Need a unique gift idea?
A Pastebin account makes a great Christmas gift
SHARE
TWEET

ProtocolProfilerInit.tcl

a guest Nov 12th, 2014 94 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. #####
  2. # ProtocolProfileInit.tcl
  3. # Author: Thomas Schockaert
  4. # Last Changed: 20141104
  5. # Contents: The procedures that define the protocol maps and initialize the user-defined static textmaps.
  6. # Howto:
  7. # - Procedure names don't follow a specific naming scheme. You just call whatever you named it in the CLIENT_ACCEPTED event of your iRule
  8. # - Example:
  9. #   when CLIENT_ACCEPTED {
  10. #       array set pmap [call ProtocolProfilerInit::init_dns]
  11. #   }
  12. #####
  13.  
  14. ### init_dns { }
  15. # Description:
  16. # - This procedure defines the DNS protocol map in array 'pmap' and initializes the static textmaps.
  17. # Arguments: none
  18. # Returns:
  19. # - the protocol map as a list
  20. proc init_dns {
  21.         set pmap(0) "record"
  22.         set pmap(0_0) {"transactionid" 2 "hex"}
  23.         set pmap(0_0_0) {"transaction"}
  24.         set pmap(0_0_0_0) {"flags" 2 "hex"}
  25.         set pmap(0_0_0_0_0) {"standard_query" "flags=0x0100"}
  26.         set pmap(0_0_0_0_0_0) {"questionrecordcount" 2 "dec"}
  27.         set pmap(0_0_0_0_0_1) {"answerrecordcount" 2 "dec"}
  28.         set pmap(0_0_0_0_0_2) {"authorityrecordcount" 2 "dec"}
  29.         set pmap(0_0_0_0_0_3) {"additionalrecordcount" 2 "dec"}
  30.         # dns is a bitch: http://www.tcpipguide.com/free/t_DNSNameNotationandMessageCompressionTechnique.htm
  31.         set pmap(0_0_0_0_0_4) {"queryname" "\[expr \[UDP::payload length\]-4\]" "dnstext"}
  32.         set pmap(0_0_0_0_0_5) {"querytype" 2 "tmap"}
  33.         set pmap(0_0_0_0_0_6) {"queryclass" 2 "tmap"}
  34.         set pmap(0_0_0_0_1) {"standard_response_noerror" "flags=0x8180"}
  35.         set pmap(0_0_0_0_1_0) {"recordcount" 8 "dec"}
  36.         set pmap(0_0_0_0_1_0_0) {"question_and_answer" "recordcount=0x0001000100000000"}
  37.         # -4 bytes for the querytype and class, -16 bytes for the answer
  38.         set pmap(0_0_0_0_1_0_0_0) {"queryname" "\[expr \[UDP::payload length\]-4-16\]" "dnstext"}
  39.         set pmap(0_0_0_0_1_0_0_1) {"querytype" 2 "tmap"}
  40.         set pmap(0_0_0_0_1_0_0_2) {"queryclass" 2 "tmap"}
  41.         set pmap(0_0_0_0_1_0_0_3) {"answername" 2 "hex"}
  42.         set pmap(0_0_0_0_1_0_0_4) {"answertype" 2 "tmap"}
  43.         set pmap(0_0_0_0_1_0_0_5) {"answerclass" 2 "tmap"}
  44.         set pmap(0_0_0_0_1_0_0_6) {"answerttl" 4 "dec"}
  45.         set pmap(0_0_0_0_1_0_0_7) {"answerdatalength" 2 "dec"}
  46.         set pmap(0_0_0_0_1_0_0_8) {"answeraddress" "answerdatalength" "ipv4"}
  47.         set pmap(0_0_0_0_2) {"standard_response_noerror" "flags=0x8183"}
  48.         set pmap(0_0_0_0_2_0) {"recordcount" 8 "dec"}
  49.         set pmap(0_0_0_0_2_0_0) {"question_and_authoritative" "recordcount=0x0001000000010000"}
  50.         # -4 bytes for the querytype and class, -46 bytes for the authoritative
  51.         set pmap(0_0_0_0_2_0_0_0) {"queryname" "\[expr \[UDP::payload length\]-4-46\]" "dnstext"}
  52.         set pmap(0_0_0_0_2_0_0_1) {"querytype" 2 "tmap"}
  53.         set pmap(0_0_0_0_2_0_0_2) {"queryclass" 2 "tmap"}
  54.         set pmap(0_0_0_0_2_0_0_3) {"answername" 2 "hex"}
  55.         set pmap(0_0_0_0_2_0_0_4) {"answertype" 2 "tmap"}
  56.         set pmap(0_0_0_0_2_0_0_5) {"answerclass" 2 "tmap"}
  57.         set pmap(0_0_0_0_2_0_0_6) {"answerttl" 4 "dec"}
  58.         set pmap(0_0_0_0_2_0_0_7) {"answerdatalength" 2 "dec"}
  59.         set pmap(0_0_0_0_2_0_0_8) {"answeraddress" "answerdatalength" "dns_soaracord"} 
  60.                            
