In SMB, don't attach the gssapi analyzer until a message is seen.

2025-10-11 02:58:20 +00:00 · 2016-04-21 11:37:16 -04:00 · 2016-04-21 11:37:16 -04:00 · bcdba4cc5d
commit bcdba4cc5d
parent b96fe860ea
1 changed files with 4 additions and 1 deletions
--- a/src/analyzer/protocol/smb/smb-gssapi.pac
+++ b/src/analyzer/protocol/smb/smb-gssapi.pac
@ -5,7 +5,7 @@ refine connection SMB_Conn += {
 	%}

 	%init{
-		gssapi = analyzer_mgr->InstantiateAnalyzer("GSSAPI", bro_analyzer->Conn());
+		gssapi = 0;
 	%}

 	%cleanup{
@ -15,6 +15,9 @@ refine connection SMB_Conn += {

 	function forward_gssapi(data: bytestring, is_orig: bool): bool
 		%{
+		if ( ! gssapi )
+			gssapi = analyzer_mgr->InstantiateAnalyzer("GSSAPI", bro_analyzer()->Conn());
+
 		if ( gssapi )
 			gssapi->DeliverStream(${data}.length(), ${data}.begin(), is_orig);