1
1
mirror of https://github.com/wader/fq.git synced 2024-12-29 00:22:38 +03:00
Commit Graph

28 Commits

Author SHA1 Message Date
Mattias Wadman
9852f56b74 tls: Add TLS 1.0, 1.1, 1.2 decode and decryption
What it can do:
- Decodes records and most standard messages and extensions.
- Decryptes records and reassemples application data stream if a keylog is provided
  and the cipher suite is supported.
- Supports most recommended and used ciphers and a bunch of older ones.

What it can't do:
- SSL v3 maybe supported, is similar to TLS 1.0, not tested.
- Decryption and renegotiation/cipher change.
- Record defragmentation not supported, seems rare over TCP.
- TLS 1.3
- SSL v2 but v2 compat header is supported.
- Some key exchange messages not decoded yet

Decryption code is heavly based on golang crypto/tls and zmap/zcrypto.

Will be base for decoding http2 and other TLS based on protocols.

Fixes #587
2023-03-05 13:52:12 +01:00
Mattias Wadman
9b81d4d3ab decode: More type safe API and split scalar into multiple types
Preparation to make decoder use less memory and API more type safe.
Now each scalar type has it's own struct type so it can store different
things and enables to have a scalar interface.
Also own types will enable experimenting with decode DLS designs like
using chained methods that are type aware.
2022-12-14 16:23:58 +01:00
Mattias Wadman
a6429ffe7a decode: Remove RangeSorted flag as we can decide on array/struct instead 2022-09-01 17:45:28 +02:00
Mattias Wadman
768df3012c interp,decode: For struct use map to lookup field
Will make it faster for struct with logs of fields and seems to
not cuase any significant difference for small structs.

All this really needs a rewrite somehow, maybe refactor into interfaces somehow? getting messy.
2022-09-01 11:35:19 +02:00
Pavel Safonov
7cd43b4919 perfomance: increase performance by map usage 2022-09-01 09:36:50 +03:00
Mattias Wadman
226a9a3e08 generics: Use more from x/exp 2022-08-31 10:50:56 +02:00
Mattias Wadman
7d86534348 sortex: Package with type safe sort helpers 2022-08-30 11:02:57 +02:00
Mattias Wadman
cae288e6be format,intepr: Refactor json, yaml, etc into formats also move out related functions
json, yaml, toml, xml, html, csv are now normal formats and most of them also particiate
in probing (not html and csv).

Also fixes a bunch of bugs in to/fromxml, to/fromjq etc.
2022-07-23 21:48:45 +02:00
Mattias Wadman
78aa96b0ac dev: Cleanup some code to fix a bunch of new linter warnings 2022-07-19 18:56:09 +02:00
Mattias Wadman
e9d9f8aef9 fq: Use go 1.18
Rename s/interface{}/any/g
Preparation for using generics in decode API and native jq funcations etc
Remove some unused linter ignores as linter has been fixed
2022-05-20 15:23:16 +02:00
Mattias Wadman
c4dd518e04 decode: Make compound range sort optional
Some formats might want to control child order
mp4: Keep tracks in track id order
dns: Keep label component order
elf: Keep seciton order
macho: Keep command and section order
2022-05-03 16:16:09 +02:00
Mattias Wadman
06245d1295 binary,decode,doc: Rename buffer to binary and add some documentation
Rename buffer to binary. Still some work left what to call buffer/binary in decode code.
Document decode value and binary type
Fix proper unit padding for tobytes and add still undocumenated extra padding argument.
Add some additional binary tests
2022-02-08 22:20:28 +01:00
Mattias Wadman
7c5215347d bitio,decode: Refactor bitio usage and make buffer slicing more correct
Remove bitio.Buffer layer. bitio.Buffer was a kitchen sink layer with helpers
now it's just a buffer and most functions have been moved to decode instead.

bitio package now only have primitive types and functions simialar to standard
library io and bytes packages.

Make nearly eveything internally use bitio.Bit* interfaces so that slicing work
correctly this will also make it possible to start experimenting with more
complicated silcing helpers, ex things like:
breplace(.header.bitrate; 123) to get a new buffer with bitrate changed.
2022-02-04 21:41:53 +01:00
Mattias Wadman
4ab6381dc4 decode: Add scalars args to FieldRootBitBuf
Also move *Value.TryScalarFn to value.go
2022-02-01 22:24:24 +01:00
Mattias Wadman
cf8a50c150 decode: Use stable sort for values to not change order or values with same range start
Some decoders might relay on values added with same start to be kept in same order.
2022-01-20 16:21:50 +01:00
Mattias Wadman
f4f63835dc interp: Add ._index for values in arrays 2021-12-10 18:19:11 +01:00
Mattias Wadman
d48ebc12ee decode: Simplify Compound.Children
Not a array reference anymore but instead pass around Compound reference
2021-12-03 00:06:11 +01:00
Mattias Wadman
2fc0a71a47 decode: Refactor scalar usage
Move scalar into own package.
Split scalar code into decode related scalar code (that reads etc) and
scalar code that just transform the scalar value.
Use a scalar.Mapper interface instead of just a function.
Make mappers, assert and validat impement the interface.
2021-12-02 17:39:26 +01:00
Mattias Wadman
d1e1cd98c2 decode: Fix walk root depth issue causing dump to indent incorrectly 2021-11-30 12:51:52 +01:00
Mattias Wadman
f40320b04c decode: Remove D.Scalar* and add d.(Try)FieldScala*Fn instead
Idea is scalar fn should not read
2021-11-21 13:08:18 +01:00
Mattias Wadman
6fba1a8125 decode: Fix bitbuf root handling a bit 2021-11-18 01:17:15 +01:00
Mattias Wadman
1b32b42f93 decode: Major decode API refactor
Generate more code
More generic and comfortable API
Improve and Update format decoder to new API
Add some more format tests
2021-11-15 21:12:07 +01:00
Mattias Wadman
6a15625587 interp,decode: Refactor out Scalar from Value and merge Array/Struct into Compound
Also add tosym, toactual
2021-11-05 17:29:22 +01:00
Mattias Wadman
8eaba88a10 decode: Refactor walk code a bit, add WalkRoot* to stay inside one root 2021-10-18 15:06:08 +02:00
Mattias Wadman
c997536f14 interp: Add root, buffer_root, format_root, parent and parents 2021-09-28 01:46:29 +02:00
Mattias Wadman
b849895970 fq: Add truncate array support to dump/display 2021-09-12 13:08:53 +02:00
Mattias Wadman
f1507f7f65 mod: Use proper path and dont use replace 2021-09-12 13:08:50 +02:00
Mattias Wadman
970465996c Init 2021-09-12 13:08:42 +02:00