Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/topic/gregor/script-polishing'

Browse source 
* origin/topic/gregor/script-polishing:
  Tune when c$conn is set.
  Set c$conn (for logging) in new_connection() event.
  (Semiautomatically) convert the comments in bare-init.bro into autodoc ones.
  Add ConnSize_Analyzer's fields to conn.log
  SSH base scripts: make sure ConnSizeAnalyzer variables are available before using them.
  Make reference to the other script a link
This commit is contained in:
Seth Hall 2011-08-25 13:17:49 -04:00
commit 562abfb0d1
6 changed files with 462 additions and 405 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/base/protocols/ssh/main.bro
View file

@ -94,6 +94,11 @@ function check_ssh_connection(c: connection, done: bool)
if ( c$ssh$done )
return;
# Make sure conn_size_analyzer is active by checking
# resp$num_bytes_ip
if ( !c$resp?$num_bytes_ip )
return;
# If this is still a live connection and the byte count has not
# crossed the threshold, just return and let the resheduled check happen later.
if ( !done && c$resp$num_bytes_ip < authentication_data_size )