Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

GH-1119: add base/protcols/conn/removal-hooks.zeek

Browse source 
This adds two new functions: `Conn::register_removal_hook()` and
`Conn::unregister_removal_hook()` for registering a hook function to be
called back during `connection_state_remove`.  The benefit of using hook
callback approach is better scalability: the overhead of unrelated
protocols having to dispatch no-op `connection_state_remove` handlers is
avoided.
This commit is contained in:
Jon Siwek 2020-09-10 21:19:14 -07:00
parent 49e2047da0
commit 05cf511f18
31 changed files with 659 additions and 386 deletions
Download patch file Download diff file Expand all files Collapse all files

15
scripts/policy/protocols/conn/speculative-service.zeek
View file

@ -19,13 +19,7 @@ redef record connection += {
redef dpd_match_only_beginning = F;
redef dpd_late_match_stop = T;
event protocol_late_match(c: connection, atype: Analyzer::Tag)
{
local analyzer = Analyzer::name(atype);
add c$speculative_service[analyzer];
}
event connection_state_remove(c: connection)
hook finalize_speculative_service(c: connection)
{
local sp_service = "";
for ( s in c$speculative_service )
@ -34,3 +28,10 @@ event connection_state_remove(c: connection)
if ( sp_service != "" )
c$conn$speculative_service = to_lower(sp_service);
}
event protocol_late_match(c: connection, atype: Analyzer::Tag)
{
local analyzer = Analyzer::name(atype);
add c$speculative_service[analyzer];
Conn::register_removal_hook(c, finalize_speculative_service);
}