Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

GH-998: Fix Reporter::conn_weird() to handle expired connections

Browse source 
This introduces a new sampling state-map for expired connections to fix
segfaults that previously occured when passing in a `connection` record
to `Reporter::conn_weird()` for which the internal `Connection` object
had already been expired and deleted.  This also introduces a new event
called `expired_conn_weird`, which is similar to `conn_weird`, except
the full `connection` record is no longer available, just the `conn_id`
and UID string.
This commit is contained in:
Jon Siwek 2020-06-15 12:53:46 -07:00
parent 8d9e85b842
commit 51e738a1c0
9 changed files with 163 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/Timer.h
View file

@ -15,6 +15,7 @@ enum TimerType : uint8_t {
TIMER_CONN_EXPIRE,
TIMER_CONN_INACTIVITY,
TIMER_CONN_STATUS_UPDATE,
TIMER_CONN_TUPLE_WEIRD_EXPIRE,
TIMER_DNS_EXPIRE,
TIMER_FILE_ANALYSIS_INACTIVITY,
TIMER_FLOW_WEIRD_EXPIRE,