Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

dce-rpc: Make named_pipe filed docs extensive

Browse source 
Closes #3935
This commit is contained in:
Arne Welzel 2025-07-25 11:12:11 +02:00
parent 6e2a18ce4f
commit 3f810e038b
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
scripts/base/protocols/dce-rpc/main.zeek
View file

@ -21,6 +21,18 @@ export {
rtt : interval &log &optional; rtt : interval &log &optional;
## Remote pipe name. ## Remote pipe name.
##
## Note that this value is from the "sec_addr" field in the
## protocol. Zeek uses the "named_pipe" name for historical reasons,
## but it may also contain local port numbers rather than named pipes.
##
## If you prefer to use the "secondary address" name, consider
## using :zeek:see:`Log::default_field_name_map`, a ``Log::Filter``'s
## :zeek:field:`Log::Filter$field_name_map` field, or removing
## the :zeek:attr:`&log` attribute from this field, adding a
## new :zeek:field:`sec_addr` field and populating it in a custom
## :zeek:see:`dce_rpc_bind_ack` event handler based on the
## :zeek:field:`named_pipe` value.
named_pipe : string &log &optional; named_pipe : string &log &optional;
## Endpoint name looked up from the uuid. ## Endpoint name looked up from the uuid.
endpoint : string &log &optional; endpoint : string &log &optional;