From bf3f184a01a705f94b0254bff07cb410a72cef05 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 13 Mar 2012 13:47:07 -0500 Subject: [PATCH 1/8] Change IPv6 literal constant syntax to require encasing square brackets This is to avoid ambiguity between compressed hex notation and module namespacing, both which use "::". E.g.: "aaaa::bbbb" could be an identifier or an IPv6 address, but "[aaaa::bbbb]" is now clearly the address. Also added IPv6 mixed notation to allow an IPv4 dotted-decimal address to be specified in the lower 32-bits. --- scripts/base/protocols/ftp/main.bro | 2 +- src/scan.l | 23 ++++++++++---- .../Baseline/language.ipv6-literals/output | 22 ++++++++++++++ testing/btest/bifs/addr_count_conversion.bro | 2 +- testing/btest/bifs/addr_to_ptr_name.bro | 2 +- testing/btest/bifs/addr_version.bro | 4 +-- testing/btest/bifs/to_addr.bro | 2 +- testing/btest/bifs/to_subnet.bro | 4 +-- testing/btest/language/ipv6-literals.bro | 30 +++++++++++++++++++ testing/btest/language/sizeof.bro | 2 +- 10 files changed, 79 insertions(+), 14 deletions(-) create mode 100644 testing/btest/Baseline/language.ipv6-literals/output create mode 100644 testing/btest/language/ipv6-literals.bro diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro index db9e030c33..e6c0131337 100644 --- a/scripts/base/protocols/ftp/main.bro +++ b/scripts/base/protocols/ftp/main.bro @@ -275,7 +275,7 @@ event ftp_reply(c: connection, code: count, msg: string, cont_resp: bool) &prior { c$ftp$passive=T; - if ( code == 229 && data$h == :: ) + if ( code == 229 && data$h == [::] ) data$h = id$resp_h; ftp_data_expected[data$h, data$p] = c$ftp; diff --git a/src/scan.l b/src/scan.l index 4914783c44..a44c58f3cd 100644 --- a/src/scan.l +++ b/src/scan.l @@ -228,6 +228,24 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) ++yylloc.last_line; } + /* IPv6 literal constant patterns */ +"["({HEX}:){7}{HEX}"]" { + string s(yytext+1); + RET_CONST(new AddrVal(s.erase(s.size()-1))) +} +"["0x{HEX}({HEX}|:)*"::"({HEX}|:)*"]" { + string s(yytext+3); + RET_CONST(new AddrVal(s.erase(s.size()-1))) +} +"["({HEX}|:)*"::"({HEX}|:)*"]" { + string s(yytext+1); + RET_CONST(new AddrVal(s.erase(s.size()-1))) +} +"["({HEX}|:)*"::"({HEX}|:)*({D}"."){3}{D}"]" { + string s(yytext+1); + RET_CONST(new AddrVal(s.erase(s.size()-1))) +} + [!%*/+\-,:;<=>?()\[\]{}~$|] return yytext[0]; "--" return TOK_DECR; @@ -450,11 +468,6 @@ F RET_CONST(new Val(false, TYPE_BOOL)) ({D}"."){3}{D} RET_CONST(new AddrVal(yytext)) -({HEX}:){7}{HEX} RET_CONST(new AddrVal(yytext)) - -0x{HEX}({HEX}|:)*"::"({HEX}|:)* RET_CONST(new AddrVal(yytext+2)) -(({D}|:)({HEX}|:)*)?"::"({HEX}|:)* RET_CONST(new AddrVal(yytext)) - "0x"{HEX}+ RET_CONST(new Val(static_cast(strtol(yytext, 0, 16)), TYPE_COUNT)) {H}("."