void moloch_parser_init()
{
userField = moloch_field_define("radius", "termfield",
"radius.user", "User", "radius.user-term",
"RADIUS user",
MOLOCH_FIELD_TYPE_STR_HASH, 0,
"category", "user",
NULL);
macField = moloch_field_define("radius", "lotermfield",
"radius.mac", "MAC", "radius.mac-term",
"Radius Mac",
MOLOCH_FIELD_TYPE_STR_HASH, MOLOCH_FIELD_FLAG_COUNT,
NULL);
endpointIpField = moloch_field_define("radius", "ip",
"radius.endpoint-ip", "Endpoint IP", "radius.eip",
"Radius endpoint ip addresses for session",
MOLOCH_FIELD_TYPE_IP_GHASH, MOLOCH_FIELD_FLAG_COUNT,
NULL);
framedIpField = moloch_field_define("radius", "ip",
"radius.framed-ip", "Framed IP", "radius.fip",
"Radius framed ip addresses for session",
MOLOCH_FIELD_TYPE_IP_GHASH, MOLOCH_FIELD_FLAG_COUNT,
NULL);
moloch_parsers_classifier_register_udp("radius", NULL, 0, (const unsigned char *)"\x01", 1, radius_udp_classify);
moloch_parsers_classifier_register_udp("radius", NULL, 0, (const unsigned char *)"\x02", 1, radius_udp_classify);
moloch_parsers_classifier_register_udp("radius", NULL, 0, (const unsigned char *)"\x03", 1, radius_udp_classify);
moloch_parsers_classifier_register_udp("radius", NULL, 0, (const unsigned char *)"\x04", 1, radius_udp_classify);
moloch_parsers_classifier_register_udp("radius", NULL, 0, (const unsigned char *)"\x05", 1, radius_udp_classify);
}
void moloch_parser_init()
{
moloch_parsers_classifier_register_tcp("bt", 0, (unsigned char*)"\x13" "BitTorrent protocol", 20, bt_classify);
moloch_parsers_classifier_register_tcp("rdp", 0, (unsigned char*)"\x03\x00", 2, rdp_classify);
moloch_parsers_classifier_register_tcp("imap", 0, (unsigned char*)"* OK ", 5, imap_classify);
moloch_parsers_classifier_register_tcp("pop3", 0, (unsigned char*)"+OK POP3 ", 9, pop3_classify);
moloch_parsers_classifier_register_tcp("gh0st", 14, 0, 0, gh0st_classify);
moloch_parsers_classifier_register_tcp("other220", 0, (unsigned char*)"220 ", 4, other220_classify);
moloch_parsers_classifier_register_tcp("vnc", 0, (unsigned char*)"RFB 0", 5, vnc_classify);
moloch_parsers_classifier_register_tcp("redis", 0, (unsigned char*)"+PONG", 5, redis_classify);
moloch_parsers_classifier_register_tcp("redis", 0, (unsigned char*)"\x2a\x31\x0d\x0a\x24", 5, redis_classify);
moloch_parsers_classifier_register_tcp("redis", 0, (unsigned char*)"\x2a\x32\x0d\x0a\x24", 5, redis_classify);
moloch_parsers_classifier_register_tcp("redis", 0, (unsigned char*)"\x2a\x33\x0d\x0a\x24", 5, redis_classify);
moloch_parsers_classifier_register_tcp("redis", 0, (unsigned char*)"\x2a\x34\x0d\x0a\x24", 5, redis_classify);
moloch_parsers_classifier_register_tcp("redis", 0, (unsigned char*)"\x2a\x35\x0d\x0a\x24", 5, redis_classify);
moloch_parsers_classifier_register_udp("bt", 0, (unsigned char*)"d1:a", 4, bt_classify);
moloch_parsers_classifier_register_udp("bt", 0, (unsigned char*)"d1:r", 4, bt_classify);
moloch_parsers_classifier_register_udp("bt", 0, (unsigned char*)"d1:q", 4, bt_classify);
moloch_parsers_classifier_register_tcp("mongo", 0, (unsigned char*)"\x35\x00\x00\x00", 4, mongo_classify);
moloch_parsers_classifier_register_tcp("mongo", 0, (unsigned char*)"\x36\x00\x00\x00", 4, mongo_classify);
moloch_parsers_classifier_register_tcp("mongo", 0, (unsigned char*)"\x37\x00\x00\x00", 4, mongo_classify);
moloch_parsers_classifier_register_tcp("mongo", 0, (unsigned char*)"\x38\x00\x00\x00", 4, mongo_classify);
