Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

HTTP: Add mechanism to instantiate Upgrade analyzer

Browse source 
When a HTTP upgrade request/reply is detected, lookup an analyzer tag
from HTTP::upgrade_analyzers, or if nothing is found, attach PIA_TCP.
This commit is contained in:
Arne Welzel 2024-01-13 12:27:54 +01:00
parent b5f9e5a3b1
commit 8ebd054abc
3 changed files with 59 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

11
scripts/base/init-bare.zeek
View file

@ -423,7 +423,6 @@ export {
## The full list of TCP Option fields parsed from a TCP header.
type OptionList: vector of Option;
}
module GLOBAL;
module Tunnel;
export {
@ -449,6 +448,16 @@ export {
const max_changes_per_connection: count = 5 &redef;
} # end export
module HTTP;
export {
## Lookup table for Upgrade analyzers. First, a case sensitive lookup
## is done using the client's Upgrade header. If no match is found,
## the all lower-case value is used. If there's still no match Zeek
## uses dynamic protocol detection for the upgraded to protocol instead.
const upgrade_analyzers: table[string] of Analyzer::Tag &redef;
}
module GLOBAL;
## A type alias for a vector of encapsulating "connections", i.e. for when