Software Engineering Institute | Carnegie Mellon©
CERT NetSA Security Suite
Monitoring for Large-Scale Networks

YAF

Documentation

YAF

  • Documentation
  • Downloads
  • Main Page
  • Data Structures
  • Files
  • File List
  • Globals

CERT_IE.h

00001 /*
00002  *
00003  ** @file CERT_IE.h
00004  ** Definition of the CERT "standard" information elements extension to
00005  ** the IETF standard RFC 5102 information elements
00006  **
00007  ** ------------------------------------------------------------------------
00008  ** Copyright (C) 2009-2013 Carnegie Mellon University. All Rights Reserved.
00009  ** ------------------------------------------------------------------------
00010  ** Authors: Brian Trammell, Chris Inacio, Emily Ecoff <ecoff@cert.org>
00011  ** <netsa-help@cert.org>
00012  ** ------------------------------------------------------------------------
00013  ** Use of the YAF system and related source code is subject to the terms
00014  ** of the following licenses:
00015  **
00016  ** GNU Public License (GPL) Rights pursuant to Version 2, June 1991
00017  ** Government Purpose License Rights (GPLR) pursuant to DFARS 252.227.7013
00018  **
00019  ** NO WARRANTY
00020  **
00021  ** ANY INFORMATION, MATERIALS, SERVICES, INTELLECTUAL PROPERTY OR OTHER
00022  ** PROPERTY OR RIGHTS GRANTED OR PROVIDED BY CARNEGIE MELLON UNIVERSITY
00023  ** PURSUANT TO THIS LICENSE (HEREINAFTER THE "DELIVERABLES") ARE ON AN
00024  ** "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY
00025  ** KIND, EITHER EXPRESS OR IMPLIED AS TO ANY MATTER INCLUDING, BUT NOT
00026  ** LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE,
00027  ** MERCHANTABILITY, INFORMATIONAL CONTENT, NONINFRINGEMENT, OR ERROR-FREE
00028  ** OPERATION. CARNEGIE MELLON UNIVERSITY SHALL NOT BE LIABLE FOR INDIRECT,
00029  ** SPECIAL OR CONSEQUENTIAL DAMAGES, SUCH AS LOSS OF PROFITS OR INABILITY
00030  ** TO USE SAID INTELLECTUAL PROPERTY, UNDER THIS LICENSE, REGARDLESS OF
00031  ** WHETHER SUCH PARTY WAS AWARE OF THE POSSIBILITY OF SUCH DAMAGES.
00032  ** LICENSEE AGREES THAT IT WILL NOT MAKE ANY WARRANTY ON BEHALF OF
00033  ** CARNEGIE MELLON UNIVERSITY, EXPRESS OR IMPLIED, TO ANY PERSON
00034  ** CONCERNING THE APPLICATION OF OR THE RESULTS TO BE OBTAINED WITH THE
00035  ** DELIVERABLES UNDER THIS LICENSE.
00036  **
00037  ** Licensee hereby agrees to defend, indemnify, and hold harmless Carnegie
00038  ** Mellon University, its trustees, officers, employees, and agents from
00039  ** all claims or demands made against them (and any related losses,
00040  ** expenses, or attorney's fees) arising out of, or relating to Licensee's
00041  ** and/or its sub licensees' negligent use or willful misuse of or
00042  ** negligent conduct or willful misconduct regarding the Software,
00043  ** facilities, or other rights or assistance granted by Carnegie Mellon
00044  ** University under this License, including, but not limited to, any
00045  ** claims of product liability, personal injury, death, damage to
00046  ** property, or violation of any laws or regulations.
00047  **
00048  ** Carnegie Mellon University Software Engineering Institute authored
00049  ** documents are sponsored by the U.S. Department of Defense under
00050  ** Contract FA8721-05-C-0003. Carnegie Mellon University retains
00051  ** copyrights in all material produced under this contract. The U.S.
00052  ** Government retains a non-exclusive, royalty-free license to publish or
00053  ** reproduce these documents, or allow others to do so, for U.S.