moloch_parsers_classifier_register_tcp("mongo", 0, (unsigned char*)"\x39\x00\x00\x00", 4, mongo_classify);
moloch_parsers_classifier_register_tcp("mongo", 0, (unsigned char*)"\x3a\x00\x00\x00", 4, mongo_classify);
moloch_parsers_classifier_register_tcp("mongo", 0, (unsigned char*)"\x3b\x00\x00\x00", 4, mongo_classify);
moloch_parsers_classifier_register_tcp("mongo", 0, (unsigned char*)"\x3c\x00\x00\x00", 4, mongo_classify);
moloch_parsers_classifier_register_tcp("mongo", 0, (unsigned char*)"\x3d\x00\x00\x00", 4, mongo_classify);
moloch_parsers_classifier_register_tcp("mongo", 0, (unsigned char*)"\x3e\x00\x00\x00", 4, mongo_classify);
moloch_parsers_classifier_register_tcp("mongo", 0, (unsigned char*)"\x3f\x00\x00\x00", 4, mongo_classify);
}
void moloch_parser_init()
{
realmField = moloch_field_define("krb5", "termfield",
"krb5.realm", "Realm", "krb5.realm",
"Kerberos 5 Realm",
MOLOCH_FIELD_TYPE_STR_HASH, MOLOCH_FIELD_FLAG_CNT,
(char *)NULL);
cnameField = moloch_field_define("krb5", "termfield",
"krb5.cname", "cname", "krb5.cname",
"Kerberos 5 cname",
MOLOCH_FIELD_TYPE_STR_HASH, MOLOCH_FIELD_FLAG_CNT,
(char *)NULL);
snameField = moloch_field_define("krb5", "termfield",
"krb5.sname", "sname", "krb5.sname",
"Kerberos 5 sname",
MOLOCH_FIELD_TYPE_STR_HASH, MOLOCH_FIELD_FLAG_CNT,
(char *)NULL);
moloch_parsers_classifier_register_udp("krb5", 0, 7, (unsigned char*)"\x03\x02\x01\x05", 4, krb5_udp_classify);
moloch_parsers_classifier_register_udp("krb5", 0, 9, (unsigned char*)"\x03\x02\x01\x05", 4, krb5_udp_classify);
moloch_parsers_classifier_register_tcp("krb5", 0, 11, (unsigned char*)"\x03\x02\x01\x05", 4, krb5_tcp_classify);
moloch_parsers_classifier_register_tcp("krb5", 0, 13, (unsigned char*)"\x03\x02\x01\x05", 4, krb5_tcp_classify);
}
void moloch_parser_init()
{
moloch_parsers_classifier_register_tcp("bt", 0, (unsigned char*)"\x13" "BitTorrent protocol", 20, bt_classify);
moloch_parsers_classifier_register_tcp("rdp", 0, (unsigned char*)"\x03\x00", 2, rdp_classify);
moloch_parsers_classifier_register_tcp("imap", 0, (unsigned char*)"* OK ", 5, imap_classify);
moloch_parsers_classifier_register_tcp("pop3", 0, (unsigned char*)"+OK POP3 ", 9, pop3_classify);
moloch_parsers_classifier_register_tcp("gh0st", 14, 0, 0, gh0st_classify);
moloch_parsers_classifier_register_tcp("other220", 0, (unsigned char*)"220 ", 4, other220_classify);
moloch_parsers_classifier_register_tcp("vnc", 0, (unsigned char*)"RFB 0", 5, vnc_classify);
moloch_parsers_classifier_register_udp("bt", 0, (unsigned char*)"d1:a", 4, bt_classify);
moloch_parsers_classifier_register_udp("bt", 0, (unsigned char*)"d1:r", 4, bt_classify);
moloch_parsers_classifier_register_udp("bt", 0, (unsigned char*)"d1:q", 4, bt_classify);
}
static int MS_register_udp_classifier(lua_State *L)
{
if (L != Ls[0]) // Only do once
return 0;
if (lua_gettop(L) != 4 || !lua_isstring(L, 1) || !lua_isinteger(L, 2) || !lua_isstring(L, 3) || !lua_isstring(L, 4)) {
return luaL_error(L, "usage: <name> <offset> <match> <function>");
}
char *name = g_strdup(lua_tostring(L, 1));
char offset = lua_tonumber(L, 2);
int match_len = lua_rawlen(L, 3);
guchar *match = g_memdup(lua_tostring(L, 3), match_len);
char *function = g_strdup(lua_tostring(L, 4));
moloch_parsers_classifier_register_udp(name, function, offset, match, match_len, molua_classify_cb);
return 0;
}
