Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Use NetControl for ACTION_DROP of notice framework.

Browse source 
So far, this action did nothing...
This commit is contained in:
Johanna Amann 2016-06-22 16:01:26 -07:00
parent 6361a0d658
commit 3b55a917ac
1 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

16
scripts/base/frameworks/notice/actions/drop.bro
View file

@ -2,13 +2,13 @@
##! dropping functionality.
@load ../main
@load base/frameworks/netcontrol
module Notice;
export {
redef enum Action += {
## Drops the address via Drop::drop_address, and generates an
## alarm.
## Drops the address via :bro:see:`NetControl::drop_address_catch_release`.
ACTION_DROP
};
@ -23,9 +23,13 @@ hook notice(n: Notice::Info)
{
if ( ACTION_DROP in n$actions )
{
#local drop = React::drop_address(n$src, "");
#local addl = drop?$sub ? fmt(" %s", drop$sub) : "";
#n$dropped = drop$note != Drop::AddressDropIgnored;
#n$msg += fmt(" [%s%s]", drop$note, addl);
local ci = NetControl::get_catch_release_info(n$src);
if ( ci$watch_until == double_to_time(0) )
{
# we have not seen this one yet. Drop it.
local addl = n?$msg ? fmt("ACTION_DROP: %s", n?$msg) : "ACTION_DROP";
local res = NetControl::drop_address_catch_release(n$src, addl);
n$dropped = res$watch_until != double_to_time(0);
}
}
}