Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add a call to lookup_connection in SSH scripts to update connval.

Browse source
This commit is contained in:
Seth Hall 2013-07-04 22:32:07 -04:00
parent 23b58d62d2
commit ca6d2bb6bc
3 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/protocols/ssh/main.bro
View file

@ -118,7 +118,7 @@ function check_ssh_connection(c: connection, done: bool)
# Responder must have sent fewer than 40 packets.
c$resp$num_pkts < 40 &&
# If there was a content gap we can't reliably do this heuristic.
c?$conn && c$conn$missed_bytes == 0)# &&
c?$conn && c$conn$missed_bytes == 0 )# &&
# Only "normal" connections can count.
#c$conn?$conn_state && c$conn$conn_state in valid_states )
{
@ -178,6 +178,7 @@ event ssh_watcher(c: connection)
if ( ! connection_exists(id) )
return;
lookup_connection(c$id);
check_ssh_connection(c, F);
if ( ! c$ssh$done )
schedule +15secs { ssh_watcher(c) };