Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

IPBasedAnalyzer: Call TapPacket() when skipping

Browse source 
When skip_further_processing() is called, a TapAnalyzer should still see
the packets as skipped with SkipReason "skipping".
This commit is contained in:
Arne Welzel 2025-08-05 11:34:02 +02:00
parent dc904b2216
commit 4bc7f9532c
4 changed files with 38 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
testing/btest/plugins/tap-analyzer.zeek
View file

@ -14,9 +14,13 @@
# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >>output
#
# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT >>output
# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT http_skip_further_processing=T >>output
#
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output
@load base/protocols/http
event zeek_init()
{
print packet_source()$path;
@ -26,3 +30,12 @@ event zeek_done()
{
print "===";
}
global http_skip_further_processing = F &redef;
event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string)
{
if ( http_skip_further_processing )
skip_further_processing(c$id);
}