> On Jan 25, 2016, at 11:17 AM, Martin van Hensbergen > <[email protected]> wrote: > > 1) (pac level) Make a separate library of the parsing of the GSSAPI blob ( as > I think this is independent of whether SMB1 or SMB2 is used ), which returns > the parsed ASN1 structure when called. Then both the SMB1 and SMB2 parser can > use these functions.
Yep, that's probably the right way. We never had enough time to get that integrated more cleanly. > 2) (bro script level) Make an ASN1 parser at the bro script level that does > the parsing there. I would not opt for this route as it probably would be to > slow and then we would have two places where this parsing is done. This is almost certainly not a great idea as you learned. :) .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
