Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 19:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

scripts/conn: Open-code determine_service()

Browse source 
...and avoid doing it as suggested by Justin to avoid the extra over-head
in scan scenarios where c$service is empty.
This commit is contained in:
Arne Welzel 2022-09-20 17:00:33 +02:00
parent 7ed6cbeee5
commit 660172013b
2 changed files with 4 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

12
scripts/base/protocols/conn/main.zeek
View file

@ -224,11 +224,6 @@ function conn_state(c: connection, trans: transport_proto): string
return "OTH";
}
function determine_service(c: connection): string
{
return to_lower(join_string_set(c$service, ","));
}
## Fill out the c$conn record for logging
function set_conn(c: connection, eoc: bool)
{
@ -268,9 +263,10 @@ function set_conn(c: connection, eoc: bool)
c$conn$resp_pkts = c$resp$num_pkts;
c$conn$resp_ip_bytes = c$resp$num_bytes_ip;
}
local service = determine_service(c);
if ( service != "" )
c$conn$service=service;
if ( |c$service| > 0 )
c$conn$service=to_lower(join_string_set(c$service, ","));
c$conn$conn_state=conn_state(c, get_port_transport_proto(c$id$resp_p));
if ( c$history != "" )