Sunday, July 4, 2010

Dionaea : bind_bottom_up and bind_top_down

Dionaea has ported with Scapy stack for the packet disectation and smb implementation. In dionaea code smb.py, there are some bind_bottom_up() and bind_top_down() function which dealing the SMB_HEADER layer and other underlying layer. This 2 function is important as it will lead to the layer stack over with each other by manipulating the correct parameter.

Example of these function in Dionaea,

bind_bottom_up(SMB_Header, SMB_Negociate_Protocol_Response, Command=lambda x: x==0x72, Flags=lambda x: x&0x80)

I always confuse with the different between both usages. And here i found a nice documentation and explaination in Scapydoc from secdev.

bind top down
bind top down(lower, upper, fval)
Informs upper layer that, when stacked on lower, it must overload lower’s
fields whose names are the keys of the fval dictionnary with their associated
values.

bind bottom up
bind bottom up(lower, upper, fval)
Informs lower layer that, when dissected, if all of its fields match the fval
dictionnary, the payload is upper

No comments:

Post a Comment