Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

BIT-788: use DNS QR field to better identify flow direction.

Browse source
This commit is contained in:
Jon Siwek 2015-03-19 11:53:40 -05:00
parent 3956df4407
commit 8efaae96cd
9 changed files with 38 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/protocols/dns/main.bro
View file

@ -305,6 +305,9 @@ hook DNS::do_reply(c: connection, msg: dns_msg, ans: dns_answer, reply: string)
if ( ans$answer_type == DNS_ANS )
{
if ( ! c$dns?$query )
c$dns$query = ans$query;
c$dns$AA = msg$AA;
c$dns$RA = msg$RA;