Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

performance speed-up for SMB base scripts

Browse source
This commit is contained in:
Vern Paxson 2024-04-08 17:29:16 -04:00 committed by Tim Wojtulewicz
parent 39c3a0ec0b
commit c11c2830b1
5 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
scripts/base/protocols/smb/files.zeek
View file

@ -27,10 +27,10 @@ function get_file_handle(c: connection, is_orig: bool): string
# should be considered a new file. We use the raw version here to avoid
# getting differences when double precision varies by architecture.
local last_mod = cat(current_file?$times ? current_file$times$modified_raw : 0);
# TODO: This is doing hexdump to avoid problems due to file analysis handling
# TODO: This is doing clean to avoid problems due to file analysis handling
# using CheckString which is not immune to encapsulated null bytes.
# This needs to be fixed lower in the file analysis code later.
return hexdump(cat(Analyzer::ANALYZER_SMB, c$id$orig_h, c$id$resp_h, path_name, file_name, last_mod));
return clean(cat(Analyzer::ANALYZER_SMB, c$id$orig_h, c$id$resp_h, path_name, file_name, last_mod));
}
function describe_file(f: fa_file): string