Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #####
- # ProtocolProfileInit.tcl
- # Author: Thomas Schockaert
- # Last Changed: 20141104
- # Contents: The procedures that define the protocol maps and initialize the user-defined static textmaps.
- # Howto:
- # - Procedure names don't follow a specific naming scheme. You just call whatever you named it in the CLIENT_ACCEPTED event of your iRule
- # - Example:
- # when CLIENT_ACCEPTED {
- # array set pmap [call ProtocolProfilerInit::init_dns]
- # }
- #####
- ### init_dns { }
- # Description:
- # - This procedure defines the DNS protocol map in array 'pmap' and initializes the static textmaps.
- # Arguments: none
- # Returns:
- # - the protocol map as a list
- proc init_dns {
- set pmap(0) "record"
- set pmap(0_0) {"transactionid" 2 "hex"}
- set pmap(0_0_0) {"transaction"}
- set pmap(0_0_0_0) {"flags" 2 "hex"}
- set pmap(0_0_0_0_0) {"standard_query" "flags=0x0100"}
- set pmap(0_0_0_0_0_0) {"questionrecordcount" 2 "dec"}
- set pmap(0_0_0_0_0_1) {"answerrecordcount" 2 "dec"}
- set pmap(0_0_0_0_0_2) {"authorityrecordcount" 2 "dec"}
- set pmap(0_0_0_0_0_3) {"additionalrecordcount" 2 "dec"}
- # dns is a bitch: http://www.tcpipguide.com/free/t_DNSNameNotationandMessageCompressionTechnique.htm
- set pmap(0_0_0_0_0_4) {"queryname" "\[expr \[UDP::payload length\]-4\]" "dnstext"}
- set pmap(0_0_0_0_0_5) {"querytype" 2 "tmap"}
- set pmap(0_0_0_0_0_6) {"queryclass" 2 "tmap"}
- set pmap(0_0_0_0_1) {"standard_response_noerror" "flags=0x8180"}
- set pmap(0_0_0_0_1_0) {"recordcount" 8 "dec"}
- set pmap(0_0_0_0_1_0_0) {"question_and_answer" "recordcount=0x0001000100000000"}
- # -4 bytes for the querytype and class, -16 bytes for the answer
- set pmap(0_0_0_0_1_0_0_0) {"queryname" "\[expr \[UDP::payload length\]-4-16\]" "dnstext"}
- set pmap(0_0_0_0_1_0_0_1) {"querytype" 2 "tmap"}
- set pmap(0_0_0_0_1_0_0_2) {"queryclass" 2 "tmap"}
- set pmap(0_0_0_0_1_0_0_3) {"answername" 2 "hex"}
- set pmap(0_0_0_0_1_0_0_4) {"answertype" 2 "tmap"}
- set pmap(0_0_0_0_1_0_0_5) {"answerclass" 2 "tmap"}
- set pmap(0_0_0_0_1_0_0_6) {"answerttl" 4 "dec"}
- set pmap(0_0_0_0_1_0_0_7) {"answerdatalength" 2 "dec"}
- set pmap(0_0_0_0_1_0_0_8) {"answeraddress" "answerdatalength" "ipv4"}
- set pmap(0_0_0_0_2) {"standard_response_noerror" "flags=0x8183"}
- set pmap(0_0_0_0_2_0) {"recordcount" 8 "dec"}
- set pmap(0_0_0_0_2_0_0) {"question_and_authoritative" "recordcount=0x0001000000010000"}
- # -4 bytes for the querytype and class, -46 bytes for the authoritative
- set pmap(0_0_0_0_2_0_0_0) {"queryname" "\[expr \[UDP::payload length\]-4-46\]" "dnstext"}
- set pmap(0_0_0_0_2_0_0_1) {"querytype" 2 "tmap"}
- set pmap(0_0_0_0_2_0_0_2) {"queryclass" 2 "tmap"}
- set pmap(0_0_0_0_2_0_0_3) {"answername" 2 "hex"}
- set pmap(0_0_0_0_2_0_0_4) {"answertype" 2 "tmap"}
- set pmap(0_0_0_0_2_0_0_5) {"answerclass" 2 "tmap"}
- set pmap(0_0_0_0_2_0_0_6) {"answerttl" 4 "dec"}
- set pmap(0_0_0_0_2_0_0_7) {"answerdatalength" 2 "dec"}
- set pmap(0_0_0_0_2_0_0_8) {"answeraddress" "answerdatalength" "dns_soaracord"}
- call ProtocolProfilerTMAPs::tmap_define_dns
- return [array get pmap]
- }
- ### init_ssl { }
- # Description:
- # - This procedure defines the SSL protocol map in array 'pmap' and initializes the static textmaps.
