Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

SSL: failing analyzer handling - address review feedback

Browse source 
Fold the two analyzer_violation_info events into one. See GH-3012
This commit is contained in:
Johanna Amann 2023-05-03 13:41:36 +01:00
parent 21888a145a
commit 9a47e201f8
1 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
scripts/base/protocols/ssl/main.zeek
View file

@ -501,11 +501,6 @@ event analyzer_confirmation_info(atype: AllAnalyzers::Tag, info: AnalyzerConfirm
event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo) &priority=5 event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo) &priority=5
{ {
if ( atype == Analyzer::ANALYZER_SSL || atype == Analyzer::ANALYZER_DTLS )
{
# analyzer errored out; prevent us from trying to remove it later
delete info$c$ssl$analyzer_id;
}
} }
event ssl_plaintext_data(c: connection, is_client: bool, record_version: count, content_type: count, length: count) &priority=5 event ssl_plaintext_data(c: connection, is_client: bool, record_version: count, content_type: count, length: count) &priority=5
@ -523,5 +518,9 @@ event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationI
{ {
if ( atype == Analyzer::ANALYZER_SSL || atype == Analyzer::ANALYZER_DTLS ) if ( atype == Analyzer::ANALYZER_SSL || atype == Analyzer::ANALYZER_DTLS )
if ( info$c?$ssl ) if ( info$c?$ssl )
{
# analyzer errored out; prevent us from trying to remove it later
delete info$c$ssl$analyzer_id;
finish(info$c, T); finish(info$c, T);
}
} }