Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add new "udp_content_delivery_ports_use_resp" option

Browse source 
This controls whether ports given by "udp_content_delivery_ports_orig" and
"udp_content_delivery_ports_orig" are in terms of the UDP packet's
destination port or by the Connection's "responder" port (the former is
the unchanged default behavior).
This commit is contained in:
Jon Siwek 2020-04-06 14:51:34 -07:00
parent e66148a13a
commit 2da84020cf
7 changed files with 41 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
scripts/base/init-bare.zeek
View file

@ -1116,6 +1116,7 @@ const tcp_content_deliver_all_resp = F &redef;
## tcp_content_deliver_all_orig tcp_content_deliver_all_resp
## udp_content_delivery_ports_resp udp_content_deliver_all_orig
## udp_content_deliver_all_resp udp_contents
## udp_content_delivery_ports_use_resp
const udp_content_delivery_ports_orig: table[port] of bool = {} &redef;
## Defines UDP destination ports for which the contents of the responder stream
@ -1125,8 +1126,15 @@ const udp_content_delivery_ports_orig: table[port] of bool = {} &redef;
## tcp_content_delivery_ports_resp tcp_content_deliver_all_orig
## tcp_content_deliver_all_resp udp_content_delivery_ports_orig
## udp_content_deliver_all_orig udp_content_deliver_all_resp udp_contents
## udp_content_delivery_ports_use_resp
const udp_content_delivery_ports_resp: table[port] of bool = {} &redef;
## Whether ports given in :zeek:see:`udp_content_delivery_ports_orig`
## and :zeek:see:`udp_content_delivery_ports_resp` are in terms of
## UDP packet's destination port or the UDP connection's "responder"
## port.
option udp_content_delivery_ports_use_resp = F;
## If true, all UDP originator-side traffic is reported via
## :zeek:see:`udp_contents`.
##
@ -1135,6 +1143,7 @@ const udp_content_delivery_ports_resp: table[port] of bool = {} &redef;
## tcp_content_delivery_ports_orig udp_content_delivery_ports_orig
## udp_content_delivery_ports_resp udp_content_deliver_all_resp
## udp_contents
## udp_content_delivery_ports_use_resp
const udp_content_deliver_all_orig = F &redef;
## If true, all UDP responder-side traffic is reported via
@ -1145,6 +1154,7 @@ const udp_content_deliver_all_orig = F &redef;
## tcp_content_delivery_ports_orig udp_content_delivery_ports_orig
## udp_content_delivery_ports_resp udp_content_deliver_all_orig
## udp_contents
## udp_content_delivery_ports_use_resp
const udp_content_deliver_all_resp = F &redef;
## Check for expired table entries after this amount of time.