mirror of
https://github.com/zeek/zeek.git
synced 2025-10-16 05:28:20 +00:00
FileAnalysis: misc. tweaks/fixes.
- Add a timeout flag to file_analysis.log so it's easy to tell what has had at least one timeout trigger happen. - Fix ftp-data service tag not being set for reused connections. - Fix HTTP::Incorrect_File_Type because mime types returned by FAF have the charset still in them, but the HTTP::mime_types_extensions table does not and it requires an exact string match. (still ugly) - Add TRIGGER_NEW_CONN to track files going over multiple connections. - Add an initial file/mime type guess for non-linear file transfers. - Fix a case where file/mime type detection would never be attempted if the start of the file was a content gap. - Improve mime type tracking of HTTP byte-range/partial-content, even if the requests are pipelined or over multiple connections. - I changed the modbus.events test because having the baseline output be 80+ MB is nuts and it was sensitive to connection record redefs.
This commit is contained in:
Jon Siwek
parent
f0e9cdc30a
commit
3642ecc73e
16 changed files with 79842 additions and 159442 deletions
|
|
@ -8,141 +8,141 @@
|
|||
|
||||
event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool)
|
||||
{
|
||||
print "modbus_message", c, headers, is_orig;
|
||||
print "modbus_message", c$id, headers, is_orig;
|
||||
}
|
||||
|
||||
event modbus_exception(c: connection, headers: ModbusHeaders, code: count)
|
||||
{
|
||||
print "modbus_exception", c, headers, code;
|
||||
print "modbus_exception", c$id, headers, code;
|
||||
}
|
||||
|
||||
event modbus_read_coils_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
|
||||
{
|
||||
print "modbus_read_coils_request", c, headers, start_address, quantity;
|
||||
print "modbus_read_coils_request", c$id, headers, start_address, quantity;
|
||||
}
|
||||
|
||||
event modbus_read_coils_response(c: connection, headers: ModbusHeaders, coils: ModbusCoils)
|
||||
{
|
||||
print "modbus_read_coils_response", c, headers, coils;
|
||||
print "modbus_read_coils_response", c$id, headers, coils;
|
||||
}
|
||||
|
||||
event modbus_read_discrete_inputs_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
|
||||
{
|
||||
print "modbus_read_discrete_inputs_request", c, headers, start_address, quantity;
|
||||
print "modbus_read_discrete_inputs_request", c$id, headers, start_address, quantity;
|
||||
}
|
||||
|
||||
event modbus_read_discrete_inputs_response(c: connection, headers: ModbusHeaders, coils: ModbusCoils)
|
||||
{
|
||||
print "modbus_read_discrete_inputs_response", c, headers, coils;
|
||||
print "modbus_read_discrete_inputs_response", c$id, headers, coils;
|
||||
}
|
||||
|
||||
event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
|
||||
{
|
||||
print "modbus_read_holding_registers_request", c, headers, start_address, quantity;
|
||||
print "modbus_read_holding_registers_request", c$id, headers, start_address, quantity;
|
||||
}
|
||||
|
||||
event modbus_read_holding_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters)
|
||||
{
|
||||
print "modbus_read_holding_registers_response", c, headers, registers;
|
||||
print "modbus_read_holding_registers_response", c$id, headers, registers;
|
||||
}
|
||||
|
||||
event modbus_read_input_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
|
||||
{
|
||||
print "modbus_read_input_registers_request", c, headers, start_address, quantity;
|
||||
print "modbus_read_input_registers_request", c$id, headers, start_address, quantity;
|
||||
}
|
||||
|
||||
event modbus_read_input_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters)
|
||||
{
|
||||
print "modbus_read_input_registers_response", c, headers, registers;
|
||||
print "modbus_read_input_registers_response", c$id, headers, registers;
|
||||
}
|
||||
|
||||
event modbus_write_single_coil_request(c: connection, headers: ModbusHeaders, address: count, value: bool)
|
||||
{
|
||||
print "modbus_write_single_coil_request", c, headers, address, value;
|
||||
print "modbus_write_single_coil_request", c$id, headers, address, value;
|
||||
}
|
||||
|
||||
event modbus_write_single_coil_response(c: connection, headers: ModbusHeaders, address: count, value: bool)
|
||||
{
|
||||
print "modbus_write_single_coil_response", c, headers, address, value;
|
||||
print "modbus_write_single_coil_response", c$id, headers, address, value;
|
||||
}
|
||||
|
||||
event modbus_write_single_register_request(c: connection, headers: ModbusHeaders, address: count, value: count)
|
||||
{
|
||||
print "modbus_write_single_register_request", c, headers, address, value;
|
||||
print "modbus_write_single_register_request", c$id, headers, address, value;
|
||||
}
|
||||
|
||||