{H})+ RET_CONST(dns_mgr->LookupHost(yytext)) diff --git a/testing/btest/Baseline/language.ipv6-literals/output b/testing/btest/Baseline/language.ipv6-literals/output new file mode 100644 index 0000000000..935d4865b6 --- /dev/null +++ b/testing/btest/Baseline/language.ipv6-literals/output @@ -0,0 +1,22 @@ +::1 +::0.0.255.255 +::255.255.255.255 +::10.10.255.255 +1::1 +1::a +1::1:1 +1::1:a +a::a +a::1 +a::a:a +a::a:1 +a:a::a +aaaa::ffff +192.168.1.100 +ffff::c0a8:164 +::192.168.1.100 +805b:2d9d:dc28::fc57:d4c8:1fff +aaaa::bbbb +aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222 +aaaa:bbbb:cccc:dddd:eeee:ffff:1:2222 +aaaa:bbbb:cccc:dddd:eeee:ffff::2222 diff --git a/testing/btest/bifs/addr_count_conversion.bro b/testing/btest/bifs/addr_count_conversion.bro index 2559d39f27..360994a8e5 100644 --- a/testing/btest/bifs/addr_count_conversion.bro +++ b/testing/btest/bifs/addr_count_conversion.bro @@ -3,7 +3,7 @@ global v: index_vec; -v = addr_to_counts(2001:0db8:85a3:0000:0000:8a2e:0370:7334); +v = addr_to_counts([2001:0db8:85a3:0000:0000:8a2e:0370:7334]); print v; print counts_to_addr(v); v = addr_to_counts(1.2.3.4); diff --git a/testing/btest/bifs/addr_to_ptr_name.bro b/testing/btest/bifs/addr_to_ptr_name.bro index c9b3fb9e16..b9c831d061 100644 --- a/testing/btest/bifs/addr_to_ptr_name.bro +++ b/testing/btest/bifs/addr_to_ptr_name.bro @@ -1,6 +1,6 @@ # @TEST-EXEC: bro %INPUT >output # @TEST-EXEC: btest-diff output -print addr_to_ptr_name(2607:f8b0:4009:802::1012); +print addr_to_ptr_name([2607:f8b0:4009:802::1012]); print addr_to_ptr_name(74.125.225.52); diff --git a/testing/btest/bifs/addr_version.bro b/testing/btest/bifs/addr_version.bro index 8d496a9294..3e0123ef42 100644 --- a/testing/btest/bifs/addr_version.bro +++ b/testing/btest/bifs/addr_version.bro @@ -2,6 +2,6 @@ # @TEST-EXEC: btest-diff out print is_v4_addr(1.2.3.4); -print is_v4_addr(::1); +print is_v4_addr([::1]); print is_v6_addr(1.2.3.4); -print is_v6_addr(::1); +print is_v6_addr([::1]); diff --git a/testing/btest/bifs/to_addr.bro b/testing/btest/bifs/to_addr.bro index 3b79648b00..3a43438bb7 100644 --- a/testing/btest/bifs/to_addr.bro +++ b/testing/btest/bifs/to_addr.bro @@ -17,4 +17,4 @@ test_to_addr("10.20.30.40", 10.20.30.40); test_to_addr("100.200.30.40", 100.200.30.40); test_to_addr("10.0.0.0", 10.0.0.0); test_to_addr("10.00.00.000", 10.0.0.0); -test_to_addr("not an IP", ::); +test_to_addr("not an IP", [::]); diff --git a/testing/btest/bifs/to_subnet.bro b/testing/btest/bifs/to_subnet.bro index 6b1eb54946..59064893e1 100644 --- a/testing/btest/bifs/to_subnet.bro +++ b/testing/btest/bifs/to_subnet.bro @@ -6,6 +6,6 @@ global sn: subnet; sn = to_subnet("10.0.0.0/8"); print sn, sn == 10.0.0.0/8; sn = to_subnet("2607:f8b0::/32"); -print sn, sn == 2607:f8b0::/32; +print sn, sn == [2607:f8b0::]/32; sn = to_subnet("10.0.0.0"); -print sn, sn == ::/0; +print sn, sn == [::]/0; diff --git a/testing/btest/language/ipv6-literals.bro b/testing/btest/language/ipv6-literals.bro new file mode 100644 index 0000000000..6f1f9d59fb --- /dev/null +++ b/testing/btest/language/ipv6-literals.bro @@ -0,0 +1,30 @@ +# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: btest-diff output + +local v: vector of addr = vector(); + +v[|v|] = [::1]; +v[|v|] = [::ffff]; +v[|v|] = [::ffff:ffff]; +v[|v|] = [::0a0a:ffff]; +v[|v|] = [1::1]; +v[|v|] = [1::a]; +v[|v|] = [1::1:1]; +v[|v|] = [1::1:a]; +v[|v|] = [a::a]; +v[|v|] = [a::1]; +v[|v|] = [a::a:a]; +v[|v|] = [a::a:1]; +v[|v|] = [a:a::a]; +v[|v|] = [aaaa:0::ffff]; +v[|v|] = [::ffff:192.168.1.100]; +v[|v|] = [ffff::192.168.1.100]; +v[|v|] = [::192.168.1.100]; +v[|v|] = [805B:2D9D:DC28::FC57:212.200.31.255]; +v[|v|] = [0xaaaa::bbbb]; +v[|v|] = [aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222]; +v[|v|] = [aaaa:bbbb:cccc:dddd:eeee:ffff:1:2222]; +v[|v|] = [aaaa:bbbb:cccc:dddd:eeee:ffff:0:2222]; + +for (i in v) + print v[i]; diff --git a/testing/btest/language/sizeof.bro b/testing/btest/language/sizeof.bro index 860c9487ff..99d7b51ce8 100644 --- a/testing/btest/language/sizeof.bro +++ b/testing/btest/language/sizeof.bro @@ -20,7 +20,7 @@ type example_record: record { }; global a: addr = 1.2.3.4; -global a6: addr = ::1; +global a6: addr = [::1]; global b: bool = T; global c: count = 10; global d: double = -1.23; From b4239de4a3dfaa836a1a0dab46ae41e4065be771 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 13 Mar 2012 15:39:38 -0700 Subject: [PATCH 2/8] Updating NEWS. Previous commit closes #796. --- CHANGES | 5 +++++ NEWS | 3 +++ VERSION | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 1f2df6ff0d..cbbdd7cee7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.0-146 | 2012-03-13 15:39:38 -0700 + + * Change IPv6 literal constant syntax to require encasing square + brackets. (Jon Siwek) + 2.0-145 | 2012-03-09 15:10:35 -0800 * Remove the match expression. 'match' and 'using' are no longer diff --git a/NEWS b/NEWS index 15b834b040..75f9e4822b 100644 --- a/NEWS +++ b/NEWS @@ -28,6 +28,9 @@ Bro 2.1 the default scripts, nor was it likely to be used by anybody anytime soon. With that, "match" and "using" are no longer reserved keywords. +- The syntax for IPv6 literals changed from "2607:f8b0:4009:802::1012" + to "[2607:f8b0:4009:802::1012]". + TODO: Extend. Bro 2.0 diff --git a/VERSION b/VERSION index c4c99acc07..1144bdcd28 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-145 +2.0-146 From 9dd63acaa3298adb8e7d769e0bdd642976da1698 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 13 Mar 2012 16:10:42 -0700 Subject: [PATCH 3/8] Updating baseline. Is that a platform-specific difference? --- testing/btest/Baseline/language.ipv6-literals/output | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testing/btest/Baseline/language.ipv6-literals/output b/testing/btest/Baseline/language.ipv6-literals/output index 935d4865b6..f2b9a985f0 100644 --- a/testing/btest/Baseline/language.ipv6-literals/output +++ b/testing/btest/Baseline/language.ipv6-literals/output @@ -1,5 +1,5 @@ ::1 -::0.0.255.255 +::ffff ::255.255.255.255 ::10.10.255.255 1::1 @@ -19,4 +19,4 @@ ffff::c0a8:164 aaaa::bbbb aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222 aaaa:bbbb:cccc:dddd:eeee:ffff:1:2222 -aaaa:bbbb:cccc:dddd:eeee:ffff::2222 +aaaa:bbbb:cccc:dddd:eeee:ffff:0:2222 From 11fdb5edce2ab89c253b43d253a8eec27194763a Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 13 Mar 2012 16:11:36 -0700 Subject: [PATCH 4/8] Updating submodule(s). [nomail] --- aux/broccoli | 2 +- aux/btest | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aux/broccoli b/aux/broccoli index 2602eb53e7..a08ca90727 