Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

add is_orig to heartbeat event

Browse source
This commit is contained in:
Bernhard Amann 2014-04-08 08:43:38 -07:00
parent ffd4711a41
commit 902d52e261
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/analyzer/protocol/ssl/events.bif
View file

@ -139,4 +139,4 @@ event ssl_alert%(c: connection, is_orig: bool, level: count, desc: count%);
## ssl_alert ## ssl_alert
event ssl_session_ticket_handshake%(c: connection, ticket_lifetime_hint: count, ticket: string%); event ssl_session_ticket_handshake%(c: connection, ticket_lifetime_hint: count, ticket: string%);
event ssl_heartbeat%(c: connection, length: count%); event ssl_heartbeat%(c: connection, is_orig: bool, length: count%);

4
src/analyzer/protocol/ssl/ssl-analyzer.pac
View file

@ -308,7 +308,7 @@ refine connection SSL_Conn += {
%{ %{
if ( ${rec.content_type} == HEARTBEAT ) if ( ${rec.content_type} == HEARTBEAT )
BifEvent::generate_ssl_heartbeat(bro_analyzer(), BifEvent::generate_ssl_heartbeat(bro_analyzer(),
bro_analyzer()->Conn(), ${rec.length}); bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length});
if ( state_ == STATE_TRACK_LOST ) if ( state_ == STATE_TRACK_LOST )
bro_analyzer()->ProtocolViolation(fmt("unexpected ciphertext record from %s in state %s", bro_analyzer()->ProtocolViolation(fmt("unexpected ciphertext record from %s in state %s",
@ -328,7 +328,7 @@ refine connection SSL_Conn += {
function proc_heartbeat(rec : SSLRecord) : bool function proc_heartbeat(rec : SSLRecord) : bool
%{ %{
BifEvent::generate_ssl_heartbeat(bro_analyzer(), BifEvent::generate_ssl_heartbeat(bro_analyzer(),
bro_analyzer()->Conn(), ${rec.length}); bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length});
return true; return true;
%} %}