My intention for this was to do the parsing at the PAC level, but it wasn't possible at the time. In the meantime, BinPAC now supports including files from other directories, so just how ASN1 is now a BinPAC library shared by SNMP and Kerberos, I would envision GSSAPI to become a library. This would also allow parsing of NTLM auth over HTTP.
--Vlad On Mon, Jan 25, 2016 at 10:33 AM, Seth Hall <[email protected]> wrote: > > > On Jan 25, 2016, at 11:17 AM, Martin van Hensbergen < > [email protected]> wrote: > > > > 1) (pac level) Make a separate library of the parsing of the GSSAPI blob > ( as I think this is independent of whether SMB1 or SMB2 is used ), which > returns the parsed ASN1 structure when called. Then both the SMB1 and SMB2 > parser can use these functions. > > Yep, that's probably the right way. We never had enough time to get that > integrated more cleanly. > > > 2) (bro script level) Make an ASN1 parser at the bro script level that > does the parsing there. I would not opt for this route as it probably would > be to slow and then we would have two places where this parsing is done. > > This is almost certainly not a great idea as you learned. :) > > .Seth > > -- > Seth Hall > International Computer Science Institute > (Bro) because everyone has a network > http://www.bro.org/ > > > _______________________________________________ > bro-dev mailing list > [email protected] > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev >
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