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 2602eb53e70d7f0afae8fac58d7636b9291974a4 +Subproject commit a08ca90727c5c4b90aa8633106ec33a5cf7378d4 diff --git a/aux/btest b/aux/btest index ee87db37b5..d161ccc873 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit ee87db37b520b88a55323a9767234c30b801e439 +Subproject commit d161ccc8738bf2bef76390415a58c60db42b6826 From cba160c8ac23560a2c663e75a9e916e1a0b9f2f4 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 13 Mar 2012 16:14:05 -0700 Subject: [PATCH 5/8] Removing a line of dead code. Found by Julien Sentier. Closes #786. --- src/SMTP.cc | 1 - 1 file changed, 1 deletion(-) diff --git a/src/SMTP.cc b/src/SMTP.cc index 0a6e217e3e..85a3bc79dc 100644 --- a/src/SMTP.cc +++ b/src/SMTP.cc @@ -352,7 +352,6 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) const char* ext; int ext_len; - line = skip_whitespace(line + ext_len, end_of_line); get_word(end_of_line - line, line, ext_len, ext); ProcessExtension(ext_len, ext); } From a4f8b2ccbee913cd782e2244508b5b6d2b4c64ac Mon Sep 17 00:00:00 2001 From: Julien Sentier Date: Wed, 29 Feb 2012 17:31:48 +0100 Subject: [PATCH 6/8] Changing the regular expression to allow Site::local_nets in signatures Previous commit closes #792. --- CHANGES | 8 ++++++++ VERSION | 2 +- src/rule-scan.l | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index cbbdd7cee7..8bbd14fde9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,12 @@ +2.0-150 | 2012-03-13 16:16:22 -0700 + + * Changing the regular expression to allow Site::local_nets in + signatures. (Julien Sentier) + + * Removing a line of dead code. Found by . Closes #786. (Julien + Sentier) + 2.0-146 | 2012-03-13 15:39:38 -0700 * Change IPv6 literal constant syntax to require encasing square diff --git a/VERSION b/VERSION index 1144bdcd28..aeb2df7379 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-146 +2.0-150 diff --git a/src/rule-scan.l b/src/rule-scan.l index 1ba9bed1de..781c477ff2 100644 --- a/src/rule-scan.l +++ b/src/rule-scan.l @@ -18,7 +18,7 @@ WS [ \t]+ D [0-9]+ H [0-9a-fA-F]+ STRING \"([^\n\"]|\\\")*\" -ID [0-9a-zA-Z_-]+ +ID ([0-9a-zA-Z_-]+::)*[0-9a-zA-Z_-]+ RE \/(\\\/)?([^/]|[^\\]\\\/)*\/ META \.[^ \t]+{WS}[^\n]+ PID ([0-9a-zA-Z_-]|"::")+ From 159733f481242610b5719214e17880300c5c7c93 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 14 Mar 2012 08:42:36 -0700 Subject: [PATCH 7/8] Updating submodule(s). [nomail] --- aux/btest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/btest b/aux/btest index d161ccc873..dd0e5953da 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit d161ccc8738bf2bef76390415a58c60db42b6826 +Subproject commit dd0e5953da08125fa4a772cf9f27e291a8fb868f From 6708f0ed4de9275d418d6dd10d281dfeba69a2fe Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 14 Mar 2012 16:08:25 -0700 Subject: [PATCH 8/8] Updating submodule(s). [nomail] --- aux/btest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/btest b/aux/btest index dd0e5953da..9c9fde204d 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit dd0e5953da08125fa4a772cf9f27e291a8fb868f +Subproject commit 9c9fde204dd5518bdfdb8b4a86d38ed06e597209