Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

policy/community-id: Do not use new_connection()

Browse source 
Issue #3028 tracks how a flipped connections reset a connection's value
including any state set during new_connection(). For the time being,
update community-id functionality back to the original connection_state_remove()
approach to avoid missing community_ids on flipped connections.
This commit is contained in:
Arne Welzel 2023-05-10 17:45:50 +02:00
parent c543387ce0
commit e82a7455d7
2 changed files with 3 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

11
scripts/policy/frameworks/notice/community-id.zeek
View file

@ -22,14 +22,7 @@ export {
hook Notice::notice(n: Notice::Info) hook Notice::notice(n: Notice::Info)
{ {
if ( CommunityID::Notice::enabled && n?$conn && n$conn?$conn ) if ( CommunityID::Notice::enabled && n?$conn )
{ n$community_id = community_id_v1(n$conn$id);
local info = n$conn$conn;
# This is set during new_connection(), so it should
# always be there, but better safe than sorry.
if ( info?$community_id )
n$community_id = info$community_id;
} }
}
@endif @endif

5
scripts/policy/protocols/conn/community-id-logging.zeek
View file

@ -17,10 +17,7 @@ export {
}; };
} }
module Conn; event connection_state_remove(c: connection)
event new_connection(c: connection)
{ {
Conn::set_conn(c, F); # likely first to access :-/
c$conn$community_id = community_id_v1(c$id, CommunityID::seed, CommunityID::do_base64); c$conn$community_id = community_id_v1(c$id, CommunityID::seed, CommunityID::do_base64);
} }