Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Another change to possibly fix the SSL memory consumption problem.

Browse source 
- If a protocol violation happens, Bro now logs what it has seen
  up until the protocol violation and deletes the c$ssl record
  so that a long lived connection with a protocol violation does
  continue to hold the memory.
This commit is contained in:
Seth Hall 2011-09-13 09:09:55 -04:00
parent c87704cc25
commit ee1884ca93
1 changed files with 21 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

28
scripts/base/protocols/ssl/main.bro
View file

@ -71,6 +71,20 @@ function set_session(c: connection)
c$ssl = [$ts=network_time(), $uid=c$uid, $id=c$id, $cert_chain=vector()]; c$ssl = [$ts=network_time(), $uid=c$uid, $id=c$id, $cert_chain=vector()];
} }
function finish(c: connection, violation: bool)
{
Log::write(SSL::LOG, c$ssl);
if ( delete_certs_after_logging )
{
if ( c$ssl?$cert )
delete c$ssl$cert;
if ( c$ssl?$cert_chain )
delete c$ssl$cert_chain;
}
if ( violation )
delete c$ssl;
}
event ssl_client_hello(c: connection, version: count, possible_ts: time, session_id: string, ciphers: count_set) &priority=5 event ssl_client_hello(c: connection, version: count, possible_ts: time, session_id: string, ciphers: count_set) &priority=5
{ {
set_session(c); set_session(c);
@ -120,14 +134,12 @@ event ssl_established(c: connection) &priority=5
event ssl_established(c: connection) &priority=-5 event ssl_established(c: connection) &priority=-5
{ {
Log::write(SSL::LOG, c$ssl); finish(c, F);
}
if ( delete_certs_after_logging ) event protocol_violation(c: connection, atype: count, aid: count,
reason: string) &priority=5
{ {
if ( c$ssl?$cert ) if ( c?$ssl )
delete c$ssl$cert; finish(c, T);
if ( c$ssl?$cert_chain )
delete c$ssl$cert_chain;
} }
}