ) + { + error("cannot mix explicit enumerator assignment and implicit auto-increment"); + return; + } + counter = -1; + AddNameInternal(module_name, name, val, is_export); } -bro_int_t EnumType::AddName(const string& module_name, const char* name, bro_int_t val, bool is_export) +void EnumType::AddNameInternal(const string& module_name, const char* name, bro_int_t val, bool is_export) { ID *id; if ( Lookup(val) ) - return -1; + { + error("enumerator value in enumerated type definition already exists"); + return; + } id = lookup_ID(name, module_name.c_str()); if ( ! id ) @@ -1113,12 +1139,13 @@ bro_int_t EnumType::AddName(const string& module_name, const char* name, bro_int id->SetEnumConst(); } else - return -1; + { + error("identifier or enumerator value in enumerated type definition already exists"); + return; + } string fullname = make_full_var_name(module_name.c_str(), name); names[copy_string(fullname.c_str())] = val; - counter = val + 1; - return val; } bro_int_t EnumType::Lookup(const string& module_name, const char* name) diff --git a/src/Type.h b/src/Type.h index 7865946a1d..dca122eadf 100644 --- a/src/Type.h +++ b/src/Type.h @@ -455,16 +455,12 @@ public: EnumType(); ~EnumType(); - // The value of this name is next counter value, which is returned. - // A return value of -1 means that the identifier or the counter values - // already existed (and thus could not be used). - bro_int_t AddName(const string& module_name, const char* name, bool is_export); + // The value of this name is next counter value. The counter is incremented + void AddName(const string& module_name, const char* name, bool is_export); - // The value of this name is set to val, which is return. The counter will - // be updated, so the next name (without val) will have val+1 - // A return value of -1 means that the identifier or val - // already existed (and thus could not be used). - bro_int_t AddName(const string& module_name, const char* name, bro_int_t val, bool is_export); + // The value of this name is set to val. The counter will + // be set to -1 to indicate that we are assigning explicit values + void AddName(const string& module_name, const char* name, bro_int_t val, bool is_export); // -1 indicates not found. bro_int_t Lookup(const string& module_name, const char* name); @@ -473,8 +469,16 @@ public: protected: DECLARE_SERIAL(EnumType) + void AddNameInternal(const string& module_name, const char* name, bro_int_t val, bool is_export); + typedef std::map< const char*, bro_int_t, ltstr > NameMap; NameMap names; + // counter is initialized to 0 and incremented on every implicit + // auto-increment name that gets added (thus its > 0 if auto-increment + // is used). + // If an explicit value is specified, the counter is set to -1 + // This way counter can be used to prevent mixing of auto-increment + // and explicit enumerator specification bro_int_t counter; }; diff --git a/src/parse.y b/src/parse.y index 4338f6d788..e9de07eb8f 100644 --- a/src/parse.y +++ b/src/parse.y @@ -594,8 +594,8 @@ enum_body_elem: assert(cur_enum_type); if ($3->Type()->Tag() != TYPE_COUNT) error("enumerator is not a count constant"); - if ( cur_enum_type->AddName(current_module, $1, $3->InternalUnsigned(), is_export) < 0 ) - error("identifier or enumerator value in enumerated type definition already exists"); + else + cur_enum_type->AddName(current_module, $1, $3->InternalUnsigned(), is_export); } | TOK_ID '=' '-' TOK_CONSTANT { @@ -609,8 +609,7 @@ enum_body_elem: { set_location(@1); assert(cur_enum_type); - if ( cur_enum_type->AddName(current_module, $1, is_export) < 0 ) - error("identifier or enumerator value in enumerated type definition already exists"); + cur_enum_type->AddName(current_module, $1, is_export); } ; @@ -716,9 +715,10 @@ type: $$ = 0; } - | TOK_ENUM '{' { parser_new_enum(); } enum_body '}' + | TOK_ENUM '{' { set_location(@1); parser_new_enum(); } enum_body '}' { set_location(@1, @5); + $4->UpdateLocationEndInfo(@5); $$ = $4; } From a9f28fab749452bf7b056b9a93c1d1f2f4495ee5 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 17 Dec 2010 13:20:38 -0800 Subject: [PATCH 31/54] Minor tweaks for bif language. * Bif language: Can now specify hex constants as explicit enumerators. * Bifcl output files new also depend on the bifcl binary. --- src/CMakeLists.txt | 1 + src/builtin-func.l | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 856e8cad4d..3b371e1cd7 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -103,6 +103,7 @@ macro(BIF_TARGET bifInput) COMMAND bifcl ARGS ${CMAKE_CURRENT_SOURCE_DIR}/${bifInput} || (rm -f ${bifOutputs} && exit 1) DEPENDS ${bifInput} + DEPENDS bifcl COMMENT "[BIFCL] Processing ${bifInput}" ) list(APPEND ALL_BIF_OUTPUTS ${bifOutputs}) diff --git a/src/builtin-func.l b/src/builtin-func.l index cbd925819b..aa5a281856 100644 --- a/src/builtin-func.l +++ b/src/builtin-func.l @@ -30,7 +30,8 @@ int check_c_mode(int t) WS [ \t]+ ID [A-Za-z_][A-Za-z_0-9]* ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) -INT [[:digit:]]+ +D [[:digit:]]+ +HEX [0-9a-fA-F]+ %option nodefault @@ -80,11 +81,17 @@ INT [[:digit:]]+ "T" yylval.val = 1; return TOK_BOOL; "F" yylval.val = 0; return TOK_BOOL; -{INT} { +{D} { yylval.str = copy_string(yytext); return TOK_INT; } +"0x"{HEX} { + yylval.str = copy_string(yytext); + return TOK_INT; + } + + {ID} { yylval.str = copy_string(yytext); return TOK_ID; From 1e2aa14a0234f7bc8f7182035182ee2c2370ba57 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 17 Dec 2010 13:42:27 -0800 Subject: [PATCH 32/54] Bif: add record type declaration. One can now declare (but not define) a record type in bif: type : record; This adds the netvar glue so that the event engine knows about the type. One still has to define the type in bro.init. Would be nice, if we could just define the record type here and then copy to the .bif.bro file, but type delcarations in bro can be quite powerful. Don't know whether it's worth it extend the bif-language to be able to handle that all.... Or we just support a simple form of record type definitions The type has be called in bro.init and it will be availabe as a RecordType * rectype_ in the event engine. TODO: add other types (tables, sets) --- src/builtin-func.l | 2 ++ src/builtin-func.y | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/src/builtin-func.l b/src/builtin-func.l index aa5a281856..5d07a18fdb 100644 --- a/src/builtin-func.l +++ b/src/builtin-func.l @@ -68,6 +68,8 @@ HEX [0-9a-fA-F]+ "const" return check_c_mode(TOK_CONST); "enum" return check_c_mode(TOK_ENUM); "declare" return check_c_mode(TOK_DECLARE); +"type" return check_c_mode(TOK_TYPE); +"record" return check_c_mode(TOK_RECORD); "@ARG@" return TOK_ARG; "@ARGS@" return TOK_ARGS; diff --git a/src/builtin-func.y b/src/builtin-func.y index b3db17f82a..3d914e66d6 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -155,6 +155,7 @@ void print_event_c_body(FILE *fp) %token TOK_LPP TOK_RPP TOK_LPB TOK_RPB TOK_LPPB TOK_RPPB TOK_VAR_ARG %token TOK_BOOL %token TOK_FUNCTION TOK_REWRITER TOK_EVENT TOK_CONST TOK_ENUM TOK_DECLARE +%token TOK_TYPE TOK_RECORD %token TOK_WRITE TOK_PUSH TOK_EOF TOK_TRACE %token TOK_ARGS TOK_ARG TOK_ARGC %token TOK_ID TOK_ATTR TOK_CSTR TOK_LF TOK_WS TOK_COMMENT @@ -202,6 +203,7 @@ definition: event_def | enum_def | const_def | declare_def + | type_def ; declare_def: TOK_DECLARE opt_ws TOK_ENUM opt_ws TOK_ID opt_ws ';' @@ -210,6 +212,26 @@ declare_def: TOK_DECLARE opt_ws TOK_ENUM opt_ws TOK_ID opt_ws ';' } ; + // XXX: Add the netvar glue so that the event engine knows about + // the type. One still has to define the type in bro.init. + // Would be nice, if we could just define the record type here + // and then copy to the .bif.bro file, but type delcarations in + // bro can be quite powerful. Don't know whether it's worth it + // extend the bif-language to be able to handle that all.... + // Or we just support a simple form of record type definitions + // TODO: add other types (tables, sets) +type_def: TOK_TYPE opt_ws TOK_ID opt_ws ':' opt_ws TOK_RECORD opt_ws ';' + { + fprintf(fp_netvar_h, + "extern RecordType* rectype_%s;\n", $3); + fprintf(fp_netvar_def, + "RecordType* rectype_%s;\n", $3); + fprintf(fp_netvar_init, + "\trectype_%s = internal_type(\"%s\")->AsRecordType();\n", + $3, $3); + } + ; + event_def: event_prefix opt_ws plain_head opt_attr end_of_head ';' { print_event_c_prototype(fp_func_h); From 43a84866a014c67fe140d15949bf4b8e785f11c3 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Thu, 10 Feb 2011 13:49:09 -0800 Subject: [PATCH 33/54] Remove unused and unnecessary "declare enum" from bifcl --- src/bif_arg.cc | 4 ---- src/builtin-func.l | 1 - src/builtin-func.y | 11 +---------- src/event.bif | 5 ----- src/portmap-analyzer.pac | 2 +- 5 files changed, 2 insertions(+), 21 deletions(-) diff --git a/src/bif_arg.cc b/src/bif_arg.cc index 2befed495a..9ef1594fd8 100644 --- a/src/bif_arg.cc +++ b/src/bif_arg.cc @@ -24,7 +24,6 @@ static struct { }; extern const char* arg_list_name; -extern set enum_types; BuiltinFuncArg::BuiltinFuncArg(const char* arg_name, int arg_type) { @@ -45,9 +44,6 @@ BuiltinFuncArg::BuiltinFuncArg(const char* arg_name, const char* arg_type_str) type = i; type_str = ""; } - - if ( enum_types.find(type_str) != enum_types.end() ) - type = TYPE_ENUM; } void BuiltinFuncArg::PrintBro(FILE* fp) diff --git a/src/builtin-func.l b/src/builtin-func.l index 5d07a18fdb..14b0eb52a6 100644 --- a/src/builtin-func.l +++ b/src/builtin-func.l @@ -67,7 +67,6 @@ HEX [0-9a-fA-F]+ "event" return check_c_mode(TOK_EVENT); "const" return check_c_mode(TOK_CONST); "enum" return check_c_mode(TOK_ENUM); -"declare" return check_c_mode(TOK_DECLARE); "type" return check_c_mode(TOK_TYPE); "record" return check_c_mode(TOK_RECORD); diff --git a/src/builtin-func.y b/src/builtin-func.y index 3d914e66d6..44d63ad5db 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -67,9 +67,6 @@ extern const char* decl_name; int var_arg; // whether the number of arguments is variable std::vector args; -// enum types declared by "declare enum " -set enum_types; - extern int yyerror(const char[]); extern int yywarn(const char msg[]); extern int yylex(); @@ -154,7 +151,7 @@ void print_event_c_body(FILE *fp) %token TOK_LPP TOK_RPP TOK_LPB TOK_RPB TOK_LPPB TOK_RPPB TOK_VAR_ARG %token TOK_BOOL -%token TOK_FUNCTION TOK_REWRITER TOK_EVENT TOK_CONST TOK_ENUM TOK_DECLARE +%token TOK_FUNCTION TOK_REWRITER TOK_EVENT TOK_CONST TOK_ENUM %token TOK_TYPE TOK_RECORD %token TOK_WRITE TOK_PUSH TOK_EOF TOK_TRACE %token TOK_ARGS TOK_ARG TOK_ARGC @@ -202,15 +199,9 @@ definition: event_def | c_code_segment | enum_def | const_def - | declare_def | type_def ; -declare_def: TOK_DECLARE opt_ws TOK_ENUM opt_ws TOK_ID opt_ws ';' - { - enum_types.insert($5); - } - ; // XXX: Add the netvar glue so that the event engine knows about // the type. One still has to define the type in bro.init. diff --git a/src/event.bif b/src/event.bif index 3171b02dde..270f1b0d0b 100644 --- a/src/event.bif +++ b/src/event.bif @@ -1,10 +1,5 @@ # $Id: event.bif 6942 2009-11-16 03:54:08Z vern $ -# Declare to bifcl the following types as enum types. -declare enum dce_rpc_ptype; -declare enum dce_rpc_if_id; -declare enum rpc_status; - event bro_init%(%); event bro_done%(%); diff --git a/src/portmap-analyzer.pac b/src/portmap-analyzer.pac index 1e7921a9ff..6ad03f23d4 100644 --- a/src/portmap-analyzer.pac +++ b/src/portmap-analyzer.pac @@ -150,7 +150,7 @@ function PortmapCallFailed(connection: RPC_Conn, status: EnumRPCStatus): bool %{ // BroEnum::rpc_status st = static_cast(status); - BroEnum::rpc_status st = (BroEnum::rpc_status) status; + Val *st = new EnumVal((BroEnum::rpc_status) status, enum_rpc_status); switch ( call->proc() ) { case PMAPPROC_NULL: From 9c39abffef7d6800f6b62549a0fe506bf258d26b Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Thu, 10 Feb 2011 14:11:33 -0800 Subject: [PATCH 34/54] Use namespaces for NetVar type pointers. Enums defined in bifs and records declared in bifs are now available in the C++ layer in namespaces (before they were in the global namespace with enum_* and rectype_* prefixes). Namespaces are now BroTypePtr::Enum:: and BroTypePtr::Record:: --- src/DCE_RPC.cc | 4 ++-- src/Portmap.cc | 2 +- src/builtin-func.y | 12 ++++++------ src/portmap-analyzer.pac | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/DCE_RPC.cc b/src/DCE_RPC.cc index 62f7806c51..5b5b1b0e8a 100644 --- a/src/DCE_RPC.cc +++ b/src/DCE_RPC.cc @@ -234,7 +234,7 @@ void DCE_RPC_Session::DeliverPDU(int is_orig, int len, const u_char* data) val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); vl->append(new Val(is_orig, TYPE_BOOL)); - vl->append(new EnumVal(data[2], enum_dce_rpc_ptype)); + vl->append(new EnumVal(data[2], BroTypePtr::Enum::dce_rpc_ptype)); vl->append(new StringVal(len, (const char*) data)); analyzer->ConnectionEvent(dce_rpc_message, vl); @@ -296,7 +296,7 @@ void DCE_RPC_Session::DeliverBind(const binpac::DCE_RPC_Simple::DCE_RPC_PDU* pdu val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); vl->append(new StringVal(if_uuid.to_string())); - // vl->append(new EnumVal(if_id, enum_dce_rpc_if_id)); + // vl->append(new EnumVal(if_id, BroTypePtr::Enum::dce_rpc_if_id)); analyzer->ConnectionEvent(dce_rpc_bind, vl); } diff --git a/src/Portmap.cc b/src/Portmap.cc index af9383297f..46d79b712c 100644 --- a/src/Portmap.cc +++ b/src/Portmap.cc @@ -288,7 +288,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, int status, Val* r } else { - vl->append(new EnumVal(status, enum_rpc_status)); + vl->append(new EnumVal(status, BroTypePtr::Enum::rpc_status)); if ( request ) vl->append(request); } diff --git a/src/builtin-func.y b/src/builtin-func.y index 44d63ad5db..fafcdea76a 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -214,11 +214,11 @@ definition: event_def type_def: TOK_TYPE opt_ws TOK_ID opt_ws ':' opt_ws TOK_RECORD opt_ws ';' { fprintf(fp_netvar_h, - "extern RecordType* rectype_%s;\n", $3); + "namespace BroTypePtr { namespace Record { extern RecordType* %s; } }\n", $3); fprintf(fp_netvar_def, - "RecordType* rectype_%s;\n", $3); + "namespace BroTypePtr { namespace Record { RecordType* %s; } }\n", $3); fprintf(fp_netvar_init, - "\trectype_%s = internal_type(\"%s\")->AsRecordType();\n", + "\tBroTypePtr::Record::%s = internal_type(\"%s\")->AsRecordType();\n", $3, $3); } ; @@ -247,11 +247,11 @@ enum_def: enum_def_1 enum_list TOK_RPB // Now generate the netvar's. fprintf(fp_netvar_h, - "extern EnumType* enum_%s;\n", decl_name); + "namespace BroTypePtr { namespace Enum { extern EnumType* %s;\n } }", decl_name); fprintf(fp_netvar_def, - "EnumType* enum_%s;\n", decl_name); + "namespace BroTypePtr { namespace Enum { EnumType* %s; } }\n", decl_name); fprintf(fp_netvar_init, - "\tenum_%s = internal_type(\"%s\")->AsEnumType();\n", + "\tBroTypePtr::Enum::%s = internal_type(\"%s\")->AsEnumType();\n", decl_name, decl_name); } ; diff --git a/src/portmap-analyzer.pac b/src/portmap-analyzer.pac index 6ad03f23d4..3c7b00cd32 100644 --- a/src/portmap-analyzer.pac +++ b/src/portmap-analyzer.pac @@ -150,7 +150,7 @@ function PortmapCallFailed(connection: RPC_Conn, status: EnumRPCStatus): bool %{ // BroEnum::rpc_status st = static_cast(status); - Val *st = new EnumVal((BroEnum::rpc_status) status, enum_rpc_status); + Val *st = new EnumVal(status, BroTypePtr::Enum::rpc_status); switch ( call->proc() ) { case PMAPPROC_NULL: