mirror of
https://github.com/zeek/zeek.git
synced 2025-10-11 11:08:20 +00:00
In SMB, don't attach the gssapi analyzer until a message is seen.
This commit is contained in:
Seth Hall
parent
b96fe860ea
commit
bcdba4cc5d
1 changed files with 4 additions and 1 deletions
|
|
@ -5,7 +5,7 @@ refine connection SMB_Conn += {
|
||||||
%}
|
%}
|
||||||
|
|
||||||
%init{
|
%init{
|
||||||
gssapi = analyzer_mgr->InstantiateAnalyzer("GSSAPI", bro_analyzer->Conn());
|
gssapi = 0;
|
||||||
%}
|
%}
|
||||||
|
|
||||||
%cleanup{
|
%cleanup{
|
||||||
|
|
@ -15,6 +15,9 @@ refine connection SMB_Conn += {
|
||||||
|
|
||||||
function forward_gssapi(data: bytestring, is_orig: bool): bool
|
function forward_gssapi(data: bytestring, is_orig: bool): bool
|
||||||
%{
|
%{
|
||||||
|
if ( ! gssapi )
|
||||||
|
gssapi = analyzer_mgr->InstantiateAnalyzer("GSSAPI", bro_analyzer()->Conn());
|
||||||
|
|
||||||
if ( gssapi )
|
if ( gssapi )
|
||||||
gssapi->DeliverStream(${data}.length(), ${data}.begin(), is_orig);
|
gssapi->DeliverStream(${data}.length(), ${data}.begin(), is_orig);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue