Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-01 22:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Move c$service_violation to deprecated-dpd-log.zeek

Browse source 
This moves c$service_violation to the deprecated-dpd-log policy script.

This is the only script in the distribution that uses the field, and it
is unlikely to be used externally. It is also responsible for a
significant amount of memory use by itself.

This also restores the field being populated, which was broken in
GH-4362
This commit is contained in:
Johanna Amann 2025-07-24 10:34:20 +01:00
parent 86ab82c0df
commit 8de178d923
15 changed files with 3977 additions and 3973 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -357,6 +357,10 @@ Deprecated Functionality
`dpd.log` is no longer created by default, but can be loaded using the
`frameworks/analyzer/deprecated-dpd-log.zeek` policy script.
Relatedly, the `service_violation` field of the connection record is
deprecated and will only be present if the
`frameworks/analyzer/deprecated-dpd-log.zeek` policy script is loaded.
- The ``protocols/http/detect-sqli.zeek`` script has been deprecated in favor of a
new ``protocols/http/detect-sql-injection.zeek`` script to switch from the victim
host being placed into the ``src`` field of a notice to instead use ``dst``.