Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added OpenVPN HMAC MD5, SHA256 and SHA512 variants #71

Merged
merged 1 commit into from
Jul 5, 2021
Merged

Added OpenVPN HMAC MD5, SHA256 and SHA512 variants #71

merged 1 commit into from
Jul 5, 2021

Conversation

keithjjones
Copy link
Contributor

There are other HMAC sizes that I was missing. Now this will catch connections with MD5, SHA1, SHA256, and SHA512 HMAC sizes. We only supported the default (SHA1) with the original code. I made the pcap for the SHA256 test.

@bbannier bbannier mentioned this pull request Jul 5, 2021
Open
bbannier
bbannier approved these changes Jul 5, 2021
View reviewed changes
Copy link
Member

@bbannier bbannier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. We seem to be reaching a point here where we should clean up the analyzers generated for OpenVPN; I filed #72 for that.

tests/Baseline/protocol.openvpn.openvpnhmac/conn.log
@@ -9,6 +9,6 @@
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
#close XXXX-XX-XX-XX-XX-XX
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.56.103 33198 192.168.56.102 1194 udp spicy_openvpn_udp_hmac 61.136881 10040 11479 SF - - 0 Dd 111 13148 109 14531 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.56.104 35701 192.168.56.102 1194 udp spicy_openvpn_udp_hmac 59.861846 9985 11479 SF - - 0 Dd 110 13065 109 14531 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.56.103 33198 192.168.56.102 1194 udp spicy_openvpn_udp_hmac_sha1 61.136881 10040 11479 SF - - 0 Dd 111 13148 109 14531 -
Copy link
Member

@bbannier bbannier Jul 5, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think long term introducing new parsers for each new auth scheme is not good as changes to this log are from a user perspective API breaks. Ideally we'd have a single analyzer for OpenVPN.

I filed #72 to track that cleanup.

@bbannier bbannier merged commit 7543290 into zeek:main Jul 5, 2021
@keithjjones keithjjones deleted the openvpn_hmac branch August 2, 2021 20:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bbannier bbannier bbannier approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@keithjjones @bbannier