Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 13:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

GH-545: add "addl" parameter to flow_weird and net_weird events

Browse source
This commit is contained in:
Jon Siwek 2019-08-20 22:45:22 -04:00
parent 8ab0650c1e
commit 2d7c926291
16 changed files with 69 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

12
scripts/base/frameworks/notice/weird.zeek
View file

@ -406,7 +406,7 @@ event conn_weird(name: string, c: connection, addl: string)
weird(i);
}
event flow_weird(name: string, src: addr, dst: addr)
event flow_weird(name: string, src: addr, dst: addr, addl: string)
{
# We add the source and destination as port 0/unknown because that is
# what fits best here.
@ -414,12 +414,20 @@ event flow_weird(name: string, src: addr, dst: addr)
$resp_h=dst, $resp_p=count_to_port(0, unknown_transport));
local i = Info($ts=network_time(), $name=name, $id=id, $identifier=flow_id_string(src,dst));
if ( addl != "" )
i$addl = addl;
weird(i);
}
event net_weird(name: string)
event net_weird(name: string, addl: string)
{
local i = Info($ts=network_time(), $name=name);
if ( addl != "" )
i$addl = addl;
weird(i);
}