Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 04:58:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

drop services starting with -

Browse source
This commit is contained in:
Mauro Palumbo 2019-07-31 17:07:10 +02:00
parent f7a8e8c8fb
commit 1f7f42daea
1 changed files with 2 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
scripts/policy/protocols/conn/known-services.zeek
View file

@ -223,16 +223,10 @@ function known_services_done(c: connection)
return; return;
} }
# TODO: this is a temporary patch, because sometimes in c$service the protocol name is written with "-" # Drop services starting with "-"
# at the beginning. This comes from the analyzers (I've seen it for HTTP and SSL), but causes problems
# when checking for known_services on triplets (host, port, services). The service starting with "-" (i.e. -HTTP) is
# reconized as different from the normal one (HTTP).
# It would be better to correct the analyzers some time later...
local tempservs : set[string]; local tempservs : set[string];
for (s in c$service) for (s in c$service)
if ( s[0] == "-" ) if ( s[0] != "-" )
add tempservs[s[1:]];
else
add tempservs[s]; add tempservs[s];
local info = ServicesInfo($ts = network_time(), $host = id$resp_h, local info = ServicesInfo($ts = network_time(), $host = id$resp_h,