Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 13:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Remove "unmatched_HTTP_reply" weird.

Browse source 
BIT-725 #close
This commit is contained in:
Jon Siwek 2015-03-20 11:08:31 -05:00
parent 792dedf718
commit df60015333
5 changed files with 12 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,4 +1,8 @@
2.3-564 | 2015-03-20 11:12:02 -0500
* BIT-725: Remove "unmatched_HTTP_reply" weird. (Jon Siwek)
2.3-562 | 2015-03-20 10:31:02 -0500 2.3-562 | 2015-03-20 10:31:02 -0500
* BIT-1207: Add unit test to catch breaking changes to local.bro * BIT-1207: Add unit test to catch breaking changes to local.bro

4
NEWS
View file

@ -102,6 +102,10 @@ Changed Functionality
- [TODO] Add changed BroControl features. - [TODO] Add changed BroControl features.
- The weird named "unmatched_HTTP_reply" has been removed since it can
be detected at the script-layer and is handled correctly by the
default HTTP scripts.
Deprecated Functionality Deprecated Functionality
------------------------ ------------------------

2
VERSION
View file

@ -1 +1 @@
2.3-562 2.3-564

4
src/analyzer/protocol/http/HTTP.cc
View file

@ -985,9 +985,7 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
{ {
++num_replies; ++num_replies;
if ( unanswered_requests.empty() ) if ( ! unanswered_requests.empty() )
Weird("unmatched_HTTP_reply");
else
ProtocolConfirmation(); ProtocolConfirmation();
reply_state = EXPECT_REPLY_MESSAGE; reply_state = EXPECT_REPLY_MESSAGE;

27
testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log
View file

@ -3,56 +3,33 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path weird #path weird
#open 2013-08-26-19-04-10 #open 2015-03-20-16-03-02
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string #types time string addr port addr port string string bool string
1354328874.278822 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 bad_HTTP_request - F bro 1354328874.278822 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 bad_HTTP_request - F bro
1354328874.299063 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328874.321792 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 bad_HTTP_request - F bro 1354328874.321792 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 bad_HTTP_request - F bro
1354328874.342591 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328882.908690 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 bad_HTTP_request - F bro 1354328882.908690 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 bad_HTTP_request - F bro
1354328882.928027 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328882.949510 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 bad_HTTP_request - F bro 1354328882.949510 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 bad_HTTP_request - F bro
1354328882.968948 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328887.094494 CMXxB5GvmoxJFXdTa 128.2.6.136 46572 173.194.75.103 80 bad_HTTP_request - F bro 1354328887.094494 CMXxB5GvmoxJFXdTa 128.2.6.136 46572 173.194.75.103 80 bad_HTTP_request - F bro
1354328887.114613 CMXxB5GvmoxJFXdTa 128.2.6.136 46572 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328891.141058 Caby8b1slFea8xwSmb 128.2.6.136 46573 173.194.75.103 80 bad_HTTP_request - F bro 1354328891.141058 Caby8b1slFea8xwSmb 128.2.6.136 46573 173.194.75.103 80 bad_HTTP_request - F bro
1354328891.161077 Caby8b1slFea8xwSmb 128.2.6.136 46573 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328891.183942 Che1bq3i2rO3KD1Syg 128.2.6.136 46574 173.194.75.103 80 bad_HTTP_request - F bro 1354328891.183942 Che1bq3i2rO3KD1Syg 128.2.6.136 46574 173.194.75.103 80 bad_HTTP_request - F bro
1354328891.204740 Che1bq3i2rO3KD1Syg 128.2.6.136 46574 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328891.226199 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 bad_HTTP_request - F bro 1354328891.226199 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 bad_HTTP_request - F bro
1354328891.245592 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328891.267625 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 bad_HTTP_request - F bro 1354328891.267625 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 bad_HTTP_request - F bro
1354328891.287655 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328891.309065 CwSkQu4eWZCH7OONC1 128.2.6.136 46577 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro 1354328891.309065 CwSkQu4eWZCH7OONC1 128.2.6.136 46577 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro
1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro 1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro
1354328895.396634 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 bad_HTTP_request - F bro 1354328895.396634 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 bad_HTTP_request - F bro
1354328895.416133 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328895.438812 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 bad_HTTP_request - F bro 1354328895.438812 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 bad_HTTP_request - F bro
1354328895.459490 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328895.480865 Cab0vO1xNYSS2hJkle 128.2.6.136 46581 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro 1354328895.480865 Cab0vO1xNYSS2hJkle 128.2.6.136 46581 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro
1354328903.614145 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 bad_HTTP_request - F bro 1354328903.614145 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 bad_HTTP_request - F bro
1354328903.634196 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328903.656369 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 bad_HTTP_request - F bro 1354328903.656369 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 bad_HTTP_request - F bro
1354328903.676395 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328911.832856 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 bad_HTTP_request - F bro 1354328911.832856 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 bad_HTTP_request - F bro
1354328911.853464 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328911.876341 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 bad_HTTP_request - F bro 1354328911.876341 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 bad_HTTP_request - F bro
1354328911.897044 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328920.052085 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 bad_HTTP_request - F bro 1354328920.052085 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 bad_HTTP_request - F bro
1354328920.072101 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328920.094072 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 bad_HTTP_request - F bro 1354328920.094072 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 bad_HTTP_request - F bro
1354328920.114526 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328924.266693 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.266693 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 bad_HTTP_request - F bro
1354328924.287402 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328924.308714 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.308714 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 bad_HTTP_request - F bro
1354328924.328257 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328924.476011 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.476011 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 bad_HTTP_request - F bro
1354328924.496732 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328924.518204 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.518204 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 bad_HTTP_request - F bro
1354328924.537671 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328932.734579 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 bad_HTTP_request - F bro 1354328932.734579 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 bad_HTTP_request - F bro
1354328932.754657 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 unmatched_HTTP_reply - F bro
1354328932.776609 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 bad_HTTP_request - F bro 1354328932.776609 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 bad_HTTP_request - F bro
1354328932.796568 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 unmatched_HTTP_reply - F bro #close 2015-03-20-16-03-02
#close 2013-08-26-19-04-10