From 600e3b5214da15dc573cf99db7c9f69d9132a898 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Thu, 10 Feb 2011 15:09:25 -0800 Subject: [PATCH 35/54] Remove leftovers from removing "declare enum" from bifcl --- src/bif_arg.cc | 12 +----------- src/bif_type.def | 1 - 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/src/bif_arg.cc b/src/bif_arg.cc index 9ef1594fd8..5900c117eb 100644 --- a/src/bif_arg.cc +++ b/src/bif_arg.cc @@ -71,21 +71,11 @@ void BuiltinFuncArg::PrintCArg(FILE* fp, int n) { const char* ctype = builtin_func_arg_type[type].c_type; char buf[1024]; - if ( type == TYPE_ENUM ) - { - snprintf(buf, sizeof(buf), - builtin_func_arg_type[type].c_type, type_str); - ctype = buf; - } fprintf(fp, "%s %s", ctype, name); } void BuiltinFuncArg::PrintBroValConstructor(FILE* fp) { - if ( type == TYPE_ENUM ) - fprintf(fp, builtin_func_arg_type[type].constructor, - name, type_str); - else - fprintf(fp, builtin_func_arg_type[type].constructor, name); + fprintf(fp, builtin_func_arg_type[type].constructor, name); } diff --git a/src/bif_type.def b/src/bif_type.def index 94e12997e8..84179be1c3 100644 --- a/src/bif_type.def +++ b/src/bif_type.def @@ -22,5 +22,4 @@ DEFINE_BIF_TYPE(TYPE_STRING, "string", "string", "StringVal*", "%s->AsStringVa // DEFINE_BIF_TYPE(TYPE_STRING, "string", "string", "BroString*", "%s->AsString()", "new StringVal(%s)") DEFINE_BIF_TYPE(TYPE_SUBNET, "subnet", "subnet", "SubNetVal*", "%s->AsSubNetVal()", "%s") DEFINE_BIF_TYPE(TYPE_TIME, "time", "time", "double", "%s->AsTime()", "new Val(%s, TYPE_TIME)") -DEFINE_BIF_TYPE(TYPE_ENUM, "", "", "BroEnum::%s", "%s->InternalInt()", "new EnumVal(%s, enum_%s)") DEFINE_BIF_TYPE(TYPE_OTHER, "", "", "Val*", "%s", "%s") From 86fdd1dcf338bee3e16ee482f6e101a5c087179e Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 11 Feb 2011 09:31:22 -0800 Subject: [PATCH 36/54] Support namespaces / modules in bif. Checkpoint. This change is actually two-fold: a) bif's now accept module XYZ; statements and module::ID for function, const, event, enum, etc. declartation b) Added C++-namespaces to variables, functions, etc. that are declared in bif but accessed from C++ This required some (lightweight) re-factoring of the C++ codes. Note, event's don't have their own C++ namespace yet, since this would require a rather huge re-factoring. Compiles and passes test suite. New namespace feature not tested yet. Documentation to follow. --- src/module_util.cc | 65 ++++++++++++++++++++++++++++++++++++++++++++++ src/module_util.h | 14 ++++++++++ 2 files changed, 79 insertions(+) create mode 100644 src/module_util.cc create mode 100644 src/module_util.h diff --git a/src/module_util.cc b/src/module_util.cc new file mode 100644 index 0000000000..f30f3db938 --- /dev/null +++ b/src/module_util.cc @@ -0,0 +1,65 @@ +// +// See the file "COPYING" in the main distribution directory for copyright. + +#include +#include +#include "module_util.h" + +static int streq(const char* s1, const char* s2) + { + return ! strcmp(s1, s2); + } + +// Returns it without trailing "::". +string extract_module_name(const char* name) + { + string module_name = name; + string::size_type pos = module_name.rfind("::"); + + if ( pos == string::npos ) + return string(GLOBAL_MODULE_NAME); + + module_name.erase(pos); + + return module_name; + } + +string extract_var_name(const char *name) + { + string var_name = name; + string::size_type pos = var_name.rfind("::"); + + if ( pos == string::npos ) + return var_name; + + if ( pos + 2 > var_name.size() ) + return string(""); + + return var_name.substr(pos+2); + } + + + +string normalized_module_name(const char* module_name) + { + int mod_len; + if ( (mod_len = strlen(module_name)) >= 2 && + streq(module_name + mod_len - 2, "::") ) + mod_len -= 2; + + return string(module_name, mod_len); + } + +string make_full_var_name(const char* module_name, const char* var_name) + { + if ( ! module_name || streq(module_name, GLOBAL_MODULE_NAME) || + strstr(var_name, "::") ) + return string(var_name); + + string full_name = normalized_module_name(module_name); + full_name += "::"; + full_name += var_name; + + return full_name; + } + diff --git a/src/module_util.h b/src/module_util.h new file mode 100644 index 0000000000..ec82ac0b77 --- /dev/null +++ b/src/module_util.h @@ -0,0 +1,14 @@ + +#include + +using namespace std; + +static const char* GLOBAL_MODULE_NAME = "GLOBAL"; + +extern string extract_module_name(const char* name); +extern string extract_var_name(const char* name); +extern string normalized_module_name(const char* module_name); // w/o :: + +// Concatenates module_name::var_name unless var_name is already fully +// qualified, in which case it is returned unmodified. +extern string make_full_var_name(const char* module_name, const char* var_name); From f79ea244fafdd42d9863b1bd8ceb8083f47a5bb5 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 11 Feb 2011 09:37:23 -0800 Subject: [PATCH 37/54] Support namespaces / modules in bif. Checkpoint. (now actually commiting all the files) This change is actually two-fold: a) bif's now accept module XYZ; statements and module::ID for function, const, event, enum, etc. declartation b) Added C++-namespaces to variables, functions, etc. that are declared in bif but accessed from C++ This required some (lightweight) re-factoring of the C++ codes. Note, event's don't have their own C++ namespace yet, since this would require a rather huge re-factoring. Compiles and passes test suite. New namespace feature not tested yet. Documentation to follow. --- src/CMakeLists.txt | 3 +- src/DCE_RPC.cc | 18 +-- src/DCE_RPC.h | 6 +- src/DNS.h | 2 +- src/FTP.h | 2 +- src/Finger.h | 2 +- src/Func.cc | 14 +- src/HTTP.cc | 2 +- src/HTTP.h | 2 +- src/Ident.h | 2 +- src/Net.cc | 2 +- src/Portmap.cc | 2 +- src/RPC.cc | 14 +- src/SMB.h | 2 +- src/SMTP.h | 2 +- src/Scope.cc | 36 ----- src/Scope.h | 10 +- src/Sessions.cc | 8 +- src/TCP.cc | 6 +- src/TCP_Rewriter.cc | 12 +- src/UDP_Rewriter.cc | 4 +- src/bittorrent-analyzer.pac | 26 ++-- src/builtin-func.l | 7 +- src/builtin-func.y | 266 ++++++++++++++++++++++++++---------- src/dce_rpc-analyzer.pac | 6 +- src/dhcp-analyzer.pac | 16 +-- src/dns-analyzer.pac | 18 +-- src/http-analyzer.pac | 14 +- src/portmap-analyzer.pac | 28 ++-- src/rpc-analyzer.pac | 2 +- src/ssl-analyzer.pac | 26 ++-- 31 files changed, 332 insertions(+), 228 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 3b371e1cd7..b71dab5c25 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -83,7 +83,7 @@ flex_target(Scanner scan.l ${CMAKE_CURRENT_BINARY_DIR}/scan.cc set(bifcl_SRCS ${BISON_BIFParser_OUTPUTS} ${FLEX_BIFScanner_OUTPUTS} - bif_arg.cc + bif_arg.cc module_util.cc ) add_executable(bifcl ${bifcl_SRCS}) @@ -240,6 +240,7 @@ set(bro_SRCS main.cc net_util.cc util.cc + module_util.cc Active.cc Analyzer.cc Anon.cc diff --git a/src/DCE_RPC.cc b/src/DCE_RPC.cc index 5b5b1b0e8a..c8b715351c 100644 --- a/src/DCE_RPC.cc +++ b/src/DCE_RPC.cc @@ -85,7 +85,7 @@ UUID::UUID(const char* str) internal_error("invalid UUID string: %s", str); } -typedef map uuid_map_t; +typedef map uuid_map_t; static uuid_map_t& well_known_uuid_map() { @@ -95,7 +95,7 @@ static uuid_map_t& well_known_uuid_map() if ( initialized ) return the_map; - using namespace BroEnum; + using namespace BifEnum; the_map[UUID("e1af8308-5d1f-11c9-91a4-08002b14a0fa")] = DCE_RPC_epmapper; @@ -186,14 +186,14 @@ DCE_RPC_Header::DCE_RPC_Header(Analyzer* a, const u_char* b) else fragmented = 0; - ptype = (BroEnum::dce_rpc_ptype) bytes[2]; + ptype = (BifEnum::dce_rpc_ptype) bytes[2]; frag_len = extract_uint16(LittleEndian(), bytes + 8); } DCE_RPC_Session::DCE_RPC_Session(Analyzer* a) : analyzer(a), if_uuid("00000000-0000-0000-0000-000000000000"), - if_id(BroEnum::DCE_RPC_unknown_if) + if_id(BifEnum::DCE_RPC_unknown_if) { opnum = -1; } @@ -234,7 +234,7 @@ void DCE_RPC_Session::DeliverPDU(int is_orig, int len, const u_char* data) val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); vl->append(new Val(is_orig, TYPE_BOOL)); - vl->append(new EnumVal(data[2], BroTypePtr::Enum::dce_rpc_ptype)); + vl->append(new EnumVal(data[2], BifTypePtr::Enum::dce_rpc_ptype)); vl->append(new StringVal(len, (const char*) data)); analyzer->ConnectionEvent(dce_rpc_message, vl); @@ -286,7 +286,7 @@ void DCE_RPC_Session::DeliverBind(const binpac::DCE_RPC_Simple::DCE_RPC_PDU* pdu // conn->Weird(fmt("Unknown DCE_RPC interface %s", // if_uuid.to_string())); #endif - if_id = BroEnum::DCE_RPC_unknown_if; + if_id = BifEnum::DCE_RPC_unknown_if; } else if_id = uuid_it->second; @@ -296,7 +296,7 @@ void DCE_RPC_Session::DeliverBind(const binpac::DCE_RPC_Simple::DCE_RPC_PDU* pdu val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); vl->append(new StringVal(if_uuid.to_string())); - // vl->append(new EnumVal(if_id, BroTypePtr::Enum::dce_rpc_if_id)); + // vl->append(new EnumVal(if_id, BifTypePtr::Enum::dce_rpc_if_id)); analyzer->ConnectionEvent(dce_rpc_bind, vl); } @@ -321,7 +321,7 @@ void DCE_RPC_Session::DeliverRequest(const binpac::DCE_RPC_Simple::DCE_RPC_PDU* } switch ( if_id ) { - case BroEnum::DCE_RPC_epmapper: + case BifEnum::DCE_RPC_epmapper: DeliverEpmapperRequest(pdu, req); break; @@ -345,7 +345,7 @@ void DCE_RPC_Session::DeliverResponse(const binpac::DCE_RPC_Simple::DCE_RPC_PDU* } switch ( if_id ) { - case BroEnum::DCE_RPC_epmapper: + case BifEnum::DCE_RPC_epmapper: DeliverEpmapperResponse(pdu, resp); break; diff --git a/src/DCE_RPC.h b/src/DCE_RPC.h index 4e13443148..a856599b19 100644 --- a/src/DCE_RPC.h +++ b/src/DCE_RPC.h @@ -91,7 +91,7 @@ class DCE_RPC_Header { public: DCE_RPC_Header(Analyzer* a, const u_char* bytes); - BroEnum::dce_rpc_ptype PTYPE() const { return ptype; } + BifEnum::dce_rpc_ptype PTYPE() const { return ptype; } int FragLen() const { return frag_len; } int LittleEndian() const { return bytes[4] >> 4; } bool Fragmented() const { return fragmented; } @@ -102,7 +102,7 @@ public: protected: Analyzer* analyzer; const u_char* bytes; - BroEnum::dce_rpc_ptype ptype; + BifEnum::dce_rpc_ptype ptype; int frag_len; bool fragmented; }; @@ -138,7 +138,7 @@ protected: Analyzer* analyzer; UUID if_uuid; - BroEnum::dce_rpc_if_id if_id; + BifEnum::dce_rpc_if_id if_id; int opnum; struct { dce_rpc_endpoint_addr addr; diff --git a/src/DNS.h b/src/DNS.h index 6a68bf5dbd..5e339eea5a 100644 --- a/src/DNS.h +++ b/src/DNS.h @@ -267,7 +267,7 @@ public: TCP_Endpoint* peer, int gen_event); virtual int RewritingTrace() { - return rewriting_dns_trace || + return BifConst::rewriting_dns_trace || TCP_ApplicationAnalyzer::RewritingTrace(); } diff --git a/src/FTP.h b/src/FTP.h index f5d60fdf3b..6db97f8f8f 100644 --- a/src/FTP.h +++ b/src/FTP.h @@ -16,7 +16,7 @@ public: virtual void DeliverStream(int len, const u_char* data, bool orig); virtual int RewritingTrace() { - return rewriting_ftp_trace || + return BifConst::rewriting_ftp_trace || TCP_ApplicationAnalyzer::RewritingTrace(); } diff --git a/src/Finger.h b/src/Finger.h index 92fc5e6f82..b64e1ac66c 100644 --- a/src/Finger.h +++ b/src/Finger.h @@ -18,7 +18,7 @@ public: // Line-based input. virtual void DeliverStream(int len, const u_char* data, bool orig); virtual int RewritingTrace() - { return rewriting_finger_trace || TCP_ApplicationAnalyzer::RewritingTrace(); } + { return BifConst::rewriting_finger_trace || TCP_ApplicationAnalyzer::RewritingTrace(); } static Analyzer* InstantiateAnalyzer(Connection* conn) { return new Finger_Analyzer(conn); } diff --git a/src/Func.cc b/src/Func.cc index 5d71be2b0f..077d878bd9 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -496,6 +496,18 @@ void builtin_run_time(const char* msg, BroObj* arg) run_time(msg, arg); } +#include "bro.bif.func_h" + +#include "common-rw.bif.func_h" +#include "finger-rw.bif.func_h" +#include "ftp-rw.bif.func_h" +#include "http-rw.bif.func_h" +#include "ident-rw.bif.func_h" +#include "smtp-rw.bif.func_h" +#include "strings.bif.func_h" +#include "dns-rw.bif.func_h" + + #include "bro.bif.func_def" #include "strings.bif.func_def" @@ -523,7 +535,7 @@ void init_builtin_funcs() bool check_built_in_call(BuiltinFunc* f, CallExpr* call) { - if ( f->TheFunc() != bro_fmt ) + if ( f->TheFunc() != BifFunc::bro_fmt ) return true; const expr_list& args = call->Args()->Exprs(); diff --git a/src/HTTP.cc b/src/HTTP.cc index a8f4481216..934b96cc32 100644 --- a/src/HTTP.cc +++ b/src/HTTP.cc @@ -633,7 +633,7 @@ void HTTP_Message::SetPlainDelivery(int length) { content_line->SetPlainDelivery(length); - if ( length > 0 && skip_http_data ) + if ( length > 0 && BifConst::skip_http_data ) content_line->SkipBytesAfterThisLine(length); if ( ! data_buffer ) diff --git a/src/HTTP.h b/src/HTTP.h index 2faa1791d1..4f1ea6883b 100644 --- a/src/HTTP.h +++ b/src/HTTP.h @@ -170,7 +170,7 @@ public: virtual void DeliverStream(int len, const u_char* data, bool orig); virtual void Undelivered(int seq, int len, bool orig); virtual int RewritingTrace() - { return rewriting_http_trace || TCP_ApplicationAnalyzer::RewritingTrace(); } + { return BifConst::rewriting_http_trace || TCP_ApplicationAnalyzer::RewritingTrace(); } // Overriden from TCP_ApplicationAnalyzer virtual void EndpointEOF(bool is_orig); diff --git a/src/Ident.h b/src/Ident.h index 63bc64f560..9bdcfdb747 100644 --- a/src/Ident.h +++ b/src/Ident.h @@ -16,7 +16,7 @@ public: virtual void DeliverStream(int length, const u_char* data, bool is_orig); virtual int RewritingTrace() { - return rewriting_ident_trace || + return BifConst::rewriting_ident_trace || TCP_ApplicationAnalyzer::RewritingTrace(); } diff --git a/src/Net.cc b/src/Net.cc index 80ad234b64..bc56556ee5 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -346,7 +346,7 @@ void net_init(name_list& interfaces, name_list& readfiles, transformed_pkt_dump = new PacketDumper(pkt_dumper->PcapDumper()); - if ( anonymize_ip_addr ) + if ( BifConst::anonymize_ip_addr ) init_ip_addr_anonymizers(); else for ( int i = 0; i < NUM_ADDR_ANONYMIZATION_METHODS; ++i ) diff --git a/src/Portmap.cc b/src/Portmap.cc index 46d79b712c..7e2c06c9a6 100644 --- a/src/Portmap.cc +++ b/src/Portmap.cc @@ -288,7 +288,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, int status, Val* r } else { - vl->append(new EnumVal(status, BroTypePtr::Enum::rpc_status)); + vl->append(new EnumVal(status, BifTypePtr::Enum::rpc_status)); if ( request ) vl->append(request); } diff --git a/src/RPC.cc b/src/RPC.cc index 278f8bfee5..ef9a925fea 100644 --- a/src/RPC.cc +++ b/src/RPC.cc @@ -137,14 +137,14 @@ int RPC_Interpreter::DeliverRPC(const u_char* buf, int n, int is_orig) if ( ! buf ) return 0; - uint32 status = BroEnum::RPC_UNKNOWN_ERROR; + uint32 status = BifEnum::RPC_UNKNOWN_ERROR; if ( reply_stat == RPC_MSG_ACCEPTED ) { (void) skip_XDR_opaque_auth(buf, n); uint32 accept_stat = extract_XDR_uint32(buf, n); - // The first members of BroEnum::RPC_* correspond + // The first members of BifEnum::RPC_* correspond // to accept_stat. if ( accept_stat <= RPC_SYSTEM_ERR ) status = accept_stat; @@ -171,7 +171,7 @@ int RPC_Interpreter::DeliverRPC(const u_char* buf, int n, int is_orig) if ( reject_stat == RPC_MISMATCH ) { // Note that RPC_MISMATCH == 0 == RPC_SUCCESS. - status = BroEnum::RPC_VERS_MISMATCH; + status = BifEnum::RPC_VERS_MISMATCH; (void) extract_XDR_uint32(buf, n); (void) extract_XDR_uint32(buf, n); @@ -182,7 +182,7 @@ int RPC_Interpreter::DeliverRPC(const u_char* buf, int n, int is_orig) else if ( reject_stat == RPC_AUTH_ERROR ) { - status = BroEnum::RPC_AUTH_ERROR; + status = BifEnum::RPC_AUTH_ERROR; (void) extract_XDR_uint32(buf, n); if ( ! buf ) @@ -191,7 +191,7 @@ int RPC_Interpreter::DeliverRPC(const u_char* buf, int n, int is_orig) else { - status = BroEnum::RPC_UNKNOWN_ERROR; + status = BifEnum::RPC_UNKNOWN_ERROR; Weird("bad_RPC"); } } @@ -264,7 +264,7 @@ void RPC_Interpreter::Timeout() while ( (c = calls.NextEntry(cookie)) ) { - RPC_Event(c, BroEnum::RPC_TIMEOUT, 0); + RPC_Event(c, BifEnum::RPC_TIMEOUT, 0); if ( c->IsValidCall() ) { const u_char* buf; @@ -276,7 +276,7 @@ void RPC_Interpreter::Timeout() else { Event(event, c->TakeRequestVal(), - BroEnum::RPC_TIMEOUT, reply); + BifEnum::RPC_TIMEOUT, reply); } } } diff --git a/src/SMB.h b/src/SMB.h index d41ef7f9e0..14c43a1f3d 100644 --- a/src/SMB.h +++ b/src/SMB.h @@ -206,7 +206,7 @@ public: DCE_RPC_Session::any_dce_rpc_event(); } - int RewritingTrace() { return rewriting_smb_trace; } + int RewritingTrace() { return BifConst::rewriting_smb_trace; } protected: SMB_Session* smb_session; diff --git a/src/SMTP.h b/src/SMTP.h index 6e3ad6cc29..7bede1d9d1 100644 --- a/src/SMTP.h +++ b/src/SMTP.h @@ -47,7 +47,7 @@ public: virtual void ConnectionFinished(int half_finished); virtual void Undelivered(int seq, int len, bool orig); virtual int RewritingTrace() - { return rewriting_smtp_trace || TCP_ApplicationAnalyzer::RewritingTrace(); } + { return BifConst::rewriting_smtp_trace || TCP_ApplicationAnalyzer::RewritingTrace(); } void SkipData() { skip_data = 1; } // skip delivery of data lines diff --git a/src/Scope.cc b/src/Scope.cc index 9b75f5f22b..64cf61080f 100644 --- a/src/Scope.cc +++ b/src/Scope.cc @@ -11,42 +11,6 @@ static scope_list scopes; static Scope* top_scope; -// Returns it without trailing "::". -string extract_module_name(const char* name) - { - string module_name = name; - string::size_type pos = module_name.rfind("::"); - - if ( pos == string::npos ) - return string(GLOBAL_MODULE_NAME); - - module_name.erase(pos); - - return module_name; - } - -string normalized_module_name(const char* module_name) - { - int mod_len; - if ( (mod_len = strlen(module_name)) >= 2 && - ! strcmp(module_name + mod_len - 2, "::") ) - mod_len -= 2; - - return string(module_name, mod_len); - } - -string make_full_var_name(const char* module_name, const char* var_name) - { - if ( ! module_name || streq(module_name, GLOBAL_MODULE_NAME) || - strstr(var_name, "::") ) - return string(var_name); - - string full_name = normalized_module_name(module_name); - full_name += "::"; - full_name += var_name; - - return full_name; - } Scope::Scope(ID* id) { diff --git a/src/Scope.h b/src/Scope.h index ffc695210a..660e24668e 100644 --- a/src/Scope.h +++ b/src/Scope.h @@ -1,5 +1,6 @@ // $Id: Scope.h 6219 2008-10-01 05:39:07Z vern $ // +// // See the file "COPYING" in the main distribution directory for copyright. #ifndef scope_h @@ -11,6 +12,7 @@ #include "Obj.h" #include "BroList.h" #include "TraverseTypes.h" +#include "module_util.h" class ID; class BroType; @@ -59,14 +61,6 @@ protected: id_list* inits; }; -static const char* GLOBAL_MODULE_NAME = "GLOBAL"; - -extern string extract_module_name(const char* name); -extern string normalized_module_name(const char* module_name); // w/o :: - -// Concatenates module_name::var_name unless var_name is already fully -// qualified, in which case it is returned unmodified. -extern string make_full_var_name(const char* module_name, const char* var_name); extern bool in_debug; diff --git a/src/Sessions.cc b/src/Sessions.cc index fd443d4dcc..b29192a471 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -201,7 +201,7 @@ void NetSessions::DispatchPacket(double t, const struct pcap_pkthdr* hdr, // // Should we discourage the use of encap_hdr_size for UDP // tunnneling? It is probably better handled by enabling - // parse_udp_tunnels instead of specifying a fixed + // BifConst::parse_udp_tunnels instead of specifying a fixed // encap_hdr_size. if ( udp_tunnel_port > 0 ) { @@ -228,7 +228,7 @@ void NetSessions::DispatchPacket(double t, const struct pcap_pkthdr* hdr, // Check IP packets encapsulated through UDP tunnels. // Specifying a udp_tunnel_port is optional but recommended (to avoid // the cost of checking every UDP packet). - else if ( parse_udp_tunnels && ip_data && ip_hdr->ip_p == IPPROTO_UDP ) + else if ( BifConst::parse_udp_tunnels && ip_data && ip_hdr->ip_p == IPPROTO_UDP ) { const struct udphdr* udp_hdr = reinterpret_cast(ip_data); @@ -663,9 +663,9 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr, // Override content record setting according to // flags set by the policy script. - if ( dump_original_packets_if_not_rewriting ) + if ( BifConst::dump_original_packets_if_not_rewriting ) record_packet = record_content = 1; - if ( dump_selected_source_packets ) + if ( BifConst::dump_selected_source_packets ) record_packet = record_content = 0; if ( f ) diff --git a/src/TCP.cc b/src/TCP.cc index ec84df9720..e470a07f55 100644 --- a/src/TCP.cc +++ b/src/TCP.cc @@ -56,7 +56,7 @@ TCP_Analyzer::TCP_Analyzer(Connection* conn) orig->SetPeer(resp); resp->SetPeer(orig); - if ( dump_selected_source_packets ) + if ( BifConst::dump_selected_source_packets ) { if ( source_pkt_dump ) src_pkt_writer = @@ -87,7 +87,7 @@ void TCP_Analyzer::Init() if ( transformed_pkt_dump && Conn()->RewritingTrace() ) SetTraceRewriter(new TCP_Rewriter(this, transformed_pkt_dump, transformed_pkt_dump_MTU, - requires_trace_commitment)); + BifConst::requires_trace_commitment)); } void TCP_Analyzer::Done() @@ -2090,7 +2090,7 @@ int TCPStats_Endpoint::DataSent(double /* t */, int seq, int len, int caplen, int seq_delta = top_seq - max_top_seq; if ( seq_delta <= 0 ) { - if ( ! ignore_keep_alive_rexmit || len > 1 || data_in_flight > 0 ) + if ( ! BifConst::ignore_keep_alive_rexmit || len > 1 || data_in_flight > 0 ) { ++num_rxmit; num_rxmit_bytes += len; diff --git a/src/TCP_Rewriter.cc b/src/TCP_Rewriter.cc index 3a8ca8b7b6..734d3abbde 100644 --- a/src/TCP_Rewriter.cc +++ b/src/TCP_Rewriter.cc @@ -288,7 +288,7 @@ int TCP_TracePacket::Finish(struct pcap_pkthdr*& hdr, // tp->th_urp = 0; // clear urgent pointer // Fix IP addresses before computing the TCP checksum - if ( anonymize_ip_addr ) + if ( BifConst::anonymize_ip_addr ) { ip->ip_src.s_addr = anon_src; ip->ip_dst.s_addr = anon_dst; @@ -726,7 +726,7 @@ void TCP_RewriterEndpoint::PushPacket() #endif if ( ! IsPlaceHolderPacket(next_packet) || - ! omit_rewrite_place_holder ) + ! BifConst::omit_rewrite_place_holder ) { if ( next_packet->PredictedAsEmptyPlaceHolder() ) { @@ -798,7 +798,7 @@ TCP_Rewriter::TCP_Rewriter(TCP_Analyzer* arg_analyzer, PacketDumper* arg_dumper, anon_addr[0] = anon_addr[1] = 0; - if ( anonymize_ip_addr ) + if ( BifConst::anonymize_ip_addr ) { anon_addr[0] = anonymize_ip(to_v4_addr(analyzer->Conn()->OrigAddr()), ORIG_ADDR); @@ -909,7 +909,7 @@ void TCP_Rewriter::NextPacket(int is_orig, double t, // Before setting current_packet to p, first clean up empty // place holders to save memory space. - if ( omit_rewrite_place_holder && holding_packets ) + if ( BifConst::omit_rewrite_place_holder && holding_packets ) CleanUpEmptyPlaceHolders(); current_packet = p; @@ -1562,7 +1562,7 @@ TCP_SourcePacketWriter* get_src_pkt_writer(TCP_Analyzer* analyzer) { if ( ! pkt_dumper ) return 0; // don't complain if no output file - else if ( ! dump_selected_source_packets ) + else if ( ! BifConst::dump_selected_source_packets ) builtin_run_time("flag dump_source_packets is not set"); else internal_error("source packet writer not initialized"); @@ -1571,5 +1571,5 @@ TCP_SourcePacketWriter* get_src_pkt_writer(TCP_Analyzer* analyzer) return writer; } - +#include "common-rw.bif.func_h" #include "common-rw.bif.func_def" diff --git a/src/UDP_Rewriter.cc b/src/UDP_Rewriter.cc index 967f2087f1..458d25992d 100644 --- a/src/UDP_Rewriter.cc +++ b/src/UDP_Rewriter.cc @@ -26,7 +26,7 @@ UDP_Rewriter::UDP_Rewriter(Analyzer* arg_analyzer, int arg_MTU, packets_rewritten = 0; current_packet = next_packet = 0; - if ( anonymize_ip_addr ) + if ( BifConst::anonymize_ip_addr ) { anon_addr[0] = anonymize_ip(to_v4_addr(analyzer->Conn()->OrigAddr()), ORIG_ADDR); @@ -73,7 +73,7 @@ int UDP_TracePacket::BuildPacket(struct pcap_pkthdr*& hdr, uint32 sum = 0; // Fix IP addresses before computing the UDP checksum - if ( anonymize_ip_addr ) + if ( BifConst::anonymize_ip_addr ) { ip->ip_src.s_addr = anon_src; ip->ip_dst.s_addr = anon_dst; diff --git a/src/bittorrent-analyzer.pac b/src/bittorrent-analyzer.pac index f159588f0b..7e8678b7de 100644 --- a/src/bittorrent-analyzer.pac +++ b/src/bittorrent-analyzer.pac @@ -64,7 +64,7 @@ flow BitTorrent_Flow(is_orig: bool) { handshake_ok = true; if ( ::bittorrent_peer_handshake ) { - bro_event_bittorrent_peer_handshake( + BifEvent::generate_bittorrent_peer_handshake( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), @@ -82,7 +82,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_keep_alive ) { - bro_event_bittorrent_peer_keep_alive( + BifEvent::generate_bittorrent_peer_keep_alive( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig()); @@ -95,7 +95,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_choke ) { - bro_event_bittorrent_peer_choke( + BifEvent::generate_bittorrent_peer_choke( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig()); @@ -108,7 +108,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_unchoke ) { - bro_event_bittorrent_peer_unchoke( + BifEvent::generate_bittorrent_peer_unchoke( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig()); @@ -121,7 +121,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_interested ) { - bro_event_bittorrent_peer_interested( + BifEvent::generate_bittorrent_peer_interested( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig()); @@ -134,7 +134,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_not_interested ) { - bro_event_bittorrent_peer_not_interested( + BifEvent::generate_bittorrent_peer_not_interested( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig()); @@ -147,7 +147,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_have ) { - bro_event_bittorrent_peer_have( + BifEvent::generate_bittorrent_peer_have( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), @@ -161,7 +161,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_bitfield ) { - bro_event_bittorrent_peer_bitfield( + BifEvent::generate_bittorrent_peer_bitfield( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), @@ -176,7 +176,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_request ) { - bro_event_bittorrent_peer_request( + BifEvent::generate_bittorrent_peer_request( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), @@ -191,7 +191,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_piece ) { - bro_event_bittorrent_peer_piece( + BifEvent::generate_bittorrent_peer_piece( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), @@ -206,7 +206,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_cancel ) { - bro_event_bittorrent_peer_cancel( + BifEvent::generate_bittorrent_peer_cancel( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), @@ -220,7 +220,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_port ) { - bro_event_bittorrent_peer_port( + BifEvent::generate_bittorrent_peer_port( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), @@ -234,7 +234,7 @@ flow BitTorrent_Flow(is_orig: bool) { %{ if ( ::bittorrent_peer_unknown ) { - bro_event_bittorrent_peer_unknown( + BifEvent::generate_bittorrent_peer_unknown( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), diff --git a/src/builtin-func.l b/src/builtin-func.l index 14b0eb52a6..a5e37441cf 100644 --- a/src/builtin-func.l +++ b/src/builtin-func.l @@ -28,7 +28,11 @@ int check_c_mode(int t) %} WS [ \t]+ -ID [A-Za-z_][A-Za-z_0-9]* + /* Note, bifcl only accepts a single :: in IDs while the policy + layer acceptes multiple. (But the policy layer doesn't have + a hierachy */ +IDCOMPONENT [A-Za-z_][A-Za-z_0-9]* +ID {IDCOMPONENT}(::{IDCOMPONENT})? ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) D [[:digit:]]+ HEX [0-9a-fA-F]+ @@ -69,6 +73,7 @@ HEX [0-9a-fA-F]+ "enum" return check_c_mode(TOK_ENUM); "type" return check_c_mode(TOK_TYPE); "record" return check_c_mode(TOK_RECORD); +"module" return check_c_mode(TOK_MODULE); "@ARG@" return TOK_ARG; "@ARGS@" return TOK_ARGS; diff --git a/src/builtin-func.y b/src/builtin-func.y index fafcdea76a..f9117f97fc 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -9,6 +9,10 @@ using namespace std; #include #include +#include "module_util.h" + +using namespace std; + extern int line_number; extern char* input_filename; @@ -23,39 +27,128 @@ extern FILE* fp_netvar_def; extern FILE* fp_netvar_init; int in_c_code = 0; +string current_module = GLOBAL_MODULE_NAME; int definition_type; -const char* bro_prefix; -const char* c_prefix; + enum { C_SEGMENT_DEF, FUNC_DEF, REWRITER_DEF, EVENT_DEF, + ENUM_DEF, + CONST_DEF, + RECORD_DEF, }; +// Holds the name of a declared object (function, enum, record type, event, +// etc. and information about namespaces, etc. +struct decl_struct { + string module_name; + string bare_name; // name without module or namespace + string c_namespace_start; // "opening" namespace for use in netvar_* + string c_namespace_end; // closing "}" for all the above namespaces + string c_fullname; // fully qualified name (namespace::....) for use in netvar_init + string bro_fullname; // fully qualified bro name, for netvar (and lookup_ID()) + string bro_name; // the name as we read it from input. What we write into the .bro file + + // special cases for events. Events have an EventHandlerPtr + // and a generate_* function. This name is for the generate_* function + string generate_bare_name; + string generate_c_fullname; + string generate_c_namespace_start; + string generate_c_namespace_end; +} decl; + void set_definition_type(int type) { definition_type = type; - switch ( type ) { - case FUNC_DEF: - bro_prefix = ""; - c_prefix = "bro_"; + } + +void set_decl_name(const char *name) + { + decl.module_name = extract_module_name(name); + decl.bare_name = extract_var_name(name); + + decl.c_namespace_start = ""; + decl.c_namespace_end = ""; + decl.c_fullname = ""; + decl.bro_fullname = ""; + decl.bro_name = ""; + + decl.generate_c_fullname = ""; + decl.generate_bare_name = string("generate_") + decl.bare_name; + decl.generate_c_namespace_start = ""; + decl.generate_c_namespace_end = ""; + + switch ( definition_type ) { + case ENUM_DEF: + decl.c_namespace_start = "namespace BifTypePtr { namespace Enum { "; + decl.c_namespace_end = " } }"; + decl.c_fullname = "BifTypePtr::Enum::"; + break; + case RECORD_DEF: + decl.c_namespace_start = "namespace BifTypePtr { namespace Record { "; + decl.c_namespace_end = " } }"; + decl.c_fullname = "BifTypePtr::Record::"; break; + case CONST_DEF: + decl.c_namespace_start = "namespace BifConst { "; + decl.c_namespace_end = " } "; + decl.c_fullname = "BifConst::"; + break; + case REWRITER_DEF: - bro_prefix = "rewrite_"; - c_prefix = "bro_rewrite_"; + // XXX: Legacy. No module names / namespaces supported + // If support for namespaces is desired: add a namespace + // to c_namespace_* and bro_fullname and get rid of + // the hack to bro_name. + decl.c_namespace_start = ""; + decl.c_namespace_end = ""; + decl.bare_name = "rewrite_" + decl.bare_name; + decl.bro_name = "rewrite_"; + break; + + case FUNC_DEF: + decl.c_namespace_start = "namespace BifFunc { "; + decl.c_namespace_end = " } "; + decl.c_fullname = "BifFunc::"; break; case EVENT_DEF: - bro_prefix = ""; - c_prefix = "bro_event_"; + decl.c_namespace_start = ""; + decl.c_namespace_end = ""; + decl.c_fullname = ""; + decl.generate_c_namespace_start = "namespace BifEvent { "; + decl.generate_c_namespace_end = " } "; + decl.generate_c_fullname = "BifEvent::"; break; - case C_SEGMENT_DEF: + default: break; } + + if (decl.module_name != GLOBAL_MODULE_NAME) + { + decl.c_namespace_start += "namespace " + decl.module_name + " { "; + decl.c_namespace_end += string(" }"); + decl.c_fullname += decl.module_name + "::"; + decl.bro_fullname += decl.module_name + "::"; + + decl.generate_c_namespace_start += "namespace " + decl.module_name + " { "; + decl.generate_c_namespace_end += " } "; + decl.generate_c_fullname += decl.module_name + "::"; + } + + decl.bro_fullname += decl.bare_name; + if (definition_type == FUNC_DEF) + decl.bare_name = string("bro_") + decl.bare_name; + + decl.c_fullname += decl.bare_name; + decl.bro_name += name; + decl.generate_c_fullname += decl.generate_bare_name; + } const char* arg_list_name = "BiF_ARGS"; @@ -63,7 +156,6 @@ const char* trace_rewriter_name = "trace_rewriter"; #include "bif_arg.h" -extern const char* decl_name; int var_arg; // whether the number of arguments is variable std::vector args; @@ -87,9 +179,15 @@ char* concat(const char* str1, const char* str2) } // Print the bro_event_* function prototype in C++, without the ending ';' -void print_event_c_prototype(FILE *fp) +void print_event_c_prototype(FILE *fp, bool is_header) { - fprintf(fp, "void %s%s(Analyzer* analyzer%s", c_prefix, decl_name, + if (is_header) + fprintf(fp, "%s void %s(Analyzer* analyzer%s", + decl.generate_c_namespace_start.c_str(), decl.generate_bare_name.c_str(), + args.size() ? ", " : "" ); + else + fprintf(fp, "void %s(Analyzer* analyzer%s", + decl.generate_c_fullname.c_str(), args.size() ? ", " : "" ); for ( int i = 0; i < (int) args.size(); ++i ) { @@ -98,6 +196,10 @@ void print_event_c_prototype(FILE *fp) args[i]->PrintCArg(fp, i); } fprintf(fp, ")"); + if (is_header) + fprintf(fp, "; %s\n", decl.generate_c_namespace_end.c_str()); + else + fprintf(fp, "\n"); } // Print the bro_event_* function body in C++. @@ -106,9 +208,9 @@ void print_event_c_body(FILE *fp) fprintf(fp, "\t{\n"); fprintf(fp, "\t// Note that it is intentional that here we do not\n"); fprintf(fp, "\t// check if %s is NULL, which should happen *before*\n", - decl_name); - fprintf(fp, "\t// bro_event_%s is called to avoid unnecessary Val\n", - decl_name); + decl.c_fullname.c_str()); + fprintf(fp, "\t// %s is called to avoid unnecessary Val\n", + decl.generate_c_fullname.c_str()); fprintf(fp, "\t// allocation.\n"); fprintf(fp, "\n"); @@ -138,7 +240,7 @@ void print_event_c_body(FILE *fp) fprintf(fp, "\n"); fprintf(fp, "\tmgr.QueueEvent(%s, vl, SOURCE_LOCAL, analyzer->GetID(), timer_mgr", - decl_name); + decl.c_fullname.c_str()); if ( connection_arg ) // Pass the connection to the EventMgr as the "cookie" @@ -146,13 +248,14 @@ void print_event_c_body(FILE *fp) fprintf(fp, ");\n"); fprintf(fp, "\t} // event generation\n"); + //fprintf(fp, "%s // end namespace\n", decl.generate_c_namespace_end.c_str()); } %} %token TOK_LPP TOK_RPP TOK_LPB TOK_RPB TOK_LPPB TOK_RPPB TOK_VAR_ARG %token TOK_BOOL %token TOK_FUNCTION TOK_REWRITER TOK_EVENT TOK_CONST TOK_ENUM -%token TOK_TYPE TOK_RECORD +%token TOK_TYPE TOK_RECORD TOK_MODULE %token TOK_WRITE TOK_PUSH TOK_EOF TOK_TRACE %token TOK_ARGS TOK_ARG TOK_ARGC %token TOK_ID TOK_ATTR TOK_CSTR TOK_LF TOK_WS TOK_COMMENT @@ -170,7 +273,15 @@ void print_event_c_body(FILE *fp) %% -definitions: definitions definition opt_ws +builtin_lang: definitions + { + fprintf(fp_bro_init, "} # end of export section\n"); + fprintf(fp_bro_init, "module %s;\n", GLOBAL_MODULE_NAME); + } + + + +definitions: definitions definition opt_ws { fprintf(fp_func_def, "%s", $3); } | opt_ws { @@ -189,6 +300,7 @@ definitions: definitions definition opt_ws fprintf(fp_netvar_h, "// %s\n\n", auto_gen_comment); fprintf(fp_netvar_init, "// %s\n\n", auto_gen_comment); + fprintf(fp_bro_init, "export {\n"); fprintf(fp_func_def, "%s", $1); } ; @@ -200,9 +312,16 @@ definition: event_def | enum_def | const_def | type_def + | module_def ; +module_def: TOK_MODULE opt_ws TOK_ID opt_ws ';' + { + current_module = $2; + fprintf(fp_bro_init, "module %s;\n", $2); + } + // XXX: Add the netvar glue so that the event engine knows about // the type. One still has to define the type in bro.init. // Would be nice, if we could just define the record type here @@ -213,26 +332,26 @@ definition: event_def // TODO: add other types (tables, sets) type_def: TOK_TYPE opt_ws TOK_ID opt_ws ':' opt_ws TOK_RECORD opt_ws ';' { - fprintf(fp_netvar_h, - "namespace BroTypePtr { namespace Record { extern RecordType* %s; } }\n", $3); - fprintf(fp_netvar_def, - "namespace BroTypePtr { namespace Record { RecordType* %s; } }\n", $3); + set_definition_type(RECORD_DEF); + set_decl_name($3); + + fprintf(fp_netvar_h, "%s extern RecordType * %s; %s\n", + decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); + fprintf(fp_netvar_def, "%s RecordType * %s; %s\n", + decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); fprintf(fp_netvar_init, - "\tBroTypePtr::Record::%s = internal_type(\"%s\")->AsRecordType();\n", - $3, $3); + "\t%s = internal_type(\"%s\")->AsRecordType();\n", + decl.c_fullname.c_str(), decl.bro_fullname.c_str()); } ; event_def: event_prefix opt_ws plain_head opt_attr end_of_head ';' { - print_event_c_prototype(fp_func_h); - fprintf(fp_func_h, ";\n"); - print_event_c_prototype(fp_func_def); - fprintf(fp_func_def, "\n"); + print_event_c_prototype(fp_func_h, true); + print_event_c_prototype(fp_func_def, false); print_event_c_body(fp_func_def); } - ; - + func_def: func_prefix opt_ws typed_head end_of_head body ; @@ -243,24 +362,34 @@ enum_def: enum_def_1 enum_list TOK_RPB { // First, put an end to the enum type decl. fprintf(fp_bro_init, "};\n"); - fprintf(fp_netvar_h, "}; }\n"); + if (decl.module_name != GLOBAL_MODULE_NAME) + fprintf(fp_netvar_h, "}; } }\n"); + else + fprintf(fp_netvar_h, "}; }\n"); // Now generate the netvar's. - fprintf(fp_netvar_h, - "namespace BroTypePtr { namespace Enum { extern EnumType* %s;\n } }", decl_name); - fprintf(fp_netvar_def, - "namespace BroTypePtr { namespace Enum { EnumType* %s; } }\n", decl_name); + fprintf(fp_netvar_h, "%s extern EnumType * %s; %s\n", + decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); + fprintf(fp_netvar_def, "%s EnumType * %s; %s\n", + decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); fprintf(fp_netvar_init, - "\tBroTypePtr::Enum::%s = internal_type(\"%s\")->AsEnumType();\n", - decl_name, decl_name); + "\t%s = internal_type(\"%s\")->AsEnumType();\n", + decl.c_fullname.c_str(), decl.bro_fullname.c_str()); } ; enum_def_1: TOK_ENUM opt_ws TOK_ID opt_ws TOK_LPB opt_ws { - decl_name = $3; - fprintf(fp_bro_init, "type %s: enum %s{%s", $3, $4, $6); - fprintf(fp_netvar_h, "namespace BroEnum { "); + set_definition_type(ENUM_DEF); + set_decl_name($3); + fprintf(fp_bro_init, "type %s: enum %s{%s", decl.bro_name.c_str(), $4, $6); + + // this is the namespace were the enumerators are defined, not where + // the type is defined. + // We don't support fully qualified names as enumerators. Use a module name + fprintf(fp_netvar_h, "namespace BifEnum { "); + if (decl.module_name != GLOBAL_MODULE_NAME) + fprintf(fp_netvar_h, "namespace %s { ", decl.module_name.c_str()); fprintf(fp_netvar_h, "enum %s {\n", $3); } ; @@ -281,18 +410,21 @@ enum_list: enum_list TOK_ID opt_ws ',' opt_ws const_def: const_def_1 const_init opt_attr ';' { fprintf(fp_bro_init, ";\n"); - fprintf(fp_netvar_h, "extern int %s;\n", decl_name); - fprintf(fp_netvar_def, "int %s;\n", decl_name); + fprintf(fp_netvar_h, "%s extern int %s; %s\n", + decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); + fprintf(fp_netvar_def, "%s int %s; %s\n", + decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); fprintf(fp_netvar_init, "\t%s = internal_val(\"%s\")->AsBool();\n", - decl_name, decl_name); + decl.c_fullname.c_str(), decl.bro_fullname.c_str()); } ; const_def_1: TOK_CONST opt_ws TOK_ID opt_ws { - decl_name = $3; + set_definition_type(CONST_DEF); + set_decl_name($3); fprintf(fp_bro_init, "const%s", $2); - fprintf(fp_bro_init, "%s: bool%s", $3, $4); + fprintf(fp_bro_init, "%s: bool%s", decl.bro_name.c_str(), $4); } ; @@ -364,7 +496,7 @@ plain_head: head_1 args arg_end opt_ws head_1: TOK_ID opt_ws arg_begin { const char* method_type = 0; - decl_name = $1; + set_decl_name($1); if ( definition_type == FUNC_DEF || definition_type == REWRITER_DEF ) { @@ -376,40 +508,37 @@ head_1: TOK_ID opt_ws arg_begin if ( method_type ) fprintf(fp_bro_init, - "global %s%s: %s%s(", - bro_prefix, decl_name, method_type, $2); + "global %s: %s%s(", + decl.bro_name.c_str(), method_type, $2); if ( definition_type == FUNC_DEF || definition_type == REWRITER_DEF ) { fprintf(fp_func_init, - "\textern Val* %s%s(Frame* frame, val_list*);\n", - c_prefix, decl_name); - - fprintf(fp_func_init, - "\t(void) new BuiltinFunc(%s%s, \"%s%s\", 0);\n", - c_prefix, decl_name, bro_prefix, decl_name); + "\t(void) new BuiltinFunc(%s, \"%s\", 0);\n", + decl.c_fullname.c_str(), decl.bro_fullname.c_str()); fprintf(fp_func_h, - "extern Val* %s%s(Frame* frame, val_list*);\n", - c_prefix, decl_name); + "%sextern Val* %s(Frame* frame, val_list*);\n %s", + decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); fprintf(fp_func_def, - "Val* %s%s(Frame* frame, val_list* %s)", - c_prefix, decl_name, arg_list_name); + "Val* %s(Frame* frame, val_list* %s)", + decl.c_fullname.c_str(), arg_list_name); } else if ( definition_type == EVENT_DEF ) { + // TODO: add namespace for events here fprintf(fp_netvar_h, - "extern EventHandlerPtr %s;\n", - decl_name); + "%sextern EventHandlerPtr %s; %s\n", + decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); fprintf(fp_netvar_def, - "EventHandlerPtr %s;\n", - decl_name); + "%sEventHandlerPtr %s; %s\n", + decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); fprintf(fp_netvar_init, "\t%s = internal_handler(\"%s\");\n", - decl_name, decl_name); + decl.c_fullname.c_str(), decl.bro_fullname.c_str()); // C++ prototypes of bro_event_* functions will // be generated later. @@ -455,7 +584,7 @@ return_type: ':' opt_ws TOK_ID opt_ws body: body_start c_body body_end { - fprintf(fp_func_def, " // end of %s\n", decl_name); + fprintf(fp_func_def, " // end of %s\n", decl.c_fullname.c_str()); print_line_directive(fp_func_def); } ; @@ -492,7 +621,7 @@ body_start: TOK_LPB c_code_begin fprintf(fp_func_def, "\t\t{\n"); fprintf(fp_func_def, "\t\trun_time(\"%s() takes exactly %d argument(s)\");\n", - decl_name, argc); + decl.bro_fullname.c_str(), argc); fprintf(fp_func_def, "\t\treturn 0;\n"); fprintf(fp_func_def, "\t\t}\n"); } @@ -502,7 +631,7 @@ body_start: TOK_LPB c_code_begin fprintf(fp_func_def, "\t\t{\n"); fprintf(fp_func_def, "\t\trun_time(\"%s() takes at least %d argument(s)\");\n", - decl_name, argc); + decl.bro_fullname.c_str(), argc); fprintf(fp_func_def, "\t\treturn 0;\n"); fprintf(fp_func_def, "\t\t}\n"); } @@ -586,7 +715,6 @@ opt_ws: opt_ws TOK_WS extern char* yytext; extern char* input_filename; extern int line_number; -const char* decl_name; void err_exit(void); void print_msg(const char msg[]) diff --git a/src/dce_rpc-analyzer.pac b/src/dce_rpc-analyzer.pac index 8f412401f7..353c9f3795 100644 --- a/src/dce_rpc-analyzer.pac +++ b/src/dce_rpc-analyzer.pac @@ -88,7 +88,7 @@ flow DCE_RPC_Flow(is_orig: bool) { bind_elems.p_cont_elem[i].abstract_syntax.if_uuid}; // Queue the event - bro_event_dce_rpc_bind( + BifEvent::generate_dce_rpc_bind( ${connection.bro_analyzer}, ${connection.bro_analyzer}->Conn(), bytestring_to_val(${if_uuid})); @@ -106,7 +106,7 @@ flow DCE_RPC_Flow(is_orig: bool) { %{ if ( dce_rpc_request ) { - bro_event_dce_rpc_request( + BifEvent::generate_dce_rpc_request( ${connection.bro_analyzer}, ${connection.bro_analyzer}->Conn(), ${req.opnum}, @@ -124,7 +124,7 @@ flow DCE_RPC_Flow(is_orig: bool) { %{ if ( dce_rpc_response ) { - bro_event_dce_rpc_response( + BifEvent::generate_dce_rpc_response( ${connection.bro_analyzer}, ${connection.bro_analyzer}->Conn(), ${connection}->get_cont_id_opnum_map(${resp.p_cont_id}), diff --git a/src/dhcp-analyzer.pac b/src/dhcp-analyzer.pac index 4bebc0ba4f..ef8b888330 100644 --- a/src/dhcp-analyzer.pac +++ b/src/dhcp-analyzer.pac @@ -91,31 +91,31 @@ flow DHCP_Flow(is_orig: bool) { switch ( type ) { case DHCPDISCOVER: - bro_event_dhcp_discover(connection()->bro_analyzer(), + BifEvent::generate_dhcp_discover(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dhcp_msg_val_->Ref(), req_addr); break; case DHCPREQUEST: - bro_event_dhcp_request(connection()->bro_analyzer(), + BifEvent::generate_dhcp_request(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dhcp_msg_val_->Ref(), req_addr, serv_addr); break; case DHCPDECLINE: - bro_event_dhcp_decline(connection()->bro_analyzer(), + BifEvent::generate_dhcp_decline(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dhcp_msg_val_->Ref()); break; case DHCPRELEASE: - bro_event_dhcp_release(connection()->bro_analyzer(), + BifEvent::generate_dhcp_release(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dhcp_msg_val_->Ref()); break; case DHCPINFORM: - bro_event_dhcp_inform(connection()->bro_analyzer(), + BifEvent::generate_dhcp_inform(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dhcp_msg_val_->Ref()); break; @@ -204,21 +204,21 @@ flow DHCP_Flow(is_orig: bool) { switch ( type ) { case DHCPOFFER: - bro_event_dhcp_offer(connection()->bro_analyzer(), + BifEvent::generate_dhcp_offer(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dhcp_msg_val_->Ref(), subnet_mask, router_list, lease, serv_addr); break; case DHCPACK: - bro_event_dhcp_ack(connection()->bro_analyzer(), + BifEvent::generate_dhcp_ack(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dhcp_msg_val_->Ref(), subnet_mask, router_list, lease, serv_addr); break; case DHCPNAK: - bro_event_dhcp_nak(connection()->bro_analyzer(), + BifEvent::generate_dhcp_nak(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dhcp_msg_val_->Ref()); break; diff --git a/src/dns-analyzer.pac b/src/dns-analyzer.pac index 2e9a6496c3..72bda3165f 100644 --- a/src/dns-analyzer.pac +++ b/src/dns-analyzer.pac @@ -124,7 +124,7 @@ flow DNS_Flow if ( msg->header()->qr() == 0 ) { - bro_event_dns_request( + BifEvent::generate_dns_request( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dns_msg_val_->Ref(), @@ -137,7 +137,7 @@ flow DNS_Flow msg->header()->nscount() == 0 && msg->header()->arcount() == 0 ) { - bro_event_dns_rejected( + BifEvent::generate_dns_rejected( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dns_msg_val_->Ref(), @@ -253,7 +253,7 @@ flow DNS_Flow // above fixes for BROv6, we can probably now introduce // their own events. (It's not clear A6 is needed - // do we actually encounter it in practice?) - bro_event_dns_A_reply(connection()->bro_analyzer(), + BifEvent::generate_dns_A_reply(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dns_msg_val_->Ref(), build_dns_answer(rr), addr); break; @@ -261,7 +261,7 @@ flow DNS_Flow case TYPE_NS: if ( dns_NS_reply ) { - bro_event_dns_NS_reply(connection()->bro_analyzer(), + BifEvent::generate_dns_NS_reply(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dns_msg_val_->Ref(), build_dns_answer(rr), @@ -272,7 +272,7 @@ flow DNS_Flow case TYPE_CNAME: if ( dns_CNAME_reply ) { - bro_event_dns_CNAME_reply( + BifEvent::generate_dns_CNAME_reply( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dns_msg_val_->Ref(), @@ -284,7 +284,7 @@ flow DNS_Flow case TYPE_SOA: if ( dns_SOA_reply ) { - bro_event_dns_SOA_reply( + BifEvent::generate_dns_SOA_reply( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dns_msg_val_->Ref(), @@ -296,7 +296,7 @@ flow DNS_Flow case TYPE_PTR: if ( dns_PTR_reply ) { - bro_event_dns_PTR_reply( + BifEvent::generate_dns_PTR_reply( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dns_msg_val_->Ref(), @@ -308,7 +308,7 @@ flow DNS_Flow case TYPE_MX: if ( dns_MX_reply ) { - bro_event_dns_MX_reply( + BifEvent::generate_dns_MX_reply( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dns_msg_val_->Ref(), @@ -321,7 +321,7 @@ flow DNS_Flow case TYPE_EDNS: if ( dns_EDNS_addl ) { - bro_event_dns_EDNS_addl( + BifEvent::generate_dns_EDNS_addl( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), dns_msg_val_->Ref(), diff --git a/src/http-analyzer.pac b/src/http-analyzer.pac index 38402a9d67..c1a4dd7b26 100644 --- a/src/http-analyzer.pac +++ b/src/http-analyzer.pac @@ -84,7 +84,7 @@ flow HTTP_Flow(is_orig: bool) { if ( ::http_request ) { bytestring unescaped_uri = unescape_uri(uri); - bro_event_http_request(connection()->bro_analyzer(), + BifEvent::generate_http_request(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(method), bytestring_to_val(uri), @@ -103,7 +103,7 @@ flow HTTP_Flow(is_orig: bool) { %{ if ( ::http_reply ) { - bro_event_http_reply(connection()->bro_analyzer(), + BifEvent::generate_http_reply(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${vers.vers_str}), code, bytestring_to_val(reason)); @@ -205,7 +205,7 @@ flow HTTP_Flow(is_orig: bool) { if ( ::http_header ) { - bro_event_http_header(connection()->bro_analyzer(), + BifEvent::generate_http_header(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), bytestring_to_val(name)->ToUpper(), @@ -236,7 +236,7 @@ flow HTTP_Flow(is_orig: bool) { %{ if ( ::http_all_headers ) { - bro_event_http_all_headers(connection()->bro_analyzer(), + BifEvent::generate_http_all_headers(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), build_http_headers_val()); @@ -263,7 +263,7 @@ flow HTTP_Flow(is_orig: bool) { msg_start_time_ = network_time(); if ( ::http_begin_entity ) { - bro_event_http_begin_entity(connection()->bro_analyzer(), + BifEvent::generate_http_begin_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig()); } %} @@ -295,13 +295,13 @@ flow HTTP_Flow(is_orig: bool) { if ( ::http_end_entity ) { - bro_event_http_end_entity(connection()->bro_analyzer(), + BifEvent::generate_http_end_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig()); } if ( ::http_message_done ) { - bro_event_http_message_done(connection()->bro_analyzer(), + BifEvent::generate_http_message_done(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig(), build_http_message_stat()); } diff --git a/src/portmap-analyzer.pac b/src/portmap-analyzer.pac index 3c7b00cd32..dc02ec1458 100644 --- a/src/portmap-analyzer.pac +++ b/src/portmap-analyzer.pac @@ -100,23 +100,23 @@ refine connection RPC_Conn += { switch ( call->proc() ) { case PMAPPROC_NULL: - bro_event_pm_request_null(bro_analyzer(), bro_analyzer()->Conn()); + BifEvent::generate_pm_request_null(bro_analyzer(), bro_analyzer()->Conn()); break; case PMAPPROC_SET: - bro_event_pm_request_set(bro_analyzer(), + BifEvent::generate_pm_request_set(bro_analyzer(), bro_analyzer()->Conn(), call->call_val(), results->set()); break; case PMAPPROC_UNSET: - bro_event_pm_request_unset(bro_analyzer(), + BifEvent::generate_pm_request_unset(bro_analyzer(), bro_analyzer()->Conn(), call->call_val(), results->unset()); break; case PMAPPROC_GETPORT: - bro_event_pm_request_getport(bro_analyzer(), + BifEvent::generate_pm_request_getport(bro_analyzer(), bro_analyzer()->Conn(), call->call_val(), PortmapBuildPortVal(results->getport(), @@ -124,13 +124,13 @@ refine connection RPC_Conn += { break; case PMAPPROC_DUMP: - bro_event_pm_request_dump(bro_analyzer(), + BifEvent::generate_pm_request_dump(bro_analyzer(), bro_analyzer()->Conn(), PortmapBuildDumpVal(results->dump())); break; case PMAPPROC_CALLIT: - bro_event_pm_request_callit(bro_analyzer(), + BifEvent::generate_pm_request_callit(bro_analyzer(), bro_analyzer()->Conn(), call->call_val(), new PortVal(results->callit()->port(), @@ -149,37 +149,37 @@ function PortmapCallFailed(connection: RPC_Conn, call: RPC_Call, status: EnumRPCStatus): bool %{ - // BroEnum::rpc_status st = static_cast(status); - Val *st = new EnumVal(status, BroTypePtr::Enum::rpc_status); + // BifEnum::rpc_status st = static_cast(status); + Val *st = new EnumVal(status, BifTypePtr::Enum::rpc_status); switch ( call->proc() ) { case PMAPPROC_NULL: - bro_event_pm_attempt_null(connection->bro_analyzer(), + BifEvent::generate_pm_attempt_null(connection->bro_analyzer(), connection->bro_analyzer()->Conn(), st); break; case PMAPPROC_SET: - bro_event_pm_attempt_set(connection->bro_analyzer(), + BifEvent::generate_pm_attempt_set(connection->bro_analyzer(), connection->bro_analyzer()->Conn(), st, call->call_val()); break; case PMAPPROC_UNSET: - bro_event_pm_attempt_unset(connection->bro_analyzer(), + BifEvent::generate_pm_attempt_unset(connection->bro_analyzer(), connection->bro_analyzer()->Conn(), st, call->call_val()); break; case PMAPPROC_GETPORT: - bro_event_pm_attempt_getport(connection->bro_analyzer(), + BifEvent::generate_pm_attempt_getport(connection->bro_analyzer(), connection->bro_analyzer()->Conn(), st, call->call_val()); break; case PMAPPROC_DUMP: - bro_event_pm_attempt_dump(connection->bro_analyzer(), + BifEvent::generate_pm_attempt_dump(connection->bro_analyzer(), connection->bro_analyzer()->Conn(), st); break; case PMAPPROC_CALLIT: - bro_event_pm_attempt_callit(connection->bro_analyzer(), + BifEvent::generate_pm_attempt_callit(connection->bro_analyzer(), connection->bro_analyzer()->Conn(), st, call->call_val()); break; diff --git a/src/rpc-analyzer.pac b/src/rpc-analyzer.pac index 6c455f7028..86ac81b857 100644 --- a/src/rpc-analyzer.pac +++ b/src/rpc-analyzer.pac @@ -157,7 +157,7 @@ flow RPC_Flow (is_orig: bool) { return false; } - bro_event_rpc_call(connection()->bro_analyzer(), + BifEvent::generate_rpc_call(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), call->prog(), call->vers(), diff --git a/src/ssl-analyzer.pac b/src/ssl-analyzer.pac index 78baecc5cc..9c899ff2b6 100644 --- a/src/ssl-analyzer.pac +++ b/src/ssl-analyzer.pac @@ -165,7 +165,7 @@ refine analyzer SSLAnalyzer += { %{ StringVal* err_str = new StringVal(X509_verify_cert_error_string(err_num)); - bro_event_ssl_X509_error(bro_analyzer_, bro_analyzer_->Conn(), + BifEvent::generate_ssl_X509_error(bro_analyzer_, bro_analyzer_->Conn(), err_num, err_str); %} @@ -189,7 +189,7 @@ refine analyzer SSLAnalyzer += { function proc_alert(level : int, description : int) : bool %{ - bro_event_ssl_conn_alert(bro_analyzer_, bro_analyzer_->Conn(), + BifEvent::generate_ssl_conn_alert(bro_analyzer_, bro_analyzer_->Conn(), current_record_version_, level, description); return true; @@ -217,7 +217,7 @@ refine analyzer SSLAnalyzer += { Unref(ciph); } - bro_event_ssl_conn_attempt(bro_analyzer_, bro_analyzer_->Conn(), + BifEvent::generate_ssl_conn_attempt(bro_analyzer_, bro_analyzer_->Conn(), version, cipher_table); if ( ssl_compare_cipherspecs ) @@ -252,7 +252,7 @@ refine analyzer SSLAnalyzer += { Unref(ciph); } - bro_event_ssl_conn_server_reply(bro_analyzer_, + BifEvent::generate_ssl_conn_server_reply(bro_analyzer_, bro_analyzer_->Conn(), version_, chosen_ciphers); @@ -263,10 +263,10 @@ refine analyzer SSLAnalyzer += { TableVal* tv = to_table_val(session_id); if ( client_session_id_ && *client_session_id_ == *session_id ) - bro_event_ssl_conn_reused(bro_analyzer_, + BifEvent::generate_ssl_conn_reused(bro_analyzer_, bro_analyzer_->Conn(), tv); else - bro_event_ssl_session_insertion(bro_analyzer_, + BifEvent::generate_ssl_session_insertion(bro_analyzer_, bro_analyzer_->Conn(), tv); delete ciphers; @@ -277,13 +277,13 @@ refine analyzer SSLAnalyzer += { if ( client_session_id_ ) { TableVal* tv = to_table_val(client_session_id_); - bro_event_ssl_conn_reused(bro_analyzer_, + BifEvent::generate_ssl_conn_reused(bro_analyzer_, bro_analyzer_->Conn(), tv); } // We don't know the chosen cipher, as there is // no session storage. - bro_event_ssl_conn_established(bro_analyzer_, + BifEvent::generate_ssl_conn_established(bro_analyzer_, bro_analyzer_->Conn(), version_, 0xffffffff); delete ciphers; @@ -316,7 +316,7 @@ refine analyzer SSLAnalyzer += { if ( certificates->size() == 0 ) return true; - bro_event_ssl_certificate_seen(bro_analyzer_, + BifEvent::generate_ssl_certificate_seen(bro_analyzer_, bro_analyzer_->Conn(), ! current_record_is_orig_); @@ -341,7 +341,7 @@ refine analyzer SSLAnalyzer += { pX509Cert->Assign(1, new StringVal(tmp)); pX509Cert->Assign(2, new AddrVal(bro_analyzer_->Conn()->OrigAddr())); - bro_event_ssl_certificate(bro_analyzer_, bro_analyzer_->Conn(), + BifEvent::generate_ssl_certificate(bro_analyzer_, bro_analyzer_->Conn(), pX509Cert, current_record_is_orig_); if ( X509_get_ext_count(pCert) > 0 ) @@ -361,7 +361,7 @@ refine analyzer SSLAnalyzer += { Unref(index); } - bro_event_process_X509_extensions(bro_analyzer_, + BifEvent::generate_process_X509_extensions(bro_analyzer_, bro_analyzer_->Conn(), x509ex); } @@ -442,7 +442,7 @@ refine analyzer SSLAnalyzer += { state_label(old_state_).c_str())); check_cipher(cipher); - bro_event_ssl_conn_established(bro_analyzer_, + BifEvent::generate_ssl_conn_established(bro_analyzer_, bro_analyzer_->Conn(), version_, cipher); return true; @@ -483,7 +483,7 @@ refine analyzer SSLAnalyzer += { if ( state_ == STATE_CONN_ESTABLISHED && old_state_ == STATE_COMM_ENCRYPTED ) { - bro_event_ssl_conn_established(bro_analyzer_, + BifEvent::generate_ssl_conn_established(bro_analyzer_, bro_analyzer_->Conn(), version_, cipher_); } From d95ac545793fa480acf3efada06749e7587d0f24 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 11 Feb 2011 11:48:38 -0800 Subject: [PATCH 38/54] Moving type declarations into its own bif file --- policy/bro.init | 1 + src/CMakeLists.txt | 1 + src/NetVar.cc | 2 ++ src/NetVar.h | 1 + src/const.bif | 51 --------------------------------------------- src/types.bif | 52 ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 57 insertions(+), 51 deletions(-) create mode 100644 src/types.bif diff --git a/policy/bro.init b/policy/bro.init index c9fd5213cc..3b3378c5ac 100644 --- a/policy/bro.init +++ b/policy/bro.init @@ -1,6 +1,7 @@ # $Id: bro.init 6887 2009-08-20 05:17:33Z vern $ @load const.bif.bro +@load types.bif.bro global bro_signal: event(signal: count); diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index b71dab5c25..f5c758a517 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -129,6 +129,7 @@ set(BIF_SRCS bro.bif event.bif const.bif + types.bif common-rw.bif finger-rw.bif ident-rw.bif diff --git a/src/NetVar.cc b/src/NetVar.cc index 0af742ef3e..7fb424a03e 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -261,6 +261,7 @@ RecordType* script_id; TableType* id_table; #include "const.bif.netvar_def" +#include "types.bif.netvar_def" #include "event.bif.netvar_def" void init_event_handlers() @@ -316,6 +317,7 @@ void init_general_global_var() void init_net_var() { #include "const.bif.netvar_init" +#include "types.bif.netvar_init" conn_id = internal_type("conn_id")->AsRecordType(); endpoint = internal_type("endpoint")->AsRecordType(); diff --git a/src/NetVar.h b/src/NetVar.h index 7461ec8be0..2de1962f4d 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -271,6 +271,7 @@ extern void init_event_handlers(); extern void init_net_var(); #include "const.bif.netvar_h" +#include "types.bif.netvar_h" #include "event.bif.netvar_h" #endif diff --git a/src/const.bif b/src/const.bif index 2c4f2d1f1c..f6aef299ea 100644 --- a/src/const.bif +++ b/src/const.bif @@ -44,54 +44,3 @@ const dump_selected_source_packets = F &redef; # (TODO: this variable should be disabled when using '-A' option) const dump_original_packets_if_not_rewriting = F &redef; -enum dce_rpc_ptype %{ - DCE_RPC_REQUEST, - DCE_RPC_PING, - DCE_RPC_RESPONSE, - DCE_RPC_FAULT, - DCE_RPC_WORKING, - DCE_RPC_NOCALL, - DCE_RPC_REJECT, - DCE_RPC_ACK, - DCE_RPC_CL_CANCEL, - DCE_RPC_FACK, - DCE_RPC_CANCEL_ACK, - DCE_RPC_BIND, - DCE_RPC_BIND_ACK, - DCE_RPC_BIND_NAK, - DCE_RPC_ALTER_CONTEXT, - DCE_RPC_ALTER_CONTEXT_RESP, - DCE_RPC_SHUTDOWN, - DCE_RPC_CO_CANCEL, - DCE_RPC_ORPHANED, -%} - -enum dce_rpc_if_id %{ - DCE_RPC_unknown_if, - DCE_RPC_epmapper, - DCE_RPC_lsarpc, - DCE_RPC_lsa_ds, - DCE_RPC_mgmt, - DCE_RPC_netlogon, - DCE_RPC_samr, - DCE_RPC_srvsvc, - DCE_RPC_spoolss, - DCE_RPC_drs, - DCE_RPC_winspipe, - DCE_RPC_wkssvc, - DCE_RPC_oxid, - DCE_RPC_ISCMActivator, -%} - -enum rpc_status %{ - RPC_SUCCESS, - RPC_PROG_UNAVAIL, - RPC_PROG_MISMATCH, - RPC_PROC_UNAVAIL, - RPC_GARBAGE_ARGS, - RPC_SYSTEM_ERR, - RPC_TIMEOUT, - RPC_VERS_MISMATCH, - RPC_AUTH_ERROR, - RPC_UNKNOWN_ERROR, -%} diff --git a/src/types.bif b/src/types.bif new file mode 100644 index 0000000000..7b60192155 --- /dev/null +++ b/src/types.bif @@ -0,0 +1,52 @@ + +enum dce_rpc_ptype %{ + DCE_RPC_REQUEST, + DCE_RPC_PING, + DCE_RPC_RESPONSE, + DCE_RPC_FAULT, + DCE_RPC_WORKING, + DCE_RPC_NOCALL, + DCE_RPC_REJECT, + DCE_RPC_ACK, + DCE_RPC_CL_CANCEL, + DCE_RPC_FACK, + DCE_RPC_CANCEL_ACK, + DCE_RPC_BIND, + DCE_RPC_BIND_ACK, + DCE_RPC_BIND_NAK, + DCE_RPC_ALTER_CONTEXT, + DCE_RPC_ALTER_CONTEXT_RESP, + DCE_RPC_SHUTDOWN, + DCE_RPC_CO_CANCEL, + DCE_RPC_ORPHANED, +%} + +enum dce_rpc_if_id %{ + DCE_RPC_unknown_if, + DCE_RPC_epmapper, + DCE_RPC_lsarpc, + DCE_RPC_lsa_ds, + DCE_RPC_mgmt, + DCE_RPC_netlogon, + DCE_RPC_samr, + DCE_RPC_srvsvc, + DCE_RPC_spoolss, + DCE_RPC_drs, + DCE_RPC_winspipe, + DCE_RPC_wkssvc, + DCE_RPC_oxid, + DCE_RPC_ISCMActivator, +%} + +enum rpc_status %{ + RPC_SUCCESS, + RPC_PROG_UNAVAIL, + RPC_PROG_MISMATCH, + RPC_PROC_UNAVAIL, + RPC_GARBAGE_ARGS, + RPC_SYSTEM_ERR, + RPC_TIMEOUT, + RPC_VERS_MISMATCH, + RPC_AUTH_ERROR, + RPC_UNKNOWN_ERROR, +%} From 663552a3cd7de2628efc1cb11aed28f2424d6bcd Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 11 Feb 2011 12:32:24 -0800 Subject: [PATCH 39/54] Enable declaration of set, vector, and table types in bifs. Extends the possibility of declaring record types, e.g., type NAME: set; One can only *declare* but not *define* the type in the bif. --- src/builtin-func.l | 3 +++ src/builtin-func.y | 61 +++++++++++++++++++++++++++------------------- 2 files changed, 39 insertions(+), 25 deletions(-) diff --git a/src/builtin-func.l b/src/builtin-func.l index a5e37441cf..782bbf5bb9 100644 --- a/src/builtin-func.l +++ b/src/builtin-func.l @@ -73,6 +73,9 @@ HEX [0-9a-fA-F]+ "enum" return check_c_mode(TOK_ENUM); "type" return check_c_mode(TOK_TYPE); "record" return check_c_mode(TOK_RECORD); +"set" return check_c_mode(TOK_SET); +"table" return check_c_mode(TOK_TABLE); +"vector" return check_c_mode(TOK_VECTOR); "module" return check_c_mode(TOK_MODULE); "@ARG@" return TOK_ARG; diff --git a/src/builtin-func.y b/src/builtin-func.y index f9117f97fc..2a40a661c2 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -29,6 +29,7 @@ extern FILE* fp_netvar_init; int in_c_code = 0; string current_module = GLOBAL_MODULE_NAME; int definition_type; +string type_name; enum { @@ -36,9 +37,8 @@ enum { FUNC_DEF, REWRITER_DEF, EVENT_DEF, - ENUM_DEF, + TYPE_DEF, CONST_DEF, - RECORD_DEF, }; // Holds the name of a declared object (function, enum, record type, event, @@ -60,9 +60,13 @@ struct decl_struct { string generate_c_namespace_end; } decl; -void set_definition_type(int type) +void set_definition_type(int type, const char *arg_type_name) { definition_type = type; + if (type == TYPE_DEF && arg_type_name) + type_name = string(arg_type_name); + else + type_name = ""; } void set_decl_name(const char *name) @@ -82,15 +86,10 @@ void set_decl_name(const char *name) decl.generate_c_namespace_end = ""; switch ( definition_type ) { - case ENUM_DEF: - decl.c_namespace_start = "namespace BifTypePtr { namespace Enum { "; + case TYPE_DEF: + decl.c_namespace_start = "namespace BifTypePtr { namespace " + type_name + "{ "; decl.c_namespace_end = " } }"; - decl.c_fullname = "BifTypePtr::Enum::"; - break; - case RECORD_DEF: - decl.c_namespace_start = "namespace BifTypePtr { namespace Record { "; - decl.c_namespace_end = " } }"; - decl.c_fullname = "BifTypePtr::Record::"; + decl.c_fullname = "BifTypePtr::" + type_name + "::"; break; case CONST_DEF: @@ -255,7 +254,7 @@ void print_event_c_body(FILE *fp) %token TOK_LPP TOK_RPP TOK_LPB TOK_RPB TOK_LPPB TOK_RPPB TOK_VAR_ARG %token TOK_BOOL %token TOK_FUNCTION TOK_REWRITER TOK_EVENT TOK_CONST TOK_ENUM -%token TOK_TYPE TOK_RECORD TOK_MODULE +%token TOK_TYPE TOK_RECORD TOK_SET TOK_VECTOR TOK_TABLE TOK_MODULE %token TOK_WRITE TOK_PUSH TOK_EOF TOK_TRACE %token TOK_ARGS TOK_ARG TOK_ARGC %token TOK_ID TOK_ATTR TOK_CSTR TOK_LF TOK_WS TOK_COMMENT @@ -330,21 +329,33 @@ module_def: TOK_MODULE opt_ws TOK_ID opt_ws ';' // extend the bif-language to be able to handle that all.... // Or we just support a simple form of record type definitions // TODO: add other types (tables, sets) -type_def: TOK_TYPE opt_ws TOK_ID opt_ws ':' opt_ws TOK_RECORD opt_ws ';' +type_def: TOK_TYPE opt_ws TOK_ID opt_ws ':' opt_ws type_def_types opt_ws ';' { - set_definition_type(RECORD_DEF); set_decl_name($3); - fprintf(fp_netvar_h, "%s extern RecordType * %s; %s\n", - decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); - fprintf(fp_netvar_def, "%s RecordType * %s; %s\n", - decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); + fprintf(fp_netvar_h, "%s extern %sType * %s; %s\n", + decl.c_namespace_start.c_str(), type_name.c_str(), + decl.bare_name.c_str(), decl.c_namespace_end.c_str()); + fprintf(fp_netvar_def, "%s %sType * %s; %s\n", + decl.c_namespace_start.c_str(), type_name.c_str(), + decl.bare_name.c_str(), decl.c_namespace_end.c_str()); fprintf(fp_netvar_init, - "\t%s = internal_type(\"%s\")->AsRecordType();\n", - decl.c_fullname.c_str(), decl.bro_fullname.c_str()); + "\t%s = internal_type(\"%s\")->As%sType();\n", + decl.c_fullname.c_str(), decl.bro_fullname.c_str(), + type_name.c_str()); } ; +type_def_types: TOK_RECORD + { set_definition_type(TYPE_DEF, "Record"); } + | TOK_SET + { set_definition_type(TYPE_DEF, "Set"); } + | TOK_VECTOR + { set_definition_type(TYPE_DEF, "Vector"); } + | TOK_TABLE + { set_definition_type(TYPE_DEF, "Table"); } + ; + event_def: event_prefix opt_ws plain_head opt_attr end_of_head ';' { print_event_c_prototype(fp_func_h, true); @@ -380,7 +391,7 @@ enum_def: enum_def_1 enum_list TOK_RPB enum_def_1: TOK_ENUM opt_ws TOK_ID opt_ws TOK_LPB opt_ws { - set_definition_type(ENUM_DEF); + set_definition_type(TYPE_DEF, "Enum"); set_decl_name($3); fprintf(fp_bro_init, "type %s: enum %s{%s", decl.bro_name.c_str(), $4, $6); @@ -421,7 +432,7 @@ const_def: const_def_1 const_init opt_attr ';' const_def_1: TOK_CONST opt_ws TOK_ID opt_ws { - set_definition_type(CONST_DEF); + set_definition_type(CONST_DEF, 0); set_decl_name($3); fprintf(fp_bro_init, "const%s", $2); fprintf(fp_bro_init, "%s: bool%s", decl.bro_name.c_str(), $4); @@ -447,15 +458,15 @@ opt_attr: /* nothing */ ; func_prefix: TOK_FUNCTION - { set_definition_type(FUNC_DEF); } + { set_definition_type(FUNC_DEF, 0); } ; rewriter_prefix: TOK_REWRITER - { set_definition_type(REWRITER_DEF); } + { set_definition_type(REWRITER_DEF, 0); } ; event_prefix: TOK_EVENT - { set_definition_type(EVENT_DEF); } + { set_definition_type(EVENT_DEF, 0); } ; end_of_head: /* nothing */ From b2243109701e8ce08a6b61f6acffd546e1c029bb Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 11 Feb 2011 15:04:36 -0800 Subject: [PATCH 40/54] Fix to bifcl wrt namespaces. --- src/builtin-func.y | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/builtin-func.y b/src/builtin-func.y index 2a40a661c2..9a4ba5cf5b 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -71,8 +71,12 @@ void set_definition_type(int type, const char *arg_type_name) void set_decl_name(const char *name) { - decl.module_name = extract_module_name(name); decl.bare_name = extract_var_name(name); + + // make_full_var_name prepends the correct module, if any + // then we can extract the module name again. + string varname = make_full_var_name(current_module.c_str(), name); + decl.module_name = extract_module_name(varname.c_str()); decl.c_namespace_start = ""; decl.c_namespace_end = ""; @@ -317,8 +321,8 @@ definition: event_def module_def: TOK_MODULE opt_ws TOK_ID opt_ws ';' { - current_module = $2; - fprintf(fp_bro_init, "module %s;\n", $2); + current_module = string($3); + fprintf(fp_bro_init, "module %s;\n", $3); } // XXX: Add the netvar glue so that the event engine knows about From fe0ae22eef1c19b9cd10539d569944c04e01c349 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 11 Feb 2011 22:02:02 -0800 Subject: [PATCH 41/54] Tweak for bifcl --- src/builtin-func.y | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/builtin-func.y b/src/builtin-func.y index 9a4ba5cf5b..5b6aa0cec4 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -122,7 +122,7 @@ void set_decl_name(const char *name) case EVENT_DEF: decl.c_namespace_start = ""; decl.c_namespace_end = ""; - decl.c_fullname = ""; + decl.c_fullname = "::"; // need this for namespace qualified events due do event_c_body decl.generate_c_namespace_start = "namespace BifEvent { "; decl.generate_c_namespace_end = " } "; decl.generate_c_fullname = "BifEvent::"; From 782f007b5caa9489b2474c5901b8b964e4f1c0cf Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Mon, 14 Feb 2011 10:10:40 -0800 Subject: [PATCH 42/54] Support any type in bif const declaration. Revamp of const delcaration in bifs: * Can only declare are const in the bif, but we cannot assign a value or attribute to it. One has to do this in a policy file (bro.init) * Type specification in bif is now mandatory * Support any type in bifs (previously only bools were supported). This will also help with automatic documentation generation, since all const are now defined in the policy layer and thus can be documented from there. The bif just gives the C++ layer easy access. --- policy/bro.init | 46 ++++++++++++++++++++++++++++++ src/builtin-func.l | 1 + src/builtin-func.y | 71 +++++++++++++++++++++++++++++++--------------- src/const.bif | 30 ++++++++++---------- 4 files changed, 110 insertions(+), 38 deletions(-) diff --git a/policy/bro.init b/policy/bro.init index 3b3378c5ac..fbc5282a9b 100644 --- a/policy/bro.init +++ b/policy/bro.init @@ -1390,3 +1390,49 @@ const trace_output_file = ""; # packets out before we actually process them, which can be helpful # for debugging in case the analysis triggers a crash. const record_all_packets = F &redef; + + +# Some connections (e.g., SSH) retransmit the acknowledged last +# byte to keep the connection alive. If ignore_keep_alive_rexmit +# is set to T, such retransmissions will be excluded in the rexmit +# counter in conn_stats. +const ignore_keep_alive_rexmit = F &redef; + +# Skip HTTP data portions for performance considerations (the skipped +# portion will not go through TCP reassembly). +const skip_http_data = F &redef; + +# Whether the analysis engine parses IP packets encapsulated in +# UDP tunnels. See also: udp_tunnel_port, policy/udp-tunnel.bro. +const parse_udp_tunnels = F &redef; + +# Whether a commitment is required before writing the transformed +# trace for a connection into the dump file. +const requires_trace_commitment = F &redef; + +# Whether IP address anonymization is enabled. +const anonymize_ip_addr = F &redef; + +# Whether to omit place holder packets when rewriting. +const omit_rewrite_place_holder = T &redef; + +# Whether trace of various protocols is being rewritten. +const rewriting_http_trace = F &redef; +const rewriting_smtp_trace = F &redef; +const rewriting_ftp_trace = F &redef; +const rewriting_ident_trace = F &redef; +const rewriting_finger_trace = F &redef; +const rewriting_dns_trace = F &redef; +const rewriting_smb_trace = F &redef; + +# Whether we dump selected original packets to the output trace. +const dump_selected_source_packets = F &redef; + +# If true, we dump original packets to the output trace *if and only if* +# the connection is not rewritten; if false, the policy script can decide +# whether to dump a particular connection by calling dump_packets_of_connection. +# +# NOTE: DO NOT SET THIS TO TRUE WHEN ANONYMIZING A TRACE! +# (TODO: this variable should be disabled when using '-A' option) +const dump_original_packets_if_not_rewriting = F &redef; + diff --git a/src/builtin-func.l b/src/builtin-func.l index 782bbf5bb9..972f4aad8f 100644 --- a/src/builtin-func.l +++ b/src/builtin-func.l @@ -37,6 +37,7 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) D [[:digit:]]+ HEX [0-9a-fA-F]+ + %option nodefault %% diff --git a/src/builtin-func.y b/src/builtin-func.y index 5b6aa0cec4..3fe67db1dd 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -159,6 +159,31 @@ const char* trace_rewriter_name = "trace_rewriter"; #include "bif_arg.h" +/* Map bif/bro type names to C types for use in const declaration */ +static struct { + const char* bif_type; + const char* bro_type; + const char* c_type; + const char* accessor; + const char* constructor; +} builtin_types[] = { +#define DEFINE_BIF_TYPE(id, bif_type, bro_type, c_type, accessor, constructor) \ + {bif_type, bro_type, c_type, accessor, constructor}, +#include "bif_type.def" +#undef DEFINE_BIF_TYPE +}; + +int get_type_index(const char *type_name) + { + for ( int i = 0; builtin_types[i].bif_type[0] != '\0'; ++i ) + { + if (strcmp(builtin_types[i].bif_type, type_name) == 0) + return i; + } + return TYPE_OTHER; + } + + int var_arg; // whether the number of arguments is variable std::vector args; @@ -422,33 +447,33 @@ enum_list: enum_list TOK_ID opt_ws ',' opt_ws | /* nothing */ ; -const_def: const_def_1 const_init opt_attr ';' - { - fprintf(fp_bro_init, ";\n"); - fprintf(fp_netvar_h, "%s extern int %s; %s\n", - decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); - fprintf(fp_netvar_def, "%s int %s; %s\n", - decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); - fprintf(fp_netvar_init, "\t%s = internal_val(\"%s\")->AsBool();\n", - decl.c_fullname.c_str(), decl.bro_fullname.c_str()); - } - ; -const_def_1: TOK_CONST opt_ws TOK_ID opt_ws +const_def: TOK_CONST opt_ws TOK_ID opt_ws ':' opt_ws TOK_ID opt_ws ';' { set_definition_type(CONST_DEF, 0); set_decl_name($3); - fprintf(fp_bro_init, "const%s", $2); - fprintf(fp_bro_init, "%s: bool%s", decl.bro_name.c_str(), $4); + int typeidx = get_type_index($7); + char accessor[1024]; + + snprintf(accessor, sizeof(accessor), builtin_types[typeidx].accessor, ""); + + + fprintf(fp_netvar_h, "%s extern %s %s; %s\n", + decl.c_namespace_start.c_str(), + builtin_types[typeidx].c_type, decl.bare_name.c_str(), + decl.c_namespace_end.c_str()); + fprintf(fp_netvar_def, "%s %s %s; %s\n", + decl.c_namespace_start.c_str(), + builtin_types[typeidx].c_type, decl.bare_name.c_str(), + decl.c_namespace_end.c_str()); + fprintf(fp_netvar_init, "\t%s = internal_val(\"%s\")%s;\n", + decl.c_fullname.c_str(), decl.bro_fullname.c_str(), + accessor); } - ; - -opt_const_init: /* nothing */ - | const_init - ; - + + /* Currently support only boolean and string values */ -const_init: '=' opt_ws TOK_BOOL opt_ws +opt_attr_init: '=' opt_ws TOK_BOOL opt_ws { fprintf(fp_bro_init, "=%s%c%s", $2, ($3) ? 'T' : 'F', $4); } @@ -458,7 +483,7 @@ const_init: '=' opt_ws TOK_BOOL opt_ws opt_attr: /* nothing */ | opt_attr TOK_ATTR { fprintf(fp_bro_init, "%s", $2); } - opt_ws opt_const_init + opt_ws opt_attr_init ; func_prefix: TOK_FUNCTION @@ -533,7 +558,7 @@ head_1: TOK_ID opt_ws arg_begin decl.c_fullname.c_str(), decl.bro_fullname.c_str()); fprintf(fp_func_h, - "%sextern Val* %s(Frame* frame, val_list*);\n %s", + "%sextern Val* %s(Frame* frame, val_list*);%s\n", decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); fprintf(fp_func_def, diff --git a/src/const.bif b/src/const.bif index f6aef299ea..6d757c1cd8 100644 --- a/src/const.bif +++ b/src/const.bif @@ -4,37 +4,37 @@ # byte to keep the connection alive. If ignore_keep_alive_rexmit # is set to T, such retransmissions will be excluded in the rexmit # counter in conn_stats. -const ignore_keep_alive_rexmit = F &redef; +const ignore_keep_alive_rexmit: bool; # Skip HTTP data portions for performance considerations (the skipped # portion will not go through TCP reassembly). -const skip_http_data = F &redef; +const skip_http_data: bool; # Whether the analysis engine parses IP packets encapsulated in # UDP tunnels. See also: udp_tunnel_port, policy/udp-tunnel.bro. -const parse_udp_tunnels = F &redef; +const parse_udp_tunnels: bool; # Whether a commitment is required before writing the transformed # trace for a connection into the dump file. -const requires_trace_commitment = F &redef; +const requires_trace_commitment: bool; # Whether IP address anonymization is enabled. -const anonymize_ip_addr = F &redef; +const anonymize_ip_addr: bool; # Whether to omit place holder packets when rewriting. -const omit_rewrite_place_holder = T &redef; +const omit_rewrite_place_holder : bool ; # Whether trace of various protocols is being rewritten. -const rewriting_http_trace = F &redef; -const rewriting_smtp_trace = F &redef; -const rewriting_ftp_trace = F &redef; -const rewriting_ident_trace = F &redef; -const rewriting_finger_trace = F &redef; -const rewriting_dns_trace = F &redef; -const rewriting_smb_trace = F &redef; +const rewriting_http_trace :bool; +const rewriting_smtp_trace: bool; +const rewriting_ftp_trace: bool; +const rewriting_ident_trace: bool; +const rewriting_finger_trace: bool; +const rewriting_dns_trace: bool; +const rewriting_smb_trace: bool; # Whether we dump selected original packets to the output trace. -const dump_selected_source_packets = F &redef; +const dump_selected_source_packets: bool; # If true, we dump original packets to the output trace *if and only if* # the connection is not rewritten; if false, the policy script can decide @@ -42,5 +42,5 @@ const dump_selected_source_packets = F &redef; # # NOTE: DO NOT SET THIS TO TRUE WHEN ANONYMIZING A TRACE! # (TODO: this variable should be disabled when using '-A' option) -const dump_original_packets_if_not_rewriting = F &redef; +const dump_original_packets_if_not_rewriting: bool; From f3aa7b2fac4741541f4865ab7283d8a98511f17e Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Mon, 14 Feb 2011 10:43:26 -0800 Subject: [PATCH 43/54] Bif const: make sure const is indeed a constant. --- src/Var.cc | 11 +++++++++++ src/Var.h | 1 + src/builtin-func.y | 2 +- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/Var.cc b/src/Var.cc index b107156b3a..b7f065044b 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -343,6 +343,17 @@ Val* internal_val(const char* name) return id->ID_Val(); } +Val* internal_const_val(const char* name) + { + ID* id = lookup_ID(name, GLOBAL_MODULE_NAME); + if ( ! id ) + internal_error("internal variable %s missing", name); + if ( ! id->IsConst()) + internal_error("internal variable %s is not constant", name); + + return id->ID_Val(); + } + Val* opt_internal_val(const char* name) { ID* id = lookup_ID(name, GLOBAL_MODULE_NAME); diff --git a/src/Var.h b/src/Var.h index 3be8ecc079..f1cbcda87b 100644 --- a/src/Var.h +++ b/src/Var.h @@ -27,6 +27,7 @@ extern void begin_func(ID* id, const char* module_name, function_flavor flavor, extern void end_func(Stmt* body, attr_list* attrs = 0); extern Val* internal_val(const char* name); +extern Val* internal_const_val(const char* name); // internal error if not const extern Val* opt_internal_val(const char* name); // returns nil if not defined extern double opt_internal_double(const char* name); extern bro_int_t opt_internal_int(const char* name); diff --git a/src/builtin-func.y b/src/builtin-func.y index 3fe67db1dd..cfd5459bb1 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -466,7 +466,7 @@ const_def: TOK_CONST opt_ws TOK_ID opt_ws ':' opt_ws TOK_ID opt_ws ';' decl.c_namespace_start.c_str(), builtin_types[typeidx].c_type, decl.bare_name.c_str(), decl.c_namespace_end.c_str()); - fprintf(fp_netvar_init, "\t%s = internal_val(\"%s\")%s;\n", + fprintf(fp_netvar_init, "\t%s = internal_const_val(\"%s\")%s;\n", decl.c_fullname.c_str(), decl.bro_fullname.c_str(), accessor); } From f79a1f6e584df4369d9059ddbbab25b942380650 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 16 Feb 2011 08:44:33 -0800 Subject: [PATCH 44/54] Updating submodule(s). --- aux/bro-aux | 2 +- aux/broccoli | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aux/bro-aux b/aux/bro-aux index afa0a0d8b3..7e50bac938 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit afa0a0d8b3fdfa5306507948f08ac9f07696eb21 +Subproject commit 7e50bac938af1831ecf9660159145a3c2e77e13d diff --git a/aux/broccoli b/aux/broccoli index 2b8a1c9c32..a1c6b6e59b 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 2b8a1c9c32dab2da9ebb54238c1b60e40bb8688f +Subproject commit a1c6b6e59b3087b6b79a37a847c669b61ae2c522 From e310119ffa0dd5a741fa1a5f636ab173b91177f0 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Tue, 22 Feb 2011 14:52:21 -0800 Subject: [PATCH 45/54] Refactor: BifTypePtr --> BifType As per our mail discussion renaming BifTypePtr namespace to BifType. --- src/DCE_RPC.cc | 4 ++-- src/Portmap.cc | 2 +- src/builtin-func.y | 4 ++-- src/portmap-analyzer.pac | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/DCE_RPC.cc b/src/DCE_RPC.cc index c8b715351c..c44b100aa5 100644 --- a/src/DCE_RPC.cc +++ b/src/DCE_RPC.cc @@ -234,7 +234,7 @@ void DCE_RPC_Session::DeliverPDU(int is_orig, int len, const u_char* data) val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); vl->append(new Val(is_orig, TYPE_BOOL)); - vl->append(new EnumVal(data[2], BifTypePtr::Enum::dce_rpc_ptype)); + vl->append(new EnumVal(data[2], BifType::Enum::dce_rpc_ptype)); vl->append(new StringVal(len, (const char*) data)); analyzer->ConnectionEvent(dce_rpc_message, vl); @@ -296,7 +296,7 @@ void DCE_RPC_Session::DeliverBind(const binpac::DCE_RPC_Simple::DCE_RPC_PDU* pdu val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); vl->append(new StringVal(if_uuid.to_string())); - // vl->append(new EnumVal(if_id, BifTypePtr::Enum::dce_rpc_if_id)); + // vl->append(new EnumVal(if_id, BifType::Enum::dce_rpc_if_id)); analyzer->ConnectionEvent(dce_rpc_bind, vl); } diff --git a/src/Portmap.cc b/src/Portmap.cc index 7e2c06c9a6..bcf52daf4e 100644 --- a/src/Portmap.cc +++ b/src/Portmap.cc @@ -288,7 +288,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, int status, Val* r } else { - vl->append(new EnumVal(status, BifTypePtr::Enum::rpc_status)); + vl->append(new EnumVal(status, BifType::Enum::rpc_status)); if ( request ) vl->append(request); } diff --git a/src/builtin-func.y b/src/builtin-func.y index cfd5459bb1..e5f5bf74fa 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -91,9 +91,9 @@ void set_decl_name(const char *name) switch ( definition_type ) { case TYPE_DEF: - decl.c_namespace_start = "namespace BifTypePtr { namespace " + type_name + "{ "; + decl.c_namespace_start = "namespace BifType { namespace " + type_name + "{ "; decl.c_namespace_end = " } }"; - decl.c_fullname = "BifTypePtr::" + type_name + "::"; + decl.c_fullname = "BifType::" + type_name + "::"; break; case CONST_DEF: diff --git a/src/portmap-analyzer.pac b/src/portmap-analyzer.pac index dc02ec1458..a7b64ada5d 100644 --- a/src/portmap-analyzer.pac +++ b/src/portmap-analyzer.pac @@ -150,7 +150,7 @@ function PortmapCallFailed(connection: RPC_Conn, status: EnumRPCStatus): bool %{ // BifEnum::rpc_status st = static_cast(status); - Val *st = new EnumVal(status, BifTypePtr::Enum::rpc_status); + Val *st = new EnumVal(status, BifType::Enum::rpc_status); switch ( call->proc() ) { case PMAPPROC_NULL: From 3527daea5b100955242e983c7e4f207302b2fa8d Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 25 Feb 2011 15:48:31 -0800 Subject: [PATCH 46/54] Updating submodule(s). --- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/aux/binpac b/aux/binpac index 26d02716f9..c3c7ef0dfd 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 26d02716f9090651f319a4bfdf8ede49b3a7b53a +Subproject commit c3c7ef0dfddb0746d3762e41086ba42928e68483 diff --git a/aux/bro-aux b/aux/bro-aux index 7e50bac938..98f92eeb40 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 7e50bac938af1831ecf9660159145a3c2e77e13d +Subproject commit 98f92eeb40281045159097764abddc428fb49bf2 diff --git a/aux/broccoli b/aux/broccoli index a1c6b6e59b..48d473398e 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit a1c6b6e59b3087b6b79a37a847c669b61ae2c522 +Subproject commit 48d473398e577893b6c7f77d605ccdf266a2f93b diff --git a/aux/broctl b/aux/broctl index fc940bbb72..0b8ecaec36 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit fc940bbb72abbaef2e5f10ea4ab616ec9b61fe0a +Subproject commit 0b8ecaec3652ed2ea2bd7580062eabe5a1e051d1 From 226eeb97295cf3eac18d3928b86108b9ab39c68c Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 25 Feb 2011 15:49:08 -0800 Subject: [PATCH 47/54] Updating submodule(s). --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 0b8ecaec36..532dcd5aa5 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 0b8ecaec3652ed2ea2bd7580062eabe5a1e051d1 +Subproject commit 532dcd5aa51c8b29b2d71cd37e1d7c21e33cc715 From 2a82e0bd9b8d2ee8d28e3e1f3f2ce48fad846d33 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 25 Feb 2011 17:01:11 -0800 Subject: [PATCH 48/54] Updating indenpdentn state tests to work with new setyp. Note that the broccoli test does currently not pass because of the 64-bit changes. --- testing/istate/base/persistence-read/vars.log | 4 +- .../istate/base/persistence-write/vars.log | 4 +- testing/istate/base/sync-rcv/remote.log | 2 +- testing/istate/base/sync-rcv/vars.log | 4 +- testing/istate/base/sync-send/vars.log | 4 +- testing/istate/istate.py | 96 +++++++-------- testing/istate/tests.py | 115 +++++++++--------- 7 files changed, 116 insertions(+), 113 deletions(-) diff --git a/testing/istate/base/persistence-read/vars.log b/testing/istate/base/persistence-read/vars.log index 9a7d2c771e..129c730768 100644 --- a/testing/istate/base/persistence-read/vars.log +++ b/testing/istate/base/persistence-read/vars.log @@ -20,9 +20,9 @@ file "test" of string 2 } { -[3, GHI] = 103, [2, DEF] = 102, -[1, ABC] = 101 +[1, ABC] = 101, +[3, GHI] = 103 } { [12345] = /^?(12345)$?/, diff --git a/testing/istate/base/persistence-write/vars.log b/testing/istate/base/persistence-write/vars.log index 9a7d2c771e..129c730768 100644 --- a/testing/istate/base/persistence-write/vars.log +++ b/testing/istate/base/persistence-write/vars.log @@ -20,9 +20,9 @@ file "test" of string 2 } { -[3, GHI] = 103, [2, DEF] = 102, -[1, ABC] = 101 +[1, ABC] = 101, +[3, GHI] = 103 } { [12345] = /^?(12345)$?/, diff --git a/testing/istate/base/sync-rcv/remote.log b/testing/istate/base/sync-rcv/remote.log index 4feea4ccc3..01c0aa34cc 100644 --- a/testing/istate/base/sync-rcv/remote.log +++ b/testing/istate/base/sync-rcv/remote.log @@ -1,4 +1,4 @@ -xxxxxxxxxx.xxxxxx [info] [parent] pipe's socket buffer size is 8192, setting to 1048576 +xxxxxxxxxx.xxxxxx [info] [parent] raised pipe's socket buffer size from 126K to 1024K xxxxxxxxxx.xxxxxx [info] [parent] communication started, parent xxxxxxxxxx.xxxxxx [info] [parent] [#1/127.0.0.1:47757] added peer xxxxxxxxxx.xxxxxx [info] [child] [#1/127.0.0.1:47757] connected diff --git a/testing/istate/base/sync-rcv/vars.log b/testing/istate/base/sync-rcv/vars.log index 428ac7929d..a86d2a82da 100644 --- a/testing/istate/base/sync-rcv/vars.log +++ b/testing/istate/base/sync-rcv/vars.log @@ -20,9 +20,9 @@ file "test2" of string 2 } { -[3, GHI] = 103, [4, JKL] = 104, -[2, DEF] = 103 +[2, DEF] = 103, +[3, GHI] = 103 } { [12345] = /^?(12345)$?/, diff --git a/testing/istate/base/sync-send/vars.log b/testing/istate/base/sync-send/vars.log index 428ac7929d..a86d2a82da 100644 --- a/testing/istate/base/sync-send/vars.log +++ b/testing/istate/base/sync-send/vars.log @@ -20,9 +20,9 @@ file "test2" of string 2 } { -[3, GHI] = 103, [4, JKL] = 104, -[2, DEF] = 103 +[2, DEF] = 103, +[3, GHI] = 103 } { [12345] = /^?(12345)$?/, diff --git a/testing/istate/istate.py b/testing/istate/istate.py index 8c7b28fe4a..72b3eb4288 100755 --- a/testing/istate/istate.py +++ b/testing/istate/istate.py @@ -1,5 +1,5 @@ #! /usr/bin/env python -# +# # Tests persistence. # # $Id: istate.py,v 1.1.2.4 2005/10/11 22:31:42 sommer Exp $ @@ -14,82 +14,82 @@ import subprocess import tests optparser = optparse.OptionParser( usage = "%prog [options]", version = "0.1" ) -optparser.add_option( "-s", "--show-diff", action = "store_true", dest = "showdiff", +optparser.add_option( "-s", "--show-diff", action = "store_true", dest = "showdiff", default = False, help = "show diffs of mismatches" ) -optparser.add_option( "-b", "--new-base", action = "store_true", dest = "newbase", +optparser.add_option( "-b", "--new-base", action = "store_true", dest = "newbase", default = False, help = "create new baseline" ) -optparser.add_option( "-d", "--debug", action = "store_true", dest = "debug", +optparser.add_option( "-d", "--debug", action = "store_true", dest = "debug", default = False, help = "enable debug output" ) -optparser.add_option( "-t", "--set", action = "store", type = "string", dest = "set", +optparser.add_option( "-t", "--set", action = "store", type = "string", dest = "set", default = None, help = "only do given test set" ) - + ( tests.Options, args ) = optparser.parse_args() if len(args) != 0: optparser.error( "Wrong number of arguments" ) -########################################## +########################################## # Write persistent data and read it back. ########################################## if tests.testSet("persistence"): - tests.spawnBro("persistence-write", - ["-r", os.path.join(tests.Traces, "empty.trace"), + tests.spawnBro("persistence-write", + ["-r", os.path.join(tests.Traces, "empty.trace"), os.path.join(tests.Scripts, "vars-init.bro"), os.path.join(tests.Scripts, "vars-print.bro")]) tests.waitProc("persistence-write") tests.finishTest("persistence-write", ["stdout.log", "stderr.log", "vars.log"]) - tests.spawnBro("persistence-read", + tests.spawnBro("persistence-read", [os.path.join(tests.Scripts, "vars-declare.bro"), - os.path.join(tests.Scripts, "vars-print.bro")], + os.path.join(tests.Scripts, "vars-print.bro")], copy=[os.path.join(tests.workDir("persistence-write"), ".state")]) tests.waitProc("persistence-read") tests.finishTest("persistence-read", ["stdout.log", "stderr.log", "vars.log"]) tests.compareFiles("persistence-write", "persistence-read", ["vars.log"]) -########################################## +########################################## # Exchange events (clear-text). # -# The used trace contains two connections separated by a silence of a -# couple of seconds. We start the processes so that the events for the +# The used trace contains two connections separated by a silence of a +# couple of seconds. We start the processes so that the events for the # *second* one (which is a full HTTP connection) are exchanged. -########################################## +########################################## if tests.testSet("events"): - tests.spawnBro("events-send", - ["-r", os.path.join(tests.Scripts, os.path.join(tests.Traces, "web.trace")), - "--pseudo-realtime", + tests.spawnBro("events-send", + ["-r", os.path.join(tests.Scripts, os.path.join(tests.Traces, "web.trace")), + "--pseudo-realtime", "-C", os.path.join(tests.Scripts, "events-send.bro")]) time.sleep(2) - tests.spawnBro("events-rcv", + tests.spawnBro("events-rcv", [os.path.join(tests.Scripts, "events-rcv.bro")]) tests.waitProc("events-send") tests.killProc("events-rcv") tests.finishTest("events-send", ["stdout.log", "stderr.log", "http.log", "conn.log"], ignoreTime=True) tests.finishTest("events-rcv", ["stdout.log", "stderr.log", "http.log", "conn.log"], ignoreTime=True) - tests.spawnBro("events-display", + tests.spawnBro("events-display", ["-x", os.path.join(tests.workDir("events-rcv"), "events.bst")]) tests.waitProc("events-display") tests.finishTest("events-display", ["stdout.log"], ignoreTime=True, sort=True, delete=['127.0.0.1:[0-9]*',"Event.*remote_.*"]) tests.compareFiles("events-send", "events-rcv", ["http.log"], ignoreTime=True, ignoreSessionID=True) -########################################## +########################################## # Exchange synchronized state -########################################## +########################################## if tests.testSet("sync"): - tests.spawnBro("sync-send", + tests.spawnBro("sync-send", [os.path.join(tests.Scripts, "vars-sync-send.bro")]) - tests.spawnBro("sync-rcv", + tests.spawnBro("sync-rcv", [os.path.join(tests.Scripts, "vars-sync-rcv.bro")]) tests.waitProc("sync-send") time.sleep(1) @@ -99,10 +99,10 @@ if tests.testSet("sync"): tests.compareFiles("sync-send", "sync-rcv", ["vars.log"], ignoreTime=True) -# Old version -# tests.spawnBro("sync-send", -# ["-r", os.path.join(tests.Scripts, os.path.join(tests.Traces, "web.trace")), -# "--pseudo-realtime", +# Old version +# tests.spawnBro("sync-send", +# ["-r", os.path.join(tests.Scripts, os.path.join(tests.Traces, "web.trace")), +# "--pseudo-realtime", # "-C", # os.path.join(tests.Scripts, "vars-sync-send.bro")]) @@ -113,22 +113,22 @@ if tests.testSet("sync"): if tests.testSet("broccoli"): - broctest = os.path.join(tests.Bro, "aux/broccoli/test") - broclib = os.path.join(tests.Bro, "aux/broccoli/src/.libs") - broping = os.path.join(broctest, "broping") + broctest = os.path.join(tests.BroBase, "aux/broccoli/test") + broclib = os.path.join(tests.BroBase, "build/aux/broccoli/src/") + broping = os.path.join(tests.BroBase, "build/aux/broccoli/test/broping") - brocpy = os.path.join(tests.Bro, "aux/broccoli/bindings/python") + brocpy = os.path.join(tests.BroBase, "build/aux/broccoli/bindings/broccoli-python") broccoli = True - + # Test if Broccoli was compiled. if not os.path.exists(broping): print " Broccoli was not compiled, skipping tests." broccoli = False - - # Test if this is a IPv6 Bro. + + # Test if this is a IPv6 Bro. if broccoli: - v6 = subprocess.call(["grep", "-q", "#define BROv6", os.path.join(tests.Bro, "config.h")]) + v6 = subprocess.call(["grep", "-q", "#define BROv6", os.path.join(tests.BroBase, "build/config.h")]) if v6 == 0: print " Bro built with IPv6 support not compatible with Broccoli, skipping tests." broccoli = False @@ -136,21 +136,21 @@ if tests.testSet("broccoli"): if broccoli: tests.spawnBro("bro-ping", [os.path.join(broctest, "broping-record.bro")]) time.sleep(1) - tests.spawnProc("broccoli-ping", - [broping, - "-r", - "-c", "5", + tests.spawnProc("broccoli-ping", + [broping, + "-r", + "-c", "5", "127.0.0.1"]) tests.waitProc("broccoli-ping") tests.killProc("bro-ping") - - tests.finishTest("bro-ping", ["stdout.log", "stderr.log", "remote.log"], - ignoreTime=True, delete=["127.0.0.1:[0-9]*", "pid.