Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/johanna/gh-3242'

Browse source 
* origin/topic/johanna/gh-3242:
  Community-id: load main script in notice script, fix notice script
This commit is contained in:
Johanna Amann 2023-08-23 12:31:16 +01:00
commit 70c76977cf
6 changed files with 28 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

16
CHANGES
View file

@ -1,3 +1,19 @@
6.1.0-dev.312 | 2023-08-23 12:31:16 +0100
* Community-id: load main script in notice script, fix notice script (Johanna Amann, Corelight)
This change makes the community-id script that adds the community id to
notice.log automatically load the main script if this was not already
loaded.
In the past, the script just did not perform any action if the main
script was not loaded.
This change also makes the notice script respect the seed/base64
settings that were set in the main script.
Fixes GH-3242
6.1.0-dev.310 | 2023-08-22 14:59:28 +0200 6.1.0-dev.310 | 2023-08-22 14:59:28 +0200
* GH-3218/GH-3219: Spicy: Extend functionality of `export` in EVT * GH-3218/GH-3219: Spicy: Extend functionality of `export` in EVT

5
NEWS
View file

@ -69,6 +69,11 @@ Changed Functionality
values set in a ``new_connection()`` handler. A new ``connection_flipped()`` values set in a ``new_connection()`` handler. A new ``connection_flipped()``
event is added to allow updating custom state in script-land. event is added to allow updating custom state in script-land.
- Loading ``policy/frameworks/notice/community-id.zeek`` now also automatically
community ID logging. In the past, loading the script had no effect unless
``policy/protocols/conn/community-id-logging.zeek`` was loaded before. This
was fairly unusual and hard to debug behavior.
Removed Functionality Removed Functionality
--------------------- ---------------------

2
VERSION
View file

@ -1 +1 @@
6.1.0-dev.310 6.1.0-dev.312

11
scripts/policy/frameworks/notice/community-id.zeek
View file

@ -1,11 +1,9 @@
# Source this script in addition to protocols/conn/community-id # Source this script to add Community ID to notices.
# to add Community ID to notices. # This script will automatically load the main community-id script.
# Only support loading this if the main script is also loaded.
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/notice @load base/frameworks/notice
@load policy/protocols/conn/community-id-logging
@ifdef ( CommunityID::seed )
module CommunityID::Notice; module CommunityID::Notice;
@ -23,6 +21,5 @@ export {
hook Notice::notice(n: Notice::Info) hook Notice::notice(n: Notice::Info)
{ {
if ( CommunityID::Notice::enabled && n?$conn ) if ( CommunityID::Notice::enabled && n?$conn )
n$community_id = community_id_v1(n$conn$id); n$community_id = community_id_v1(n$conn$id, CommunityID::seed, CommunityID::do_base64);
} }
@endif

2
testing/external/commit-hash.zeek-testing vendored
View file

@ -1 +1 @@
d59caff708b41db11fa0cbfe0b1f95b46c3e700e 5218e6b23477a8fc21c17655c9d955fb80c7de4a

2
testing/external/commit-hash.zeek-testing-private vendored
View file

@ -1 +1 @@
7162c907aa25e155ea841710ef30b65afb578c3f 4046d6322e1435851c4b17f9b6dfba63481e7e2b