00054  ** Government purposes only pursuant to the copyright license under the
00055  ** contract clause at 252.227.7013.
00056  **
00057  ** ------------------------------------------------------------------------
00058  */
00059 
00060 
00061 #ifndef CERT_IE_H_
00062 #define CERT_IE_H_
00063 
00064 #define NONE FB_IE_F_NONE
00065 #define ER FB_IE_F_ENDIAN | FB_IE_F_REVERSIBLE
00066 
00073 static fbInfoElement_t yaf_info_elements[] = {
00074     FB_IE_INIT("initialTCPFlags", CERT_PEN, 14, 1, ER),
00075     FB_IE_INIT("unionTCPFlags", CERT_PEN, 15, 1, ER),
00076     FB_IE_INIT("payload", CERT_PEN, 18, FB_IE_VARLEN, FB_IE_F_REVERSIBLE),
00077     FB_IE_INIT("reverseFlowDeltaMilliseconds", CERT_PEN, 21, 4, FB_IE_F_ENDIAN),
00078     FB_IE_INIT("silkAppLabel", CERT_PEN, 33, 2, FB_IE_F_ENDIAN),
00079     FB_IE_INIT("payloadEntropy", CERT_PEN, 35, 1, FB_IE_F_REVERSIBLE),
00080     FB_IE_INIT("osName", CERT_PEN, 36, FB_IE_VARLEN, FB_IE_F_REVERSIBLE),
00081     FB_IE_INIT("osVersion", CERT_PEN, 37, FB_IE_VARLEN, FB_IE_F_REVERSIBLE),
00082     FB_IE_INIT("firstPacketBanner", CERT_PEN, 38, FB_IE_VARLEN,
00083                FB_IE_F_REVERSIBLE),
00084     FB_IE_INIT("secondPacketBanner", CERT_PEN, 39, FB_IE_VARLEN,
00085                FB_IE_F_REVERSIBLE),
00086     FB_IE_INIT("flowAttributes", CERT_PEN, 40, 2, ER),
00087     FB_IE_INIT("osFingerPrint",CERT_PEN, 107, FB_IE_VARLEN, FB_IE_F_REVERSIBLE),
00088     FB_IE_INIT("expiredFragmentCount", CERT_PEN, 100, 4, FB_IE_F_ENDIAN),
00089     FB_IE_INIT("assembledFragmentCount", CERT_PEN, 101, 4, FB_IE_F_ENDIAN),
00090     FB_IE_INIT("meanFlowRate", CERT_PEN, 102, 4, FB_IE_F_ENDIAN),
00091     FB_IE_INIT("meanPacketRate", CERT_PEN, 103, 4, FB_IE_F_ENDIAN),
00092     FB_IE_INIT("flowTableFlushEventCount", CERT_PEN, 104, 4, FB_IE_F_ENDIAN),
00093     FB_IE_INIT("flowTablePeakCount", CERT_PEN, 105, 4, FB_IE_F_ENDIAN),
00094     /* flow stats */
00095     FB_IE_INIT("smallPacketCount", CERT_PEN, 500, 4, ER),
00096     FB_IE_INIT("nonEmptyPacketCount", CERT_PEN, 501, 4, ER),
00097     FB_IE_INIT("dataByteCount", CERT_PEN, 502, 8, ER),
00098     FB_IE_INIT("averageInterarrivalTime", CERT_PEN, 503, 8, ER),
00099     FB_IE_INIT("standardDeviationInterarrivalTime", CERT_PEN, 504, 8, ER),
00100     FB_IE_INIT("firstNonEmptyPacketSize", CERT_PEN, 505, 2, ER),
00101     FB_IE_INIT("maxPacketSize", CERT_PEN, 506, 2, ER),
00102     FB_IE_INIT("firstEightNonEmptyPacketDirections", CERT_PEN, 507, 1, ER),