*pid.*", - ".*Resource temporarily unavailable.*", ".*connection closed.*", + + tests.finishTest("bro-ping", ["stdout.log", "stderr.log", "remote.log"], + ignoreTime=True, delete=["127.0.0.1:[0-9]*", "pid.*pid.*", + ".*Resource temporarily unavailable.*", ".*connection closed.*", ".*peer disconnected.*"]) tests.finishTest("broccoli-ping", ["stdout.log", "stderr.log"], delete=["time=.* s$"]) - + # Test if Python binding are installed. sopath = subprocess.Popen(["find", brocpy, "-name", "_broccoli_intern.so"], stdout=subprocess.PIPE).communicate()[0] if sopath != "": @@ -158,7 +158,7 @@ if tests.testSet("broccoli"): os.environ["LD_LIBRARY_PATH"] = broclib os.environ["DYLD_LIBRARY_PATH"] = broclib os.environ["PYTHONPATH"] = os.path.dirname(sopath) - + tests.spawnBro("python-bro", [os.path.join(brocpy, "tests/test.bro")]) time.sleep(1) tests.spawnProc("python-script", [os.path.join(brocpy, "tests/test.py")]) @@ -169,6 +169,6 @@ if tests.testSet("broccoli"): else: print " Python bindings not built, skipping test." print " (To build: cd %s && python setup.py build)" % brocpy - - + + diff --git a/testing/istate/tests.py b/testing/istate/tests.py index a8bbb5172a..0673108563 100644 --- a/testing/istate/tests.py +++ b/testing/istate/tests.py @@ -13,11 +13,11 @@ import subprocess Testing = os.path.abspath(".") # Path to top-level Bro directory. -if os.path.exists("../../src/bro"): - Bro = os.path.abspath("../..") +if os.path.exists("../../build/src/bro"): + BroBase = os.path.abspath("../..") else: - Bro = os.path.abspath("../../bro") - + error("cannot find build directory") + # Path where tmp files are created. Tmp = os.path.join(Testing, "tmp") @@ -32,7 +32,7 @@ Traces = os.path.join(Testing, "traces") # Where the base files to compare against are stored. Base = os.path.join(os.getcwd(), "./base") - + # Process ID of all processes we've spawned, indexed by textual tag *and* pid. Running = {} @@ -46,40 +46,40 @@ def error(str): print >>sys.stderr, "Error:", str sys.exit(1) -def debug(str): +def debug(str): if Options.debug: print >>sys.stderr, "Debug:", str -def log(str): +def log(str): print >>sys.stderr, str # Returns full path of given process' working directory. -def workDir(tag): +def workDir(tag): return os.path.join(Tmp, tag) # Intializes work dir for given process. def initWorkDir(tag): - + try: os.mkdir(Tmp) except OSError, e: if e.errno != errno.EEXIST: raise - + os.system("rm -rf " + workDir(tag)) os.mkdir(workDir(tag)) # Spawns process identified by the given tag. Enters process into RunningBro. -def spawnProc(tag, cmdline, copy=[]): +def spawnProc(tag, cmdline, copy=[]): initWorkDir(tag) os.chdir(workDir(tag)) for i in copy: debug("Copying %s into workdir of %s" % (i, tag)) os.system("cp -r %s %s" % (i, workDir(tag))) - + debug("Spawning '%s' as %s" % (" ".join(cmdline), tag)) - + saved_stdin = os.dup(0) saved_stdout = os.dup(1) saved_stderr = os.dup(2) @@ -93,31 +93,34 @@ def spawnProc(tag, cmdline, copy=[]): os.dup2(saved_stdin, 0) os.dup2(saved_stdout, 1) os.dup2(saved_stderr, 2) - + Running[tag] = pid Running[pid] = tag -# Spaws a Bro process. +# Spaws a Bro process. def spawnBro(tag, args, copy=[]): - os.putenv("BROPATH", os.path.join(Bro, "policy") + ":" + Scripts) + bropath = os.path.join(BroBase, "policy") + bropath += ":" + os.path.join(BroBase, "build/src") + + os.putenv("BROPATH", bropath + ":" + Scripts) os.unsetenv("BRO_LOG_SUFFIX") args += ["--load-seeds", BroSeed, "-B", "state,comm"] - spawnProc(tag, [os.path.join(Bro, "src/bro")] + args, copy=copy) - -# Examines a process' exit code. -def parseExitCode(tag, result): + spawnProc(tag, [os.path.join(BroBase, "build/src/bro")] + args, copy=copy) + +# Examines a process' exit code. +def parseExitCode(tag, result): if os.WCOREDUMP(result): error("process %s core dumped." % tag) if os.WIFSIGNALED(result): error("process %s got signal %d." % (tag, os.WTERMSIG(result))) - + if not os.WIFEXITED(result): error("process %s exited abnormally (%d)." % (tag, result)) result = os.WEXITSTATUS(result) - debug("process %s exited with %d" % (tag, result)) - + debug("process %s exited with %d" % (tag, result)) + return result # Waits for process to finish. @@ -126,7 +129,7 @@ def waitProc(tag): result = parseExitCode(tag, result) if result != 0: error("Execution of %s failed." % tag) - + del Running[pid] del Running[tag] @@ -147,43 +150,43 @@ def killProc(tag): parseExitCode(tag, result) del Running[pid] del Running[tag] - + # Cleans up temporary stuff def cleanup(): os.system("rm -rf " + Tmp) # Canonicalizes file content for diffing. def canonicalizeFile(file, ignoreTime, ignoreSessionID, sort, delete): - + cmd = [] - + if delete: for i in delete: cmd += ["sed 's/%s//g' | grep -v '^$'" % i] - + if ignoreTime: cmd += ["sed 's/[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\.[0-9][0-9]\{0,6\}/xxxxxxxxxx.xxxxxx/g'"] if ignoreSessionID: # A session is either "%1" or "%my-peer-description-1" cmd += ["sed 's/%\([^ ]*-\)\{0,1\}[0-9][0-9]*/%XXX/g'"] - + if sort: cmd += ["LC_ALL=c sort"] - + if not cmd: return - + tmp = file + ".tmp" - cmd = "cat %s | %s >%s" % (file, " | ".join(cmd), tmp) + cmd = "cat %s | %s >%s" % (file, " | ".join(cmd), tmp) debug("Canonicalizing '%s'" % cmd) os.system(cmd) os.system("mv %s %s" % (tmp, file)) -# Diffs the two files, If mismatch, prints "FAILED" and returns true. +# Diffs the two files, If mismatch, prints "FAILED" and returns true. def diff(file1, file2): - + quiet = ">/dev/null" if Options.showdiff: quiet = "" @@ -192,37 +195,37 @@ def diff(file1, file2): if not os.path.exists(f): print "FAILED (%s does not exist)" % f return False - + diff = "diff -u %s %s %s" % (file1, file2, quiet) - + debug("Executing '%s'" % diff) result = os.system(diff) - + if os.WEXITSTATUS(result) != 0: print "FAILED" return False - + return True - + # Compares files of process against base version. Returns false if mismatch found. def checkFiles(tag, files, ignoreTime, sort, delete): base = os.path.join(Base, tag) work = workDir(tag) - + print " Checking %s..." % tag, - + failed = False - + for file in files: oldfile = os.path.join(base, file) newfile = os.path.join(work, file) canonicalizeFile(newfile, ignoreTime, False, sort, delete) - + if not diff(oldfile, newfile): failed = True break - + if not failed: print "ok" else: @@ -234,25 +237,25 @@ def compareFiles(tag1, tag2, files, ignoreTime=False, ignoreSessionID=False, sor work2 = workDir(tag2) print " Comparing %s with %s..." % (tag1, tag2), - + failed = False - + for file in files: file1 = os.path.join(work1, file) file2 = os.path.join(work2, file) canonicalizeFile(file1, ignoreTime, ignoreSessionID, sort, delete) canonicalizeFile(file2, ignoreTime, ignoreSessionID, sort, delete) - + if not diff(file1, file2): failed = True break - + if not failed: print "ok" else: Failed = failed - + # Make the result of process new baseline. def makeNewBase(tag, files, ignoreTime, sort, delete): @@ -261,21 +264,21 @@ def makeNewBase(tag, files, ignoreTime, sort, delete): except OSError, e: if e.errno != errno.EEXIST: raise - + base = os.path.join(Base, tag) work = workDir(tag) print " Copying files for %s..." % tag - + try: os.mkdir(base) except OSError, e: if e.errno != errno.EEXIST: raise - + # Delete all files but those belonging to CVS. os.system("find %s -type f -not -path '*/CVS/*' -not -path '*/.svn/*' -exec rm '{}' ';'" % base) - + for file in files: oldfile = os.path.join(work, file) newfile = os.path.join(base, file) @@ -285,13 +288,13 @@ def makeNewBase(tag, files, ignoreTime, sort, delete): def testSet(set): if Options.set and set != Options.set: return False - + print "Running set '%s' ..." % set return True - + # Either check given files or make it new baseline, depending on options. def finishTest(tag, files, ignoreTime=False, sort=False, delete=None): if Options.newbase: makeNewBase(tag, files, ignoreTime, sort, delete) else: - checkFiles(tag, files, ignoreTime, sort, delete) + checkFiles(tag, files, ignoreTime, sort, delete) From ff740f153ccec5242bb8fc7e7b8acd4493dd161b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 25 Feb 2011 17:02:12 -0800 Subject: [PATCH 49/54] Fixing file detector leak in remote communication module. This addresses #400. --- CHANGES | 8 ++++++++ VERSION | 2 +- src/RemoteSerializer.cc | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index cf1a73f9c3..bfa5ab77f7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,11 @@ +1.6-dev.53 Fri Feb 25 17:03:05 PST 2011 + +- Fixing file detector leak in remote communication module. (Scott + Campbell) + +- Updating independent-state tests to work with new setup. (Robin + Sommer) + 1.6-dev.49 Fri Feb 25 15:37:28 PST 2011 - Enum IDs can have explicitly defined values. (Gregor Maier) diff --git a/VERSION b/VERSION index d03fa32fe3..6cbd1b507c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.6-dev.49 +1.6-dev.53 diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 15b1872680..ebf7157a3a 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -3582,6 +3582,7 @@ bool SocketComm::Listen(uint32 ip, uint16 port, bool expect_ssl) if ( bind(*listen_fd, (sockaddr*) &server, sizeof(server)) < 0 ) { Error(fmt("can't bind to port %d, %s", port, strerror(errno))); + close(*listen_fd); *listen_fd = -1; if ( errno == EADDRINUSE ) From 8b42bfed7c77ca21d38421cebbe53019c2db88c2 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 25 Feb 2011 20:43:53 -0800 Subject: [PATCH 50/54] Updating submodule to current master --- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/aux/binpac b/aux/binpac index 26d02716f9..c3c7ef0dfd 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 26d02716f9090651f319a4bfdf8ede49b3a7b53a +Subproject commit c3c7ef0dfddb0746d3762e41086ba42928e68483 diff --git a/aux/bro-aux b/aux/bro-aux index afa0a0d8b3..98f92eeb40 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit afa0a0d8b3fdfa5306507948f08ac9f07696eb21 +Subproject commit 98f92eeb40281045159097764abddc428fb49bf2 diff --git a/aux/broccoli b/aux/broccoli index 2b8a1c9c32..48d473398e 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 2b8a1c9c32dab2da9ebb54238c1b60e40bb8688f +Subproject commit 48d473398e577893b6c7f77d605ccdf266a2f93b diff --git a/aux/broctl b/aux/broctl index fc940bbb72..532dcd5aa5 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit fc940bbb72abbaef2e5f10ea4ab616ec9b61fe0a +Subproject commit 532dcd5aa51c8b29b2d71cd37e1d7c21e33cc715 From 7d822e232d66fd0b573ee54434e8b450e1fe60ea Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 25 Feb 2011 21:09:55 -0800 Subject: [PATCH 51/54] Remvoing leftover local variables that caused compile error on Mac OS X. --- src/Type.cc | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Type.cc b/src/Type.cc index 6b8dc9a78c..ce3bbc52af 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1113,7 +1113,6 @@ void EnumType::AddName(const string& module_name, const char* name, bool is_expo void EnumType::AddName(const string& module_name, const char* name, bro_int_t val, bool is_export) { /* explicit value specified */ - error_t rv; if ( counter > 0 ) { error("cannot mix explicit enumerator assignment and implicit auto-increment"); From c54c1e0dce1435dc9499d762f0f1b06f679bca52 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 25 Feb 2011 21:11:06 -0800 Subject: [PATCH 52/54] Revert "Updating submodule to current master" This reverts commit 8b42bfed7c77ca21d38421cebbe53019c2db88c2. Master seems to have outdated submodules. Reverting to previous ones on fastpath. --- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/aux/binpac b/aux/binpac index c3c7ef0dfd..26d02716f9 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit c3c7ef0dfddb0746d3762e41086ba42928e68483 +Subproject commit 26d02716f9090651f319a4bfdf8ede49b3a7b53a diff --git a/aux/bro-aux b/aux/bro-aux index 98f92eeb40..afa0a0d8b3 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 98f92eeb40281045159097764abddc428fb49bf2 +Subproject commit afa0a0d8b3fdfa5306507948f08ac9f07696eb21 diff --git a/aux/broccoli b/aux/broccoli index 48d473398e..2b8a1c9c32 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 48d473398e577893b6c7f77d605ccdf266a2f93b +Subproject commit 2b8a1c9c32dab2da9ebb54238c1b60e40bb8688f diff --git a/aux/broctl b/aux/broctl index 532dcd5aa5..fc940bbb72 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 532dcd5aa51c8b29b2d71cd37e1d7c21e33cc715 +Subproject commit fc940bbb72abbaef2e5f10ea4ab616ec9b61fe0a From fc6fcded07f155fc7935d2aab04fcc1dd0c5ea51 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Fri, 25 Feb 2011 21:15:22 -0800 Subject: [PATCH 53/54] Fixing compiler warnings --- src/RemoteSerializer.cc | 2 +- src/Sessions.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index ebf7157a3a..b1e751d510 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -2724,7 +2724,7 @@ void RemoteSerializer::InternalCommError(const char* msg) #ifdef DEBUG_COMMUNICATION DumpDebugData(); #else - internal_error(msg); + internal_error("%s", msg); #endif } diff --git a/src/Sessions.cc b/src/Sessions.cc index b29192a471..1cbbbb272e 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -1354,7 +1354,7 @@ void NetSessions::Internal(const char* msg, const struct pcap_pkthdr* hdr, const u_char* pkt) { DumpPacket(hdr, pkt); - internal_error(msg); + internal_error("%s", msg); } void NetSessions::Weird(const char* name, From e5d3654266b424d2b569d3bb0f3c78b2ec350862 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 28 Feb 2011 15:39:24 -0800 Subject: [PATCH 54/54] Updating submodule(s). --- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/aux/bro-aux b/aux/bro-aux index afa0a0d8b3..7e50bac938 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit afa0a0d8b3fdfa5306507948f08ac9f07696eb21 +Subproject commit 7e50bac938af1831ecf9660159145a3c2e77e13d diff --git a/aux/broccoli b/aux/broccoli index 2b8a1c9c32..9332ab3467 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 2b8a1c9c32dab2da9ebb54238c1b60e40bb8688f +Subproject commit 9332ab3467191ac22be09d6941ebd469e7a334d0 diff --git a/aux/broctl b/aux/broctl index fc940bbb72..06b74a0f23 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit fc940bbb72abbaef2e5f10ea4ab616ec9b61fe0a +Subproject commit 06b74a0f23767c8345ed146657120aba812f6764