  61.         call ProtocolProfilerTMAPs::tmap_define_dns
  62.        
  63.         return [array get pmap]
  64. }
  65.  
  66. ### init_ssl { }
  67. # Description:
  68. # - This procedure defines the SSL protocol map in array 'pmap' and initializes the static textmaps.
  69. # Arguments: none
  70. # Returns:
  71. # - the protocol map as a list
  72. proc init_ssl {
  73.         set pmap(0) "record"
  74.         set pmap(0_0) {"contenttype" 1 "tmap"}
  75.         set pmap(0_0_0) "handshake contenttype=0x16"
  76.         set pmap(0_0_0_0) {"protocol" 1 "tmap"}
  77.         set pmap(0_0_0_0_0) "clienthello protocol=0x01"
  78.         set pmap(0_0_0_0_0_0) {"length" 3 "dec"}
  79.         set pmap(0_0_0_0_0_1) {"version" 2 "tmap"}
  80.         set pmap(0_0_0_0_0_2) {"randomtime" 4 "time"}
  81.         set pmap(0_0_0_0_0_3) {"randombytes" 28 "hex"}
  82.         set pmap(0_0_0_0_0_4) {"sessionidlength" 1 "dec"}
  83.         set pmap(0_0_0_0_0_5) {"sessionid" "sessionidlength" "hex"}
  84.         set pmap(0_0_0_0_0_6) {"ciphersuiteslength" 2 "dec"}
  85.         set pmap(0_0_0_0_0_7) {"ciphersuites" "ciphersuiteslength" "lmap" 2}
  86.         set pmap(0_0_0_0_0_8) {"compressionmethodslength" 1 "dec"}
  87.         set pmap(0_0_0_0_0_9) {"compressionmethods" "compressionmethodslength" "lmap" 1}
  88.         set pmap(0_0_0_0_0_10) {"extensionslength" 2 "dec"}
  89.         set pmap(0_0_0_0_0_11) {"extensions" "extensionslength" "hex"}
  90.         set pmap(0_0_0_0_0_11_0) "extension"
  91.         set pmap(0_0_0_0_0_11_0_0) {"extensiontype" 2 "tmap"}
  92.         set pmap(0_0_0_0_0_11_0_1) {"extensionlength" 2 "dec"}
  93.         set pmap(0_0_0_0_0_11_0_2) {"extensioncontent" "extensionlength" "dec"}
  94.         set pmap(0_0_0_0_1) "serverhello protocol=0x02"
  95.         set pmap(0_0_0_0_1_0) {"length" 3 "dec"}
  96.         set pmap(0_0_0_0_1_1) {"version" 2 "tmap"}
  97.         set pmap(0_0_0_0_1_2) {"randomtime" 4 "time"}
  98.         set pmap(0_0_0_0_1_3) {"randombytes" 28 "hex"}
  99.         set pmap(0_0_0_0_1_4) {"sessionidlength" 1 "dec"}
  100.         set pmap(0_0_0_0_1_5) {"sessionid" "sessionidlength" "hex"}
  101.         set pmap(0_0_0_0_1_6) {"ciphersuite" 2 "tmap"}
  102.         set pmap(0_0_0_0_1_7) {"compressionmethod" 1 "tmap"}
  103.         set pmap(0_0_0_0_1_8) {"extensionslength" 2 "dec"}
  104.         set pmap(0_0_0_0_1_9) {"extensions" "extensionslength" "hex"}