00103     FB_IE_INIT("standardDeviationPayloadLength", CERT_PEN, 508, 2, ER),
00104     FB_IE_INIT("tcpUrgentCount", CERT_PEN, 509, 4, ER),
00105     FB_IE_INIT("largePacketCount", CERT_PEN, 510, 4, ER),
00106     FB_IE_NULL
00107 };
00108 
00109 /* IE numbers 110-280 */
00110 
00111 #if YAF_ENABLE_HOOKS
00112 static fbInfoElement_t yaf_dpi_info_elements[] = {
00113     FB_IE_INIT("httpServerString", CERT_PEN, 110, FB_IE_VARLEN, NONE),
00114     FB_IE_INIT("httpUserAgent", CERT_PEN, 111, FB_IE_VARLEN, NONE),
00115     FB_IE_INIT("httpGet", CERT_PEN, 112, FB_IE_VARLEN, NONE),
00116     FB_IE_INIT("httpConnection", CERT_PEN, 113, FB_IE_VARLEN, NONE),
00117     FB_IE_INIT("httpVersion", CERT_PEN, 114, FB_IE_VARLEN, NONE),
00118     FB_IE_INIT("httpReferer", CERT_PEN, 115, FB_IE_VARLEN, NONE),
00119     FB_IE_INIT("httpLocation", CERT_PEN, 116, FB_IE_VARLEN, NONE),
00120     FB_IE_INIT("httpHost", CERT_PEN, 117, FB_IE_VARLEN, NONE),
00121     FB_IE_INIT("httpContentLength", CERT_PEN, 118, FB_IE_VARLEN, NONE),
00122     FB_IE_INIT("httpAge", CERT_PEN, 119, FB_IE_VARLEN, NONE),
00123     FB_IE_INIT("httpAccept", CERT_PEN, 120, FB_IE_VARLEN, NONE),
00124     FB_IE_INIT("httpAcceptLanguage", CERT_PEN, 121, FB_IE_VARLEN, NONE),
00125     FB_IE_INIT("httpContentType", CERT_PEN, 122, FB_IE_VARLEN, NONE),
00126     FB_IE_INIT("httpResponse", CERT_PEN, 123, FB_IE_VARLEN, NONE),
00127     FB_IE_INIT("httpCookie", CERT_PEN, 220, FB_IE_VARLEN, NONE),
00128     FB_IE_INIT("httpSetCookie", CERT_PEN, 221, FB_IE_VARLEN, NONE),
00129     FB_IE_INIT("httpAuthorization", CERT_PEN, 252, FB_IE_VARLEN, NONE),
00130     FB_IE_INIT("httpVia", CERT_PEN, 253, FB_IE_VARLEN, NONE),
00131     FB_IE_INIT("httpX-Forwarded-For", CERT_PEN, 254, FB_IE_VARLEN, NONE),
00132     FB_IE_INIT("httpRefresh", CERT_PEN, 256, FB_IE_VARLEN, NONE),
00133     /* http mobile fields - turned off by default */
00134     FB_IE_INIT("httpIMEI", CERT_PEN, 257, FB_IE_VARLEN, NONE),
00135     FB_IE_INIT("httpIMSI", CERT_PEN, 258, FB_IE_VARLEN, NONE),
00136     FB_IE_INIT("httpMSISDN", CERT_PEN, 259, FB_IE_VARLEN, NONE),
00137     FB_IE_INIT("httpSubscriber", CERT_PEN, 260, FB_IE_VARLEN, NONE),
00138     /* http extra fields - turned off by default */
00139     FB_IE_INIT("httpExpires", CERT_PEN, 255, FB_IE_VARLEN, NONE),
00140     FB_IE_INIT("httpAcceptCharset", CERT_PEN, 261, FB_IE_VARLEN, NONE),
00141     FB_IE_INIT("httpAcceptEncoding", CERT_PEN, 262, FB_IE_VARLEN, NONE),
00142     FB_IE_INIT("httpAllow", CERT_PEN, 263, FB_IE_VARLEN, NONE),
