[Bro] ssl binpac analyzer -- patches
Tobias Kiesling
kiesling at ICSI.Berkeley.EDU
Fri May 25 15:46:28 PDT 2007
Hi all,
I have been working on the development of an ssl analyzer using binpac,
which is now finished. In the process of development, I have found and fixed
some bugs in binpac, as well as added an additional feature to binpac.
Attached you can find the patches for binpac in the bro-1.2.1 distribution
(binpac-[1-8].patch) with a file documenting the patches (
binpac-patch-doc.txt). I would like to ask you to have a look over those
patches (especially Ruoming). All of the patches should be applied with
patch -p1 in the main bro directory.
Cheers,
Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070525/1d259a5b/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: binpac-1.patch
Type: application/octet-stream
Size: 1009 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070525/1d259a5b/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: binpac-2.patch
Type: application/octet-stream
Size: 2884 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070525/1d259a5b/attachment-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: binpac-3.patch
Type: application/octet-stream
Size: 1402 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070525/1d259a5b/attachment-0002.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: binpac-4.patch
Type: application/octet-stream
Size: 539 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070525/1d259a5b/attachment-0003.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: binpac-5.patch
Type: application/octet-stream
Size: 2166 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070525/1d259a5b/attachment-0004.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: binpac-6.patch
Type: application/octet-stream
Size: 1094 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070525/1d259a5b/attachment-0005.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: binpac-7.patch
Type: application/octet-stream
Size: 750 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070525/1d259a5b/attachment-0006.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: binpac-8.patch
Type: application/octet-stream
Size: 6161 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070525/1d259a5b/attachment-0007.obj
-------------- next part --------------
binpac fixes
----------------
numbers of issues below correspond to the patch numbers
(1) correct calculation of minimal header size in pac_expr.cc
- problem: EXPR_CALLARGS and EXPR_CASE not considered for the calculation
of minimal header size
- solution: added two cases in switch stmt of Expr::MinimalHeaderSize
for EXPR_CALLARGS and EXPR_CASE
(2) ensure parsing of fields first referenced in a case expression or
let field with an &if attribute
- problem: in cases where the if expression evaluates to false or the
proper case does not occur, fields get not parsed at all
- solution: force evaluation of all IDs referenced in a let field with
if attribute or a case expression before the body of the corresponding
switch stmt or the if stmt
- added public method Expr::ForceIDEval, properly called before
generating the code of a field with if attribute or the case expression
(3) properly assert the use of fields with an if attribute
- problem: the use of fields with an if attribute was not asserted in all
cases and asserted in the wrong way in some others due to the
corresponding BINPAC_ASSERT only called upon parsing the field
- solution: perform BINPAC_ASSERT upon calling the fields accessor
function
- moved BINPAC_ASSERT statement from LetField::GenEval to
Type::GenPubDecls
(4) incremental input with records with a non-negative StaticSize
- problem: incremental input with records with a StaticSize >= 0
cannot be performed due to necessary length attribute, leading to
an invalid call of GenBoundaryCheck in RecordType::DoGenParseCode
- solution: added a check for incremental input in
RecordType::DoGenParseCode before calling GenBoundaryCheck
(5) empty type with incremental input
- problem: with an empty type and incremental input, although the
Parse function is created, it is never called, leading to problems,
if additional actions are to be performed when encountering that
empty type
- solution: generate call to Parse of empty type in Type::GenParseBuffer
(6) parsing loop in flow ParseBuffer (while(true))
- problem: while(true) leads to problems after parsing of a type is
complete; at this time, it is unexpected that parsing continues, even
if no data is available in the flow buffer
- solution: check if data is available before starting a new parsing
cycle
- added a method data_available to FlowBuffer
- changed while(true) in FlowDecl::GenCodeFlowUnit to
while(flow_buffer_->data_available())
(7) initialization of flow buffer in CaseType with bufferable fields
in cases
- problem: initialization of buffer occurs in every Parse call,
regardless if it was initialized before or not; initialization
is correct only on first such occurence
- solution: check to buffer_state is to be created always when
buffering_state_id is in environment in Type::GenBufferConfig
- changed condition from buffering_state_var_field_ to
env->GetDataType(buffering_state_id)
(8) allowing init and cleanup code to be redefined, as well as addition
of code to FlowEOF calls in analyzer and flow
- problem 1: when refining an analyzer or flow definition, additional
init and cleanup code was not allowed, if these were already defined
before; this leads to problems when adding new members, as these
cannot be initialized and destroyed properly
- solution: allow init and cleanup code to be specified more than once
- changed deifnitions and usage of constructor_helper and
destructor_helper to allow for lists of constructor and destructor
helpers (similar to member declarations) in pac_analyzer.h and
pac_analyzer.cc
- problem 2: in some cases, it is desirable to execute code when
encountering the end of the input stream, which is not possible in
binpac
- solution: added a %eof binpac primitive similar to %init, which adds
code to the FlowEOF function of an analyzer or a flow
More information about the Bro
mailing list