From 2ccc963e221bc747b48f908ec1df7dc167f41723 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 1 Aug 2013 11:19:23 -0400 Subject: [PATCH] Small fix to deal with a bug in the SSL log delay mechanism. - It looks like we might have some parser problem, but I just want to work around this problem for the moment. --- CHANGES | 4 ++++ VERSION | 2 +- scripts/base/protocols/ssl/main.bro | 9 +++------ 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index e9b5b1c925..5cfbd0b17a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.1-951 | 2013-08-01 11:19:23 -0400 + + * Small fix to deal with a bug in the SSL log delay mechanism. + 2.1-948 | 2013-07-31 20:08:28 -0700 * Fix segfault caused by merging an empty bloom-filter with a diff --git a/VERSION b/VERSION index aaa6984d5f..48cc941701 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1-948 +2.1-951 diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index 65526182ac..0d4a8435f0 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -67,11 +67,8 @@ export { ## (especially with large file transfers). const disable_analyzer_after_detection = T &redef; - ## The maximum amount of time a script can delay records from being logged. - const max_log_delay = 15secs &redef; - ## Delays an SSL record for a specific token: the record will not be logged - ## as longs the token exists or until :bro:id:`SSL::max_log_delay` elapses. + ## as longs the token exists or until 15 seconds elapses. global delay_log: function(info: Info, token: string); ## Undelays an SSL record for a previously inserted token, allowing the @@ -90,7 +87,7 @@ redef record connection += { redef record Info += { # Adding a string "token" to this set will cause the SSL script # to delay logging the record until either the token has been removed or - # the record has been delayed for :bro:id:`SSL::max_log_delay`. + # the record has been delayed. delay_tokens: set[string] &optional; }; @@ -138,7 +135,7 @@ function log_record(info: Info) { log_record(info); } - timeout SSL::max_log_delay + timeout 15secs { Reporter::info(fmt("SSL delay tokens not released in time (%s tokens remaining)", |info$delay_tokens|));