00143     FB_IE_INIT("httpDate", CERT_PEN, 264, FB_IE_VARLEN, NONE),
00144     FB_IE_INIT("httpExpect", CERT_PEN, 265, FB_IE_VARLEN, NONE),
00145     FB_IE_INIT("httpFrom", CERT_PEN, 266, FB_IE_VARLEN, NONE),
00146     FB_IE_INIT("httpProxyAuthentication", CERT_PEN, 267, FB_IE_VARLEN, NONE),
00147     FB_IE_INIT("httpUpgrade", CERT_PEN, 268, FB_IE_VARLEN, NONE),
00148     FB_IE_INIT("httpWarning", CERT_PEN, 269, FB_IE_VARLEN, NONE),
00149     FB_IE_INIT("httpDNT", CERT_PEN, 270, FB_IE_VARLEN, NONE),
00150     FB_IE_INIT("httpX-Forwarded-Proto", CERT_PEN, 271, FB_IE_VARLEN, NONE),
00151     FB_IE_INIT("httpX-Forwarded-Host", CERT_PEN, 272, FB_IE_VARLEN, NONE),
00152     FB_IE_INIT("httpX-Forwarded-Server", CERT_PEN, 273, FB_IE_VARLEN, NONE),
00153     FB_IE_INIT("httpX-DeviceID", CERT_PEN, 274, FB_IE_VARLEN, NONE),
00154     FB_IE_INIT("httpX-Profile", CERT_PEN, 275, FB_IE_VARLEN, NONE),
00155     FB_IE_INIT("httpLastModified", CERT_PEN, 276, FB_IE_VARLEN, NONE),
00156     FB_IE_INIT("httpContentEncoding", CERT_PEN, 277, FB_IE_VARLEN, NONE),
00157     FB_IE_INIT("httpContentLanguage", CERT_PEN, 278, FB_IE_VARLEN, NONE),
00158     FB_IE_INIT("httpContentLocation", CERT_PEN, 279, FB_IE_VARLEN, NONE),
00159     FB_IE_INIT("httpX-UA-Compatible", CERT_PEN, 280, FB_IE_VARLEN, NONE),
00160     /* POP3 IEs */
00161     FB_IE_INIT("pop3TextMessage", CERT_PEN, 124, FB_IE_VARLEN, NONE),
00162     /* IRC IEs */
00163     FB_IE_INIT("ircTextMessage", CERT_PEN, 125, FB_IE_VARLEN, NONE),
00164     /* TFTP IEs */
00165     FB_IE_INIT("tftpFilename", CERT_PEN, 126, FB_IE_VARLEN, NONE),
00166     FB_IE_INIT("tftpMode", CERT_PEN, 127, FB_IE_VARLEN, NONE),
00167     /* SLP IEs */
00168     FB_IE_INIT("slpVersion", CERT_PEN, 128, 1, FB_IE_F_ENDIAN),
00169     FB_IE_INIT("slpMessageType", CERT_PEN, 129, 1, FB_IE_F_ENDIAN),
00170     FB_IE_INIT("slpString", CERT_PEN, 130, FB_IE_VARLEN, NONE),
00171     /* FTP IEs */
00172     FB_IE_INIT("ftpReturn", CERT_PEN, 131, FB_IE_VARLEN, NONE),
00173     FB_IE_INIT("ftpUser", CERT_PEN, 132, FB_IE_VARLEN, NONE),
00174     FB_IE_INIT("ftpPass", CERT_PEN,133, FB_IE_VARLEN, NONE),
00175     FB_IE_INIT("ftpType", CERT_PEN,134, FB_IE_VARLEN, NONE),
00176     FB_IE_INIT("ftpRespCode", CERT_PEN,135, FB_IE_VARLEN, NONE),
00177     /* IMAP IEs */
00178     FB_IE_INIT("imapCapability", CERT_PEN, 136, FB_IE_VARLEN, NONE),
00179     FB_IE_INIT("imapLogin", CERT_PEN, 137, FB_IE_VARLEN, NONE),
00180     FB_IE_INIT("imapStartTLS", CERT_PEN, 138, FB_IE_VARLEN, NONE),
