Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update DTLS error handling

Browse source 
DTLS now only outputs protocol violations once it saw something that
looked like a DTLS connection (at least a client hello). Before the
danger that it misinterprets something is too high.

It has a configurable number of invalid packets that it can skip over
(because other protocols might be interleaved with the connection) and a
maximum amount of Protocol violations that it outputs because of wrong
packet versions.
This commit is contained in:
Johanna Amann 2019-04-04 12:27:42 -07:00
parent 99c89d55d6
commit 7c48aad582
11 changed files with 74 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

11
scripts/base/init-bare.bro
View file

@ -4169,6 +4169,17 @@ export {
HashAlgorithm: count; ##< Hash algorithm number
SignatureAlgorithm: count; ##< Signature algorithm number
};
## Number of non-DTLS frames that can occur in a DTLS connection before
## parsing of the connection is suspended.
## DTLS does not immediately stop parsing a connection because other protocols
## might be interleaved in the same UDP "connection".
const SSL::dtls_max_version_errors = 10 &redef;
## Maximum number of invalid version errors to report in one DTLS connection.
const SSL::dtls_max_reported_version_errors = 1 &redef;
}
module GLOBAL;