Class: Unified2::Constructor::Construct

Inherits:
BinData::Record
  • Object
show all
Defined in:
lib/unified2/constructor/construct.rb

Overview

Unified2 Construction

Instance Method Summary collapse

Instance Method Details

#padding_lengthObject

Sometimes the data needs extra padding



117
118
119
120
121
122
123
 
# File 'lib/unified2/constructor/construct.rb', line 117

def padding_length
  if header.u2length > data.num_bytes
    header.u2length - data.num_bytes
  else
    0
  end
end

#type_selectionObject

Type Selection

Deterime and call data type based on the unified2 type attribute

SNORT DEFINES Long time ago… define UNIFIED2_EVENT 1

CURRENT define UNIFIED2_PACKET 2 define UNIFIED2_IDS_EVENT 7 define UNIFIED2_IDS_EVENT_IPV6 72 define UNIFIED2_IDS_EVENT_MPLS 99 define UNIFIED2_IDS_EVENT_IPV6_MPLS 100 define UNIFIED2_IDS_EVENT_VLAN 104 define UNIFIED2_IDS_EVENT_IPV6_VLAN 105 define UNIFIED2_EXTRA_DATA 110



71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/unified2/constructor/construct.rb', line 71

def type_selection
  case header.u2type.to_i
  when 1
    # LEGACY
    # define UNIFIED2_EVENT 1
  when 2
    # define UNIFIED2_PACKET 2
    "packet"
  when 7
    # define UNIFIED2_IDS_EVENT 7
    "lev4"
  when 66
    # LEGACY
    # define UNIFIED2_EVENT_EXTENDED 66
  when 67
    # LEGACY
    # define UNIFIED2_PERFORMANCE 67
  when 68
    # LEGACY
    # define UNIFIED2_PORTSCAN 68
  when 72
    # define UNIFIED2_IDS_EVENT_IPV6 72
    "lev6"
  when 99
    # define UNIFIED2_IDS_EVENT_MPLS 99
    puts "99"
  when 100
    # define UNIFIED2_IDS_EVENT_IPV6_MPLS
    puts "100"
  when 104 
    # define UNIFIED2_IDS_EVENT_VLAN 104
    "ev4"
  when 105
    # define UNIFIED2_IDS_EVENT_IPV6_VLAN 105
    "ev6"
  when 110
    # define UNIFIED2_EXTRA_DATA 110
    "extra_data"
  else
    raise "unknown type #{header.u2type}"
  end
end