00181     FB_IE_INIT("imapAuthenticate", CERT_PEN, 139, FB_IE_VARLEN, NONE),
00182     FB_IE_INIT("imapCommand", CERT_PEN, 140, FB_IE_VARLEN, NONE),
00183     FB_IE_INIT("imapExists", CERT_PEN, 141, FB_IE_VARLEN, NONE),
00184     FB_IE_INIT("imapRecent", CERT_PEN, 142, FB_IE_VARLEN, NONE),
00185     /* rtsp IEs */
00186     FB_IE_INIT("rtspURL", CERT_PEN, 143, FB_IE_VARLEN, NONE),
00187     FB_IE_INIT("rtspVersion", CERT_PEN, 144, FB_IE_VARLEN, NONE),
00188     FB_IE_INIT("rtspReturnCode", CERT_PEN, 145, FB_IE_VARLEN, NONE),
00189     FB_IE_INIT("rtspContentLength", CERT_PEN, 146, FB_IE_VARLEN, NONE),
00190     FB_IE_INIT("rtspCommand", CERT_PEN, 147, FB_IE_VARLEN, NONE),
00191     FB_IE_INIT("rtspContentType", CERT_PEN, 148, FB_IE_VARLEN, NONE),
00192     FB_IE_INIT("rtspTransport", CERT_PEN, 149, FB_IE_VARLEN, NONE),
00193     FB_IE_INIT("rtspCSeq", CERT_PEN, 150, FB_IE_VARLEN, NONE),
00194     FB_IE_INIT("rtspLocation", CERT_PEN, 151, FB_IE_VARLEN, NONE),
00195     FB_IE_INIT("rtspPacketsReceived", CERT_PEN, 152, FB_IE_VARLEN, NONE),
00196     FB_IE_INIT("rtspUserAgent", CERT_PEN, 153, FB_IE_VARLEN, NONE),
00197     FB_IE_INIT("rtspJitter", CERT_PEN, 154, FB_IE_VARLEN, NONE),
00198     /* sip IEs */
00199     FB_IE_INIT("sipInvite", CERT_PEN, 155, FB_IE_VARLEN, NONE),
00200     FB_IE_INIT("sipCommand", CERT_PEN, 156, FB_IE_VARLEN, NONE),
00201     FB_IE_INIT("sipVia", CERT_PEN, 157, FB_IE_VARLEN, NONE),
00202     FB_IE_INIT("sipMaxForwards", CERT_PEN, 158, FB_IE_VARLEN, NONE),
00203     FB_IE_INIT("sipAddress", CERT_PEN, 159, FB_IE_VARLEN, NONE),
00204     FB_IE_INIT("sipContentLength", CERT_PEN, 160, FB_IE_VARLEN, NONE),
00205     FB_IE_INIT("sipUserAgent", CERT_PEN, 161, FB_IE_VARLEN, NONE),
00206     /* smtp IEs */
00207     FB_IE_INIT("smtpHello", CERT_PEN, 162, FB_IE_VARLEN, NONE),
00208     FB_IE_INIT("smtpFrom", CERT_PEN, 163, FB_IE_VARLEN, NONE),
00209     FB_IE_INIT("smtpTo", CERT_PEN, 164, FB_IE_VARLEN, NONE),
00210     FB_IE_INIT("smtpContentType", CERT_PEN, 165, FB_IE_VARLEN, NONE),
00211     FB_IE_INIT("smtpSubject", CERT_PEN, 166, FB_IE_VARLEN, NONE),
00212     FB_IE_INIT("smtpFilename", CERT_PEN, 167, FB_IE_VARLEN, NONE),
00213     FB_IE_INIT("smtpContentDisposition", CERT_PEN, 168, FB_IE_VARLEN, NONE),
00214     FB_IE_INIT("smtpResponse", CERT_PEN, 169, FB_IE_VARLEN, NONE),
00215     FB_IE_INIT("smtpEnhanced", CERT_PEN, 170, FB_IE_VARLEN, NONE),
00216     FB_IE_INIT("smtpSize", CERT_PEN, 222, FB_IE_VARLEN, NONE),
