Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

NEWS: Add entry about SMB::max_pending_messages and state discarding

Browse source
This commit is contained in:
Arne Welzel 2023-05-03 10:58:37 +02:00
parent 3ac877e20d
commit 042aa1383b
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
NEWS
View file

@ -306,6 +306,16 @@ Changed Functionality
- Libpcap based packet source now avoids the 32bit wraparound of link and
dropped packet counters as reported by users.
- When per-connection SMB parser state (read offsets, tree ids, ...) exceeds
``SMB::max_pending_messages`` (default 1000), Zeek discards such per-connection
state and raises a new ``smb2_discarded_messages_state()`` event. This event is
used to reset script-layer SMB state. This change provides protection against
unbounded state growth due to partial or one-sided SMB connections.
Setting ``SMB::max_pending_messages`` to 0 can be used to switch back to the
previous behavior of not discarding state. Setting ``SMB::enable_state_clear``
to ``F`` skips the script-layer state clearing logic.
Removed Functionality
---------------------