Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

to_port() now parses a string instead of a count.

Browse source 
Addresses #684.
This commit is contained in:
Matthias Vallentin 2011-11-20 21:41:41 -08:00
parent c8839da069
commit 0325b5ea32
2 changed files with 21 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/protocols/irc/dcc-send.bro
View file

@ -99,7 +99,7 @@ event irc_dcc_message(c: connection, is_orig: bool,
return;
c$irc$dcc_file_name = argument;
c$irc$dcc_file_size = size;
local p = to_port(dest_port, tcp);
local p = count_to_port(dest_port, tcp);
expect_connection(to_addr("0.0.0.0"), address, p, ANALYZER_FILE, 5 min);
dcc_expected_transfers[address, p] = c$irc;
}

22
src/bro.bif
View file

@ -586,9 +586,27 @@ function raw_bytes_to_v4_addr%(b: string%): addr
return new AddrVal(htonl(a));
%}
function to_port%(num: count, proto: transport_proto%): port
function to_port%(s: string%): port
%{
return new PortVal(num, (TransportProto)proto->AsEnum());
int port = 0;
if ( s->Len() < 10 )
{
char* slash;
port = strtol(s->CheckString(), &slash, 10);
if ( port )
{
++slash;
if ( streq(slash, "tcp") )
return new PortVal(port, TRANSPORT_TCP);
else if ( streq(slash, "udp") )
return new PortVal(port, TRANSPORT_UDP);
else if ( streq(slash, "icmp") )
return new PortVal(port, TRANSPORT_ICMP);
}
}
builtin_error("wrong port format, must be /[0-9]{1,5}\\/(tcp|udp|icmp)/");
return new PortVal(port, TRANSPORT_UNKNOWN);
%}
function mask_addr%(a: addr, top_bits_to_keep: count%): subnet