- # Arguments: none
- # Returns:
- # - the protocol map as a list
- proc init_ssl {
- set pmap(0) "record"
- set pmap(0_0) {"contenttype" 1 "tmap"}
- set pmap(0_0_0) "handshake contenttype=0x16"
- set pmap(0_0_0_0) {"protocol" 1 "tmap"}
- set pmap(0_0_0_0_0) "clienthello protocol=0x01"
- set pmap(0_0_0_0_0_0) {"length" 3 "dec"}
- set pmap(0_0_0_0_0_1) {"version" 2 "tmap"}
- set pmap(0_0_0_0_0_2) {"randomtime" 4 "time"}
- set pmap(0_0_0_0_0_3) {"randombytes" 28 "hex"}
- set pmap(0_0_0_0_0_4) {"sessionidlength" 1 "dec"}
- set pmap(0_0_0_0_0_5) {"sessionid" "sessionidlength" "hex"}
- set pmap(0_0_0_0_0_6) {"ciphersuiteslength" 2 "dec"}
- set pmap(0_0_0_0_0_7) {"ciphersuites" "ciphersuiteslength" "lmap" 2}
- set pmap(0_0_0_0_0_8) {"compressionmethodslength" 1 "dec"}
- set pmap(0_0_0_0_0_9) {"compressionmethods" "compressionmethodslength" "lmap" 1}
- set pmap(0_0_0_0_0_10) {"extensionslength" 2 "dec"}
- set pmap(0_0_0_0_0_11) {"extensions" "extensionslength" "hex"}
- set pmap(0_0_0_0_0_11_0) "extension"
- set pmap(0_0_0_0_0_11_0_0) {"extensiontype" 2 "tmap"}
- set pmap(0_0_0_0_0_11_0_1) {"extensionlength" 2 "dec"}
- set pmap(0_0_0_0_0_11_0_2) {"extensioncontent" "extensionlength" "dec"}
- set pmap(0_0_0_0_1) "serverhello protocol=0x02"
- set pmap(0_0_0_0_1_0) {"length" 3 "dec"}
- set pmap(0_0_0_0_1_1) {"version" 2 "tmap"}
- set pmap(0_0_0_0_1_2) {"randomtime" 4 "time"}
- set pmap(0_0_0_0_1_3) {"randombytes" 28 "hex"}
- set pmap(0_0_0_0_1_4) {"sessionidlength" 1 "dec"}
- set pmap(0_0_0_0_1_5) {"sessionid" "sessionidlength" "hex"}
- set pmap(0_0_0_0_1_6) {"ciphersuite" 2 "tmap"}
- set pmap(0_0_0_0_1_7) {"compressionmethod" 1 "tmap"}
- set pmap(0_0_0_0_1_8) {"extensionslength" 2 "dec"}
- set pmap(0_0_0_0_1_9) {"extensions" "extensionslength" "hex"}
- set pmap(0_0_0_0_1_9_0) "extension"
- set pmap(0_0_0_0_1_9_0_0) {"extensiontype" 2 "tmap"}
- set pmap(0_0_0_0_1_9_0_1) {"extensionlength" 2 "dec"}
- set pmap(0_0_0_0_1_9_0_2 {"extensioncontent" "extensionlength" "dec"}
- set pmap(0_0_0_0_2) "certificate protocol=0x0b"
- set pmap(0_0_0_0_2_0) {"certificateslength" 3 "dec"}
- set pmap(0_0_0_0_2_0_1) {"certificates" "certificateslength" "dec"}
- set pmap(0_0_0_0_2_0_1) "certificate"
- set pmap(0_0_0_0_2_0_0_0) {"certificatelength" 3 "dec"}
- set pmap(0_0_0_0_2_0_0_1) {"certificate" "certificatelength" "dec"}
- set pmap(0_0_0_0_3) "serverhellodone protocol=0x0e"
- set pmap(0_0_0_0_4) "hellorequest protocol=0x00"
- set pmap(0_0_0_0_5) "certificateverify protocol=0x0f"
- set pmap(0_0_0_0_6) "clientkeyexchange protocol=0x10"
- set pmap(0_0_0_0_6_0) {"ckedatalength" 3 "dec"}
- set pmap(0_0_0_0_6_1) {"premasterdatalength" 2 "dec"}
- set pmap(0_0_0_0_6_2) {"premasterdata" "premasterdatalength" "hex"}
- set pmap(0_0_0_0_7) "certificaterequest protocol=0x0d"
- set pmap(0_0_0_0_7_0) {"crlength" 3 "dec"}
- set pmap(0_0_0_0_7_1) {"crtypescountlength" 1 "dec"}
- set pmap(0_0_0_0_7_2) {"crcerttype" "crtypescountlength" "lmap" 1}
- set pmap(0_0_0_0_7_3) {"crsighashlength" 2 "dec"}
- set pmap(0_0_0_0_7_4) {"crsighash" "crsighashlength" "lmap" 2}
- set pmap(0_0_0_0_7_5) {"crdnnamelength" 2 "dec"}
- set pmap(0_0_0_0_7_6) {"crdnnames" "crdnnamelength" "hex"}
- set pmap(0_0_0_0_8) "encryptedhandshakemessage protocol=*"
- set pmap(0_0_1) "changecipherspec contenttype=0x14"
- set pmap(0_0_1_0) {"ccsdata" 1 "hex"}
- set pmap(0_0_2) "applicationdata contenttype=0x17"
- set pmap(0_0_2_0) {"addata" "recordlength" "hex"}
- set pmap(0_0_3) "alert contenttype=0x18"
- set pmap(0_0_3_0) {"alertdata" "recordlength" "hex"}
- set pmap(0_1) {"version" 2 "tmap"}
- set pmap(0_2) {"recordlength" 2 "dec"}
- call ProtocolProfilerTMAPs::tmap_define_ssl
- return [array get pmap]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement