Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Use NetControl for ACTION_DROP of notice framework.

Browse source 
So far, this action did nothing...
This commit is contained in:
Johanna Amann 2016-06-22 16:01:26 -07:00
parent 6361a0d658
commit 3b55a917ac
1 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

16
scripts/base/frameworks/notice/actions/drop.bro
View file

@ -2,13 +2,13 @@
##! dropping functionality. ##! dropping functionality.
@load ../main @load ../main
@load base/frameworks/netcontrol
module Notice; module Notice;
export { export {
redef enum Action += { redef enum Action += {
## Drops the address via Drop::drop_address, and generates an ## Drops the address via :bro:see:`NetControl::drop_address_catch_release`.
## alarm.
ACTION_DROP ACTION_DROP
}; };
@ -23,9 +23,13 @@ hook notice(n: Notice::Info)
{ {
if ( ACTION_DROP in n$actions ) if ( ACTION_DROP in n$actions )
{ {
#local drop = React::drop_address(n$src, ""); local ci = NetControl::get_catch_release_info(n$src);
#local addl = drop?$sub ? fmt(" %s", drop$sub) : ""; if ( ci$watch_until == double_to_time(0) )
#n$dropped = drop$note != Drop::AddressDropIgnored; {
#n$msg += fmt(" [%s%s]", drop$note, addl); # we have not seen this one yet. Drop it.
local addl = n?$msg ? fmt("ACTION_DROP: %s", n?$msg) : "ACTION_DROP";
local res = NetControl::drop_address_catch_release(n$src, addl);
n$dropped = res$watch_until != double_to_time(0);
}
} }
} }