Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 13:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

add a max_line_length flag to ContentLine_Analyzer

Browse source 
In ContentLine_Analyzer, prevent excessively long lines being assembled.
The line length will default to just under 16MB, but can be overriden on
a per-analyzer basis.  This is done for the finger,ident, and irc
analyzers.
This commit is contained in:
Justin Azoff 2017-11-03 16:13:18 -04:00
parent b6e3603481
commit 43b2b9806e
9 changed files with 40 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

1
scripts/base/frameworks/notice/weird.bro
View file

@ -106,6 +106,7 @@ export {
["baroque_SYN"] = ACTION_LOG,
["base64_illegal_encoding"] = ACTION_LOG,
["connection_originator_SYN_ack"] = ACTION_LOG_PER_ORIG,
["contentline_size_exceeded"] = ACTION_LOG,
["corrupt_tcp_options"] = ACTION_LOG_PER_ORIG,
["crud_trailing_HTTP_request"] = ACTION_LOG,
["data_after_reset"] = ACTION_LOG,