00217     FB_IE_INIT("smtpDate", CERT_PEN, 251, FB_IE_VARLEN, NONE),
00218     /* ssh IEs */
00219     FB_IE_INIT("sshVersion", CERT_PEN, 171, FB_IE_VARLEN, NONE),
00220     /* nntp IEs */
00221     FB_IE_INIT("nntpResponse", CERT_PEN, 172, FB_IE_VARLEN, NONE),
00222     FB_IE_INIT("nntpCommand", CERT_PEN, 173, FB_IE_VARLEN, NONE),
00223     /* dns IEs */
00224     FB_IE_INIT("dnsQueryResponse", CERT_PEN, 174, 1, FB_IE_F_ENDIAN),
00225     FB_IE_INIT("dnsQRType", CERT_PEN, 175, 2, FB_IE_F_ENDIAN),
00226     FB_IE_INIT("dnsAuthoritative", CERT_PEN, 176, 1, FB_IE_F_ENDIAN),
00227     FB_IE_INIT("dnsNXDomain", CERT_PEN, 177, 1, FB_IE_F_ENDIAN),
00228     FB_IE_INIT("dnsRRSection", CERT_PEN, 178, 1, FB_IE_F_ENDIAN),
00229     FB_IE_INIT("dnsQName", CERT_PEN, 179, FB_IE_VARLEN, NONE),
00230     FB_IE_INIT("dnsCName", CERT_PEN, 180, FB_IE_VARLEN, NONE),
00231     FB_IE_INIT("dnsMXPreference", CERT_PEN, 181, 2, FB_IE_F_ENDIAN),
00232     FB_IE_INIT("dnsMXExchange", CERT_PEN, 182, FB_IE_VARLEN, NONE),
00233     FB_IE_INIT("dnsNSDName", CERT_PEN, 183, FB_IE_VARLEN, NONE),
00234     FB_IE_INIT("dnsPTRDName", CERT_PEN, 184, FB_IE_VARLEN, NONE),
00235     FB_IE_INIT("dnsTTL", CERT_PEN, 199, 4, FB_IE_F_ENDIAN),
00236     FB_IE_INIT("dnsTXTData", CERT_PEN, 208, FB_IE_VARLEN, NONE),
00237     FB_IE_INIT("dnsSOASerial", CERT_PEN, 209, 4, FB_IE_F_ENDIAN),
00238     FB_IE_INIT("dnsSOARefresh", CERT_PEN, 210, 4, FB_IE_F_ENDIAN),
00239     FB_IE_INIT("dnsSOARetry", CERT_PEN, 211, 4, FB_IE_F_ENDIAN),
00240     FB_IE_INIT("dnsSOAExpire", CERT_PEN, 212, 4, FB_IE_F_ENDIAN),
00241     FB_IE_INIT("dnsSOAMinimum", CERT_PEN, 213, 4, FB_IE_F_ENDIAN),
00242     FB_IE_INIT("dnsSOAMName", CERT_PEN, 214, FB_IE_VARLEN, NONE),
00243     FB_IE_INIT("dnsSOARName", CERT_PEN, 215, FB_IE_VARLEN, NONE),
00244     FB_IE_INIT("dnsSRVPriority", CERT_PEN, 216, 2, FB_IE_F_ENDIAN),
00245     FB_IE_INIT("dnsSRVWeight", CERT_PEN, 217, 2, FB_IE_F_ENDIAN),
00246     FB_IE_INIT("dnsSRVPort", CERT_PEN, 218, 2, FB_IE_F_ENDIAN),
00247     FB_IE_INIT("dnsSRVTarget", CERT_PEN, 219, FB_IE_VARLEN, NONE),
00248     FB_IE_INIT("dnsID", CERT_PEN, 226, 2, FB_IE_F_ENDIAN),
00249     /* dnssec IEs */
00250     FB_IE_INIT("dnsAlgorithm", CERT_PEN, 227, 1, FB_IE_F_ENDIAN),
00251     FB_IE_INIT("dnsKeyTag", CERT_PEN, 228, 2, FB_IE_F_ENDIAN),
00252     FB_IE_INIT("dnsSigner", CERT_PEN, 229, FB_IE_VARLEN, NONE),
00253     FB_IE_INIT("dnsSignature", CERT_PEN, 230, FB_IE_VARLEN, NONE),