  105.         set pmap(0_0_0_0_1_9_0) "extension"
  106.         set pmap(0_0_0_0_1_9_0_0) {"extensiontype" 2 "tmap"}
  107.         set pmap(0_0_0_0_1_9_0_1) {"extensionlength" 2 "dec"}
  108.         set pmap(0_0_0_0_1_9_0_2 {"extensioncontent" "extensionlength" "dec"}
  109.         set pmap(0_0_0_0_2) "certificate protocol=0x0b"
  110.         set pmap(0_0_0_0_2_0) {"certificateslength" 3 "dec"}
  111.         set pmap(0_0_0_0_2_0_1) {"certificates" "certificateslength" "dec"}
  112.         set pmap(0_0_0_0_2_0_1) "certificate"
  113.         set pmap(0_0_0_0_2_0_0_0) {"certificatelength" 3 "dec"}
  114.         set pmap(0_0_0_0_2_0_0_1) {"certificate" "certificatelength" "dec"}
  115.         set pmap(0_0_0_0_3) "serverhellodone protocol=0x0e"
  116.         set pmap(0_0_0_0_4) "hellorequest protocol=0x00"
  117.         set pmap(0_0_0_0_5) "certificateverify protocol=0x0f"
  118.         set pmap(0_0_0_0_6) "clientkeyexchange protocol=0x10"
  119.         set pmap(0_0_0_0_6_0) {"ckedatalength" 3 "dec"}
  120.         set pmap(0_0_0_0_6_1) {"premasterdatalength" 2 "dec"}
  121.         set pmap(0_0_0_0_6_2) {"premasterdata" "premasterdatalength" "hex"}
  122.         set pmap(0_0_0_0_7) "certificaterequest protocol=0x0d"
  123.         set pmap(0_0_0_0_7_0) {"crlength" 3 "dec"}
  124.         set pmap(0_0_0_0_7_1) {"crtypescountlength" 1 "dec"}
  125.         set pmap(0_0_0_0_7_2) {"crcerttype" "crtypescountlength" "lmap" 1}
  126.         set pmap(0_0_0_0_7_3) {"crsighashlength" 2 "dec"}
  127.         set pmap(0_0_0_0_7_4) {"crsighash" "crsighashlength" "lmap" 2}
  128.         set pmap(0_0_0_0_7_5) {"crdnnamelength" 2 "dec"}
  129.         set pmap(0_0_0_0_7_6) {"crdnnames" "crdnnamelength" "hex"}
  130.         set pmap(0_0_0_0_8) "encryptedhandshakemessage protocol=*"     
  131.         set pmap(0_0_1) "changecipherspec contenttype=0x14"
  132.         set pmap(0_0_1_0) {"ccsdata" 1 "hex"}
  133.         set pmap(0_0_2) "applicationdata contenttype=0x17"
  134.         set pmap(0_0_2_0) {"addata" "recordlength" "hex"}
  135.         set pmap(0_0_3) "alert contenttype=0x18"
  136.         set pmap(0_0_3_0) {"alertdata" "recordlength" "hex"}
  137.         set pmap(0_1) {"version" 2 "tmap"}
  138.         set pmap(0_2) {"recordlength" 2 "dec"}
  139.        
  140.         call ProtocolProfilerTMAPs::tmap_define_ssl
  141.        
  142.         return [array get pmap]
  143. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top