[Zeek] Adding MySQL TLS Functionality
Andrew Klaus
andrew at aklaus.ca
Thu Apr 2 11:11:45 PDT 2020
Thanks for the reply!
I'm now getting this error:
-------------------
/home/zeek/build/src/analyzer/protocol/mysql/mysql_pac.cc: In member
function ‘bool
binpac::MySQL::MySQL_Flow::proc_mysql_handshake_response_packet(binpac::MySQL::Handshake_Response_Packet*)’:
/home/zeek/build/src/analyzer/protocol/mysql/mysql_pac.cc:3042:27:* error:
‘MySQL’ in namespace ‘analyzer’ does not name a type*
static_cast<analyzer::MySQL::MySQL_Analyzer>(connection()->bro_analyzer())->TLSHandshake();
^~~~~
/home/zeek/build/src/analyzer/protocol/mysql/mysql_pac.cc:3042:32: error:
expected ‘>’ before ‘::’ token
static_cast<analyzer::MySQL::MySQL_Analyzer>(connection()->bro_analyzer())->TLSHandshake();
^~
/home/zeek/build/src/analyzer/protocol/mysql/mysql_pac.cc:3042:32: error:
expected ‘(’ before ‘::’ token
/home/zeek/build/src/analyzer/protocol/mysql/mysql_pac.cc:3042:34: error:
‘::MySQL_Analyzer’ has not been declared
static_cast<analyzer::MySQL::MySQL_Analyzer>(connection()->bro_analyzer())->TLSHandshake();
^~~~~~~~~~~~~~
/home/zeek/build/src/analyzer/protocol/mysql/mysql_pac.cc:3042:34: note:
suggested alternative: ‘FlowAnalyzer’
static_cast<analyzer::MySQL::MySQL_Analyzer>(connection()->bro_analyzer())->TLSHandshake();
^~~~~~~~~~~~~~
FlowAnalyzer
/home/zeek/build/src/analyzer/protocol/mysql/mysql_pac.cc:3042:81: error:
‘class analyzer::Analyzer’ has no member named ‘TLSHandshake’
static_cast<analyzer::MySQL::MySQL_Analyzer>(connection()->bro_analyzer())->TLSHandshake();
^~~~~~~~~~~~
/home/zeek/build/src/analyzer/protocol/mysql/mysql_pac.cc:3042:95: error:
expected ‘)’ before ‘;’ token
static_cast<analyzer::MySQL::MySQL_Analyzer>(connection()->bro_analyzer())->TLSHandshake();
^
src/analyzer/protocol/mysql/CMakeFiles/plugin-Zeek-MySQL.dir/build.make:190:
recipe for target
'src/analyzer/protocol/mysql/CMakeFiles/plugin-Zeek-MySQL.dir/mysql_pac.cc.o'
failed
make[3]: ***
[src/analyzer/protocol/mysql/CMakeFiles/plugin-Zeek-MySQL.dir/mysql_pac.cc.o]
Error 1
--------------------------------------------
Some more differences I've noticed compared to the IMAP analyzer:
imap.pac has "connection IMAP_Conn(bro_analyzer: IMAPAnalyzer)"
https://github.com/zeek/zeek/blob/master/src/analyzer/protocol/imap/imap.pac#L27
mysql.pac has: "connection MySQL_Conn(bro_analyzer: BroAnalyzer)"
https://github.com/zeek/zeek/blob/master/src/analyzer/protocol/mysql/mysql.pac#L20
also in imap.pac, but not mysql.pac:
"namespace analyzer { namespace imap { class IMAP_Analyzer; } }
typedef analyzer::imap::IMAP_Analyzer* IMAPAnalyzer;
extern type IMAPAnalyzer;"
I've tried porting these differences over as well, without much luck.
I'll keep seeing what I can try to get this working.
Thanks,
Andrew
On Thu, Apr 2, 2020 at 10:59 AM Jon Siwek <jsiwek at corelight.com> wrote:
> On Thu, Apr 2, 2020 at 9:33 AM Andrew Klaus <andrew at aklaus.ca> wrote:
>
> > /home/zeek/build/src/analyzer/protocol/mysql/mysql_pac.cc:3042:35:
> error: ‘class analyzer::Analyzer’ has no member named ‘TLSHandshake’
> > connection()->bro_analyzer()->TLSHandshake();
>
> Seems like you just need to cast:
>
>
> static_cast<analyzer::MySQL::MySQL_Analyzer>(connection()->bro_analyzer())->TLSHandshake();
>
> That is, bro_analyzer() returns an analyzer::Analyzer*, which is the
> base class that has no TLSHandshake() method, thus the compiler error.
>
> - Jon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200402/13a9f224/attachment.html
More information about the Zeek
mailing list