Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Move c$service_violation to deprecated-dpd-log.zeek

Browse source 
This moves c$service_violation to the deprecated-dpd-log policy script.

This is the only script in the distribution that uses the field, and it
is unlikely to be used externally. It is also responsible for a
significant amount of memory use by itself.

This also restores the field being populated, which was broken in
GH-4362
This commit is contained in:
Johanna Amann 2025-07-24 10:34:20 +01:00
parent 86ab82c0df
commit 8de178d923
15 changed files with 3977 additions and 3973 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek
View file

@ -29,6 +29,10 @@ export {
redef record connection += {
dpd: Info &optional;
## The set of services (analyzers) for which Zeek has observed a
## violation after the same service had previously been confirmed.
service_violation: set[string] &default=set() &ordered &deprecated="Remove in v8.1. Consider using failed_analyzers instead";
};
event zeek_init() &priority=5
@ -52,6 +56,8 @@ event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationI
if ( analyzer !in c$service || analyzer in c$service_violation )
return;
add c$service_violation[analyzer];
local dpd: Info;
dpd$ts = network_time();
dpd$uid = c$uid;