Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Increase size of proto fields to uint16_t, add common default value

Browse source
This commit is contained in:
Tim Wojtulewicz 2024-11-07 11:04:04 -07:00
parent f762a45e83
commit d0896e81d6
36 changed files with 110 additions and 110 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/frameworks/notice/weird.zeek
View file

@ -448,8 +448,7 @@ event flow_weird(name: string, src: addr, dst: addr, addl: string, source: strin
# We add the source and destination as port 0/unknown because that is
# what fits best here.
local id = conn_id($orig_h=src, $orig_p=count_to_port(0, unknown_transport),
$resp_h=dst, $resp_p=count_to_port(0, unknown_transport),
$proto=256);
$resp_h=dst, $resp_p=count_to_port(0, unknown_transport));
local i = Info($ts=network_time(), $name=name, $id=id, $identifier=flow_id_string(src,dst));

2
scripts/base/init-bare.zeek
View file

@ -217,7 +217,7 @@ type conn_id: record {
orig_p: port &log; ##< The originator's port number.
resp_h: addr &log; ##< The responder's IP address.
resp_p: port &log; ##< The responder's port number.
proto: count;
proto: count &default=65535; ##< The transport protocol ID. Defaults to 65535 as an "unknown" value.
};
## The identifying 4-tuple of a uni-directional flow.