Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix ZAM's implementation of Analyzer::name() BiF

Browse source 
ZAM's implementation deviates from Zeek's in consideration of remappings, which
means that running ZAM produced conn.log service names prefixed with "spicy_"
whereas regular Zeek doesn't.
This commit is contained in:
Christian Kreibich 2024-12-11 23:01:27 -08:00
parent fb74834f4c
commit 235638815f
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/script_opt/ZAM/Support.cc
View file

@ -33,13 +33,13 @@ size_t broker_mgr_flush_log_buffers() { return zeek::broker_mgr->FlushLogBuffers
zeek::Connection* session_mgr_find_connection(zeek::Val* cid) { return zeek::session_mgr->FindConnection(cid); }
zeek::StringVal* analyzer_name(zeek::EnumVal* val) {
plugin::Component* component = zeek::analyzer_mgr->Lookup(val);
plugin::Component* component = zeek::analyzer_mgr->Lookup(val, false);
if ( ! component )
component = zeek::packet_mgr->Lookup(val);
component = zeek::packet_mgr->Lookup(val, false);
if ( ! component )
component = zeek::file_mgr->Lookup(val);
component = zeek::file_mgr->Lookup(val, false);
if ( component )
return new StringVal(component->CanonicalName());

2
testing/btest/Baseline.zam/spicy.replaces/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.16.238.1 49656 172.16.238.131 80 tcp spicy_ssh 9.953807 2405 2887 SF T T 0 ShAdDaFf 40 4497 30 4455 - 6
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.16.238.1 49656 172.16.238.131 80 tcp ssh 9.953807 2405 2887 SF T T 0 ShAdDaFf 40 4497 30 4455 - 6
#close XXXX-XX-XX-XX-XX-XX