Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add record layer version to event ssl_encrypted_data.

Browse source 
This exposes the record layer version of the fragment in addition to the
content type and the length. The ordering of the arguments in the event
is the same as the ordering in the protocol message (first type, then
version, then length).

This also includes a slight change to the analyzer, no longer calling
the generate function if the event is not used.
This commit is contained in:
Johanna Amann 2017-02-03 12:27:40 -08:00
parent f721c74bad
commit c05e07cc90
9 changed files with 71 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/policy/protocols/ssl/heartbleed.bro
View file

@ -223,7 +223,7 @@ event ssl_encrypted_heartbeat(c: connection, is_orig: bool, length: count)
}
}
event ssl_encrypted_data(c: connection, is_orig: bool, content_type: count, length: count)
event ssl_encrypted_data(c: connection, is_orig: bool, content_type: count, record_version: count, length: count)
{
if ( !c?$ssl )
return;