00254     FB_IE_INIT("dnsDigest", CERT_PEN, 231, FB_IE_VARLEN, NONE),
00255     FB_IE_INIT("dnsPublicKey", CERT_PEN, 232, FB_IE_VARLEN, NONE),
00256     FB_IE_INIT("dnsSalt", CERT_PEN, 233, FB_IE_VARLEN, NONE),
00257     FB_IE_INIT("dnsHashData", CERT_PEN, 234, FB_IE_VARLEN, NONE),
00258     FB_IE_INIT("dnsIterations", CERT_PEN, 235, 2, FB_IE_F_ENDIAN),
00259     FB_IE_INIT("dnsSignatureExpiration", CERT_PEN, 236, 4, FB_IE_F_ENDIAN),
00260     FB_IE_INIT("dnsSignatureInception", CERT_PEN, 237, 4, FB_IE_F_ENDIAN),
00261     FB_IE_INIT("dnsDigestType", CERT_PEN, 238, 1, FB_IE_F_ENDIAN),
00262     FB_IE_INIT("dnsLabels", CERT_PEN, 239, 1, FB_IE_F_ENDIAN),
00263     FB_IE_INIT("dnsTypeCovered", CERT_PEN, 240, 2, FB_IE_F_ENDIAN),
00264     FB_IE_INIT("dnsFlags", CERT_PEN, 241, 2, FB_IE_F_ENDIAN),
00265     /* ssl IEs */
00266     FB_IE_INIT("sslCipher", CERT_PEN, 185, 4, FB_IE_F_ENDIAN),
00267     FB_IE_INIT("sslClientVersion", CERT_PEN, 186, 1, FB_IE_F_ENDIAN),
00268     FB_IE_INIT("sslServerCipher", CERT_PEN, 187, 4, FB_IE_F_ENDIAN),
00269     FB_IE_INIT("sslCompressionMethod", CERT_PEN, 188, 1, FB_IE_F_ENDIAN),
00270     FB_IE_INIT("sslCertVersion", CERT_PEN, 189, 1, FB_IE_F_ENDIAN),
00271     FB_IE_INIT("sslCertSignature", CERT_PEN, 190, FB_IE_VARLEN, NONE),
00272     FB_IE_INIT("sslCertSerialNumber", CERT_PEN, 244, FB_IE_VARLEN, NONE),
00273     FB_IE_INIT("sslObjectType", CERT_PEN, 245, 1, FB_IE_F_ENDIAN),
00274     FB_IE_INIT("sslObjectValue", CERT_PEN, 246, FB_IE_VARLEN, NONE),
00275     FB_IE_INIT("sslCertValidityNotBefore", CERT_PEN, 247, FB_IE_VARLEN, NONE),
00276     FB_IE_INIT("sslCertValidityNotAfter", CERT_PEN, 248, FB_IE_VARLEN, NONE),
00277     FB_IE_INIT("sslPublicKeyAlgorithm", CERT_PEN, 249, FB_IE_VARLEN, NONE),
00278     FB_IE_INIT("sslPublicKeyLength", CERT_PEN, 250, 2, FB_IE_F_ENDIAN),
00279     /* mysql IEs */
00280     FB_IE_INIT("mysqlUsername", CERT_PEN, 223, FB_IE_VARLEN, NONE),
00281     FB_IE_INIT("mysqlCommandCode", CERT_PEN, 224, 1, FB_IE_F_ENDIAN),
00282     FB_IE_INIT("mysqlCommandText", CERT_PEN, 225, FB_IE_VARLEN, NONE),
00283 
00284     FB_IE_NULL
00285 };
00286 
00287 static fbInfoElement_t yaf_dhcp_info_elements[] = {
00288     FB_IE_INIT("dhcpFingerPrint", CERT_PEN, 242, FB_IE_VARLEN,
00289                FB_IE_F_REVERSIBLE),
00290     FB_IE_INIT("dhcpVendorCode", CERT_PEN, 243, FB_IE_VARLEN,
00291                FB_IE_F_REVERSIBLE),
00292     FB_IE_NULL
00293 };
00294 
00295 
00296 #endif
00297 
00298 #endif
© 2006-2013 Carnegie Mellon University