Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update DTLS error handling

Browse source 
DTLS now only outputs protocol violations once it saw something that
looked like a DTLS connection (at least a client hello). Before the
danger that it misinterprets something is too high.

It has a configurable number of invalid packets that it can skip over
(because other protocols might be interleaved with the connection) and a
maximum amount of Protocol violations that it outputs because of wrong
packet versions.
This commit is contained in:
Johanna Amann 2019-04-04 12:27:42 -07:00
parent 99c89d55d6
commit 7c48aad582
11 changed files with 74 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

15
testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test Normal file
View file

@ -0,0 +1,15 @@
# This tests checks that non-dtls connections to which we attach don't trigger tons of errors.
# @TEST-EXEC: bro -C -r $TRACES/dns-txt-multiple.trace %INPUT
# @TEST-EXEC: btest-diff .stdout
event bro_init()
{
const add_ports = { 53/udp };
Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, add_ports);
}
event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count, reason: string)
{
print c$id, atype, reason;
}