Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

to_port() now parses a string instead of a count.

Browse source 
Addresses #684.
This commit is contained in:
Matthias Vallentin 2011-11-20 21:41:41 -08:00
parent c8839da069
commit 0325b5ea32
2 changed files with 21 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/protocols/irc/dcc-send.bro
View file

@ -99,7 +99,7 @@ event irc_dcc_message(c: connection, is_orig: bool,
return; return;
c$irc$dcc_file_name = argument; c$irc$dcc_file_name = argument;
c$irc$dcc_file_size = size; c$irc$dcc_file_size = size;
local p = to_port(dest_port, tcp); local p = count_to_port(dest_port, tcp);
expect_connection(to_addr("0.0.0.0"), address, p, ANALYZER_FILE, 5 min); expect_connection(to_addr("0.0.0.0"), address, p, ANALYZER_FILE, 5 min);
dcc_expected_transfers[address, p] = c$irc; dcc_expected_transfers[address, p] = c$irc;
} }

22
src/bro.bif
View file

@ -586,9 +586,27 @@ function raw_bytes_to_v4_addr%(b: string%): addr
return new AddrVal(htonl(a)); return new AddrVal(htonl(a));
%} %}
function to_port%(num: count, proto: transport_proto%): port function to_port%(s: string%): port
%{ %{
return new PortVal(num, (TransportProto)proto->AsEnum()); int port = 0;
if ( s->Len() < 10 )
{
char* slash;
port = strtol(s->CheckString(), &slash, 10);
if ( port )
{
++slash;
if ( streq(slash, "tcp") )
return new PortVal(port, TRANSPORT_TCP);
else if ( streq(slash, "udp") )
return new PortVal(port, TRANSPORT_UDP);
else if ( streq(slash, "icmp") )
return new PortVal(port, TRANSPORT_ICMP);
}
}
builtin_error("wrong port format, must be /[0-9]{1,5}\\/(tcp|udp|icmp)/");
return new PortVal(port, TRANSPORT_UNKNOWN);
%} %}
function mask_addr%(a: addr, top_bits_to_keep: count%): subnet function mask_addr%(a: addr, top_bits_to_keep: count%): subnet