event modbus_write_single_register_response(c: connection, headers: ModbusHeaders, address: count, value: count)
|
||||
{
|
||||
print "modbus_write_single_register_response", c, headers, address, value;
|
||||
print "modbus_write_single_register_response", c$id, headers, address, value;
|
||||
}
|
||||
|
||||
event modbus_write_multiple_coils_request(c: connection, headers: ModbusHeaders, start_address: count, coils: ModbusCoils)
|
||||
{
|
||||
print "modbus_write_multiple_coils_request", c, headers, start_address, coils;
|
||||
print "modbus_write_multiple_coils_request", c$id, headers, start_address, coils;
|
||||
}
|
||||
|
||||
event modbus_write_multiple_coils_response(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
|
||||
{
|
||||
print "modbus_write_multiple_coils_response", c, headers, start_address, quantity;
|
||||
print "modbus_write_multiple_coils_response", c$id, headers, start_address, quantity;
|
||||
}
|
||||
|
||||
event modbus_write_multiple_registers_request(c: connection, headers: ModbusHeaders, start_address: count, registers: ModbusRegisters)
|
||||
{
|
||||
print "modbus_write_multiple_registers_request", c, headers, start_address, registers;
|
||||
print "modbus_write_multiple_registers_request", c$id, headers, start_address, registers;
|
||||
}
|
||||
|
||||
event modbus_write_multiple_registers_response(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
|
||||
{
|
||||
print "modbus_write_multiple_registers_response", c, headers, start_address, quantity;
|
||||
print "modbus_write_multiple_registers_response", c$id, headers, start_address, quantity;
|
||||
}
|
||||
|
||||
event modbus_read_file_record_request(c: connection, headers: ModbusHeaders)
|
||||
{
|
||||
print "modbus_read_file_record_request", c, headers;
|
||||
print "modbus_read_file_record_request", c$id, headers;
|
||||
}
|
||||
|
||||
event modbus_read_file_record_response(c: connection, headers: ModbusHeaders)
|
||||
{
|
||||
print "modbus_read_file_record_response", c, headers;
|
||||
print "modbus_read_file_record_response", c$id, headers;
|
||||
}
|
||||
|
||||
event modbus_write_file_record_request(c: connection, headers: ModbusHeaders)
|
||||
{
|
||||
print "modbus_write_file_record_request", c, headers;
|
||||
print "modbus_write_file_record_request", c$id, headers;
|
||||
}
|
||||
|
||||
event modbus_write_file_record_response(c: connection, headers: ModbusHeaders)
|
||||
{
|
||||
print "modbus_write_file_record_response", c, headers;
|
||||
print "modbus_write_file_record_response", c$id, headers;
|
||||
}
|
||||
|
||||
event modbus_mask_write_register_request(c: connection, headers: ModbusHeaders, address: count, and_mask: count, or_mask: count)
|
||||
{
|
||||
print "modbus_mask_write_register_request", c, headers, address, and_mask, or_mask;
|
||||
print "modbus_mask_write_register_request", c$id, headers, address, and_mask, or_mask;
|
||||
}
|
||||
|
||||
event modbus_mask_write_register_response(c: connection, headers: ModbusHeaders, address: count, and_mask: count, or_mask: count)
|
||||
{
|
||||
print "modbus_mask_write_register_response", c, headers, address, and_mask, or_mask;
|
||||
print "modbus_mask_write_register_response", c$id, headers, address, and_mask, or_mask;
|
||||
}
|
||||
|
||||
event modbus_read_write_multiple_registers_request(c: connection, headers: ModbusHeaders, read_start_address: count, read_quantity: count, write_start_address: count, write_registers: ModbusRegisters)
|
||||
{
|
||||
print "modbus_read_write_multiple_registers_request", c, headers, read_start_address, read_quantity, write_start_address, write_registers;
|
||||
print "modbus_read_write_multiple_registers_request", c$id, headers, read_start_address, read_quantity, write_start_address, write_registers;
|
||||
}
|
||||
|
||||
event modbus_read_write_multiple_registers_response(c: connection, headers: ModbusHeaders, written_registers: ModbusRegisters)
|
||||
{
|
||||
print "modbus_read_write_multiple_registers_response", c, headers, written_registers;
|
||||
print "modbus_read_write_multiple_registers_response", c$id, headers, written_registers;
|
||||
}
|
||||
|
||||
event modbus_read_fifo_queue_request(c: connection, headers: ModbusHeaders, start_address: count)
|
||||
{
|
||||
print "modbus_read_fifo_queue_request", c, headers, start_address;
|
||||
print "modbus_read_fifo_queue_request", c$id, headers, start_address;
|
||||
}
|
||||
|
||||
event modbus_read_fifo_queue_response(c: connection, headers: ModbusHeaders, fifos: ModbusRegisters)
|
||||
{
|
||||
print "modbus_read_fifo_queue_response", c, headers, fifos;
|
||||
print "modbus_read_fifo_queue_response", c$id, headers, fifos;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue