Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Some small fixes to further reduce SOCKS false positive logs.

Browse source
This commit is contained in:
Seth Hall 2012-07-11 16:53:46 -04:00
parent e3f6a467a4
commit a44612788e
2 changed files with 12 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/base/protocols/socks/main.bro
View file

@ -83,5 +83,8 @@ event socks_reply(c: connection, version: count, reply: count, sa: SOCKS::Addres
event socks_reply(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port) &priority=-5 event socks_reply(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port) &priority=-5
{ {
Log::write(SOCKS::LOG, c$socks); # This will handle the case where the analyzer failed in some way and was removed. We probably
# don't want to log these connections.
if ( "SOCKS" in c$service )
Log::write(SOCKS::LOG, c$socks);
} }

9
src/SOCKS.cc
View file

@ -67,7 +67,14 @@ void SOCKS_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
} }
else else
{ {
interp->NewData(orig, data, data + len); try
{
interp->NewData(orig, data, data + len);
}
catch ( const binpac::Exception& e )
{
ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
}
} }
} }