Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/jsiwek/gh-1321-fix-connection-status-update-event'

Browse source 
* origin/topic/jsiwek/gh-1321-fix-connection-status-update-event:
  GH-1321: Prevent compounding of `connection_status_update` event timers
This commit is contained in:
Jon Siwek 2020-12-09 10:51:49 -08:00
commit 2ae452d8aa
6 changed files with 35 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

14
CHANGES
View file

@ -1,4 +1,18 @@
3.3.0-dev.634 | 2020-12-09 10:51:49 -0800
* GH-1321: Prevent compounding of `connection_status_update` event timers (Jon Siwek, Corelight)
Particularly for ICMP connections, a new timer got added every time a
`connection` record was updated even if there was still a pending timer
for that connection.
* Update Debug.cc to use setsignal() wrapper (Jon Siwek, Corelight)
So as to prefer sigaction() over either sigset() or signal(), which are
less favorable due to underspecification issues and some treating them
as obsolete/deprecated.
3.3.0-dev.630 | 2020-12-07 16:52:52 -0800 3.3.0-dev.630 | 2020-12-07 16:52:52 -0800
* Fix narrowing conversion compiler error in SMB error-response logic (Jon Siwek, Corelight) * Fix narrowing conversion compiler error in SMB error-response logic (Jon Siwek, Corelight)

2
VERSION
View file

@ -1 +1 @@
3.3.0-dev.630 3.3.0-dev.634

3
src/Conn.cc
View file

@ -322,6 +322,9 @@ void Connection::SetInactivityTimeout(double timeout)
void Connection::EnableStatusUpdateTimer() void Connection::EnableStatusUpdateTimer()
{ {
if ( installed_status_timer )
return;
if ( connection_status_update && zeek::detail::connection_status_update_interval ) if ( connection_status_update && zeek::detail::connection_status_update_interval )
{ {
ADD_TIMER(&Connection::StatusUpdateTimer, ADD_TIMER(&Connection::StatusUpdateTimer,

6
testing/btest/Baseline/core.connection_status_update/out Normal file
View file

@ -0,0 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
new_connection, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp]
connection_status_update, 1, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp]
connection_status_update, 2, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp]
connection_status_update, 3, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp]
connection_status_update, 4, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp]

BIN
testing/btest/Traces/icmp/5-pings.pcap Normal file
View file

Binary file not shown.

11
testing/btest/core/connection_status_update.zeek Normal file
View file

@ -0,0 +1,11 @@
# @TEST-EXEC: zeek -b -C -r $TRACES/icmp/5-pings.pcap %INPUT >out
# @TEST-EXEC: btest-diff out
global update_count = 0;
global connection_status_update_interval = 1sec;
event new_connection(c: connection)
{ print "new_connection", c$id; }
event connection_status_update(c: connection)
{ print "connection_status_update", ++update_count, c$id; }