Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 11:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/fastpath'

Browse source 
* origin/fastpath:
  Correct a spelling error
  When setting the SSL analyzer to fail, also stop processing data that already has been delivered to the analyzer, not just future data.
This commit is contained in:
Jon Siwek 2015-03-23 09:50:15 -05:00
commit cf3abfb1c7
2 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/analyzer/protocol/ssl/ssl-protocol.pac
View file

@ -750,6 +750,12 @@ refine connection SSL_Conn += {
function determine_ssl_record_layer(head0 : uint8, head1 : uint8, function determine_ssl_record_layer(head0 : uint8, head1 : uint8,
head2 : uint8, head3: uint8, head4: uint8, is_orig: bool) : int head2 : uint8, head3: uint8, head4: uint8, is_orig: bool) : int
%{ %{
// stop processing if we already had a protocol violation or otherwhise
// decided that we do not want to parse anymore. Just setting skip is not
// enough for the data that is already in the pipe.
if ( bro_analyzer()->Skipping() )
return UNKNOWN_VERSION;
// re-check record layer version to be sure that we still are synchronized with // re-check record layer version to be sure that we still are synchronized with
// the data stream // the data stream
if ( record_layer_version_ != UNKNOWN_VERSION && record_layer_version_ != SSLv20 ) if ( record_layer_version_ != UNKNOWN_VERSION && record_layer_version_ != SSLv20 )

2
src/iosource/pcap/Plugin.cc
View file

@ -17,7 +17,7 @@ public:
plugin::Configuration config; plugin::Configuration config;
config.name = "Bro::Pcap"; config.name = "Bro::Pcap";
config.description = "Packet aquisition via libpcap"; config.description = "Packet acquisition via libpcap";
return config; return config;
} }
} plugin; } plugin;